Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/ad6ef5-3216-46cb-965e-3e7f8308cc55/1/xXZrc11XJMpe3FIEgXquZ7cQMc4.roa
File:                     xXZrc11XJMpe3FIEgXquZ7cQMc4.roa (raw, json)
Hash identifier:          0ZmFSW3jR6m6Ytqwpd1AemcuQmGYOC/9lY5R72sJjL0=
Subject key identifier:   C5:76:6B:73:5D:57:24:CA:5E:DC:52:04:81:7A:AE:67:B7:10:31:CE
Certificate issuer:       /CN=1c53911705ae860c299e6a1a412e50eda1c8228e
Certificate serial:       01942143F897990CFE300FAD593CA3D3C831
Authority key identifier: 1C:53:91:17:05:AE:86:0C:29:9E:6A:1A:41:2E:50:ED:A1:C8:22:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HFORFwWuhgwpnmoaQS5Q7aHIIo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/ad6ef5-3216-46cb-965e-3e7f8308cc55/1/xXZrc11XJMpe3FIEgXquZ7cQMc4.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        193.189.142.0/24 maxlen: 24
                          2001:67c:2ba0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/ad6ef5-3216-46cb-965e-3e7f8308cc55/1/HFORFwWuhgwpnmoaQS5Q7aHIIo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/ad6ef5-3216-46cb-965e-3e7f8308cc55/1/HFORFwWuhgwpnmoaQS5Q7aHIIo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HFORFwWuhgwpnmoaQS5Q7aHIIo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f8:97:99:0c:fe:30:0f:ad:59:3c:a3:d3:c8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c53911705ae860c299e6a1a412e50eda1c8228e
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5766b735d5724ca5edc5204817aae67b71031ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:9c:9a:bf:08:75:46:1a:2a:df:a4:d2:14:03:
                    0f:29:87:ea:9f:92:54:e8:23:b9:07:1b:74:f6:a4:
                    d3:fa:f0:ae:9e:d5:1f:92:73:32:80:4e:98:a4:1b:
                    55:2d:6d:88:4d:d1:bb:44:8f:9b:50:10:90:f8:ae:
                    06:6e:9f:9e:8f:db:d6:c1:96:b6:80:73:9a:d7:2b:
                    f0:80:6b:fa:a6:32:73:3e:20:ce:7e:17:29:b9:42:
                    0f:2b:64:b4:94:d5:35:9c:10:2f:a8:d0:98:43:19:
                    d6:ef:fc:50:b5:f8:24:16:93:cc:df:d1:77:d0:1e:
                    36:52:57:15:4f:f1:96:a7:ca:05:44:bf:a5:8d:e1:
                    7d:96:18:2f:68:4f:29:10:34:dc:96:5b:6a:6b:35:
                    d0:95:a0:40:ee:e7:62:37:2d:40:9c:55:57:82:ea:
                    81:66:5f:b2:78:6a:5a:d0:3e:e2:5b:40:15:59:c7:
                    37:6c:dd:4d:4f:5a:b4:59:ec:e1:4e:3d:66:c4:18:
                    fa:de:b7:db:58:eb:db:11:b4:7e:eb:67:fd:08:76:
                    38:32:64:db:d9:01:a3:e2:77:59:89:91:c5:65:9b:
                    9e:88:c3:30:23:b4:4b:09:0f:70:32:73:a6:34:67:
                    c2:04:72:2b:e3:dd:55:fe:79:89:0d:4d:e1:bb:36:
                    96:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:76:6B:73:5D:57:24:CA:5E:DC:52:04:81:7A:AE:67:B7:10:31:CE
            X509v3 Authority Key Identifier:
                keyid:1C:53:91:17:05:AE:86:0C:29:9E:6A:1A:41:2E:50:ED:A1:C8:22:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HFORFwWuhgwpnmoaQS5Q7aHIIo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ad6ef5-3216-46cb-965e-3e7f8308cc55/1/xXZrc11XJMpe3FIEgXquZ7cQMc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ad6ef5-3216-46cb-965e-3e7f8308cc55/1/HFORFwWuhgwpnmoaQS5Q7aHIIo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.189.142.0/24
                IPv6:
                  2001:67c:2ba0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:9a:fc:c9:51:c7:a1:34:ee:50:73:27:37:69:4e:8a:fe:b2:
         fa:75:b6:95:62:be:09:33:2d:a9:00:fd:7e:d2:3e:c3:be:dd:
         27:d2:bb:5d:a6:a3:c7:ad:83:a0:e0:c6:3c:09:f6:8d:b0:fc:
         06:ac:91:68:ef:7c:50:84:48:f7:d9:a5:76:6f:54:e4:2e:e3:
         84:f7:21:00:6e:90:e2:65:ed:8b:5a:d3:11:30:68:3f:3e:68:
         4d:1d:05:83:d7:0d:2c:14:aa:d3:76:bf:e7:48:5f:6f:b2:94:
         a1:53:96:a7:b1:2c:52:ad:fb:7d:54:98:5b:c1:73:0c:61:de:
         41:db:bd:15:04:82:61:2f:18:17:07:47:2d:79:5a:63:bf:3b:
         fd:3a:f1:24:5d:b9:9d:27:57:48:d5:3f:56:ef:27:53:b7:65:
         f0:77:25:ef:18:d4:82:7d:da:24:9e:e3:11:cd:1c:d9:61:8f:
         cb:e2:ad:aa:8f:99:88:ad:4e:96:ff:8d:3f:51:d7:16:36:0f:
         66:bb:33:8d:ed:58:e1:89:9c:6f:5f:f0:4f:c6:64:03:6e:03:
         3f:9d:8a:84:cd:fa:c3:b1:10:da:e4:82:98:77:cc:22:8d:dc:
         25:87:a9:01:ea:96:a3:5e:ae:ad:20:8c:61:28:7c:45:a6:dc:
         57:c9:8d:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhQ/iXmQz+MA+tWTyj08gxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNTM5MTE3MDVhZTg2MGMyOTllNmExYTQxMmU1MGVkYTFj
ODIyOGUwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTc2NmI3MzVkNTcyNGNhNWVkYzUyMDQ4MTdhYWU2N2I3MTAzMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Zyavwh1Rhoq36TSFAMPKYfqn5JU
6CO5Bxt09qTT+vCuntUfknMygE6YpBtVLW2ITdG7RI+bUBCQ+K4Gbp+ej9vWwZa2
gHOa1yvwgGv6pjJzPiDOfhcpuUIPK2S0lNU1nBAvqNCYQxnW7/xQtfgkFpPM39F3
0B42UlcVT/GWp8oFRL+ljeF9lhgvaE8pEDTclltqazXQlaBA7udiNy1AnFVXguqB
Zl+yeGpa0D7iW0AVWcc3bN1NT1q0WezhTj1mxBj63rfbWOvbEbR+62f9CHY4MmTb
2QGj4ndZiZHFZZueiMMwI7RLCQ9wMnOmNGfCBHIr491V/nmJDU3huzaWEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMV2a3NdVyTKXtxSBIF6rme3EDHOMB8GA1UdIwQY
MBaAFBxTkRcFroYMKZ5qGkEuUO2hyCKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEZPUkZ3V3VoZ3dwbm1vYVFTNVE3YUhJSW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hZDZlZjUtMzIxNi00NmNiLTk2NWUt
M2U3ZjgzMDhjYzU1LzEveFhacmMxMVhKTXBlM0ZJRWdYcXVaN2NRTWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hZDZlZjUtMzIxNi00NmNiLTk2NWUtM2U3ZjgzMDhjYzU1
LzEvSEZPUkZ3V3VoZ3dwbm1vYVFTNVE3YUhJSW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwb2OMA8E
AgACMAkDBwAgAQZ8K6AwDQYJKoZIhvcNAQELBQADggEBAD6a/MlRx6E07lBzJzdp
Tor+svp1tpVivgkzLakA/X7SPsO+3SfSu12mo8etg6DgxjwJ9o2w/AaskWjvfFCE
SPfZpXZvVOQu44T3IQBukOJl7Yta0xEwaD8+aE0dBYPXDSwUqtN2v+dIX2+ylKFT
lqexLFKt+31UmFvBcwxh3kHbvRUEgmEvGBcHRy15WmO/O/068SRduZ0nV0jVP1bv
J1O3ZfB3Je8Y1IJ92iSe4xHNHNlhj8viraqPmYitTpb/jT9R1xY2D2a7M43tWOGJ
nG9f8E/GZANuAz+dioTN+sOxENrkgph3zCKN3CWHqQHqlqNerq0gjGEofEWm3FfJ
jR8=
-----END CERTIFICATE-----