Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/xTZoaA-8TmHEI1jMFDvCwHtiXYE.roa
File:                     xTZoaA-8TmHEI1jMFDvCwHtiXYE.roa (raw, json)
Hash identifier:          T7GombXt78c9iIE0H6vcNPnQnS19iaCgMsQG50c822A=
Subject key identifier:   C5:36:68:68:0F:BC:4E:61:C4:23:58:CC:14:3B:C2:C0:7B:62:5D:81
Certificate issuer:       /CN=a32b618b508ec1365372c2aa675f3601293cc624
Certificate serial:       01966C4C207BCBB227B66FCF737347B9BBE5
Authority key identifier: A3:2B:61:8B:50:8E:C1:36:53:72:C2:AA:67:5F:36:01:29:3C:C6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/xTZoaA-8TmHEI1jMFDvCwHtiXYE.roa
Signing time:             Fri 25 Apr 2025 09:34:10 +0000
ROA not before:           Fri 25 Apr 2025 09:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44947
IP address blocks:        91.195.37.0/24 maxlen: 24
                          2a13:6340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:4c:20:7b:cb:b2:27:b6:6f:cf:73:73:47:b9:bb:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a32b618b508ec1365372c2aa675f3601293cc624
        Validity
            Not Before: Apr 25 09:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c53668680fbc4e61c42358cc143bc2c07b625d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b3:92:d5:66:56:d8:95:dd:72:26:e5:ba:af:
                    5f:fa:8f:a1:10:f5:6f:8d:01:85:82:f1:cb:07:84:
                    51:ac:21:11:f1:51:d3:a8:d8:49:ae:fd:c3:40:7c:
                    fd:39:31:a1:dd:92:28:f5:21:b9:81:da:c9:cf:a3:
                    1f:77:ea:60:86:02:4f:8d:97:1a:bb:76:9e:31:43:
                    e8:2e:a9:e2:f3:41:d2:20:c3:cd:a9:3b:85:2d:22:
                    ea:00:85:02:96:e2:3f:e8:81:9d:31:a0:ce:ec:e6:
                    99:0a:81:fb:af:79:0e:25:32:bf:1f:05:63:d0:f9:
                    95:e8:6c:7d:cb:4c:6d:14:f4:78:c2:20:40:a9:91:
                    07:a8:f6:d1:44:72:f8:52:ba:d1:e7:8f:2b:89:1b:
                    4a:7b:f7:61:2a:56:53:7d:c5:26:14:b4:72:b8:03:
                    86:b2:a9:08:fc:60:c3:05:74:b2:2c:d5:57:7b:57:
                    bb:5e:7e:72:d0:4e:02:8d:97:21:49:f3:2a:84:df:
                    b3:d8:fe:54:b9:9a:ab:88:46:91:ff:eb:96:ba:ce:
                    7a:a2:96:b7:8c:73:e1:62:8d:ca:18:82:8e:4e:bc:
                    11:a5:ef:d8:8c:ca:57:7b:80:15:f6:8a:2c:d3:42:
                    6d:bc:8a:ec:ea:b0:dd:b4:dd:01:fc:4d:3b:4b:f4:
                    0b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:36:68:68:0F:BC:4E:61:C4:23:58:CC:14:3B:C2:C0:7B:62:5D:81
            X509v3 Authority Key Identifier:
                keyid:A3:2B:61:8B:50:8E:C1:36:53:72:C2:AA:67:5F:36:01:29:3C:C6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/xTZoaA-8TmHEI1jMFDvCwHtiXYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.37.0/24
