Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xCfrl_yTaRDRm0vmBuOBHpz3akk.roa
File:                     xCfrl_yTaRDRm0vmBuOBHpz3akk.roa (raw, json)
Hash identifier:          dPURmmZMes4Nw4UC+GeQZdgQblwkH2EM6ubPen4ARTQ=
Subject key identifier:   C4:27:EB:97:FC:93:69:10:D1:9B:4B:E6:06:E3:81:1E:9C:F7:6A:49
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0196AA34D571616393B94FF0F3D480E017AF
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xCfrl_yTaRDRm0vmBuOBHpz3akk.roa
Signing time:             Wed 07 May 2025 10:05:11 +0000
ROA not before:           Wed 07 May 2025 10:05:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        45.81.154.0/24 maxlen: 24
                          193.8.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:34:d5:71:61:63:93:b9:4f:f0:f3:d4:80:e0:17:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May  7 10:05:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c427eb97fc936910d19b4be606e3811e9cf76a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:02:a7:0c:b0:63:82:8e:e4:72:2f:6a:75:18:
                    7b:7c:f1:4d:59:d4:05:b7:d9:2f:38:f5:58:21:e8:
                    2e:5f:2b:c2:ef:30:ef:66:d0:8c:f3:8f:cb:57:88:
                    46:43:0a:7e:96:17:0a:f5:b5:be:18:f2:b0:37:c8:
                    39:b9:1a:28:94:f0:30:23:86:01:96:fd:88:45:f2:
                    e3:2d:c3:36:09:fe:55:4c:fa:df:67:bd:67:85:55:
                    95:9c:fb:df:27:fe:d0:4e:2f:00:6c:c4:38:82:d2:
                    aa:fe:fd:63:c7:11:47:27:92:e9:35:4d:24:fc:ee:
                    a1:c3:29:0d:5c:5f:da:4d:b8:61:7d:6c:04:cc:ac:
                    c8:26:c4:ce:9b:e5:c6:f4:13:11:65:dd:0c:4a:9d:
                    a5:9f:13:bd:0d:1e:66:aa:69:e6:90:50:7d:be:72:
                    dd:0f:4d:ef:6d:d9:43:1e:f6:e6:c2:e7:c6:d2:84:
                    b3:cf:fe:38:35:44:a1:c8:81:56:38:c4:6e:c6:ec:
                    f7:38:17:b0:7c:cf:19:64:e3:8b:63:a8:a4:c0:8b:
                    bb:bf:a2:c7:ff:29:d9:2c:80:2f:d6:a4:35:9a:20:
                    81:28:55:4c:bd:26:77:8c:75:37:c0:79:35:c8:2c:
                    62:2a:c0:b6:72:1b:b2:89:64:59:f7:21:16:b6:09:
                    20:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:27:EB:97:FC:93:69:10:D1:9B:4B:E6:06:E3:81:1E:9C:F7:6A:49
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xCfrl_yTaRDRm0vmBuOBHpz3akk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.154.0/24
                  193.8.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:81:22:1b:41:28:8b:9a:bc:a5:8b:97:49:da:b5:f0:82:4e:
         4a:7a:d3:47:ef:e9:d6:19:d7:2a:cb:24:da:91:99:aa:ee:a2:
         ec:5e:84:70:c5:04:01:bd:0d:bc:9d:b7:77:02:64:97:e4:3c:
         7d:57:dc:6a:04:17:e5:8b:6b:ed:46:e8:5f:d7:78:91:8e:0d:
         75:e1:bd:9d:f2:a8:a1:c0:53:6c:7d:f7:67:91:07:44:9a:11:
         8c:96:d0:d6:a6:08:06:57:c6:78:3b:8f:64:f6:c6:31:f5:16:
         75:51:8e:46:2f:2e:50:4a:5b:70:db:5f:f8:fd:11:38:ee:b3:
         14:99:5a:e8:d3:20:d2:f7:96:ec:86:e1:0e:2a:1d:c6:62:1f:
         51:52:b8:08:8f:82:30:48:6a:f4:42:ef:1a:6f:82:5a:32:42:
         94:7e:9a:11:1e:a3:d6:9f:ad:5c:4b:12:d8:87:f5:41:65:b9:
         81:e3:44:16:7d:bc:53:64:62:4b:a7:81:f3:aa:19:a8:80:9b:
         f1:ad:e8:ea:a4:e8:17:fb:e5:a9:61:ba:c5:a3:48:fa:81:25:
         89:30:bb:c4:4c:6a:f3:7d:e8:b7:17:c8:9c:7a:bd:18:00:ad:
         64:6c:1d:06:83:a7:85:29:6c:7f:16:b8:ae:aa:97:60:10:8f:
         0b:34:bd:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaqNNVxYWOTuU/w89SA4BevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNTA3MTAwNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDI3ZWI5N2ZjOTM2OTEwZDE5YjRiZTYwNmUzODExZTljZjc2YTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgKnDLBjgo7kci9qdRh7fPFNWdQF
t9kvOPVYIeguXyvC7zDvZtCM84/LV4hGQwp+lhcK9bW+GPKwN8g5uRoolPAwI4YB
lv2IRfLjLcM2Cf5VTPrfZ71nhVWVnPvfJ/7QTi8AbMQ4gtKq/v1jxxFHJ5LpNU0k
/O6hwykNXF/aTbhhfWwEzKzIJsTOm+XG9BMRZd0MSp2lnxO9DR5mqmnmkFB9vnLd
D03vbdlDHvbmwufG0oSzz/44NUShyIFWOMRuxuz3OBewfM8ZZOOLY6ikwIu7v6LH
/ynZLIAv1qQ1miCBKFVMvSZ3jHU3wHk1yCxiKsC2chuyiWRZ9yEWtgkgJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMQn65f8k2kQ0ZtL5gbjgR6c92pJMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveENmcmxfeVRhUkRSbTB2bUJ1T0JIcHozYWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVGaAwQA
wQhyMA0GCSqGSIb3DQEBCwUAA4IBAQCJgSIbQSiLmryli5dJ2rXwgk5KetNH7+nW
GdcqyyTakZmq7qLsXoRwxQQBvQ28nbd3AmSX5Dx9V9xqBBfli2vtRuhf13iRjg11
4b2d8qihwFNsffdnkQdEmhGMltDWpggGV8Z4O49k9sYx9RZ1UY5GLy5QSltw21/4
/RE47rMUmVro0yDS95bshuEOKh3GYh9RUrgIj4IwSGr0Qu8ab4JaMkKUfpoRHqPW
n61cSxLYh/VBZbmB40QWfbxTZGJLp4HzqhmogJvxrejqpOgX++WpYbrFo0j6gSWJ
MLvETGrzfei3F8icer0YAK1kbB0Gg6eFKWx/FriuqpdgEI8LNL0I
-----END CERTIFICATE-----