Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XRnCjH50gMXIOS-neVi8-RKEuQk.roa
File:                     XRnCjH50gMXIOS-neVi8-RKEuQk.roa (raw, json)
Hash identifier:          uGHTQn/QWm6VWi26qnbQJ2giZ7viBuChjQsLvIaZzdU=
Subject key identifier:   5D:19:C2:8C:7E:74:80:C5:C8:39:2F:A7:79:58:BC:F9:12:84:B9:09
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C535EB6EC1FEDDC0B5F5ACD1691EC
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XRnCjH50gMXIOS-neVi8-RKEuQk.roa
Signing time:             Thu 02 Jan 2025 09:50:20 +0000
ROA not before:           Thu 02 Jan 2025 09:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8557
IP address blocks:        195.18.32.0/19 maxlen: 19
                          195.18.32.0/21 maxlen: 21
                          195.18.40.0/21 maxlen: 21
                          195.18.48.0/21 maxlen: 21
                          195.18.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:53:5e:b6:ec:1f:ed:dc:0b:5f:5a:cd:16:91:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d19c28c7e7480c5c8392fa77958bcf91284b909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:31:5b:a9:57:b7:60:7d:80:69:8e:40:2a:c3:
                    10:e2:b8:c2:a1:92:e4:1e:32:b7:61:a4:1e:63:9c:
                    0e:5f:8e:5c:f3:15:95:5b:79:4c:a4:90:cd:97:e3:
                    18:91:30:1d:db:dc:bf:e6:8d:6e:7e:da:d8:b6:95:
                    0c:38:1d:c3:e2:f9:ca:d1:ea:c4:00:4c:e1:19:32:
                    22:c0:1f:80:c8:ab:b2:23:11:94:04:8d:ea:1f:08:
                    42:0f:c0:f9:1d:fc:4c:68:bc:53:b5:50:41:e2:ff:
                    52:67:12:f8:0d:10:df:97:bd:28:53:4a:47:58:77:
                    3b:70:e2:c6:f8:f6:dd:9b:53:b8:c4:bc:96:46:31:
                    32:fe:2d:6e:5d:af:c7:13:f2:42:e0:37:48:49:e8:
                    74:a7:d0:68:a1:2e:8e:e2:05:60:89:28:4d:34:db:
                    a1:38:36:82:4c:43:88:7a:53:0a:56:2d:8b:da:b4:
                    13:3f:72:39:2d:ec:b3:c6:15:aa:00:9e:fb:ea:e3:
                    6d:b9:3d:90:1c:18:2e:39:47:ac:5f:82:6c:5a:78:
                    a8:c5:8f:7d:e9:0d:8e:99:60:b0:c1:4e:bd:27:68:
                    f8:42:55:e1:f6:33:f0:55:ed:bd:46:3d:23:fc:6b:
                    cb:4e:46:78:a0:8a:1d:92:82:8e:86:8b:1f:68:2a:
                    af:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:19:C2:8C:7E:74:80:C5:C8:39:2F:A7:79:58:BC:F9:12:84:B9:09
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XRnCjH50gMXIOS-neVi8-RKEuQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.18.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:fa:84:b5:db:51:51:fa:8b:fd:28:8b:44:9f:ab:40:d3:af:
         ce:1b:d2:5a:04:c1:57:f0:f1:a9:0a:b4:1f:97:9e:1a:a3:33:
         98:88:ee:17:4f:c5:b1:fe:c0:4e:ed:22:48:c0:96:d9:32:f1:
         7e:04:94:8e:fe:30:93:7e:97:a5:10:0a:d0:7b:22:73:3a:ec:
         04:c8:59:f1:1a:08:ac:20:71:15:2d:b8:b0:be:78:5a:f4:0e:
         61:c2:9a:91:71:73:5f:18:1b:8c:5e:fc:cc:d2:b5:c5:7c:b6:
         69:07:7b:7d:e2:36:62:1d:8f:4d:2c:cc:5b:05:41:22:e0:8e:
         b3:a4:16:2c:f4:5d:fe:ca:c4:dc:98:6e:b8:33:8a:c1:6a:2a:
         29:12:01:36:ad:95:6b:0e:82:5c:d3:11:e0:b0:89:07:a2:5b:
         5d:61:aa:6a:23:c2:cf:a6:2d:dd:b8:26:9c:c3:1e:66:53:9f:
         4e:2c:08:a1:97:d4:80:11:f6:98:de:61:9e:98:c1:5e:45:1b:
         92:63:f3:00:90:c0:20:d6:9c:19:a3:94:a8:14:cd:db:73:ae:
         78:af:a9:3c:aa:e6:0d:58:df:6e:e1:d5:8e:6a:2c:2c:67:1f:
         e9:23:49:c6:80:7d:f8:70:c1:88:39:12:c3:de:aa:9e:c7:35:
         34:d4:e7:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbFNetuwf7dwLX1rNFpHsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDE5YzI4YzdlNzQ4MGM1YzgzOTJmYTc3OTU4YmNmOTEyODRiOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTFbqVe3YH2AaY5AKsMQ4rjCoZLk
HjK3YaQeY5wOX45c8xWVW3lMpJDNl+MYkTAd29y/5o1uftrYtpUMOB3D4vnK0erE
AEzhGTIiwB+AyKuyIxGUBI3qHwhCD8D5HfxMaLxTtVBB4v9SZxL4DRDfl70oU0pH
WHc7cOLG+Pbdm1O4xLyWRjEy/i1uXa/HE/JC4DdISeh0p9BooS6O4gVgiShNNNuh
ODaCTEOIelMKVi2L2rQTP3I5LeyzxhWqAJ776uNtuT2QHBguOUesX4JsWnioxY99
6Q2OmWCwwU69J2j4QlXh9jPwVe29Rj0j/GvLTkZ4oIodkoKOhosfaCqvjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0Zwox+dIDFyDkvp3lYvPkShLkJMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvWFJuQ2pINTBnTVhJT1MtbmVWaTgtUktFdVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwxIgMA0G
CSqGSIb3DQEBCwUAA4IBAQA4+oS121FR+ov9KItEn6tA06/OG9JaBMFX8PGpCrQf
l54aozOYiO4XT8Wx/sBO7SJIwJbZMvF+BJSO/jCTfpelEArQeyJzOuwEyFnxGgis
IHEVLbiwvnha9A5hwpqRcXNfGBuMXvzM0rXFfLZpB3t94jZiHY9NLMxbBUEi4I6z
pBYs9F3+ysTcmG64M4rBaiopEgE2rZVrDoJc0xHgsIkHoltdYapqI8LPpi3duCac
wx5mU59OLAihl9SAEfaY3mGemMFeRRuSY/MAkMAg1pwZo5SoFM3bc654r6k8quYN
WN9u4dWOaiwsZx/pI0nGgH34cMGIORLD3qqexzU01Odo
-----END CERTIFICATE-----