Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/xe_FlpDuD-n9_M4USiSXk6Ycnbw.roa
File:                     xe_FlpDuD-n9_M4USiSXk6Ycnbw.roa (raw, json)
Hash identifier:          yJ1Pd1TWtovjk0/IapFR+YDI373SvMNyYMwVt0mGMMo=
Subject key identifier:   C5:EF:C5:96:90:EE:0F:E9:FD:FC:CE:14:4A:24:97:93:A6:1C:9D:BC
Certificate issuer:       /CN=560d1e89b4e742e69062a95d351deea96b5178fb
Certificate serial:       01985ECF6D83BBE1BC20B3C5EA31CFD09293
Authority key identifier: 56:0D:1E:89:B4:E7:42:E6:90:62:A9:5D:35:1D:EE:A9:6B:51:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/xe_FlpDuD-n9_M4USiSXk6Ycnbw.roa
Signing time:             Thu 31 Jul 2025 04:48:28 +0000
ROA not before:           Thu 31 Jul 2025 04:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208191
IP address blocks:        91.231.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5e:cf:6d:83:bb:e1:bc:20:b3:c5:ea:31:cf:d0:92:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=560d1e89b4e742e69062a95d351deea96b5178fb
        Validity
            Not Before: Jul 31 04:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5efc59690ee0fe9fdfcce144a249793a61c9dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:22:04:18:ef:2d:c7:c8:b5:26:d2:cb:66:a5:
                    96:3d:f1:0b:70:cc:04:25:6b:f8:fe:c5:4c:4f:95:
                    8e:7b:cb:26:56:95:40:8c:d0:20:a6:01:70:f9:bc:
                    26:0e:f8:98:92:d9:0d:0f:6d:ab:5e:a8:a5:9a:9a:
                    21:98:a6:03:84:ca:6d:7d:d1:6f:07:c6:09:7a:dc:
                    2e:f7:10:bc:30:0e:00:ba:b6:5d:c2:e2:28:7e:82:
                    64:be:93:c8:7b:11:f2:8f:a0:84:6a:da:07:ad:29:
                    81:4f:fa:d6:e2:ec:0a:66:6f:40:2f:95:37:2a:e8:
                    de:ac:e6:90:22:e2:e0:3a:4f:f3:f9:a0:2c:76:07:
                    c2:a2:be:cb:86:ab:87:8a:84:37:0e:ab:73:01:ef:
                    b4:ec:a9:fd:fc:c0:31:ff:d2:7b:35:b8:17:50:a0:
                    c4:80:a1:c6:51:cb:21:80:51:c1:d5:de:12:a7:df:
                    17:a9:f0:18:f7:82:33:3d:f3:2a:65:0e:91:3e:d2:
                    0f:d6:cf:54:e0:04:8c:77:47:fd:0a:c5:92:68:5e:
                    c8:57:40:39:f2:29:14:6d:7a:8f:b6:6b:70:0e:fb:
                    e9:d6:74:57:34:83:73:a3:c3:1e:b8:5c:49:c6:0f:
                    f3:91:61:06:06:02:cc:a0:67:c8:3d:ec:71:d8:9b:
                    47:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:EF:C5:96:90:EE:0F:E9:FD:FC:CE:14:4A:24:97:93:A6:1C:9D:BC
            X509v3 Authority Key Identifier:
                keyid:56:0D:1E:89:B4:E7:42:E6:90:62:A9:5D:35:1D:EE:A9:6B:51:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/xe_FlpDuD-n9_M4USiSXk6Ycnbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:16:11:da:21:f6:f6:af:b6:89:46:16:7d:61:10:19:b0:3b:
