Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/XITchRD6fktx1wcD-akQf-lrx7Y.roa
File:                     XITchRD6fktx1wcD-akQf-lrx7Y.roa (raw, json)
Hash identifier:          n2NJUWPmQKH808gxYEyCrRDNlUi5MnimQGzfm9J+OVg=
Subject key identifier:   5C:84:DC:85:10:FA:7E:4B:71:D7:07:03:F9:A9:10:7F:E9:6B:C7:B6
Certificate issuer:       /CN=0b4cfabe47e9285f65f1f2d686baaf15b8b41773
Certificate serial:       01942747B280F44E0B2CDC624000EFAB7B9E
Authority key identifier: 0B:4C:FA:BE:47:E9:28:5F:65:F1:F2:D6:86:BA:AF:15:B8:B4:17:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/XITchRD6fktx1wcD-akQf-lrx7Y.roa
Signing time:             Thu 02 Jan 2025 13:49:57 +0000
ROA not before:           Thu 02 Jan 2025 13:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44919
IP address blocks:        188.92.144.0/21 maxlen: 24
                          193.46.73.0/24 maxlen: 24
                          2a02:d58::/29 maxlen: 35
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b2:80:f4:4e:0b:2c:dc:62:40:00:ef:ab:7b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4cfabe47e9285f65f1f2d686baaf15b8b41773
        Validity
            Not Before: Jan  2 13:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c84dc8510fa7e4b71d70703f9a9107fe96bc7b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f3:a7:f6:7c:08:f4:fa:a6:2a:15:f2:bb:4f:
                    49:75:41:2c:fc:89:62:8c:f7:d0:01:55:25:fa:f6:
                    26:be:c3:55:ce:f5:85:23:ee:a1:05:fa:d1:0e:1d:
                    76:1f:08:60:ff:25:34:db:4a:b9:af:4a:8d:44:7b:
                    d6:ef:02:f9:08:c3:49:37:91:b6:c6:dd:ad:aa:0b:
                    e8:be:0e:03:6f:ac:41:8a:bb:47:a0:7e:0b:06:bc:
                    98:4f:21:45:95:fe:f2:58:e4:f1:3c:ff:d1:7b:a3:
                    de:3b:7e:1d:74:b2:ca:15:4a:c2:d6:31:3d:71:75:
                    34:fa:6e:65:29:3e:87:f5:c8:4b:d7:df:50:a1:72:
                    0e:b5:a5:52:4c:68:88:75:c0:02:1f:3a:11:bf:74:
                    0b:bb:0b:a0:20:fd:62:6c:27:e8:79:8b:08:fb:d3:
                    7b:e8:e2:a1:f3:9e:9c:6b:4b:80:95:fe:65:3e:46:
                    1f:68:aa:09:cc:77:93:56:02:f0:8f:ec:f8:38:23:
                    84:d2:5b:3b:37:4f:65:bc:e0:d7:b4:87:bc:6a:57:
                    9e:e0:b5:38:93:b7:13:a3:1e:59:f0:44:3d:ac:6b:
                    6a:5b:0b:fd:bc:34:1c:08:91:d9:1a:8e:ca:80:fb:
                    53:d0:a0:86:9d:a8:a5:07:64:c2:fd:b7:3a:f0:e3:
                    c1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:84:DC:85:10:FA:7E:4B:71:D7:07:03:F9:A9:10:7F:E9:6B:C7:B6
            X509v3 Authority Key Identifier:
                keyid:0B:4C:FA:BE:47:E9:28:5F:65:F1:F2:D6:86:BA:AF:15:B8:B4:17:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/XITchRD6fktx1wcD-akQf-lrx7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.144.0/21
