Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/XACqnewxbRgjHxKsLaFopimZHeY.roa
File:                     XACqnewxbRgjHxKsLaFopimZHeY.roa (raw, json)
Hash identifier:          MIusKXphk72DRohBPHiq5YJIV9C9zTT6OGYs8zxk85A=
Subject key identifier:   5C:00:AA:9D:EC:31:6D:18:23:1F:12:AC:2D:A1:68:A6:29:99:1D:E6
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       01987464A414DE4CDC420F45AEDA24B72333
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/XACqnewxbRgjHxKsLaFopimZHeY.roa
Signing time:             Mon 04 Aug 2025 09:23:29 +0000
ROA not before:           Mon 04 Aug 2025 09:23:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213618
IP address blocks:        82.139.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 19:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:64:a4:14:de:4c:dc:42:0f:45:ae:da:24:b7:23:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Aug  4 09:23:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c00aa9dec316d18231f12ac2da168a629991de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:14:19:d2:01:42:cf:44:34:e4:35:7f:72:fe:
                    7a:d4:11:f8:c2:24:f9:fd:76:d4:a6:6f:22:5f:42:
                    a8:3f:4f:c0:63:1c:3b:dc:af:32:3f:89:1f:f5:38:
                    2e:a8:fd:6e:fc:b8:b1:82:40:cb:fe:ff:b0:e1:e9:
                    c0:3d:7e:e9:e5:c7:53:bd:6c:0a:d1:2a:71:47:8e:
                    82:3a:55:01:39:13:6d:d1:1a:cb:1e:d5:f0:1a:b0:
                    c8:f9:38:53:15:16:05:e7:63:2e:56:f9:bc:4e:fb:
                    20:44:7f:77:01:2d:5e:fa:d0:e5:b7:dd:7a:25:99:
                    2e:15:c3:f3:31:38:53:3e:51:2e:99:f0:82:cd:d9:
                    d4:d5:ad:dd:4f:11:ec:f7:af:8f:66:75:80:cd:73:
                    7b:b1:b5:31:1b:70:08:04:90:3c:bc:97:df:78:e5:
                    91:af:bf:cc:15:78:84:db:27:b7:ef:e2:a3:37:9c:
                    30:b4:04:ee:52:98:65:47:a1:e8:58:b3:52:83:2b:
                    3f:0c:d0:31:04:67:6f:c3:28:fb:89:4c:b9:c0:91:
                    45:70:10:4f:be:8b:0f:c1:69:cd:20:9f:80:30:36:
                    1c:12:07:d6:66:f3:d7:4b:6f:f9:68:ba:98:e4:d7:
                    d1:bf:e2:e5:7f:b6:70:1a:68:25:5e:c4:52:04:6c:
                    49:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:00:AA:9D:EC:31:6D:18:23:1F:12:AC:2D:A1:68:A6:29:99:1D:E6
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/XACqnewxbRgjHxKsLaFopimZHeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:fa:3f:49:70:28:d7:51:dc:a2:21:8b:d7:5d:76:ab:b8:e9:
         12:69:9f:a4:18:64:cc:c9:5f:80:7c:c8:7d:4e:e3:52:1e:fd:
         9d:3e:aa:20:a3:65:9f:ef:47:37:53:d7:2c:7a:90:a3:01:3b:
         8b:fd:b8:3c:df:0b:bb:7f:11:d9:eb:c3:96:7d:45:04:53:5a:
         69:58:f4:00:a5:93:d2:a5:59:c7:4f:d5:c1:5c:58:c0:26:97:
         26:95:a9:d7:83:01:38:ed:b9:bc:46:61:c5:6a:cb:e9:3e:0c:
         ae:f4:bb:9b:45:ee:bf:82:39:1a:32:0f:2a:69:c1:0d:c9:9e:
         9a:22:04:02:87:dd:a9:7e:d8:3e:61:c7:ef:b3:92:c2:61:56:
         30:04:f0:7a:2a:43:24:87:41:24:47:f1:b7:23:c7:74:1b:f7:
         47:f3:da:8f:ed:b7:c2:01:1f:3c:20:05:62:7c:2b:69:46:f6:
         0c:96:76:38:fb:84:f7:9b:89:c3:d7:14:cd:70:02:8d:77:16:
         52:9b:39:64:60:eb:2a:2a:f4:28:4e:99:03:14:6d:69:1e:92:
         0d:fb:97:78:34:47:ec:45:78:66:23:b4:0f:e9:0b:89:50:17:
         cb:3b:95:21:e6:0e:c9:2e:e9:32:da:12:b6:df:35:19:f2:ce:
         26:4b:84:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh0ZKQU3kzcQg9FrtoktyMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwODA0MDkyMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzAwYWE5ZGVjMzE2ZDE4MjMxZjEyYWMyZGExNjhhNjI5OTkxZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhQZ0gFCz0Q05DV/cv561BH4wiT5
/XbUpm8iX0KoP0/AYxw73K8yP4kf9TguqP1u/LixgkDL/v+w4enAPX7p5cdTvWwK
0SpxR46COlUBORNt0RrLHtXwGrDI+ThTFRYF52MuVvm8TvsgRH93AS1e+tDlt916
JZkuFcPzMThTPlEumfCCzdnU1a3dTxHs96+PZnWAzXN7sbUxG3AIBJA8vJffeOWR
r7/MFXiE2ye37+KjN5wwtATuUphlR6HoWLNSgys/DNAxBGdvwyj7iUy5wJFFcBBP
vosPwWnNIJ+AMDYcEgfWZvPXS2/5aLqY5NfRv+Llf7ZwGmglXsRSBGxJiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwAqp3sMW0YIx8SrC2haKYpmR3mMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvWEFDcW5ld3hiUmdqSHhLc0xhRm9waW1aSGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovnMA0G
CSqGSIb3DQEBCwUAA4IBAQBf+j9JcCjXUdyiIYvXXXaruOkSaZ+kGGTMyV+AfMh9
TuNSHv2dPqogo2Wf70c3U9csepCjATuL/bg83wu7fxHZ68OWfUUEU1ppWPQApZPS
pVnHT9XBXFjAJpcmlanXgwE47bm8RmHFasvpPgyu9LubRe6/gjkaMg8qacENyZ6a
IgQCh92pftg+Ycfvs5LCYVYwBPB6KkMkh0EkR/G3I8d0G/dH89qP7bfCAR88IAVi
fCtpRvYMlnY4+4T3m4nD1xTNcAKNdxZSmzlkYOsqKvQoTpkDFG1pHpIN+5d4NEfs
RXhmI7QP6QuJUBfLO5Uh5g7JLuky2hK23zUZ8s4mS4Ri
-----END CERTIFICATE-----