Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/XFQ4V-Q1zrJ7V_iregOhdFMqaoM.roa
File:                     XFQ4V-Q1zrJ7V_iregOhdFMqaoM.roa (raw, json)
Hash identifier:          azWt5a8K83CvAjs7y+vUEf7M9h6EW0zhXeXYyEuAxtc=
Subject key identifier:   5C:54:38:57:E4:35:CE:B2:7B:57:F8:AB:7A:03:A1:74:53:2A:6A:83
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0197543AEEF51C22148F8937EF77ABFA36DD
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/XFQ4V-Q1zrJ7V_iregOhdFMqaoM.roa
Signing time:             Mon 09 Jun 2025 10:27:17 +0000
ROA not before:           Mon 09 Jun 2025 10:27:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56340
IP address blocks:        91.243.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:54:3a:ee:f5:1c:22:14:8f:89:37:ef:77:ab:fa:36:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun  9 10:27:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c543857e435ceb27b57f8ab7a03a174532a6a83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:af:8e:32:ea:ca:8f:ca:65:85:25:d5:7e:4e:
                    fc:38:40:07:33:9f:af:29:bf:1d:28:a4:a2:4e:2d:
                    ff:54:da:cb:f3:aa:04:9e:ee:11:83:53:20:33:e7:
                    d2:07:e0:e4:1a:2f:85:22:6a:6d:a5:3e:db:5a:1e:
                    03:db:5d:32:f2:77:cf:05:73:9b:f0:8e:48:79:7f:
                    28:e4:cf:fe:e0:c9:71:c3:d5:6e:ac:8c:af:bf:ac:
                    c8:2e:b0:37:f7:37:e5:12:3d:98:28:7d:17:f8:85:
                    f0:24:53:71:70:6e:22:86:f1:2d:bc:b8:3d:c3:41:
                    ae:a3:95:9a:48:67:42:51:80:0e:04:5e:06:25:4e:
                    f5:1a:74:cf:43:2e:75:c7:0b:f5:f4:9c:85:45:24:
                    7c:d0:33:d6:f4:58:c5:88:f2:0c:39:00:c2:e7:2b:
                    7d:9d:8a:db:c9:3b:c5:98:d3:00:ed:0f:24:41:23:
                    51:fc:7e:02:c6:50:9e:25:d8:29:4d:ea:14:a9:7c:
                    5c:54:3b:07:f5:f9:0f:74:d4:27:83:b5:ae:d8:f3:
                    f9:2a:d1:5c:4f:9d:e4:77:d9:b0:0a:24:21:b2:b6:
                    12:98:87:06:1c:7d:66:cc:38:71:c5:ee:c0:ba:a6:
                    e5:5d:e1:ea:9a:ca:e2:17:29:3b:61:58:bc:82:9e:
                    f4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:54:38:57:E4:35:CE:B2:7B:57:F8:AB:7A:03:A1:74:53:2A:6A:83
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/XFQ4V-Q1zrJ7V_iregOhdFMqaoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         47:c0:c5:07:d9:0e:1f:30:6d:cf:8d:fb:03:e7:2c:b3:2a:8e:
         ea:d2:a3:a5:1f:a4:20:31:cd:f3:df:ee:98:eb:7d:2b:db:f4:
         62:0e:da:17:91:c3:c7:b9:94:9d:81:70:c0:0f:a9:9f:a9:30:
         29:98:f9:9a:17:fe:5c:c6:a0:4b:4e:cd:e5:b8:f3:09:e2:1a:
         8e:ec:f8:b4:08:72:50:26:74:a9:74:ae:d0:14:52:27:2a:6f:
         38:1d:44:3b:74:e1:52:77:54:7c:3a:8b:35:c5:3a:8c:04:ca:
         1b:bc:67:38:4d:8d:c6:43:ad:2a:05:dd:51:26:ac:a7:06:66:
         97:ad:10:f7:83:92:f3:0d:51:8e:d9:a0:92:38:41:73:90:48:
         09:60:e6:24:51:dc:2f:ce:bb:74:0f:7f:87:01:a9:3f:49:67:
         b2:e8:a4:8b:91:ba:09:98:9e:c8:86:7a:d6:8e:dc:6b:80:fc:
         eb:c6:a5:84:d0:f0:a7:25:c1:af:c6:1e:9e:00:ea:5e:51:7c:
         93:8a:14:66:b8:95:ee:17:c8:1d:a4:3e:5c:76:4d:f6:86:77:
         73:a3:0b:67:46:34:61:6e:e8:4a:4b:ce:e9:a5:c4:c6:07:b3:
         a9:32:7c:d5:43:9b:54:b8:51:47:15:4e:2c:9a:8f:3c:9c:b4:
         e4:38:e1:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdUOu71HCIUj4k373er+jbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNjA5MTAyNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzU0Mzg1N2U0MzVjZWIyN2I1N2Y4YWI3YTAzYTE3NDUzMmE2YTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6+OMurKj8plhSXVfk78OEAHM5+v
Kb8dKKSiTi3/VNrL86oEnu4Rg1MgM+fSB+DkGi+FImptpT7bWh4D210y8nfPBXOb
8I5IeX8o5M/+4Mlxw9VurIyvv6zILrA39zflEj2YKH0X+IXwJFNxcG4ihvEtvLg9
w0Guo5WaSGdCUYAOBF4GJU71GnTPQy51xwv19JyFRSR80DPW9FjFiPIMOQDC5yt9
nYrbyTvFmNMA7Q8kQSNR/H4CxlCeJdgpTeoUqXxcVDsH9fkPdNQng7Wu2PP5KtFc
T53kd9mwCiQhsrYSmIcGHH1mzDhxxe7AuqblXeHqmsriFyk7YVi8gp70hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxUOFfkNc6ye1f4q3oDoXRTKmqDMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvWEZRNFYtUTF6cko3Vl9pcmVnT2hkRk1xYW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW/NYMA0G
CSqGSIb3DQEBCwUAA4IBAQBHwMUH2Q4fMG3PjfsD5yyzKo7q0qOlH6QgMc3z3+6Y
630r2/RiDtoXkcPHuZSdgXDAD6mfqTApmPmaF/5cxqBLTs3luPMJ4hqO7Pi0CHJQ
JnSpdK7QFFInKm84HUQ7dOFSd1R8Oos1xTqMBMobvGc4TY3GQ60qBd1RJqynBmaX
rRD3g5LzDVGO2aCSOEFzkEgJYOYkUdwvzrt0D3+HAak/SWey6KSLkboJmJ7IhnrW
jtxrgPzrxqWE0PCnJcGvxh6eAOpeUXyTihRmuJXuF8gdpD5cdk32hndzowtnRjRh
buhKS87ppcTGB7OpMnzVQ5tUuFFHFU4smo88nLTkOOEx
-----END CERTIFICATE-----