                  193.46.73.0/24
                IPv6:
                  2a02:d58::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:9a:b3:41:60:59:c8:fa:36:ad:e8:41:6f:49:02:6b:dd:a3:
         d4:1e:93:6b:bb:5c:63:a8:18:62:85:52:f0:71:bb:84:aa:42:
         fd:d9:f9:00:d6:26:9a:e4:65:2f:74:d4:15:96:32:16:76:dc:
         b6:61:c4:78:dc:df:e0:06:63:2d:14:bd:e3:bf:81:8e:e6:fc:
         a4:98:9d:13:cb:a4:d4:7c:03:10:84:c5:99:02:10:19:3a:5d:
         b9:62:42:3e:41:bd:ed:c3:64:5f:31:32:2f:0c:92:59:61:66:
         c9:67:85:94:ce:2f:14:2b:17:0d:38:a1:92:eb:36:6e:f2:95:
         8d:92:93:68:f0:bb:5a:01:df:9f:28:d9:02:7c:e4:af:1a:81:
         73:44:3f:be:d8:e6:c0:6d:d3:63:8f:c7:a8:5d:61:06:84:52:
         6c:e9:ab:c9:2e:a0:e6:58:46:f4:24:d2:ac:5e:79:59:e6:f4:
         fa:d4:30:5f:62:bb:d9:ea:3b:32:af:51:d1:70:e1:71:4b:e4:
         44:5e:55:76:07:05:7c:22:48:02:9f:34:c7:ff:1a:84:14:68:
         19:8c:e7:6f:1c:98:74:23:a5:05:e9:5d:f8:dd:62:2f:34:ce:
         98:d3:9a:81:79:ab:6a:24:19:41:8f:ca:b4:9f:04:a1:6b:80:
         cb:17:86:15
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnR7KA9E4LLNxiQADvq3ueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGNmYWJlNDdlOTI4NWY2NWYxZjJkNjg2YmFhZjE1Yjhi
NDE3NzMwHhcNMjUwMTAyMTM0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzg0ZGM4NTEwZmE3ZTRiNzFkNzA3MDNmOWE5MTA3ZmU5NmJjN2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPOn9nwI9PqmKhXyu09JdUEs/Ili
jPfQAVUl+vYmvsNVzvWFI+6hBfrRDh12Hwhg/yU020q5r0qNRHvW7wL5CMNJN5G2
xt2tqgvovg4Db6xBirtHoH4LBryYTyFFlf7yWOTxPP/Re6PeO34ddLLKFUrC1jE9
cXU0+m5lKT6H9chL199QoXIOtaVSTGiIdcACHzoRv3QLuwugIP1ibCfoeYsI+9N7
6OKh856ca0uAlf5lPkYfaKoJzHeTVgLwj+z4OCOE0ls7N09lvODXtIe8alee4LU4
k7cTox5Z8EQ9rGtqWwv9vDQcCJHZGo7KgPtT0KCGnailB2TC/bc68OPBRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFyE3IUQ+n5LcdcHA/mpEH/pa8e2MB8GA1UdIwQY
MBaAFAtM+r5H6ShfZfHy1oa6rxW4tBdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzB6NnZrZnBLRjlsOGZMV2hycXZGYmkwRjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8xYWJlOGEtNDVhMi00MTU2LTk4ZDct
NjgwNmUzZDRjZTRmLzEvWElUY2hSRDZma3R4MXdjRC1ha1FmLWxyeDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8xYWJlOGEtNDVhMi00MTU2LTk4ZDctNjgwNmUzZDRjZTRm
LzEvQzB6NnZrZnBLRjlsOGZMV2hycXZGYmkwRjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDvFyQAwQA
wS5JMA0EAgACMAcDBQMqAg1YMA0GCSqGSIb3DQEBCwUAA4IBAQAGmrNBYFnI+jat
6EFvSQJr3aPUHpNru1xjqBhihVLwcbuEqkL92fkA1iaa5GUvdNQVljIWdty2YcR4
3N/gBmMtFL3jv4GO5vykmJ0Ty6TUfAMQhMWZAhAZOl25YkI+Qb3tw2RfMTIvDJJZ
YWbJZ4WUzi8UKxcNOKGS6zZu8pWNkpNo8LtaAd+fKNkCfOSvGoFzRD++2ObAbdNj
j8eoXWEGhFJs6avJLqDmWEb0JNKsXnlZ5vT61DBfYrvZ6jsyr1HRcOFxS+REXlV2
BwV8IkgCnzTH/xqEFGgZjOdvHJh0I6UF6V343WIvNM6Y05qBeatqJBlBj8q0nwSh
a4DLF4YV
-----END CERTIFICATE-----