Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/XCN5lwkGM58av9oqAJsgGCsHbJ4.roa
File:                     XCN5lwkGM58av9oqAJsgGCsHbJ4.roa (raw, json)
Hash identifier:          8aCR6L9MXmCNnfWofwqGUNu6pEk0OZanJ7hWSkVsigk=
Subject key identifier:   5C:23:79:97:09:06:33:9F:1A:BF:DA:2A:00:9B:20:18:2B:07:6C:9E
Certificate issuer:       /CN=97da420008cfb9193499278ef558bd42d61c7f75
Certificate serial:       019427474E1C776F205E3BFC16B6603300EF
Authority key identifier: 97:DA:42:00:08:CF:B9:19:34:99:27:8E:F5:58:BD:42:D6:1C:7F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/XCN5lwkGM58av9oqAJsgGCsHbJ4.roa
Signing time:             Thu 02 Jan 2025 13:49:31 +0000
ROA not before:           Thu 02 Jan 2025 13:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199256
IP address blocks:        217.115.121.0/24 maxlen: 24
                          217.115.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:4e:1c:77:6f:20:5e:3b:fc:16:b6:60:33:00:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97da420008cfb9193499278ef558bd42d61c7f75
        Validity
            Not Before: Jan  2 13:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c2379970906339f1abfda2a009b20182b076c9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bf:cf:c1:3c:ba:84:5e:65:32:3c:91:73:2e:
                    cb:8c:58:76:e7:d9:e5:c8:4a:19:45:e9:47:56:ac:
                    8a:2e:4b:6a:df:2a:d4:e5:0b:b1:b2:f3:30:f0:7a:
                    32:5d:6d:48:0e:d5:94:53:d0:6c:8a:01:78:b4:1a:
                    53:26:67:f3:c8:c5:22:43:57:d3:c5:6e:82:40:e7:
                    91:d0:cc:27:e8:22:d9:4e:a1:32:50:29:87:0a:af:
                    ee:48:25:37:25:83:72:5d:56:2c:f6:d1:84:a4:89:
                    7f:02:8e:72:d8:55:c2:57:af:6a:eb:61:6f:5a:cd:
                    02:f0:91:d4:e6:01:15:73:a7:f8:5e:e7:33:b7:25:
                    ac:46:f4:03:a9:24:d1:6c:91:93:d0:c6:06:25:9e:
                    d0:8a:38:e6:59:46:61:5b:b7:00:1b:42:e0:33:7d:
                    59:48:2e:fa:8d:9d:ae:c4:c5:a7:69:eb:64:02:c6:
                    6a:a3:f6:76:02:a8:2b:56:53:da:55:71:17:c0:e1:
                    ab:3f:a3:48:15:ff:6b:e1:09:74:d8:ad:25:72:e0:
                    a2:34:09:91:f9:c0:99:8f:8f:9d:f2:f6:e6:9a:5d:
                    82:7a:c2:3a:45:e2:1b:b2:81:2a:0e:f2:30:ee:f2:
                    18:5e:1c:84:22:10:91:2b:55:b8:ba:90:d2:63:79:
                    6d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:23:79:97:09:06:33:9F:1A:BF:DA:2A:00:9B:20:18:2B:07:6C:9E
            X509v3 Authority Key Identifier:
                keyid:97:DA:42:00:08:CF:B9:19:34:99:27:8E:F5:58:BD:42:D6:1C:7F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/XCN5lwkGM58av9oqAJsgGCsHbJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.115.121.0/24