         3e:0c:b2:5c:c7:66:3c:2f:54:3e:42:62:c2:dc:aa:ed:b1:82:
         db:9e:98:e3:cd:b6:6d:9a:c3:53:5c:6b:7b:47:81:1c:77:49:
         d6:41:bf:7f:d4:7a:7e:52:26:7a:3a:ba:70:d5:ba:7d:b7:51:
         1c:01:10:40:e2:ba:01:88:87:60:a3:91:ed:d4:a7:22:43:3b:
         a6:a7:5b:e4:b5:7e:b7:b9:e3:91:46:a0:4a:c9:35:71:da:db:
         23:27:78:9a:2a:d8:47:2d:03:5f:51:87:fb:a9:75:83:08:2b:
         2d:70:46:6c:fa:6e:87:f6:10:a5:16:64:27:33:94:ff:11:6a:
         93:20:59:88:7e:a4:bd:b5:c7:cb:5e:02:13:25:20:2f:64:0e:
         2a:d3:58:b8:d9:5d:4b:3a:63:9c:7d:b2:55:40:35:1c:8f:b4:
         ab:0a:82:0a:49:35:22:7e:37:5b:2d:a4:84:8b:07:5d:b3:d0:
         76:38:1a:65:55:ad:70:36:d3:57:be:3f:87:65:23:cf:2f:d9:
         2f:53:6b:0a:87:f1:54:25:31:f9:ab:95:51:58:e5:67:42:49:
         33:12:33:3e:ac:22:4d:38:3a:2a:81:06:e9:5b:fc:1e:d6:51:
         01:ea:06:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhez22Du+G8ILPF6jHP0JKTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2MGQxZTg5YjRlNzQyZTY5MDYyYTk1ZDM1MWRlZWE5NmI1
MTc4ZmIwHhcNMjUwNzMxMDQ0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWVmYzU5NjkwZWUwZmU5ZmRmY2NlMTQ0YTI0OTc5M2E2MWM5ZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCIEGO8tx8i1JtLLZqWWPfELcMwE
JWv4/sVMT5WOe8smVpVAjNAgpgFw+bwmDviYktkND22rXqilmpohmKYDhMptfdFv
B8YJetwu9xC8MA4AurZdwuIofoJkvpPIexHyj6CEatoHrSmBT/rW4uwKZm9AL5U3
KujerOaQIuLgOk/z+aAsdgfCor7LhquHioQ3DqtzAe+07Kn9/MAx/9J7NbgXUKDE
gKHGUcshgFHB1d4Sp98XqfAY94IzPfMqZQ6RPtIP1s9U4ASMd0f9CsWSaF7IV0A5
8ikUbXqPtmtwDvvp1nRXNINzo8MeuFxJxg/zkWEGBgLMoGfIPexx2JtHfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXvxZaQ7g/p/fzOFEokl5OmHJ28MB8GA1UdIwQY
MBaAFFYNHom050LmkGKpXTUd7qlrUXj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmcwZWliVG5RdWFRWXFsZE5SM3VxV3RSZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS84YTczNGEtZDJiOC00MTFlLWE1NTct
NTBkNmJhNmFhY2I4LzEveGVfRmxwRHVELW45X000VVNpU1hrNlljbmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS84YTczNGEtZDJiOC00MTFlLWE1NTctNTBkNmJhNmFhY2I4
LzEvVmcwZWliVG5RdWFRWXFsZE5SM3VxV3RSZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+feMA0G
CSqGSIb3DQEBCwUAA4IBAQAPFhHaIfb2r7aJRhZ9YRAZsDs+DLJcx2Y8L1Q+QmLC
3KrtsYLbnpjjzbZtmsNTXGt7R4Ecd0nWQb9/1Hp+UiZ6Orpw1bp9t1EcARBA4roB
iIdgo5Ht1KciQzump1vktX63ueORRqBKyTVx2tsjJ3iaKthHLQNfUYf7qXWDCCst
cEZs+m6H9hClFmQnM5T/EWqTIFmIfqS9tcfLXgITJSAvZA4q01i42V1LOmOcfbJV
QDUcj7SrCoIKSTUifjdbLaSEiwdds9B2OBplVa1wNtNXvj+HZSPPL9kvU2sKh/FU
JTH5q5VRWOVnQkkzEjM+rCJNODoqgQbpW/we1lEB6ga7
-----END CERTIFICATE-----