Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a9db23-a67c-4f8b-8adf-70522d814e0c/1/xQC18Di_ctqtLNxYWbMtSnGwz5c.roa
File:                     xQC18Di_ctqtLNxYWbMtSnGwz5c.roa (raw, json)
Hash identifier:          KunZ5Y32qy4l7Ei6v6cWQmt4QYuY/vwQLNAYzWY5uXk=
Subject key identifier:   C5:00:B5:F0:38:BF:72:DA:AD:2C:DC:58:59:B3:2D:4A:71:B0:CF:97
Certificate issuer:       /CN=e930b76e721f5d834ed53e49284d9790339211c8
Certificate serial:       0196CCF6D43B4A878AF7CFAC4F8FA066FA0B
Authority key identifier: E9:30:B7:6E:72:1F:5D:83:4E:D5:3E:49:28:4D:97:90:33:92:11:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6TC3bnIfXYNO1T5JKE2XkDOSEcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a9db23-a67c-4f8b-8adf-70522d814e0c/1/xQC18Di_ctqtLNxYWbMtSnGwz5c.roa
Signing time:             Wed 14 May 2025 04:04:10 +0000
ROA not before:           Wed 14 May 2025 04:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210618
IP address blocks:        194.9.180.0/24 maxlen: 28
                          194.9.180.240/28 maxlen: 28
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/a9db23-a67c-4f8b-8adf-70522d814e0c/1/6TC3bnIfXYNO1T5JKE2XkDOSEcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/a9db23-a67c-4f8b-8adf-70522d814e0c/1/6TC3bnIfXYNO1T5JKE2XkDOSEcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6TC3bnIfXYNO1T5JKE2XkDOSEcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cc:f6:d4:3b:4a:87:8a:f7:cf:ac:4f:8f:a0:66:fa:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e930b76e721f5d834ed53e49284d9790339211c8
        Validity
            Not Before: May 14 04:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c500b5f038bf72daad2cdc5859b32d4a71b0cf97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d6:8f:8c:9f:7c:e2:84:d9:63:cb:52:0c:b1:
                    86:83:ce:a4:a9:e5:77:6f:64:52:a8:5d:97:cb:13:
                    08:04:0b:8e:3f:9d:0f:11:a6:c6:22:73:43:27:4b:
                    93:b9:79:3c:89:55:f4:4b:d2:a5:d1:e8:d7:d0:9d:
                    de:4a:f4:8c:c7:85:04:c3:ea:84:cb:22:0c:d3:e7:
                    b4:53:79:70:3e:b3:a2:f0:9a:cb:53:fc:9e:71:47:
                    92:64:6f:ce:b4:41:51:09:8a:7b:41:f1:aa:52:3a:
                    d5:f3:95:a7:e4:7d:31:3c:ff:b1:be:d4:c4:35:e5:
                    3e:96:5c:9d:b2:8f:76:5e:35:c3:46:5a:af:f1:b5:
                    fe:4b:c2:2f:58:2a:0e:ee:81:1b:e9:5d:d2:aa:db:
                    02:ca:0c:e7:a4:1e:1e:19:c7:ee:26:e5:87:9f:2e:
                    ca:f6:75:c6:2f:f7:b6:bf:77:39:5c:6f:50:02:8c:
                    ed:64:a3:9e:28:19:d9:2c:43:78:f0:2a:1b:5b:87:
                    33:3e:6e:58:16:e2:98:67:54:83:48:88:a2:7a:99:
                    7a:c9:1a:1e:20:df:96:4f:06:09:91:09:e3:43:74:
                    31:cf:57:51:3c:d6:9d:17:49:09:a3:13:4b:f6:c7:
                    0c:ba:80:55:4a:73:25:94:86:06:e9:09:14:9d:c8:
                    c7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:00:B5:F0:38:BF:72:DA:AD:2C:DC:58:59:B3:2D:4A:71:B0:CF:97
            X509v3 Authority Key Identifier:
                keyid:E9:30:B7:6E:72:1F:5D:83:4E:D5:3E:49:28:4D:97:90:33:92:11:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6TC3bnIfXYNO1T5JKE2XkDOSEcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a9db23-a67c-4f8b-8adf-70522d814e0c/1/xQC18Di_ctqtLNxYWbMtSnGwz5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a9db23-a67c-4f8b-8adf-70522d814e0c/1/6TC3bnIfXYNO1T5JKE2XkDOSEcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:00:54:b2:01:51:1f:ba:0f:2f:15:00:79:74:7f:cb:c9:9e:
         56:9b:b8:ae:c8:27:44:ac:43:60:09:17:e7:4b:9e:39:e2:9f:
         fc:4a:d9:30:82:e6:3e:cd:16:f8:b0:85:a9:57:b9:83:23:43:
         97:fa:2a:5d:6f:e1:75:39:03:bb:d1:fa:79:d9:1d:37:7d:c6:
         48:03:97:7f:91:b0:15:be:2e:a9:e4:67:d7:5a:89:b5:03:4d:
         f7:c5:bf:31:19:88:d8:0e:4a:59:f1:63:59:36:07:db:22:f9:
         44:9b:43:b2:58:85:96:a1:0b:71:c5:19:af:34:e7:cb:f8:40:
         b7:99:dc:12:84:1e:ed:9b:f1:fa:c3:fb:8a:1f:bd:8c:b4:d0:
         88:26:62:34:de:92:68:cc:ff:83:53:ac:2a:2a:ef:03:67:f3:
         5e:10:f5:a8:ee:e9:72:6d:51:f2:47:34:6d:b0:f8:d7:fd:fe:
         cb:e5:d5:a4:78:d3:88:de:7b:a7:b1:c7:9d:08:4e:b4:b4:7c:
         95:e0:fa:fc:79:81:54:3e:83:a2:5b:18:c4:89:d7:50:f6:49:
         1c:e3:7d:9c:20:28:bb:99:57:8d:31:fc:74:ca:95:c6:66:f2:
         62:4d:4c:9c:a3:7c:c8:61:8d:4b:72:31:da:ed:9e:96:c3:7d:
         3a:00:ab:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbM9tQ7SoeK98+sT4+gZvoLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MzBiNzZlNzIxZjVkODM0ZWQ1M2U0OTI4NGQ5NzkwMzM5
MjExYzgwHhcNMjUwNTE0MDQwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTAwYjVmMDM4YmY3MmRhYWQyY2RjNTg1OWIzMmQ0YTcxYjBjZjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdaPjJ984oTZY8tSDLGGg86kqeV3
b2RSqF2XyxMIBAuOP50PEabGInNDJ0uTuXk8iVX0S9Kl0ejX0J3eSvSMx4UEw+qE
yyIM0+e0U3lwPrOi8JrLU/yecUeSZG/OtEFRCYp7QfGqUjrV85Wn5H0xPP+xvtTE
NeU+llydso92XjXDRlqv8bX+S8IvWCoO7oEb6V3SqtsCygznpB4eGcfuJuWHny7K
9nXGL/e2v3c5XG9QAoztZKOeKBnZLEN48CobW4czPm5YFuKYZ1SDSIiiepl6yRoe
IN+WTwYJkQnjQ3Qxz1dRPNadF0kJoxNL9scMuoBVSnMllIYG6QkUncjHJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUAtfA4v3LarSzcWFmzLUpxsM+XMB8GA1UdIwQY
MBaAFOkwt25yH12DTtU+SShNl5AzkhHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlRDM2JuSWZYWU5PMVQ1SktFMlhrRE9TRWNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hOWRiMjMtYTY3Yy00ZjhiLThhZGYt
NzA1MjJkODE0ZTBjLzEveFFDMThEaV9jdHF0TE54WVdiTXRTbkd3ejVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hOWRiMjMtYTY3Yy00ZjhiLThhZGYtNzA1MjJkODE0ZTBj
LzEvNlRDM2JuSWZYWU5PMVQ1SktFMlhrRE9TRWNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgm0MA0G
CSqGSIb3DQEBCwUAA4IBAQAbAFSyAVEfug8vFQB5dH/LyZ5Wm7iuyCdErENgCRfn
S5454p/8StkwguY+zRb4sIWpV7mDI0OX+ipdb+F1OQO70fp52R03fcZIA5d/kbAV
vi6p5GfXWom1A033xb8xGYjYDkpZ8WNZNgfbIvlEm0OyWIWWoQtxxRmvNOfL+EC3
mdwShB7tm/H6w/uKH72MtNCIJmI03pJozP+DU6wqKu8DZ/NeEPWo7ulybVHyRzRt
sPjX/f7L5dWkeNOI3nunscedCE60tHyV4Pr8eYFUPoOiWxjEiddQ9kkc432cICi7
mVeNMfx0ypXGZvJiTUyco3zIYY1LcjHa7Z6Ww306AKuu
-----END CERTIFICATE-----