                  217.115.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:da:88:9a:93:44:f6:cf:0c:d1:0a:aa:f7:b2:e0:95:97:26:
         a5:20:ac:90:dd:23:e1:48:54:ce:79:26:04:d3:af:ea:e7:3f:
         ac:86:11:2d:02:b9:8c:00:a6:12:dc:a3:9c:fa:26:86:88:f7:
         c0:a7:94:4d:29:f4:ed:a8:a7:f3:5c:86:67:ba:43:e7:48:91:
         a6:56:1b:be:89:1e:2e:03:f5:82:fa:93:b2:4e:59:08:77:40:
         68:a3:dd:e8:67:c6:53:c5:56:f0:b8:14:c6:05:dd:a2:5f:05:
         e3:50:f1:40:a2:ca:8a:15:8a:36:79:65:b8:de:76:63:53:c7:
         cf:91:06:df:cf:5c:19:64:df:b7:d7:14:a3:8b:96:d9:65:84:
         e4:ec:cc:23:dd:c0:d8:26:a7:34:6a:0b:56:c1:dd:81:88:39:
         bb:8c:ff:a8:b6:90:fe:d4:cd:0a:3f:d3:60:bf:2c:f9:4f:47:
         ce:9c:b8:5d:a9:fe:cf:f2:5d:af:22:05:f2:96:2a:55:05:35:
         66:e3:19:fd:46:a3:af:3b:b7:e5:f7:bc:dd:a3:8c:7e:9f:cd:
         a7:fd:0b:ef:f4:40:dd:b7:c1:cc:73:5d:a0:a3:8a:43:97:da:
         6f:63:ef:7d:6e:dc:7b:20:dc:3f:03:5f:4e:c2:d1:9e:03:41:
         81:db:87:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR04cd28gXjv8FrZgMwDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZGE0MjAwMDhjZmI5MTkzNDk5Mjc4ZWY1NThiZDQyZDYx
YzdmNzUwHhcNMjUwMTAyMTM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzIzNzk5NzA5MDYzMzlmMWFiZmRhMmEwMDliMjAxODJiMDc2YzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb/PwTy6hF5lMjyRcy7LjFh259nl
yEoZRelHVqyKLktq3yrU5QuxsvMw8HoyXW1IDtWUU9BsigF4tBpTJmfzyMUiQ1fT
xW6CQOeR0Mwn6CLZTqEyUCmHCq/uSCU3JYNyXVYs9tGEpIl/Ao5y2FXCV69q62Fv
Ws0C8JHU5gEVc6f4XucztyWsRvQDqSTRbJGT0MYGJZ7QijjmWUZhW7cAG0LgM31Z
SC76jZ2uxMWnaetkAsZqo/Z2AqgrVlPaVXEXwOGrP6NIFf9r4Ql02K0lcuCiNAmR
+cCZj4+d8vbmml2CesI6ReIbsoEqDvIw7vIYXhyEIhCRK1W4upDSY3ltDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFwjeZcJBjOfGr/aKgCbIBgrB2yeMB8GA1UdIwQY
MBaAFJfaQgAIz7kZNJknjvVYvULWHH91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDlwQ0FBalB1UmswbVNlTzlWaTlRdFljZjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xMzkwNDQtOWViYy00NTU5LWJhMTAt
YTM4ZTFlY2E0ZmQ0LzEvWENONWx3a0dNNThhdjlvcUFKc2dHQ3NIYko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xMzkwNDQtOWViYy00NTU5LWJhMTAtYTM4ZTFlY2E0ZmQ0
LzEvbDlwQ0FBalB1UmswbVNlTzlWaTlRdFljZjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2XN5AwQA
2XN8MA0GCSqGSIb3DQEBCwUAA4IBAQBh2oiak0T2zwzRCqr3suCVlyalIKyQ3SPh
SFTOeSYE06/q5z+shhEtArmMAKYS3KOc+iaGiPfAp5RNKfTtqKfzXIZnukPnSJGm
Vhu+iR4uA/WC+pOyTlkId0Boo93oZ8ZTxVbwuBTGBd2iXwXjUPFAosqKFYo2eWW4
3nZjU8fPkQbfz1wZZN+31xSji5bZZYTk7Mwj3cDYJqc0agtWwd2BiDm7jP+otpD+
1M0KP9Ngvyz5T0fOnLhdqf7P8l2vIgXylipVBTVm4xn9RqOvO7fl97zdo4x+n82n
/Qvv9EDdt8HMc12go4pDl9pvY+99btx7INw/A19OwtGeA0GB24d3
-----END CERTIFICATE-----