Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/60d02f-1163-4666-9be9-7dfbbae0368e/1/XiJTC9uZE64JLQ-yExGhaUIj9ts.roa
File:                     XiJTC9uZE64JLQ-yExGhaUIj9ts.roa (raw, json)
Hash identifier:          GHx3lHTTCp62cSR5kKkHCq7uXPra6/CRt/DIw9vc7JY=
Subject key identifier:   5E:22:53:0B:DB:99:13:AE:09:2D:0F:B2:13:11:A1:69:42:23:F6:DB
Certificate issuer:       /CN=c53b29170b56a84241f4b84fd4daff0836d503c6
Certificate serial:       019423D7FFC176F0ED1682AF619D2C482819
Authority key identifier: C5:3B:29:17:0B:56:A8:42:41:F4:B8:4F:D4:DA:FF:08:36:D5:03:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xTspFwtWqEJB9LhP1Nr_CDbVA8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/60d02f-1163-4666-9be9-7dfbbae0368e/1/XiJTC9uZE64JLQ-yExGhaUIj9ts.roa
Signing time:             Wed 01 Jan 2025 21:49:05 +0000
ROA not before:           Wed 01 Jan 2025 21:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51185
IP address blocks:        193.29.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/60d02f-1163-4666-9be9-7dfbbae0368e/1/xTspFwtWqEJB9LhP1Nr_CDbVA8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/60d02f-1163-4666-9be9-7dfbbae0368e/1/xTspFwtWqEJB9LhP1Nr_CDbVA8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xTspFwtWqEJB9LhP1Nr_CDbVA8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 00:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:ff:c1:76:f0:ed:16:82:af:61:9d:2c:48:28:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53b29170b56a84241f4b84fd4daff0836d503c6
        Validity
            Not Before: Jan  1 21:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e22530bdb9913ae092d0fb21311a1694223f6db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5b:b8:02:2e:94:46:15:4b:b3:ea:7d:a1:00:
                    f8:d3:c7:04:50:94:36:cf:af:86:37:21:83:54:0a:
                    ce:c5:b8:0b:12:92:45:2b:9b:46:90:ff:8b:e8:25:
                    54:09:ce:20:ab:8a:cf:4d:8e:da:2d:a9:86:6d:98:
                    08:9b:77:af:67:9b:99:9a:dd:e8:ea:0d:d2:ae:33:
                    3c:1f:1a:59:0f:df:76:3d:2c:e5:eb:ec:5b:46:dd:
                    04:e8:c5:7f:07:f7:62:b6:81:ac:58:a7:32:6c:89:
                    ac:dc:b3:e9:4d:12:22:1f:0f:4b:bf:09:b8:30:33:
                    a7:22:73:54:17:42:8f:77:78:bf:bb:74:b9:b7:c1:
                    c6:00:21:8e:f7:5d:0c:5c:c8:71:03:26:f4:78:b4:
                    68:8b:67:be:31:54:0f:cb:1a:ca:57:ae:ed:b9:03:
                    fe:b9:01:2e:8f:83:dc:ca:a5:f4:f5:f8:42:1e:46:
                    f7:e7:0a:53:66:fb:89:d7:32:4e:52:9c:46:90:8b:
                    11:0d:a7:ad:3e:57:fa:8d:03:8b:f5:bb:5e:81:d2:
                    23:3d:ef:fe:85:f0:6e:85:fe:08:db:88:6b:a1:de:
                    8a:7c:ad:16:e3:e8:10:3b:f7:77:42:3c:d6:b3:5a:
                    cf:86:1b:e0:3d:ad:ab:25:07:0f:2a:77:49:15:ad:
                    82:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:22:53:0B:DB:99:13:AE:09:2D:0F:B2:13:11:A1:69:42:23:F6:DB
            X509v3 Authority Key Identifier:
                keyid:C5:3B:29:17:0B:56:A8:42:41:F4:B8:4F:D4:DA:FF:08:36:D5:03:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xTspFwtWqEJB9LhP1Nr_CDbVA8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/60d02f-1163-4666-9be9-7dfbbae0368e/1/XiJTC9uZE64JLQ-yExGhaUIj9ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/60d02f-1163-4666-9be9-7dfbbae0368e/1/xTspFwtWqEJB9LhP1Nr_CDbVA8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:46:e3:1f:ba:ed:bc:93:bd:88:99:7b:42:e5:62:88:76:8f:
         a5:ca:0f:41:39:a9:25:30:8d:56:fd:aa:44:50:bd:43:5b:55:
         47:e9:46:65:3d:aa:05:2e:b4:86:ec:13:a6:c2:a4:ac:36:d6:
         89:8c:01:b7:b4:b8:7d:56:a6:bf:46:ae:2c:a2:84:b4:98:e7:
         fd:87:6c:0d:46:74:97:a3:0b:2b:46:c2:56:4b:14:61:31:96:
         8e:10:6c:8d:07:58:58:8b:a7:af:9e:84:43:6b:c0:91:0f:f7:
         fe:8a:ab:c7:52:28:c2:20:ef:6d:e9:14:a7:9c:e6:79:3c:d1:
         32:8c:58:5c:9b:2d:9a:d9:6c:7a:6a:9b:49:60:c1:78:02:b9:
         05:26:bb:89:9e:6c:13:52:bd:55:f3:f7:c2:25:a3:3d:a7:68:
         78:e0:57:ca:e9:82:1f:3c:b5:78:7e:84:90:a8:e9:89:e2:ce:
         09:c2:41:b3:c0:a7:0a:6f:d6:3e:6a:90:4a:e9:61:f9:06:3a:
         73:00:55:e8:6f:55:17:67:3a:cc:09:83:fa:1c:5a:7b:71:32:
         c4:ba:74:ca:fa:fa:f4:ba:36:0c:9d:35:e4:1d:e5:b4:0d:c0:
         a2:08:02:db:2b:5c:4f:19:49:08:36:19:74:1c:60:cd:8e:be:
         70:bf:81:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1//BdvDtFoKvYZ0sSCgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2IyOTE3MGI1NmE4NDI0MWY0Yjg0ZmQ0ZGFmZjA4MzZk
NTAzYzYwHhcNMjUwMTAxMjE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTIyNTMwYmRiOTkxM2FlMDkyZDBmYjIxMzExYTE2OTQyMjNmNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFu4Ai6URhVLs+p9oQD408cEUJQ2
z6+GNyGDVArOxbgLEpJFK5tGkP+L6CVUCc4gq4rPTY7aLamGbZgIm3evZ5uZmt3o
6g3SrjM8HxpZD992PSzl6+xbRt0E6MV/B/ditoGsWKcybIms3LPpTRIiHw9Lvwm4
MDOnInNUF0KPd3i/u3S5t8HGACGO910MXMhxAyb0eLRoi2e+MVQPyxrKV67tuQP+
uQEuj4PcyqX09fhCHkb35wpTZvuJ1zJOUpxGkIsRDaetPlf6jQOL9btegdIjPe/+
hfBuhf4I24hrod6KfK0W4+gQO/d3QjzWs1rPhhvgPa2rJQcPKndJFa2CZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4iUwvbmROuCS0PshMRoWlCI/bbMB8GA1UdIwQY
MBaAFMU7KRcLVqhCQfS4T9Ta/wg21QPGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFRzcEZ3dFdxRUpCOUxoUDFOcl9DRGJWQThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82MGQwMmYtMTE2My00NjY2LTliZTkt
N2RmYmJhZTAzNjhlLzEvWGlKVEM5dVpFNjRKTFEteUV4R2hhVUlqOXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82MGQwMmYtMTE2My00NjY2LTliZTktN2RmYmJhZTAzNjhl
LzEveFRzcEZ3dFdxRUpCOUxoUDFOcl9DRGJWQThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR0VMA0G
CSqGSIb3DQEBCwUAA4IBAQCCRuMfuu28k72ImXtC5WKIdo+lyg9BOaklMI1W/apE
UL1DW1VH6UZlPaoFLrSG7BOmwqSsNtaJjAG3tLh9Vqa/Rq4sooS0mOf9h2wNRnSX
owsrRsJWSxRhMZaOEGyNB1hYi6evnoRDa8CRD/f+iqvHUijCIO9t6RSnnOZ5PNEy
jFhcmy2a2Wx6aptJYMF4ArkFJruJnmwTUr1V8/fCJaM9p2h44FfK6YIfPLV4foSQ
qOmJ4s4JwkGzwKcKb9Y+apBK6WH5BjpzAFXob1UXZzrMCYP6HFp7cTLEunTK+vr0
ujYMnTXkHeW0DcCiCALbK1xPGUkINhl0HGDNjr5wv4F9
-----END CERTIFICATE-----