Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/XSbdHCVCRCiTj8mv8uqC5jKu2Wc.roa
File:                     XSbdHCVCRCiTj8mv8uqC5jKu2Wc.roa (raw, json)
Hash identifier:          5E+fKGQdMloCaM1N6c8AjIuVH6v9QdhsvGHXvp3zGN0=
Subject key identifier:   5D:26:DD:1C:25:42:44:28:93:8F:C9:AF:F2:EA:82:E6:32:AE:D9:67
Certificate issuer:       /CN=c5a82f3936f244edcb6013e121d51a7690d13599
Certificate serial:       01941F8C869438DBC65EBB067F358C3170D0
Authority key identifier: C5:A8:2F:39:36:F2:44:ED:CB:60:13:E1:21:D5:1A:76:90:D1:35:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xagvOTbyRO3LYBPhIdUadpDRNZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/XSbdHCVCRCiTj8mv8uqC5jKu2Wc.roa
Signing time:             Wed 01 Jan 2025 01:48:10 +0000
ROA not before:           Wed 01 Jan 2025 01:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        185.203.91.0/24 maxlen: 24
                          2a10:8c00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/xagvOTbyRO3LYBPhIdUadpDRNZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/xagvOTbyRO3LYBPhIdUadpDRNZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xagvOTbyRO3LYBPhIdUadpDRNZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:86:94:38:db:c6:5e:bb:06:7f:35:8c:31:70:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5a82f3936f244edcb6013e121d51a7690d13599
        Validity
            Not Before: Jan  1 01:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d26dd1c25424428938fc9aff2ea82e632aed967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:69:a6:7c:3e:23:13:6c:79:a6:d2:4c:5d:f3:
                    c7:f4:fe:5e:69:ad:aa:4e:f0:dc:d2:7d:d5:22:00:
                    af:e7:59:0e:3b:ff:d2:ce:ae:02:f1:88:f3:d8:e6:
                    59:02:0e:f5:01:9d:40:58:45:c4:57:e0:1d:56:66:
                    7a:11:5c:02:d7:72:31:26:0e:d4:20:37:75:c4:85:
                    a7:81:39:0d:4f:a8:ab:9a:0a:9c:19:e7:89:0e:90:
                    65:3d:b4:b4:c3:8f:87:8c:53:a7:42:01:1c:52:02:
                    14:b9:80:8f:12:1e:a8:0a:17:c1:ac:26:60:82:4e:
                    bc:a2:7c:34:ad:36:b7:1d:90:76:6e:ba:72:13:26:
                    83:01:c2:20:23:a3:42:07:cd:48:9a:fb:1a:df:3d:
                    00:aa:8d:b1:e4:db:18:a9:54:0a:d6:ea:19:66:97:
                    e2:02:23:f2:c8:90:27:11:2c:d7:d1:ea:a3:e3:4b:
                    6d:e3:be:b3:75:7e:b4:1d:35:d9:f5:c4:ab:92:05:
                    51:1b:cc:bf:82:96:34:5b:8a:64:b9:7c:10:58:6c:
                    83:de:2a:7a:ee:82:89:08:d7:a0:10:29:7b:69:7e:
                    10:75:45:fa:34:54:d0:40:cc:0c:f7:6f:c0:2e:e6:
                    01:a2:63:25:22:24:04:02:22:54:df:62:34:f2:78:
                    37:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:26:DD:1C:25:42:44:28:93:8F:C9:AF:F2:EA:82:E6:32:AE:D9:67
            X509v3 Authority Key Identifier:
                keyid:C5:A8:2F:39:36:F2:44:ED:CB:60:13:E1:21:D5:1A:76:90:D1:35:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xagvOTbyRO3LYBPhIdUadpDRNZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/XSbdHCVCRCiTj8mv8uqC5jKu2Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/xagvOTbyRO3LYBPhIdUadpDRNZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.91.0/24
                IPv6:
                  2a10:8c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:e0:15:bd:84:1a:55:56:65:86:50:07:e4:49:4e:32:e5:e1:
         2a:8a:f4:14:86:fb:d2:10:1f:85:fb:9e:c4:d6:be:58:2f:21:
         d5:e3:87:b3:fc:c8:95:65:50:82:0f:4a:89:e8:00:73:ce:96:
         b2:77:7b:e8:cc:df:80:cb:49:c9:30:8c:ec:d8:c2:79:e9:94:
         d6:f7:9c:1c:0b:76:14:61:76:1b:42:38:6a:fe:b5:1f:4c:03:
         07:03:51:e1:8e:ab:f6:12:b2:36:3d:0c:41:ef:69:6b:de:fa:
         40:ac:d3:29:08:54:0d:81:f5:fb:1d:81:c1:d5:c6:1a:80:0b:
         b3:5f:c4:13:c8:47:fe:b1:de:cb:34:fd:3e:29:de:81:00:8c:
         1a:f1:93:4c:41:3f:41:a8:0f:8a:ce:03:68:ac:8c:90:c3:b3:
         67:89:a6:9d:38:5a:5e:8f:44:9c:e1:50:78:8d:08:b1:42:9b:
         13:52:2d:e0:a1:d1:a1:0c:84:3a:b6:a8:a9:92:98:46:83:12:
         82:72:98:67:a2:60:46:36:de:59:d1:ed:5e:15:f6:7f:dc:a1:
         2f:83:4d:7a:93:51:e3:b9:5c:e6:7a:b4:05:e3:f9:10:94:6e:
         ea:5a:08:72:e4:2b:ce:d8:ca:17:76:b5:f3:be:6c:8a:0a:87:
         6d:84:92:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjIaUONvGXrsGfzWMMXDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YTgyZjM5MzZmMjQ0ZWRjYjYwMTNlMTIxZDUxYTc2OTBk
MTM1OTkwHhcNMjUwMTAxMDE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDI2ZGQxYzI1NDI0NDI4OTM4ZmM5YWZmMmVhODJlNjMyYWVkOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmmmfD4jE2x5ptJMXfPH9P5eaa2q
TvDc0n3VIgCv51kOO//Szq4C8Yjz2OZZAg71AZ1AWEXEV+AdVmZ6EVwC13IxJg7U
IDd1xIWngTkNT6irmgqcGeeJDpBlPbS0w4+HjFOnQgEcUgIUuYCPEh6oChfBrCZg
gk68onw0rTa3HZB2brpyEyaDAcIgI6NCB81Imvsa3z0Aqo2x5NsYqVQK1uoZZpfi
AiPyyJAnESzX0eqj40tt476zdX60HTXZ9cSrkgVRG8y/gpY0W4pkuXwQWGyD3ip6
7oKJCNegECl7aX4QdUX6NFTQQMwM92/ALuYBomMlIiQEAiJU32I08ng3CwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF0m3RwlQkQok4/Jr/LqguYyrtlnMB8GA1UdIwQY
MBaAFMWoLzk28kTty2AT4SHVGnaQ0TWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGFndk9UYnlSTzNMWUJQaElkVWFkcERSTlprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS81ZjhjZWEtNTRiYS00OTY1LWE0NTQt
MDdhNDQ5YTUwZjA4LzEvWFNiZEhDVkNSQ2lUajhtdjh1cUM1akt1MldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS81ZjhjZWEtNTRiYS00OTY1LWE0NTQtMDdhNDQ5YTUwZjA4
LzEveGFndk9UYnlSTzNMWUJQaElkVWFkcERSTlprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuctbMA0E
AgACMAcDBQAqEIwAMA0GCSqGSIb3DQEBCwUAA4IBAQCC4BW9hBpVVmWGUAfkSU4y
5eEqivQUhvvSEB+F+57E1r5YLyHV44ez/MiVZVCCD0qJ6ABzzpayd3vozN+Ay0nJ
MIzs2MJ56ZTW95wcC3YUYXYbQjhq/rUfTAMHA1Hhjqv2ErI2PQxB72lr3vpArNMp
CFQNgfX7HYHB1cYagAuzX8QTyEf+sd7LNP0+Kd6BAIwa8ZNMQT9BqA+KzgNorIyQ
w7NniaadOFpej0Sc4VB4jQixQpsTUi3godGhDIQ6tqipkphGgxKCcphnomBGNt5Z
0e1eFfZ/3KEvg016k1HjuVzmerQF4/kQlG7qWghy5CvO2MoXdrXzvmyKCodthJJy
-----END CERTIFICATE-----