Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/xVi5DHD3s-r5Votl1DTiGtuYvcw.roa
File:                     xVi5DHD3s-r5Votl1DTiGtuYvcw.roa (raw, json)
Hash identifier:          +V2nAdl2ox/97Kg2Kv4wd0L6SAO7LGva7RVK1ZGXjZk=
Subject key identifier:   C5:58:B9:0C:70:F7:B3:EA:F9:56:8B:65:D4:34:E2:1A:DB:98:BD:CC
Certificate issuer:       /CN=0a70202c312dd2c7a6ffc317aa86e4e2069249a6
Certificate serial:       019427B4A8276B37C0FEA47493F0C9AAE573
Authority key identifier: 0A:70:20:2C:31:2D:D2:C7:A6:FF:C3:17:AA:86:E4:E2:06:92:49:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnAgLDEt0sem_8MXqobk4gaSSaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/xVi5DHD3s-r5Votl1DTiGtuYvcw.roa
Signing time:             Thu 02 Jan 2025 15:48:58 +0000
ROA not before:           Thu 02 Jan 2025 15:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199834
IP address blocks:        185.141.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/CnAgLDEt0sem_8MXqobk4gaSSaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/CnAgLDEt0sem_8MXqobk4gaSSaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnAgLDEt0sem_8MXqobk4gaSSaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:a8:27:6b:37:c0:fe:a4:74:93:f0:c9:aa:e5:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a70202c312dd2c7a6ffc317aa86e4e2069249a6
        Validity
            Not Before: Jan  2 15:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c558b90c70f7b3eaf9568b65d434e21adb98bdcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d6:2d:2f:17:1a:3f:cb:87:53:04:56:a2:4d:
                    b6:d5:6e:72:3b:bc:fc:01:48:b5:37:c8:8d:76:9e:
                    4f:9a:64:7d:7b:04:e4:3d:7a:d4:92:96:5d:76:6c:
                    88:d0:68:42:a5:b6:94:ee:d2:ac:26:fd:5b:1d:50:
                    fe:56:8a:75:a8:56:2e:89:a9:74:e2:14:bc:49:16:
                    32:c6:c7:f1:31:d6:e2:33:72:63:6a:84:71:0f:b8:
                    e3:14:8b:07:2a:30:8a:91:bd:8c:3b:dc:17:17:a4:
                    01:78:ad:25:1b:ee:aa:00:8f:23:71:fc:7f:d1:1c:
                    6c:33:69:41:f4:e2:59:3e:b2:90:77:48:f6:f4:4f:
                    59:cd:dc:76:6b:5e:47:be:c5:5e:ec:33:4a:b3:a4:
                    16:cb:44:d5:d6:b6:39:f3:d0:f1:0a:7b:07:7b:12:
                    36:a7:2d:1b:88:03:0c:70:40:7c:2f:9b:c2:fc:71:
                    ad:2d:00:63:ce:0e:f7:cb:a8:ef:5f:06:e5:93:b5:
                    01:5d:48:14:56:a7:33:b7:60:45:db:3c:2b:67:87:
                    f8:bd:87:28:f2:bf:8b:5d:78:a0:0b:e1:bb:ae:19:
                    c9:3c:bb:0b:34:f6:b1:49:27:00:b8:e3:84:c4:92:
                    06:f7:db:7d:0a:67:77:b7:8c:34:cc:c6:52:b6:46:
                    b1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:58:B9:0C:70:F7:B3:EA:F9:56:8B:65:D4:34:E2:1A:DB:98:BD:CC
            X509v3 Authority Key Identifier:
                keyid:0A:70:20:2C:31:2D:D2:C7:A6:FF:C3:17:AA:86:E4:E2:06:92:49:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnAgLDEt0sem_8MXqobk4gaSSaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/xVi5DHD3s-r5Votl1DTiGtuYvcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8ff697-57fc-40ff-8a53-68c849277d73/1/CnAgLDEt0sem_8MXqobk4gaSSaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:43:50:f4:9e:a0:e4:8d:17:18:dc:62:e2:8a:da:32:97:82:
         e7:31:89:2b:aa:18:17:62:a2:9d:f5:a2:59:76:40:cf:bf:9a:
         f2:dc:67:74:28:02:e2:8a:38:7a:e6:a6:6c:dd:ed:cb:d0:2e:
         d4:62:34:b4:00:9f:57:3a:bf:c1:9b:6e:38:d0:98:2f:90:bb:
         2d:a7:a3:58:63:a5:23:ed:e5:f8:44:4b:16:f5:46:22:a0:60:
         bb:10:74:d2:42:63:6d:70:c6:20:f8:d3:c2:c9:6c:67:9d:bc:
         d0:58:9b:12:79:ba:a7:dc:c4:0c:19:9d:f4:41:d5:8a:f9:da:
         e1:fd:e3:61:3b:ff:7f:48:a9:bc:b2:c9:ba:79:92:3e:fb:7a:
         48:85:37:de:eb:b2:b4:a1:16:4d:c5:bf:4c:23:46:5a:04:e0:
         03:4e:3f:d9:1f:b4:6c:4d:96:48:ab:87:39:ea:4d:6d:49:24:
         c3:06:fb:22:13:d2:27:6d:84:76:0a:9e:75:d4:a9:06:47:2f:
         58:de:6a:43:db:a7:df:d8:c2:bf:42:5b:16:b5:39:4a:63:ae:
         b6:56:d8:9e:d4:f6:2d:b2:70:36:18:d0:c1:b3:af:9b:33:1d:
         55:f6:3f:cf:29:b8:af:cc:44:13:7f:21:68:aa:33:aa:1a:7f:
         b3:15:3b:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntKgnazfA/qR0k/DJquVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzAyMDJjMzEyZGQyYzdhNmZmYzMxN2FhODZlNGUyMDY5
MjQ5YTYwHhcNMjUwMTAyMTU0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTU4YjkwYzcwZjdiM2VhZjk1NjhiNjVkNDM0ZTIxYWRiOThiZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9YtLxcaP8uHUwRWok221W5yO7z8
AUi1N8iNdp5PmmR9ewTkPXrUkpZddmyI0GhCpbaU7tKsJv1bHVD+Vop1qFYuial0
4hS8SRYyxsfxMdbiM3JjaoRxD7jjFIsHKjCKkb2MO9wXF6QBeK0lG+6qAI8jcfx/
0RxsM2lB9OJZPrKQd0j29E9Zzdx2a15HvsVe7DNKs6QWy0TV1rY589DxCnsHexI2
py0biAMMcEB8L5vC/HGtLQBjzg73y6jvXwblk7UBXUgUVqczt2BF2zwrZ4f4vYco
8r+LXXigC+G7rhnJPLsLNPaxSScAuOOExJIG99t9Cmd3t4w0zMZStkaxCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMVYuQxw97Pq+VaLZdQ04hrbmL3MMB8GA1UdIwQY
MBaAFApwICwxLdLHpv/DF6qG5OIGkkmmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25BZ0xERXQwc2VtXzhNWHFvYms0Z2FTU2FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84ZmY2OTctNTdmYy00MGZmLThhNTMt
NjhjODQ5Mjc3ZDczLzEveFZpNURIRDNzLXI1Vm90bDFEVGlHdHVZdmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84ZmY2OTctNTdmYy00MGZmLThhNTMtNjhjODQ5Mjc3ZDcz
LzEvQ25BZ0xERXQwc2VtXzhNWHFvYms0Z2FTU2FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY0aMA0G
CSqGSIb3DQEBCwUAA4IBAQA/Q1D0nqDkjRcY3GLiitoyl4LnMYkrqhgXYqKd9aJZ
dkDPv5ry3Gd0KALiijh65qZs3e3L0C7UYjS0AJ9XOr/Bm2440JgvkLstp6NYY6Uj
7eX4REsW9UYioGC7EHTSQmNtcMYg+NPCyWxnnbzQWJsSebqn3MQMGZ30QdWK+drh
/eNhO/9/SKm8ssm6eZI++3pIhTfe67K0oRZNxb9MI0ZaBOADTj/ZH7RsTZZIq4c5
6k1tSSTDBvsiE9InbYR2Cp511KkGRy9Y3mpD26ff2MK/QlsWtTlKY662Vtie1PYt
snA2GNDBs6+bMx1V9j/PKbivzEQTfyFoqjOqGn+zFTt+
-----END CERTIFICATE-----