Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/XbSJLVClFYLx347mvDQ0S5hsX4g.roa
File:                     XbSJLVClFYLx347mvDQ0S5hsX4g.roa (raw, json)
Hash identifier:          lybO1wHjq/XifCJ733TrvdLHgJspRMxJWxwTnG2IJ3k=
Subject key identifier:   5D:B4:89:2D:50:A5:15:82:F1:DF:8E:E6:BC:34:34:4B:98:6C:5F:88
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       0194252176476CBBA533B200BC01E701952A
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/XbSJLVClFYLx347mvDQ0S5hsX4g.roa
Signing time:             Thu 02 Jan 2025 03:48:57 +0000
ROA not before:           Thu 02 Jan 2025 03:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9050
IP address blocks:        185.253.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:76:47:6c:bb:a5:33:b2:00:bc:01:e7:01:95:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 03:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5db4892d50a51582f1df8ee6bc34344b986c5f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4c:ea:e9:91:00:f7:7e:24:89:bb:2f:f3:f4:
                    53:89:17:a6:9b:67:a4:f2:36:8f:91:cc:dd:2d:b9:
                    f3:09:bc:a7:05:cd:02:8b:88:85:c4:b5:5a:6f:09:
                    f2:64:e8:81:91:08:69:98:7f:65:b7:2e:1b:17:70:
                    8f:3c:d4:d4:4a:a5:8d:8c:c3:f7:8a:5d:24:60:ab:
                    d1:e9:85:0e:b4:f8:f1:ec:6f:6b:8b:a1:a2:b7:de:
                    8b:17:ec:dc:8e:80:b9:c6:bc:08:82:5b:6f:d3:70:
                    b9:12:ec:e9:10:70:ea:87:4e:ce:7a:99:02:46:f0:
                    38:87:c5:07:a6:a9:64:ee:0f:85:f6:f1:db:aa:09:
                    54:9d:88:d1:55:9a:f5:dd:98:58:ad:7f:28:50:e5:
                    59:96:37:c2:a5:8d:63:b0:42:a4:39:57:b3:7e:f1:
                    f5:34:71:77:95:ec:f1:f6:d9:c1:89:82:6f:01:ca:
                    b1:b7:bf:7c:2c:c8:ca:4e:9d:23:45:0b:3b:e7:b6:
                    4c:91:aa:49:1e:06:29:26:e0:f4:49:f7:81:19:db:
                    3c:a8:10:8d:65:d6:54:9d:f7:87:58:6a:18:0b:57:
                    03:cf:73:da:19:d0:a3:e4:45:87:e7:98:f4:63:2b:
                    80:5f:cc:56:21:f6:6c:6f:88:c9:7b:50:4d:74:1d:
                    e3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B4:89:2D:50:A5:15:82:F1:DF:8E:E6:BC:34:34:4B:98:6C:5F:88
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/XbSJLVClFYLx347mvDQ0S5hsX4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a7:ac:80:06:a1:2c:59:70:d5:b0:04:08:8c:01:49:be:1e:
         2a:6a:b6:62:fd:e4:22:44:4b:73:51:f5:fe:71:04:54:42:dd:
         c5:7d:5d:b7:fd:5c:77:3a:68:23:78:2f:e9:13:7a:46:9f:d8:
         f2:3e:75:75:b6:d8:19:b0:f7:86:c2:99:ce:cc:23:43:bd:21:
         92:68:3f:a1:dc:03:4a:3d:d4:8b:79:00:98:6b:c2:bc:ec:af:
         23:91:34:26:ee:70:80:56:e3:27:0d:f5:45:d4:16:94:a9:a4:
         67:c2:7b:ce:c7:01:ae:bc:53:17:3e:27:aa:85:3d:87:72:f8:
         d7:44:e3:40:3a:a9:23:db:8e:4a:2f:fe:d0:95:e3:40:23:9a:
         46:ac:75:08:7e:be:57:37:f8:29:52:99:5c:ce:39:4b:a0:13:
         df:94:01:ab:bb:50:f5:80:29:65:5a:fb:9b:4f:43:78:29:24:
         e7:ce:62:7b:8c:46:6b:4c:a4:21:55:b5:7b:c4:a8:fd:25:d3:
         03:d2:a2:f2:29:0f:5e:d1:d7:c9:21:2e:b5:d1:b5:7b:cb:1b:
         f4:4e:7d:75:3b:f4:ed:17:e0:22:41:73:24:3f:bf:d1:39:c5:
         07:1d:46:88:af:e5:d7:8e:33:05:cc:55:b5:ff:c0:ac:5b:4f:
         d6:3c:5a:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXZHbLulM7IAvAHnAZUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjUwMTAyMDM0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI0ODkyZDUwYTUxNTgyZjFkZjhlZTZiYzM0MzQ0Yjk4NmM1Zjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0zq6ZEA934kibsv8/RTiRemm2ek
8jaPkczdLbnzCbynBc0Ci4iFxLVabwnyZOiBkQhpmH9lty4bF3CPPNTUSqWNjMP3
il0kYKvR6YUOtPjx7G9ri6Git96LF+zcjoC5xrwIgltv03C5EuzpEHDqh07OepkC
RvA4h8UHpqlk7g+F9vHbqglUnYjRVZr13ZhYrX8oUOVZljfCpY1jsEKkOVezfvH1
NHF3lezx9tnBiYJvAcqxt798LMjKTp0jRQs757ZMkapJHgYpJuD0SfeBGds8qBCN
ZdZUnfeHWGoYC1cDz3PaGdCj5EWH55j0YyuAX8xWIfZsb4jJe1BNdB3jyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF20iS1QpRWC8d+O5rw0NEuYbF+IMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvWGJTSkxWQ2xGWUx4MzQ3bXZEUTBTNWhzWDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf0GMA0G
CSqGSIb3DQEBCwUAA4IBAQCap6yABqEsWXDVsAQIjAFJvh4qarZi/eQiREtzUfX+
cQRUQt3FfV23/Vx3OmgjeC/pE3pGn9jyPnV1ttgZsPeGwpnOzCNDvSGSaD+h3ANK
PdSLeQCYa8K87K8jkTQm7nCAVuMnDfVF1BaUqaRnwnvOxwGuvFMXPieqhT2HcvjX
RONAOqkj245KL/7QleNAI5pGrHUIfr5XN/gpUplczjlLoBPflAGru1D1gCllWvub
T0N4KSTnzmJ7jEZrTKQhVbV7xKj9JdMD0qLyKQ9e0dfJIS610bV7yxv0Tn11O/Tt
F+AiQXMkP7/ROcUHHUaIr+XXjjMFzFW1/8CsW0/WPFqK
-----END CERTIFICATE-----