Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8f23c1-043c-4956-bfb8-26c9f9932bbc/1/XNXaPinw0hzOOpIdJrAz4vMzL7Y.roa
File:                     XNXaPinw0hzOOpIdJrAz4vMzL7Y.roa (raw, json)
Hash identifier:          nt1Ol97FedM7YNil48Mps6jHTBBWL5yE4allTSXHKUk=
Subject key identifier:   5C:D5:DA:3E:29:F0:D2:1C:CE:3A:92:1D:26:B0:33:E2:F3:33:2F:B6
Certificate issuer:       /CN=6868f656805380ca86e79173789d668dc401d5b5
Certificate serial:       01941F8BFEBEC0976E896BC6925B8366CC74
Authority key identifier: 68:68:F6:56:80:53:80:CA:86:E7:91:73:78:9D:66:8D:C4:01:D5:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aGj2VoBTgMqG55FzeJ1mjcQB1bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8f23c1-043c-4956-bfb8-26c9f9932bbc/1/XNXaPinw0hzOOpIdJrAz4vMzL7Y.roa
Signing time:             Wed 01 Jan 2025 01:47:35 +0000
ROA not before:           Wed 01 Jan 2025 01:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49382
IP address blocks:        134.255.248.0/24 maxlen: 24
                          185.233.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8f23c1-043c-4956-bfb8-26c9f9932bbc/1/aGj2VoBTgMqG55FzeJ1mjcQB1bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8f23c1-043c-4956-bfb8-26c9f9932bbc/1/aGj2VoBTgMqG55FzeJ1mjcQB1bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aGj2VoBTgMqG55FzeJ1mjcQB1bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8b:fe:be:c0:97:6e:89:6b:c6:92:5b:83:66:cc:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6868f656805380ca86e79173789d668dc401d5b5
        Validity
            Not Before: Jan  1 01:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cd5da3e29f0d21cce3a921d26b033e2f3332fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:50:4e:57:00:9f:bf:2e:72:56:b4:30:c9:6c:
                    ab:4d:e8:0a:0e:79:01:fe:69:e6:bd:81:5b:8a:40:
                    5d:c6:44:8c:f0:3e:74:bd:f6:39:0f:07:f6:de:8a:
                    47:9f:5d:33:b1:5b:02:46:a6:d1:1f:aa:4a:30:78:
                    21:0b:7e:7e:bb:6b:84:db:ab:0a:54:2f:33:76:bc:
                    bd:7b:eb:f5:73:98:c8:73:b3:ad:88:12:bf:e5:a0:
                    01:2c:19:e6:02:b3:cd:37:28:07:fe:d8:c9:38:d0:
                    e3:2e:98:4f:e9:c6:d5:57:cd:3d:d8:5c:3e:a4:6c:
                    34:1b:a7:02:7e:18:9f:08:65:2a:4b:60:fa:1c:b2:
                    88:c6:87:e5:64:ce:9e:8d:54:4b:d2:db:90:0d:c1:
                    6f:1e:11:3f:72:30:10:b9:51:a4:a4:39:1c:cb:de:
                    6a:03:ca:d2:41:56:bb:5e:cd:cd:62:e9:17:d0:90:
                    d2:d0:d8:b9:13:b8:6e:59:33:07:62:dd:7f:bd:81:
                    67:ae:cc:22:a0:c3:ea:b5:fa:4a:e0:9d:d9:6b:d4:
                    52:82:50:a9:c3:17:52:3c:83:bc:7a:af:a7:c4:ad:
                    b4:3d:c7:1d:3a:22:bc:26:28:f0:b9:1b:b7:0b:87:
                    b5:fd:30:18:06:cb:da:b3:8f:55:21:42:2e:e6:59:
                    a0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D5:DA:3E:29:F0:D2:1C:CE:3A:92:1D:26:B0:33:E2:F3:33:2F:B6
            X509v3 Authority Key Identifier:
