Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/XGP4BVjR9mKecY9_Y5PB3S55Op8.roa
File:                     XGP4BVjR9mKecY9_Y5PB3S55Op8.roa (raw, json)
Hash identifier:          LBuVoXcYp6eMyvTKDWsBH0kGww7zomqnau8IZ80K36I=
Subject key identifier:   5C:63:F8:05:58:D1:F6:62:9E:71:8F:7F:63:93:C1:DD:2E:79:3A:9F
Certificate issuer:       /CN=9cb80bc4b597c176bd8538c188fec73da25e6e84
Certificate serial:       0194258E802DBA857B82B7D2970E3B0ABA87
Authority key identifier: 9C:B8:0B:C4:B5:97:C1:76:BD:85:38:C1:88:FE:C7:3D:A2:5E:6E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/XGP4BVjR9mKecY9_Y5PB3S55Op8.roa
Signing time:             Thu 02 Jan 2025 05:48:03 +0000
ROA not before:           Thu 02 Jan 2025 05:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203248
IP address blocks:        185.163.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:80:2d:ba:85:7b:82:b7:d2:97:0e:3b:0a:ba:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb80bc4b597c176bd8538c188fec73da25e6e84
        Validity
            Not Before: Jan  2 05:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c63f80558d1f6629e718f7f6393c1dd2e793a9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:92:40:8f:49:3e:5f:83:a5:cc:08:94:47:e7:
                    29:df:a6:df:7e:b4:cd:4c:42:4e:f7:af:2e:f6:6f:
                    11:27:1c:5e:de:e2:db:a4:8e:58:52:63:8e:0f:8c:
                    7a:b2:f9:d6:88:7b:f0:14:1d:e4:1e:7c:c8:e0:b1:
                    51:33:af:57:85:28:42:d4:07:3c:e6:b5:1b:a3:cb:
                    4e:3b:8f:17:9a:48:ed:dd:9f:04:92:fb:e5:60:e6:
                    d5:96:4f:76:8f:f1:d4:fd:84:b9:c9:ab:68:33:43:
                    54:88:43:b6:17:26:df:a8:51:19:c1:16:a0:8f:f1:
                    1d:c6:91:f9:d7:43:90:e8:51:20:4a:b7:65:3d:c1:
                    6a:ad:58:0a:4e:fd:92:a6:05:df:a2:68:69:2f:c1:
                    b7:3e:fd:15:08:17:a6:3e:c9:e7:cc:69:ea:15:c3:
                    32:73:0a:4c:23:fe:86:a5:69:2d:ef:d2:f1:17:77:
                    76:11:b4:7e:15:35:3b:69:30:40:d2:08:20:11:12:
                    7f:92:a0:99:85:79:92:4a:d7:14:a2:e7:68:ca:07:
                    70:74:62:6d:33:2f:9e:94:a1:4e:92:56:f2:3f:89:
                    66:69:2f:ff:42:75:24:9e:17:77:69:cc:09:40:48:
                    3b:3a:92:7e:c4:43:b0:02:25:db:9c:75:ad:0f:01:
                    b4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:63:F8:05:58:D1:F6:62:9E:71:8F:7F:63:93:C1:DD:2E:79:3A:9F
            X509v3 Authority Key Identifier:
                keyid:9C:B8:0B:C4:B5:97:C1:76:BD:85:38:C1:88:FE:C7:3D:A2:5E:6E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/XGP4BVjR9mKecY9_Y5PB3S55Op8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:5f:77:1b:08:61:3c:77:20:93:f9:0f:a2:16:13:f4:a1:80:
         7e:c7:7c:6b:b3:03:06:9e:b5:bd:21:a7:d3:b6:bb:f7:90:60:
         1d:5c:a8:07:48:27:70:0b:6a:5c:ed:9d:d5:44:1e:f8:1c:ef:
         e4:b4:a4:9b:f7:e2:46:1b:a3:d8:27:91:ec:e0:44:71:c6:d1:
         de:5a:2c:85:26:79:f9:77:73:95:55:6d:df:cc:9a:93:e4:4b:
         9c:32:2f:4e:dc:bc:ba:d0:a1:64:4f:8d:b9:91:f9:57:c8:37:
         2e:72:bd:32:d5:4b:14:b7:5f:1e:8e:b3:d5:18:98:e2:28:49:
         96:ee:0d:9b:3d:a7:cc:3d:a9:f6:17:ee:bb:fa:ed:a4:a5:d7:
         26:48:5f:9b:92:13:ee:5a:1d:fd:42:49:03:4d:74:01:44:f5:
         19:44:89:e2:f9:a3:a7:91:e0:3f:e4:f1:06:a6:b8:6b:f7:76:
         73:44:d6:77:22:d1:a9:69:ed:51:90:b9:cf:64:d9:36:dc:3b:
         fc:e4:c7:f1:21:c7:27:32:ef:dc:42:9f:a0:0e:44:b2:87:cf:
         50:ad:96:45:f6:5e:ce:aa:6d:86:49:9d:00:91:14:ea:09:80:
         c1:32:62:92:09:0c:c2:3c:d1:23:43:57:9a:5e:4a:85:fc:a4:
         dc:f6:94:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljoAtuoV7grfSlw47CrqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjgwYmM0YjU5N2MxNzZiZDg1MzhjMTg4ZmVjNzNkYTI1
ZTZlODQwHhcNMjUwMTAyMDU0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzYzZjgwNTU4ZDFmNjYyOWU3MThmN2Y2MzkzYzFkZDJlNzkzYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5JAj0k+X4OlzAiUR+cp36bffrTN
TEJO968u9m8RJxxe3uLbpI5YUmOOD4x6svnWiHvwFB3kHnzI4LFRM69XhShC1Ac8
5rUbo8tOO48Xmkjt3Z8EkvvlYObVlk92j/HU/YS5yatoM0NUiEO2FybfqFEZwRag
j/EdxpH510OQ6FEgSrdlPcFqrVgKTv2SpgXfomhpL8G3Pv0VCBemPsnnzGnqFcMy
cwpMI/6GpWkt79LxF3d2EbR+FTU7aTBA0gggERJ/kqCZhXmSStcUoudoygdwdGJt
My+elKFOklbyP4lmaS//QnUknhd3acwJQEg7OpJ+xEOwAiXbnHWtDwG0uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxj+AVY0fZinnGPf2OTwd0ueTqfMB8GA1UdIwQY
MBaAFJy4C8S1l8F2vYU4wYj+xz2iXm6EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxnTHhMV1h3WGE5aFRqQmlQN0hQYUplYm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi83MjBjMDQtZTljNy00OGIyLThmZWMt
OWNmZTFiNTdjZDIwLzEvWEdQNEJWalI5bUtlY1k5X1k1UEIzUzU1T3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi83MjBjMDQtZTljNy00OGIyLThmZWMtOWNmZTFiNTdjZDIw
LzEvbkxnTHhMV1h3WGE5aFRqQmlQN0hQYUplYm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaODMA0G
CSqGSIb3DQEBCwUAA4IBAQBJX3cbCGE8dyCT+Q+iFhP0oYB+x3xrswMGnrW9IafT
trv3kGAdXKgHSCdwC2pc7Z3VRB74HO/ktKSb9+JGG6PYJ5Hs4ERxxtHeWiyFJnn5
d3OVVW3fzJqT5EucMi9O3Ly60KFkT425kflXyDcucr0y1UsUt18ejrPVGJjiKEmW
7g2bPafMPan2F+67+u2kpdcmSF+bkhPuWh39QkkDTXQBRPUZRIni+aOnkeA/5PEG
prhr93ZzRNZ3ItGpae1RkLnPZNk23Dv85MfxIccnMu/cQp+gDkSyh89QrZZF9l7O
qm2GSZ0AkRTqCYDBMmKSCQzCPNEjQ1eaXkqF/KTc9pQy
-----END CERTIFICATE-----