Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/X03HPxWO5hagzoHPHG7KFSZXJ_o.roa
File:                     X03HPxWO5hagzoHPHG7KFSZXJ_o.roa (raw, json)
Hash identifier:          vRibJ9M6xWdbR0FJuybHW/tL/tM5kR4vbhW4egyTDv8=
Subject key identifier:   5F:4D:C7:3F:15:8E:E6:16:A0:CE:81:CF:1C:6E:CA:15:26:57:27:FA
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C4FEF669E5F39251C1BAEF8B05879
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/X03HPxWO5hagzoHPHG7KFSZXJ_o.roa
Signing time:             Thu 02 Jan 2025 09:50:19 +0000
ROA not before:           Thu 02 Jan 2025 09:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6844
IP address blocks:        188.64.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:4f:ef:66:9e:5f:39:25:1c:1b:ae:f8:b0:58:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f4dc73f158ee616a0ce81cf1c6eca15265727fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:31:5d:14:ff:dc:3e:28:26:9f:f3:2d:6e:84:
                    5a:90:6d:88:1f:78:4d:85:a1:31:0b:e4:e4:bb:93:
                    43:e8:55:29:f4:3a:61:7f:07:3c:b3:d1:37:c3:81:
                    a9:c9:b6:34:4b:62:ec:e4:0f:3f:ab:52:58:93:e0:
                    c4:a4:86:87:7f:9b:8b:03:af:b9:f0:82:0c:f7:32:
                    ef:d6:5b:cb:28:cd:20:d9:2e:2e:5b:38:16:96:74:
                    46:bc:8f:05:9b:a1:d6:24:67:47:ea:5b:86:13:48:
                    35:c5:51:f4:77:7d:2b:45:b9:00:b9:49:cc:bf:17:
                    5a:9d:e6:f0:7e:c2:55:8a:3c:19:2f:18:d9:03:9f:
                    40:a5:f5:bb:42:46:29:dc:2c:77:20:96:88:32:a3:
                    8c:1d:fc:e3:80:24:03:31:6d:e4:50:7a:ad:66:b9:
                    a8:25:12:04:72:ad:a0:08:34:cb:ee:bd:42:a4:52:
                    84:aa:2c:25:d1:1c:de:6a:1a:e7:00:f0:5a:a3:9a:
                    5f:11:20:70:0c:14:a0:9a:b2:74:5b:be:9f:de:40:
                    53:1b:1e:b2:6a:04:5e:a4:63:9b:74:26:5c:52:ff:
                    47:eb:67:43:c6:08:d3:f3:63:1b:1b:8b:67:6c:b2:
                    76:52:8d:68:44:e6:57:ad:93:2e:19:c8:26:aa:f1:
                    e2:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:4D:C7:3F:15:8E:E6:16:A0:CE:81:CF:1C:6E:CA:15:26:57:27:FA
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/X03HPxWO5hagzoHPHG7KFSZXJ_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:05:a7:e7:f4:8e:07:3e:a9:fb:b1:ff:57:28:f0:c3:fb:ec:
         5f:5d:b2:2d:87:89:73:72:b9:2c:3c:03:bf:e9:4b:a4:44:ff:
         16:ee:ba:bb:f0:95:8b:1a:be:33:dc:04:f5:43:dd:68:f1:ea:
         8e:20:1b:08:d0:8d:5d:37:05:fd:65:d7:fb:50:fb:3b:5f:ce:
         1f:cf:a7:58:d4:19:9e:8c:55:40:20:e7:80:73:5b:93:2f:14:
         c1:75:90:33:5f:64:22:9c:f8:9c:48:84:f6:00:0b:6d:5a:c5:
         ee:28:b3:08:24:6b:c3:47:84:d3:ae:e8:42:66:22:f7:29:e0:
         1b:fd:ed:1e:de:cd:1a:1f:49:09:f1:ee:08:0e:e6:b2:cd:de:
         28:27:23:78:b5:f5:0d:a4:54:d1:2a:0f:26:48:aa:d0:3f:e6:
         d9:dc:4b:5b:b6:ed:6f:dc:3c:21:fa:8f:8c:8b:a8:fe:fb:be:
         7a:9c:10:04:60:81:35:59:a8:9c:bd:3f:db:0c:bb:0c:b0:34:
         9b:43:44:49:e1:dd:3b:e6:cd:04:e7:f5:91:e6:8d:fc:9d:24:
         c8:ad:22:16:89:d5:75:21:ed:0c:9f:b0:87:e1:28:96:ad:60:
         3e:1c:ff:6f:b7:2b:70:90:33:ae:86:58:ed:6b:a2:19:fb:7e:
         26:7d:31:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbE/vZp5fOSUcG674sFh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRkYzczZjE1OGVlNjE2YTBjZTgxY2YxYzZlY2ExNTI2NTcyN2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTFdFP/cPigmn/MtboRakG2IH3hN
haExC+Tku5ND6FUp9Dphfwc8s9E3w4GpybY0S2Ls5A8/q1JYk+DEpIaHf5uLA6+5
8IIM9zLv1lvLKM0g2S4uWzgWlnRGvI8Fm6HWJGdH6luGE0g1xVH0d30rRbkAuUnM
vxdanebwfsJVijwZLxjZA59ApfW7QkYp3Cx3IJaIMqOMHfzjgCQDMW3kUHqtZrmo
JRIEcq2gCDTL7r1CpFKEqiwl0RzeahrnAPBao5pfESBwDBSgmrJ0W76f3kBTGx6y
agRepGObdCZcUv9H62dDxgjT82MbG4tnbLJ2Uo1oROZXrZMuGcgmqvHiPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9Nxz8VjuYWoM6BzxxuyhUmVyf6MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvWDAzSFB4V081aGFnem9IUEhHN0tGU1pYSl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvEDYMA0G
CSqGSIb3DQEBCwUAA4IBAQBNBafn9I4HPqn7sf9XKPDD++xfXbIth4lzcrksPAO/
6UukRP8W7rq78JWLGr4z3AT1Q91o8eqOIBsI0I1dNwX9Zdf7UPs7X84fz6dY1Bme
jFVAIOeAc1uTLxTBdZAzX2QinPicSIT2AAttWsXuKLMIJGvDR4TTruhCZiL3KeAb
/e0e3s0aH0kJ8e4IDuayzd4oJyN4tfUNpFTRKg8mSKrQP+bZ3Etbtu1v3Dwh+o+M
i6j++756nBAEYIE1WaicvT/bDLsMsDSbQ0RJ4d075s0E5/WR5o38nSTIrSIWidV1
Ie0Mn7CH4SiWrWA+HP9vtytwkDOuhljta6IZ+34mfTG0
-----END CERTIFICATE-----