                IPv6:
                  2a13:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:d6:61:86:f0:ca:85:ea:b5:11:c6:25:46:0c:31:29:eb:c2:
         70:bc:ba:08:0e:54:46:ab:53:e4:c0:2d:d2:f3:13:63:80:b6:
         c3:ca:f0:86:2c:1c:67:a4:ee:38:65:7f:83:84:35:c2:b1:40:
         24:04:fa:e9:ea:92:9a:bc:5c:95:f8:75:49:d8:8d:18:25:6b:
         03:90:68:25:4c:7a:6c:f2:b3:d9:89:48:86:04:5a:2b:89:47:
         6c:b0:69:40:31:87:11:05:90:30:06:21:91:62:43:5a:d2:56:
         12:45:4e:ce:73:7e:f4:d6:a2:50:41:aa:ff:b3:fe:61:0f:e0:
         bc:25:92:3d:53:78:72:af:ff:30:f8:1c:3f:8f:1e:37:5b:9e:
         97:79:1a:1f:5b:55:2f:56:b4:1c:20:55:5e:c4:1f:7e:9c:a4:
         39:a6:eb:0d:6f:08:16:93:97:97:52:4b:55:0e:60:f7:21:93:
         57:0a:72:57:cc:80:3a:2e:89:4f:30:8b:ff:d2:97:ef:3f:f9:
         7f:18:ac:7a:99:0e:24:4a:25:00:ff:36:2c:c7:4a:4d:d6:72:
         8d:75:f4:ba:ac:66:0c:ec:21:c6:61:50:fb:70:a8:9b:bb:b6:
         05:38:a2:58:07:24:2f:81:85:bf:3a:eb:5c:b3:dd:b1:43:3f:
         34:9a:fa:70
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZsTCB7y7Intm/Pc3NHubvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMmI2MThiNTA4ZWMxMzY1MzcyYzJhYTY3NWYzNjAxMjkz
Y2M2MjQwHhcNMjUwNDI1MDkzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTM2Njg2ODBmYmM0ZTYxYzQyMzU4Y2MxNDNiYzJjMDdiNjI1ZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbOS1WZW2JXdcibluq9f+o+hEPVv
jQGFgvHLB4RRrCER8VHTqNhJrv3DQHz9OTGh3ZIo9SG5gdrJz6Mfd+pghgJPjZca
u3aeMUPoLqni80HSIMPNqTuFLSLqAIUCluI/6IGdMaDO7OaZCoH7r3kOJTK/HwVj
0PmV6Gx9y0xtFPR4wiBAqZEHqPbRRHL4UrrR548riRtKe/dhKlZTfcUmFLRyuAOG
sqkI/GDDBXSyLNVXe1e7Xn5y0E4CjZchSfMqhN+z2P5UuZqriEaR/+uWus56opa3
jHPhYo3KGIKOTrwRpe/YjMpXe4AV9oos00JtvIrs6rDdtN0B/E07S/QL0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMU2aGgPvE5hxCNYzBQ7wsB7Yl2BMB8GA1UdIwQY
MBaAFKMrYYtQjsE2U3LCqmdfNgEpPMYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3l0aGkxQ093VFpUY3NLcVoxODJBU2s4eGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jZmVkMGQtMGZiMC00NTk4LWIzNjUt
NjUwOTZkYmNhYzMwLzEveFRab2FBLThUbUhFSTFqTUZEdkN3SHRpWFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jZmVkMGQtMGZiMC00NTk4LWIzNjUtNjUwOTZkYmNhYzMw
LzEvb3l0aGkxQ093VFpUY3NLcVoxODJBU2s4eGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8MlMA0E
AgACMAcDBQMqE2NAMA0GCSqGSIb3DQEBCwUAA4IBAQC01mGG8MqF6rURxiVGDDEp
68JwvLoIDlRGq1PkwC3S8xNjgLbDyvCGLBxnpO44ZX+DhDXCsUAkBPrp6pKavFyV
+HVJ2I0YJWsDkGglTHps8rPZiUiGBForiUdssGlAMYcRBZAwBiGRYkNa0lYSRU7O
c3701qJQQar/s/5hD+C8JZI9U3hyr/8w+Bw/jx43W56XeRofW1UvVrQcIFVexB9+
nKQ5pusNbwgWk5eXUktVDmD3IZNXCnJXzIA6LolPMIv/0pfvP/l/GKx6mQ4kSiUA
/zYsx0pN1nKNdfS6rGYM7CHGYVD7cKibu7YFOKJYByQvgYW/Outcs92xQz80mvpw
-----END CERTIFICATE-----