Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/xoB3t3bIQqBn5-HhkPL6s3CPw74.roa
File:                     xoB3t3bIQqBn5-HhkPL6s3CPw74.roa (raw, json)
Hash identifier:          tpDjUYDoo1fBlzWKnGSmSee/7D+cbMHaeBrqJtxZzv0=
Subject key identifier:   C6:80:77:B7:76:C8:42:A0:67:E7:E1:E1:90:F2:FA:B3:70:8F:C3:BE
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       0196EDEE2B15DCCA8398A3BFFDEBCB55F7CA
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/xoB3t3bIQqBn5-HhkPL6s3CPw74.roa
Signing time:             Tue 20 May 2025 13:42:10 +0000
ROA not before:           Tue 20 May 2025 13:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25098
IP address blocks:        93.94.48.0/24 maxlen: 24
                          93.94.49.0/24 maxlen: 24
                          178.17.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:ee:2b:15:dc:ca:83:98:a3:bf:fd:eb:cb:55:f7:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: May 20 13:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c68077b776c842a067e7e1e190f2fab3708fc3be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e8:d2:53:82:c8:0c:45:87:e3:e2:6e:86:89:
                    f7:f8:c5:b6:32:cf:d5:3a:15:44:00:ff:93:1c:52:
                    58:05:49:e2:c9:25:e0:17:50:49:3b:fd:41:af:7d:
                    f4:5a:2a:16:7e:ae:89:16:87:d6:d8:c5:87:eb:df:
                    a9:19:92:3e:4a:d6:21:20:45:92:89:82:e5:e3:4f:
                    99:c9:20:79:78:c6:4b:8e:19:b8:41:d3:fc:fc:fc:
                    b9:55:f3:0e:aa:9d:d0:2c:2b:98:50:24:1d:ee:d5:
                    8b:4c:87:ec:0b:b3:95:5b:76:fc:76:c7:43:e8:4d:
                    42:56:10:93:c9:f1:ad:22:ae:52:9a:a2:c1:72:83:
                    66:47:ab:f8:54:e7:35:50:eb:16:b8:11:e6:b0:87:
                    69:8c:5d:c3:41:94:fe:fa:25:91:cb:4b:0f:47:34:
                    f0:2b:6f:1c:e2:64:be:6c:3a:70:04:0e:89:c6:bc:
                    7c:cb:d2:67:c3:a2:45:94:1b:0d:af:9c:c0:d0:11:
                    8e:b5:db:be:37:48:c1:62:09:ad:6d:33:2b:b2:de:
                    44:e1:ae:e7:7b:48:ee:05:d5:86:ef:cd:0e:e5:47:
                    e6:01:eb:8c:5a:2c:24:76:ae:cb:a4:5b:ab:15:ac:
                    8a:48:ed:44:e7:03:8c:39:12:3f:05:df:9d:8e:df:
                    67:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:80:77:B7:76:C8:42:A0:67:E7:E1:E1:90:F2:FA:B3:70:8F:C3:BE
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/xoB3t3bIQqBn5-HhkPL6s3CPw74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.48.0/23
                  178.17.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:fc:9c:43:b5:b6:80:7e:96:72:15:fd:71:00:73:4c:c4:9a:
         b3:5d:99:f6:f6:8f:0b:31:9f:8a:f3:f5:00:55:cc:95:eb:b8:
         f4:42:20:19:3c:68:c9:4c:6a:ea:85:01:18:11:5c:d7:4a:8e:
         65:c9:5b:89:f1:d5:05:30:29:8c:8e:ff:e1:b8:c4:3f:32:97:
         aa:a5:05:e0:4c:b4:cf:ee:03:bb:e9:97:cb:85:be:21:b7:b9:
         1c:96:4b:44:af:5c:bc:1f:80:71:66:d1:dd:9c:ff:3c:1c:ac:
         e0:96:bb:e4:7e:2b:1e:e9:0a:9e:66:2c:f9:c0:18:95:8b:72:
         9b:a4:ab:65:db:a2:eb:4b:93:a6:e9:88:22:16:72:dc:13:32:
         e8:bc:ec:65:55:16:7e:9d:20:ff:13:b1:7e:34:04:c3:62:cc:
         59:99:a6:79:ba:7c:e2:cb:53:98:9f:21:5c:e4:d0:17:cb:7e:
         a1:28:28:15:a9:57:7a:d3:30:99:3c:57:a6:23:23:86:71:8e:
         5d:0f:48:51:89:c9:29:05:c0:83:4b:a7:1c:c0:f9:d1:2e:de:
         d2:d3:55:1f:4d:20:2a:fe:64:e5:95:6e:bf:59:2b:c6:dc:36:
         7e:0f:d8:1b:2d:16:c1:a0:55:4e:e1:7f:82:36:09:c6:a9:2a:
         5a:48:d1:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbt7isV3MqDmKO//evLVffKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjUwNTIwMTM0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjgwNzdiNzc2Yzg0MmEwNjdlN2UxZTE5MGYyZmFiMzcwOGZjM2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyujSU4LIDEWH4+Juhon3+MW2Ms/V
OhVEAP+THFJYBUniySXgF1BJO/1Br330WioWfq6JFofW2MWH69+pGZI+StYhIEWS
iYLl40+ZySB5eMZLjhm4QdP8/Py5VfMOqp3QLCuYUCQd7tWLTIfsC7OVW3b8dsdD
6E1CVhCTyfGtIq5SmqLBcoNmR6v4VOc1UOsWuBHmsIdpjF3DQZT++iWRy0sPRzTw
K28c4mS+bDpwBA6Jxrx8y9Jnw6JFlBsNr5zA0BGOtdu+N0jBYgmtbTMrst5E4a7n
e0juBdWG780O5UfmAeuMWiwkdq7LpFurFayKSO1E5wOMORI/Bd+djt9nFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMaAd7d2yEKgZ+fh4ZDy+rNwj8O+MB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEveG9CM3QzYklRcUJuNS1IaGtQTDZzM0NQdzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXV4wAwQA
shEwMA0GCSqGSIb3DQEBCwUAA4IBAQCa/JxDtbaAfpZyFf1xAHNMxJqzXZn29o8L
MZ+K8/UAVcyV67j0QiAZPGjJTGrqhQEYEVzXSo5lyVuJ8dUFMCmMjv/huMQ/Mpeq
pQXgTLTP7gO76ZfLhb4ht7kclktEr1y8H4BxZtHdnP88HKzglrvkfise6QqeZiz5
wBiVi3KbpKtl26LrS5Om6YgiFnLcEzLovOxlVRZ+nSD/E7F+NATDYsxZmaZ5unzi
y1OYnyFc5NAXy36hKCgVqVd60zCZPFemIyOGcY5dD0hRickpBcCDS6ccwPnRLt7S
01UfTSAq/mTllW6/WSvG3DZ+D9gbLRbBoFVO4X+CNgnGqSpaSNFD
-----END CERTIFICATE-----