Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/XKw10zVnmlXuQgWSHmsWy3UInkA.roa
File:                     XKw10zVnmlXuQgWSHmsWy3UInkA.roa (raw, json)
Hash identifier:          fA8gDGCZEPwWssK0Gw9sjd95kghYgprLAypP9MmGqjE=
Subject key identifier:   5C:AC:35:D3:35:67:9A:55:EE:42:05:92:1E:6B:16:CB:75:08:9E:40
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       019715E2319D07D708F80D7DEF2BF67F1139
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/XKw10zVnmlXuQgWSHmsWy3UInkA.roa
Signing time:             Wed 28 May 2025 07:53:54 +0000
ROA not before:           Wed 28 May 2025 07:53:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59703
IP address blocks:        94.139.182.0/23 maxlen: 23
                          94.139.182.0/24 maxlen: 24
                          94.139.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:e2:31:9d:07:d7:08:f8:0d:7d:ef:2b:f6:7f:11:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: May 28 07:53:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cac35d335679a55ee4205921e6b16cb75089e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:75:d9:0b:f8:4f:7d:84:01:80:d4:36:6b:ab:
                    ea:96:fb:6e:e0:94:5e:17:71:bd:a3:8a:ba:fb:3e:
                    d0:7c:e4:97:81:2a:fb:4d:7b:92:18:2b:2e:41:96:
                    e1:d8:2d:6b:af:22:76:2d:5d:c1:11:e3:74:15:7a:
                    6c:ee:84:c7:5a:cf:65:95:50:bf:9b:7f:bd:b6:31:
                    b0:ac:79:b6:6f:53:4f:b1:af:61:a9:0e:44:46:8d:
                    09:e7:8d:ef:2a:9f:67:94:84:57:82:d1:c0:5f:37:
                    39:21:92:44:5c:32:dc:a5:43:36:00:5f:87:1c:fb:
                    ac:04:d4:0d:63:c5:de:07:5d:cd:e5:38:5b:af:bb:
                    e9:1e:b2:ca:33:5c:f2:95:9a:5e:72:e9:b2:90:f6:
                    ee:0b:60:ad:33:d7:f5:21:b7:53:01:a9:42:a4:07:
                    ff:1f:8f:3a:b2:e4:f4:85:19:e3:38:f8:ad:9d:1f:
                    6b:bb:03:d1:c3:94:cc:7d:a4:2e:d6:18:8f:b3:23:
                    aa:c3:17:91:c1:45:67:6a:8d:a7:4a:62:d1:f3:4f:
                    fd:a1:e0:d6:df:a1:76:94:82:b1:7c:21:d2:22:58:
                    d2:db:70:1a:57:83:fe:4a:df:c2:26:7b:cf:9d:b8:
                    ec:7d:41:02:db:42:f0:cf:2b:6c:72:2a:eb:7b:dd:
                    01:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AC:35:D3:35:67:9A:55:EE:42:05:92:1E:6B:16:CB:75:08:9E:40
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/XKw10zVnmlXuQgWSHmsWy3UInkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:1d:2d:58:72:76:8c:d8:db:dd:4b:17:51:e2:48:99:8e:42:
         e8:4e:2a:3d:d2:f1:41:dd:f8:62:5a:c9:d9:9d:e0:b8:0c:91:
         64:be:d9:89:cf:d3:99:08:14:22:4e:dd:88:24:84:cc:f4:88:
         ef:55:8c:4c:40:00:14:ff:d4:04:2c:3f:a2:8c:e0:26:68:a2:
         56:0f:a7:df:f4:4e:9b:fe:39:0e:34:10:8c:f7:ba:2a:d5:8d:
         96:bd:0d:56:f3:21:62:83:cd:89:3e:30:8d:b4:18:b4:cd:ec:
         61:cd:a6:88:50:e0:fa:81:fc:76:11:85:f2:65:c4:a1:bb:85:
         6f:bd:00:a2:0e:cf:a7:47:a8:3f:02:b6:84:9e:0e:49:dc:42:
         3c:4d:4b:97:87:5a:30:bf:fa:cd:92:e5:df:3f:0f:ca:1d:a6:
         65:5b:03:23:42:cf:1c:d9:26:e4:47:95:3e:f7:02:3d:54:7a:
         fd:8e:45:00:20:eb:d2:bf:dc:13:dd:4b:18:d6:50:91:c7:f5:
         0a:51:33:58:27:04:02:93:81:92:9a:22:ef:34:6a:22:63:35:
         67:47:0e:e5:6c:33:a3:56:5b:c7:bf:14:95:f3:3c:ce:97:82:
         ee:d7:45:d6:4d:83:88:6a:be:6b:01:06:37:39:c4:e4:c1:f6:
         db:c7:29:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcV4jGdB9cI+A197yv2fxE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjUwNTI4MDc1MzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FjMzVkMzM1Njc5YTU1ZWU0MjA1OTIxZTZiMTZjYjc1MDg5ZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3XZC/hPfYQBgNQ2a6vqlvtu4JRe
F3G9o4q6+z7QfOSXgSr7TXuSGCsuQZbh2C1rryJ2LV3BEeN0FXps7oTHWs9llVC/
m3+9tjGwrHm2b1NPsa9hqQ5ERo0J543vKp9nlIRXgtHAXzc5IZJEXDLcpUM2AF+H
HPusBNQNY8XeB13N5Thbr7vpHrLKM1zylZpecumykPbuC2CtM9f1IbdTAalCpAf/
H486suT0hRnjOPitnR9ruwPRw5TMfaQu1hiPsyOqwxeRwUVnao2nSmLR80/9oeDW
36F2lIKxfCHSIljS23AaV4P+St/CJnvPnbjsfUEC20Lwzytscirre90BkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFysNdM1Z5pV7kIFkh5rFst1CJ5AMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvWEt3MTB6Vm5tbFh1UWdXU0htc1d5M1VJbmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXou2MA0G
CSqGSIb3DQEBCwUAA4IBAQB0HS1YcnaM2NvdSxdR4kiZjkLoTio90vFB3fhiWsnZ
neC4DJFkvtmJz9OZCBQiTt2IJITM9IjvVYxMQAAU/9QELD+ijOAmaKJWD6ff9E6b
/jkONBCM97oq1Y2WvQ1W8yFig82JPjCNtBi0zexhzaaIUOD6gfx2EYXyZcShu4Vv
vQCiDs+nR6g/AraEng5J3EI8TUuXh1owv/rNkuXfPw/KHaZlWwMjQs8c2SbkR5U+
9wI9VHr9jkUAIOvSv9wT3UsY1lCRx/UKUTNYJwQCk4GSmiLvNGoiYzVnRw7lbDOj
VlvHvxSV8zzOl4Lu10XWTYOIar5rAQY3OcTkwfbbxymw
-----END CERTIFICATE-----