                keyid:68:68:F6:56:80:53:80:CA:86:E7:91:73:78:9D:66:8D:C4:01:D5:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aGj2VoBTgMqG55FzeJ1mjcQB1bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8f23c1-043c-4956-bfb8-26c9f9932bbc/1/XNXaPinw0hzOOpIdJrAz4vMzL7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8f23c1-043c-4956-bfb8-26c9f9932bbc/1/aGj2VoBTgMqG55FzeJ1mjcQB1bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.255.248.0/24
                  185.233.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:b8:a8:76:fd:e3:d9:7d:b9:69:b6:43:d7:25:f8:80:9a:79:
         1f:ea:56:1b:ba:60:b2:4c:dd:8f:2b:93:90:b3:5f:ce:64:60:
         92:c4:f2:d9:9a:2f:71:ef:82:69:34:41:8c:cf:02:90:f7:c5:
         ee:b4:e5:a3:10:05:8f:6c:d7:3e:5b:38:14:55:c4:d2:87:54:
         64:de:3c:0e:64:88:46:c1:2e:51:84:b9:88:1b:f6:cb:31:5b:
         2a:0b:d7:52:93:52:da:df:ff:a7:a3:51:ea:13:e6:05:47:0e:
         c4:49:c8:b7:3b:54:1f:4b:7e:28:06:33:59:ce:72:15:2c:f3:
         c1:70:40:62:b4:1c:72:0d:d8:cb:46:77:be:93:e9:4c:16:ac:
         26:be:44:e0:fd:74:22:b4:59:7f:31:7f:c9:c8:cc:ee:af:06:
         22:d0:6d:b3:6a:c0:2c:09:89:f8:28:58:4e:17:6f:1c:db:55:
         84:1c:93:22:82:05:44:74:e5:2c:1d:e2:27:e8:ee:a9:cf:88:
         0f:f2:b3:ef:ed:f1:94:ed:25:22:8f:7d:31:70:28:4f:af:ca:
         7f:10:a3:f7:3a:32:54:5c:90:48:47:56:59:1d:1b:f8:91:81:
         8e:8f:ae:af:14:5c:35:f0:1b:c3:3d:a9:e3:20:e2:ab:8a:b5:
         3e:42:74:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfi/6+wJduiWvGkluDZsx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NjhmNjU2ODA1MzgwY2E4NmU3OTE3Mzc4OWQ2NjhkYzQw
MWQ1YjUwHhcNMjUwMTAxMDE0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Q1ZGEzZTI5ZjBkMjFjY2UzYTkyMWQyNmIwMzNlMmYzMzMyZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1BOVwCfvy5yVrQwyWyrTegKDnkB
/mnmvYFbikBdxkSM8D50vfY5Dwf23opHn10zsVsCRqbRH6pKMHghC35+u2uE26sK
VC8zdry9e+v1c5jIc7OtiBK/5aABLBnmArPNNygH/tjJONDjLphP6cbVV8092Fw+
pGw0G6cCfhifCGUqS2D6HLKIxoflZM6ejVRL0tuQDcFvHhE/cjAQuVGkpDkcy95q
A8rSQVa7Xs3NYukX0JDS0Ni5E7huWTMHYt1/vYFnrswioMPqtfpK4J3Za9RSglCp
wxdSPIO8eq+nxK20PccdOiK8JijwuRu3C4e1/TAYBsvas49VIUIu5lmgYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFzV2j4p8NIczjqSHSawM+LzMy+2MB8GA1UdIwQY
MBaAFGho9laAU4DKhueRc3idZo3EAdW1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUdqMlZvQlRnTXFHNTVGemVKMW1qY1FCMWJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84ZjIzYzEtMDQzYy00OTU2LWJmYjgt
MjZjOWY5OTMyYmJjLzEvWE5YYVBpbncwaHpPT3BJZEpyQXo0dk16TDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84ZjIzYzEtMDQzYy00OTU2LWJmYjgtMjZjOWY5OTMyYmJj
LzEvYUdqMlZvQlRnTXFHNTVGemVKMW1qY1FCMWJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAhv/4AwQC
uelUMA0GCSqGSIb3DQEBCwUAA4IBAQCluKh2/ePZfblptkPXJfiAmnkf6lYbumCy
TN2PK5OQs1/OZGCSxPLZmi9x74JpNEGMzwKQ98XutOWjEAWPbNc+WzgUVcTSh1Rk
3jwOZIhGwS5RhLmIG/bLMVsqC9dSk1La3/+no1HqE+YFRw7ESci3O1QfS34oBjNZ
znIVLPPBcEBitBxyDdjLRne+k+lMFqwmvkTg/XQitFl/MX/JyMzurwYi0G2zasAs
CYn4KFhOF28c21WEHJMiggVEdOUsHeIn6O6pz4gP8rPv7fGU7SUij30xcChPr8p/
EKP3OjJUXJBIR1ZZHRv4kYGOj66vFFw18BvDPanjIOKrirU+QnS/
-----END CERTIFICATE-----