Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/XmW1bZIMAH1eUiD8pIh2qe-nzi4.roa
File:                     XmW1bZIMAH1eUiD8pIh2qe-nzi4.roa (raw, json)
Hash identifier:          OGkNzBo8j0AN5nV1X1VDsvF/YywJ3+cRgQIpDFVours=
Subject key identifier:   5E:65:B5:6D:92:0C:00:7D:5E:52:20:FC:A4:88:76:A9:EF:A7:CE:2E
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       0198E69E3315158C0EB7FB79453DA23F6A41
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/XmW1bZIMAH1eUiD8pIh2qe-nzi4.roa
Signing time:             Tue 26 Aug 2025 13:43:04 +0000
ROA not before:           Tue 26 Aug 2025 13:43:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        84.239.60.0/24 maxlen: 24
                          84.239.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:9e:33:15:15:8c:0e:b7:fb:79:45:3d:a2:3f:6a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Aug 26 13:43:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e65b56d920c007d5e5220fca48876a9efa7ce2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6b:24:c1:a7:6a:3f:93:d0:88:f9:20:cc:74:
                    62:6a:17:14:06:9c:89:3a:57:fa:db:58:97:3e:40:
                    61:5f:24:d0:de:4a:84:74:ef:bf:8d:49:d2:d7:19:
                    5a:c4:2c:ad:e2:d1:37:90:49:3d:c8:77:9e:38:9b:
                    b4:a2:7d:cf:e8:61:64:8c:87:bd:7f:44:bb:b2:fb:
                    f9:35:e5:63:b0:a4:ef:65:be:cd:c7:4e:49:3c:17:
                    f7:ed:eb:45:a7:4d:57:44:29:f6:ff:98:e4:da:1f:
                    d6:c1:35:47:5b:14:09:41:f7:a1:55:a9:6c:ec:7e:
                    cf:78:1d:a2:08:f6:cc:48:3f:1d:54:d8:cf:7f:7d:
                    18:be:51:70:ae:df:de:21:06:6c:c6:a3:3c:2f:56:
                    29:6e:9d:d7:7d:e1:51:f8:52:1b:36:d6:4f:50:02:
                    af:d2:44:5e:e1:c3:1f:1e:3a:eb:2b:62:2d:48:3a:
                    2c:d7:c9:91:f0:fc:89:28:e6:28:4a:cf:62:e1:bd:
                    a2:c1:07:1f:9b:ec:4e:1b:fb:f4:7f:72:8e:3d:ee:
                    ac:f1:4f:6d:5f:0e:21:4d:11:cd:11:c9:62:a3:19:
                    f1:6c:b9:98:27:b6:75:bf:e6:cb:be:c2:9d:dd:02:
                    17:73:c8:a8:d0:80:95:c3:df:84:7e:5a:50:00:88:
                    a1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:65:B5:6D:92:0C:00:7D:5E:52:20:FC:A4:88:76:A9:EF:A7:CE:2E
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/XmW1bZIMAH1eUiD8pIh2qe-nzi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.239.60.0/24
                  84.239.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:4f:9c:d5:32:3e:4d:7f:2a:e5:52:f2:03:0d:4d:53:31:eb:
         6d:02:0b:ec:e9:40:9a:73:50:86:0c:f5:6d:19:1e:32:dc:13:
         c8:66:69:54:35:e9:7b:64:19:93:0e:c2:82:87:9f:e2:41:e8:
         45:49:ec:ca:3f:d8:40:60:4e:4d:bf:86:66:5e:61:da:54:34:
         c0:13:60:65:18:b6:26:6a:19:68:7a:2c:e1:2b:52:ab:46:f9:
         49:ac:f0:b2:f3:a5:91:4b:23:14:96:72:91:bf:03:15:f2:64:
         4c:09:1c:42:f3:fb:c5:32:d8:15:68:e3:fc:5f:84:09:cd:16:
         d3:cd:c9:58:18:88:30:ba:5e:9a:9a:1d:7d:59:a4:51:7e:63:
         3b:6e:63:a8:41:b0:b6:7c:09:4a:db:a3:13:c8:e1:35:50:fa:
         a2:71:df:20:57:c6:58:75:b3:79:40:6f:a4:28:f4:10:0c:b9:
         57:6b:95:84:83:39:d6:17:c0:95:69:87:b7:3c:fd:71:a3:53:
         7f:c8:a3:75:6b:e2:88:a6:3f:19:56:24:67:bd:e9:a9:43:d4:
         4b:7f:d4:79:e7:40:99:ab:63:af:95:d8:a5:11:39:0c:29:ad:
         7c:20:82:87:84:d6:44:e3:6b:4d:74:0d:f7:40:89:88:c7:1a:
         cb:fe:10:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjmnjMVFYwOt/t5RT2iP2pBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjUwODI2MTM0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY1YjU2ZDkyMGMwMDdkNWU1MjIwZmNhNDg4NzZhOWVmYTdjZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2skwadqP5PQiPkgzHRiahcUBpyJ
Olf621iXPkBhXyTQ3kqEdO+/jUnS1xlaxCyt4tE3kEk9yHeeOJu0on3P6GFkjIe9
f0S7svv5NeVjsKTvZb7Nx05JPBf37etFp01XRCn2/5jk2h/WwTVHWxQJQfehVals
7H7PeB2iCPbMSD8dVNjPf30YvlFwrt/eIQZsxqM8L1Ypbp3XfeFR+FIbNtZPUAKv
0kRe4cMfHjrrK2ItSDos18mR8PyJKOYoSs9i4b2iwQcfm+xOG/v0f3KOPe6s8U9t
Xw4hTRHNEclioxnxbLmYJ7Z1v+bLvsKd3QIXc8io0ICVw9+EflpQAIihlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF5ltW2SDAB9XlIg/KSIdqnvp84uMB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvWG1XMWJaSU1BSDFlVWlEOHBJaDJxZS1uemk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVO88AwQA
VO8+MA0GCSqGSIb3DQEBCwUAA4IBAQAlT5zVMj5NfyrlUvIDDU1TMettAgvs6UCa
c1CGDPVtGR4y3BPIZmlUNel7ZBmTDsKCh5/iQehFSezKP9hAYE5Nv4ZmXmHaVDTA
E2BlGLYmahloeizhK1KrRvlJrPCy86WRSyMUlnKRvwMV8mRMCRxC8/vFMtgVaOP8
X4QJzRbTzclYGIgwul6amh19WaRRfmM7bmOoQbC2fAlK26MTyOE1UPqicd8gV8ZY
dbN5QG+kKPQQDLlXa5WEgznWF8CVaYe3PP1xo1N/yKN1a+KIpj8ZViRnvempQ9RL
f9R550CZq2OvldilETkMKa18IIKHhNZE42tNdA33QImIxxrL/hCK
-----END CERTIFICATE-----