Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/XIWD4tmKPBUNLGHuM83XfdqSQLo.roa
File:                     XIWD4tmKPBUNLGHuM83XfdqSQLo.roa (raw, json)
Hash identifier:          1D5W9f26KTQarHJTs0xIKCgYO2HEyTRn2m31rQHLa2g=
Subject key identifier:   5C:85:83:E2:D9:8A:3C:15:0D:2C:61:EE:33:CD:D7:7D:DA:92:40:BA
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       019421B1BE191C4108BD3666C320158AAD12
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/XIWD4tmKPBUNLGHuM83XfdqSQLo.roa
Signing time:             Wed 01 Jan 2025 11:48:04 +0000
ROA not before:           Wed 01 Jan 2025 11:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212982
IP address blocks:        146.19.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:be:19:1c:41:08:bd:36:66:c3:20:15:8a:ad:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c8583e2d98a3c150d2c61ee33cdd77dda9240ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:46:ac:de:36:6b:2f:c3:ef:c4:2d:93:da:1b:
                    01:b3:10:be:21:0d:16:2f:30:14:9c:a5:a1:99:5b:
                    26:35:d4:92:77:78:a9:2c:98:dc:ef:23:47:b4:96:
                    06:af:59:07:f1:f3:98:bd:6a:e7:20:db:65:b7:62:
                    42:f5:0d:85:0f:f9:ac:cd:5c:cf:a4:df:4d:f5:6e:
                    0d:36:eb:09:9b:46:2f:7e:a9:11:c7:29:63:ee:95:
                    e8:9c:a3:81:d7:2b:40:1f:78:d9:eb:66:87:d9:81:
                    42:c9:f2:fb:2d:f7:21:33:35:88:46:c5:1d:7d:1e:
                    0c:a8:15:fe:f7:cd:9d:94:a0:fe:a6:61:73:c3:f5:
                    49:2f:12:12:50:bc:de:34:af:fd:21:74:ba:eb:39:
                    be:14:27:73:82:7b:fa:c1:14:35:90:f3:71:29:d4:
                    d1:1e:0c:0a:09:7a:bc:b6:5e:a6:1f:a8:c3:bd:9a:
                    10:76:48:99:73:57:e4:62:34:94:15:2c:1b:02:ab:
                    8c:e6:a5:8c:d4:74:b4:ba:e9:7e:02:8a:4a:7b:cf:
                    15:8f:bf:e2:70:c0:78:46:a0:98:fb:7d:9b:8c:72:
                    97:c3:77:51:2e:2f:ca:b6:a6:86:ac:01:66:6f:26:
                    45:ee:de:11:76:9c:70:36:db:ff:15:34:5c:73:0b:
                    b2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:85:83:E2:D9:8A:3C:15:0D:2C:61:EE:33:CD:D7:7D:DA:92:40:BA
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/XIWD4tmKPBUNLGHuM83XfdqSQLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:57:7a:42:e2:d1:2e:14:97:02:61:76:d8:2c:4f:ab:f7:b7:
         79:72:be:17:66:25:33:d4:c5:62:1b:ac:1f:70:dc:ac:fb:26:
         ec:70:b3:13:6b:b5:5d:5d:cf:ae:74:39:89:dc:b3:b4:4f:2d:
         8b:13:2a:db:20:83:b4:96:d1:8f:17:55:4b:45:08:84:01:dd:
         dc:b2:1f:84:58:4c:ff:7a:3a:26:02:c1:49:4f:b7:66:37:d8:
         c3:38:95:19:39:43:cc:05:6c:75:35:39:f2:fd:c6:28:74:1c:
         71:42:d6:2b:67:dd:fe:2e:cd:6d:b5:c1:8e:84:4d:1d:91:0d:
         1b:92:a2:2b:dd:88:21:2c:68:ef:f8:ee:c6:72:58:42:f1:70:
         ce:e3:00:8e:e8:db:77:eb:aa:13:3a:5c:29:17:52:62:16:82:
         69:ed:cc:b6:f2:a6:19:c5:08:51:9a:87:bd:0b:bb:8c:1e:3f:
         a1:2f:94:b8:b1:cd:d7:60:fd:da:75:e9:64:a8:d9:b3:58:00:
         cb:ca:60:81:ba:60:ba:9e:59:a2:d8:0b:33:74:33:e7:56:d8:
         f7:f2:a7:d9:68:03:f6:d1:22:5c:3e:2a:cb:9e:de:c5:60:11:
         6e:12:6b:dd:7b:8a:88:4b:e3:17:ba:cc:e9:05:df:46:a6:4a:
         bd:be:80:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsb4ZHEEIvTZmwyAViq0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzg1ODNlMmQ5OGEzYzE1MGQyYzYxZWUzM2NkZDc3ZGRhOTI0MGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kas3jZrL8PvxC2T2hsBsxC+IQ0W
LzAUnKWhmVsmNdSSd3ipLJjc7yNHtJYGr1kH8fOYvWrnINtlt2JC9Q2FD/mszVzP
pN9N9W4NNusJm0YvfqkRxylj7pXonKOB1ytAH3jZ62aH2YFCyfL7LfchMzWIRsUd
fR4MqBX+982dlKD+pmFzw/VJLxISULzeNK/9IXS66zm+FCdzgnv6wRQ1kPNxKdTR
HgwKCXq8tl6mH6jDvZoQdkiZc1fkYjSUFSwbAquM5qWM1HS0uul+AopKe88Vj7/i
cMB4RqCY+32bjHKXw3dRLi/KtqaGrAFmbyZF7t4RdpxwNtv/FTRccwuy/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyFg+LZijwVDSxh7jPN133akkC6MB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvWElXRDR0bUtQQlVOTEdIdU04M1hmZHFTUUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM7MA0G
CSqGSIb3DQEBCwUAA4IBAQAAV3pC4tEuFJcCYXbYLE+r97d5cr4XZiUz1MViG6wf
cNys+ybscLMTa7VdXc+udDmJ3LO0Ty2LEyrbIIO0ltGPF1VLRQiEAd3csh+EWEz/
ejomAsFJT7dmN9jDOJUZOUPMBWx1NTny/cYodBxxQtYrZ93+Ls1ttcGOhE0dkQ0b
kqIr3YghLGjv+O7GclhC8XDO4wCO6Nt366oTOlwpF1JiFoJp7cy28qYZxQhRmoe9
C7uMHj+hL5S4sc3XYP3adelkqNmzWADLymCBumC6nlmi2AszdDPnVtj38qfZaAP2
0SJcPirLnt7FYBFuEmvde4qIS+MXuszpBd9Gpkq9voB+
-----END CERTIFICATE-----