Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/xaWzKl5NgQIdYzKCsRDlAN8-TBQ.roa
File:                     xaWzKl5NgQIdYzKCsRDlAN8-TBQ.roa (raw, json)
Hash identifier:          ulFTygND9XBXgVO1AjLg21PhzKoEPqcbMjVJG3MB/kc=
Subject key identifier:   C5:A5:B3:2A:5E:4D:81:02:1D:63:32:82:B1:10:E5:00:DF:3E:4C:14
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDDBE404498A0598A73B9037ABB384
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/xaWzKl5NgQIdYzKCsRDlAN8-TBQ.roa
Signing time:             Thu 02 Jan 2025 07:49:41 +0000
ROA not before:           Thu 02 Jan 2025 07:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200753
IP address blocks:        185.133.210.0/24 maxlen: 24
                          2a06:e880::/32 maxlen: 48
                          2a06:e880:c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:db:e4:04:49:8a:05:98:a7:3b:90:37:ab:b3:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5a5b32a5e4d81021d633282b110e500df3e4c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:89:6a:2e:fe:52:d8:a6:88:a3:cc:2a:d5:cf:
                    a3:a3:20:81:b9:4b:65:3b:7a:80:17:c3:39:8f:e3:
                    83:fe:67:9f:a8:9e:af:10:00:10:86:68:8f:7e:26:
                    b3:f4:77:3a:15:2e:ff:3c:e1:ed:98:07:54:82:97:
                    16:11:24:22:d5:ff:b9:63:6c:48:50:f9:9b:66:94:
                    d8:75:4e:c4:a1:11:67:8d:f8:eb:24:af:41:ae:1a:
                    ec:01:83:11:c9:ed:bd:23:ff:08:5f:b7:b2:9f:ec:
                    60:3a:57:09:d4:46:6a:99:83:00:ca:b1:46:ca:17:
                    1f:74:a0:b2:5f:5e:9b:b6:f8:2e:b9:70:23:85:60:
                    6f:07:c1:a0:2e:e8:0e:22:de:35:7a:dd:8c:04:3e:
                    bd:6e:e7:93:49:9d:32:d8:72:49:c2:fa:ea:6f:8d:
                    8a:91:de:ce:74:f8:de:7c:08:a1:4a:c7:05:2a:e3:
                    bc:6e:a7:da:59:15:8f:0d:e7:cc:4c:eb:41:cb:e9:
                    32:9f:69:fb:c4:e4:b0:b5:ef:a2:11:b6:6d:20:61:
                    33:77:32:6c:7e:49:b5:10:55:d6:47:33:f7:4e:f9:
                    42:92:33:01:14:a8:cd:11:5d:66:56:14:9c:a5:26:
                    9c:ae:22:9a:00:09:0f:32:ba:65:d2:72:99:cc:bb:
                    d8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A5:B3:2A:5E:4D:81:02:1D:63:32:82:B1:10:E5:00:DF:3E:4C:14
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/xaWzKl5NgQIdYzKCsRDlAN8-TBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.210.0/24
                IPv6:
                  2a06:e880::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:4a:c4:84:4f:69:73:d0:76:87:d5:cf:3a:41:e0:e6:c9:41:
         b8:b2:3c:63:a2:02:4d:48:f4:a4:95:5a:80:9b:e2:4a:32:55:
         25:fb:07:13:ce:63:1f:8b:37:f0:ba:69:d9:cc:df:78:e1:20:
         d0:ba:b7:8a:49:86:48:f4:05:99:d6:61:a1:30:92:d2:e1:e0:
         17:91:0c:8c:6e:29:c2:54:ba:33:50:52:3e:df:cc:0b:e6:e4:
         0c:ca:63:76:f8:a7:8f:3f:9c:12:e3:db:d6:0f:c8:4a:03:89:
         b4:a5:c2:7d:4d:86:5f:38:e6:20:50:48:9c:1f:be:67:31:fc:
         5e:dd:43:d0:da:33:9a:7b:c8:94:1b:9e:44:55:fe:3f:e4:1a:
         c0:ce:df:5b:f0:a8:63:32:d2:df:85:ec:02:75:50:40:2c:72:
         4a:55:be:09:b9:9a:ca:de:8b:07:dc:ec:88:96:11:98:b5:fc:
         6d:a8:96:ec:9d:2d:0d:94:66:9d:08:83:f8:8a:6c:57:41:ec:
         37:d4:86:82:38:0b:68:92:15:25:a2:64:a1:eb:14:f0:6a:79:
         e1:cd:9d:31:1b:e1:14:1b:f0:67:00:7b:4d:f5:6d:de:dd:e3:
         61:fb:22:06:74:e0:ce:f7:00:9e:bf:f9:b5:d5:db:64:94:36:
         3b:b2:0f:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/dvkBEmKBZinO5A3q7OEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE1YjMyYTVlNGQ4MTAyMWQ2MzMyODJiMTEwZTUwMGRmM2U0YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7olqLv5S2KaIo8wq1c+joyCBuUtl
O3qAF8M5j+OD/mefqJ6vEAAQhmiPfiaz9Hc6FS7/POHtmAdUgpcWESQi1f+5Y2xI
UPmbZpTYdU7EoRFnjfjrJK9BrhrsAYMRye29I/8IX7eyn+xgOlcJ1EZqmYMAyrFG
yhcfdKCyX16btvguuXAjhWBvB8GgLugOIt41et2MBD69bueTSZ0y2HJJwvrqb42K
kd7OdPjefAihSscFKuO8bqfaWRWPDefMTOtBy+kyn2n7xOSwte+iEbZtIGEzdzJs
fkm1EFXWRzP3TvlCkjMBFKjNEV1mVhScpSacriKaAAkPMrpl0nKZzLvY9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMWlsypeTYECHWMygrEQ5QDfPkwUMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEveGFXektsNU5nUUlkWXpLQ3NSRGxBTjgtVEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYXSMA0E
AgACMAcDBQAqBuiAMA0GCSqGSIb3DQEBCwUAA4IBAQA7SsSET2lz0HaH1c86QeDm
yUG4sjxjogJNSPSklVqAm+JKMlUl+wcTzmMfizfwumnZzN944SDQureKSYZI9AWZ
1mGhMJLS4eAXkQyMbinCVLozUFI+38wL5uQMymN2+KePP5wS49vWD8hKA4m0pcJ9
TYZfOOYgUEicH75nMfxe3UPQ2jOae8iUG55EVf4/5BrAzt9b8KhjMtLfhewCdVBA
LHJKVb4JuZrK3osH3OyIlhGYtfxtqJbsnS0NlGadCIP4imxXQew31IaCOAtokhUl
omSh6xTwannhzZ0xG+EUG/BnAHtN9W3e3eNh+yIGdODO9wCev/m11dtklDY7sg8W
-----END CERTIFICATE-----