Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/XcS7NtVySUtUzIKZEZ4PM2dCvo0.roa
File:                     XcS7NtVySUtUzIKZEZ4PM2dCvo0.roa (raw, json)
Hash identifier:          RI3/B49k5u7aP42xJ7PCHqmPzqodpebWnjl4/ch5Tn4=
Subject key identifier:   5D:C4:BB:36:D5:72:49:4B:54:CC:82:99:11:9E:0F:33:67:42:BE:8D
Certificate issuer:       /CN=8aa1fe9a4c03d015aec974e2d29709a979eb82f1
Certificate serial:       019420D62F8FFF5903E00371762B0C4C45F9
Authority key identifier: 8A:A1:FE:9A:4C:03:D0:15:AE:C9:74:E2:D2:97:09:A9:79:EB:82:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/XcS7NtVySUtUzIKZEZ4PM2dCvo0.roa
Signing time:             Wed 01 Jan 2025 07:48:15 +0000
ROA not before:           Wed 01 Jan 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.241.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2f:8f:ff:59:03:e0:03:71:76:2b:0c:4c:45:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aa1fe9a4c03d015aec974e2d29709a979eb82f1
        Validity
            Not Before: Jan  1 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dc4bb36d572494b54cc8299119e0f336742be8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e8:1a:28:13:f9:fe:4f:59:fe:d9:48:7c:78:
                    78:1b:55:bf:9e:bf:40:4a:6b:79:e6:11:18:ee:fd:
                    dc:32:af:23:06:48:4c:a5:2c:0d:56:23:29:71:7b:
                    fc:9e:76:3c:0c:3f:46:42:e6:63:a0:de:ec:e0:ed:
                    26:f3:5a:96:97:35:6e:43:a5:bb:82:45:4f:6d:7c:
                    c9:e0:9d:01:3e:49:5e:8d:84:7d:83:79:40:ac:89:
                    30:b7:15:6c:60:ed:fb:d1:60:14:6c:b8:22:86:04:
                    1c:ab:ea:a4:93:f3:90:6b:bf:66:5d:9a:a4:7a:49:
                    a9:df:6a:5f:56:be:a3:3f:63:53:01:03:57:09:8b:
                    d9:9b:30:20:81:7c:0f:37:53:38:41:99:0e:0f:a8:
                    71:e9:80:c7:86:8e:e8:c3:a3:5e:2f:b0:66:ad:70:
                    d3:2d:97:36:bb:8e:33:a5:63:b2:34:e2:4a:18:11:
                    0c:fd:89:ae:ca:13:98:aa:34:17:3e:b3:5a:34:82:
                    f3:3e:b2:65:21:59:3a:13:f2:f9:c5:2a:a5:9d:0f:
                    29:ed:4f:d9:67:87:28:81:24:46:6c:94:f4:78:26:
                    a0:f9:e4:25:da:47:3e:64:99:21:e7:6a:6b:56:4b:
                    d4:85:a7:3e:d6:03:dd:9a:3d:cc:20:b5:f2:52:6d:
                    97:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C4:BB:36:D5:72:49:4B:54:CC:82:99:11:9E:0F:33:67:42:BE:8D
            X509v3 Authority Key Identifier:
                keyid:8A:A1:FE:9A:4C:03:D0:15:AE:C9:74:E2:D2:97:09:A9:79:EB:82:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/XcS7NtVySUtUzIKZEZ4PM2dCvo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:27:10:d8:44:48:40:76:ac:3f:e1:97:b7:b2:fc:87:af:13:
         fc:67:8f:9a:b9:96:81:8e:b0:4c:a2:dd:21:7d:46:a8:56:6a:
         c3:71:6c:59:c2:c5:3f:08:67:17:6b:a2:c0:ac:7d:be:02:da:
         92:23:08:20:84:4e:08:62:02:e1:c2:2a:85:ee:72:76:6b:c1:
         29:66:0f:3f:18:af:9d:f8:ff:8a:0b:13:b9:11:da:06:bf:9b:
         9d:78:cc:36:6e:b9:16:05:c5:9f:41:0b:2c:cd:a2:f1:5e:04:
         ea:52:66:38:55:89:49:72:4c:76:75:0f:99:b2:2f:51:5d:53:
         e5:b9:d5:c8:2f:ba:fa:81:a7:71:53:8c:64:a1:c1:e7:4e:db:
         3b:c6:78:97:ac:7f:b2:94:ec:b4:03:49:02:b4:03:9f:29:a8:
         16:fd:54:bb:d3:61:c1:03:76:cf:a7:b5:55:60:66:5c:43:36:
         99:fd:64:70:ae:e3:79:5e:49:58:4b:f0:ff:10:6b:f3:f5:4a:
         df:e5:e4:56:54:a7:80:4d:98:25:3d:d8:23:a1:5d:60:2b:b8:
         2b:6a:7c:ed:3a:df:f3:cf:79:12:b8:12:61:28:49:04:95:6f:
         b0:6f:b2:fd:e0:16:74:ce:3b:19:c9:a3:f8:9d:cd:2f:a6:ba:
         47:f3:39:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1i+P/1kD4ANxdisMTEX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYTFmZTlhNGMwM2QwMTVhZWM5NzRlMmQyOTcwOWE5Nzll
YjgyZjEwHhcNMjUwMTAxMDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGM0YmIzNmQ1NzI0OTRiNTRjYzgyOTkxMTllMGYzMzY3NDJiZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvugaKBP5/k9Z/tlIfHh4G1W/nr9A
Smt55hEY7v3cMq8jBkhMpSwNViMpcXv8nnY8DD9GQuZjoN7s4O0m81qWlzVuQ6W7
gkVPbXzJ4J0BPklejYR9g3lArIkwtxVsYO370WAUbLgihgQcq+qkk/OQa79mXZqk
ekmp32pfVr6jP2NTAQNXCYvZmzAggXwPN1M4QZkOD6hx6YDHho7ow6NeL7BmrXDT
LZc2u44zpWOyNOJKGBEM/YmuyhOYqjQXPrNaNILzPrJlIVk6E/L5xSqlnQ8p7U/Z
Z4cogSRGbJT0eCag+eQl2kc+ZJkh52prVkvUhac+1gPdmj3MILXyUm2XsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3EuzbVcklLVMyCmRGeDzNnQr6NMB8GA1UdIwQY
MBaAFIqh/ppMA9AVrsl04tKXCal564LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXFILW1rd0QwQld1eVhUaTBwY0pxWG5yZ3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80MWU5YjAtNjJlNy00NzE4LWI5NjYt
MWY5YWUwNTU2NDZmLzEvWGNTN050VnlTVXRVeklLWkVaNFBNMmRDdm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80MWU5YjAtNjJlNy00NzE4LWI5NjYtMWY5YWUwNTU2NDZm
LzEvaXFILW1rd0QwQld1eVhUaTBwY0pxWG5yZ3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufEvMA0G
CSqGSIb3DQEBCwUAA4IBAQA0JxDYREhAdqw/4Ze3svyHrxP8Z4+auZaBjrBMot0h
fUaoVmrDcWxZwsU/CGcXa6LArH2+AtqSIwgghE4IYgLhwiqF7nJ2a8EpZg8/GK+d
+P+KCxO5EdoGv5udeMw2brkWBcWfQQsszaLxXgTqUmY4VYlJckx2dQ+Zsi9RXVPl
udXIL7r6gadxU4xkocHnTts7xniXrH+ylOy0A0kCtAOfKagW/VS702HBA3bPp7VV
YGZcQzaZ/WRwruN5XklYS/D/EGvz9Urf5eRWVKeATZglPdgjoV1gK7granztOt/z
z3kSuBJhKEkElW+wb7L94BZ0zjsZyaP4nc0vprpH8znR
-----END CERTIFICATE-----