Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/XqYsPlinf3fmL22kAzIVoebeeX4.roa
File:                     XqYsPlinf3fmL22kAzIVoebeeX4.roa (raw, json)
Hash identifier:          deoI1A5/zT1F6BipfZeqHSMbROyol2JqMIbCMKUASJ8=
Subject key identifier:   5E:A6:2C:3E:58:A7:7F:77:E6:2F:6D:A4:03:32:15:A1:E6:DE:79:7E
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       019749D59C0FB83A82E3881458F74B1ADC83
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/XqYsPlinf3fmL22kAzIVoebeeX4.roa
Signing time:             Sat 07 Jun 2025 10:00:25 +0000
ROA not before:           Sat 07 Jun 2025 10:00:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.149.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:49:d5:9c:0f:b8:3a:82:e3:88:14:58:f7:4b:1a:dc:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jun  7 10:00:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ea62c3e58a77f77e62f6da4033215a1e6de797e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:00:36:6c:40:66:48:fe:a0:b1:ed:90:5a:52:
                    a2:6f:1e:8d:19:d4:f5:fc:4c:4c:ce:4c:38:87:73:
                    14:ff:cc:db:07:f2:20:0b:e1:1f:35:5a:d3:06:76:
                    72:f8:78:22:46:5b:72:22:d2:56:df:0f:cd:e5:cb:
                    91:88:a0:a9:5d:c1:b6:45:3b:ae:1b:7c:c9:51:be:
                    f0:8d:5f:d5:91:a4:f8:5a:99:df:e4:8f:32:ec:8a:
                    ae:13:f0:8a:78:2d:53:d9:8f:af:81:ae:d9:c6:54:
                    9f:87:7b:c5:13:c9:fa:e3:57:56:86:14:59:34:08:
                    ef:ed:6b:e3:ee:da:71:d7:2e:8c:1d:cf:68:c3:99:
                    38:21:9e:75:df:18:86:6f:c0:61:c4:62:66:04:e6:
                    e4:96:b2:1f:94:c7:f4:ca:29:21:10:e6:1f:ca:04:
                    e9:db:aa:89:68:83:de:4e:8f:7b:7c:04:a4:ad:93:
                    b0:8f:17:ba:70:dd:fe:01:e0:df:08:cb:c2:fd:4f:
                    d6:44:ad:cb:fb:7d:aa:d8:71:56:fb:83:f1:c1:8c:
                    e9:25:bf:07:c9:eb:90:41:b8:50:dc:f2:cb:64:e5:
                    1d:61:bf:ab:0c:14:d7:63:6e:ee:01:f4:4c:ff:7c:
                    6c:1b:24:61:1e:44:76:57:ec:6c:1b:79:d1:3b:21:
                    bd:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:A6:2C:3E:58:A7:7F:77:E6:2F:6D:A4:03:32:15:A1:E6:DE:79:7E
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/XqYsPlinf3fmL22kAzIVoebeeX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:fb:37:13:6f:9f:23:10:39:68:6f:75:d5:c6:8f:7c:cf:2f:
         3c:3b:74:64:74:51:4e:9e:72:81:09:ac:e5:93:d0:f7:9b:4f:
         9d:6d:23:38:42:d9:da:45:14:e5:ec:64:5d:4d:5a:ba:9c:64:
         ab:c3:a0:a8:05:e5:11:cb:81:a5:a2:43:77:39:f7:e5:4e:b5:
         b2:30:d4:ef:c0:99:5c:81:03:b8:fe:9f:de:91:fe:00:d1:74:
         9f:38:30:54:21:3a:51:cf:31:58:fe:c5:14:cf:bf:3a:03:93:
         a9:f3:56:80:d8:a6:e5:b6:54:5d:b8:5d:60:7e:cf:08:2f:fb:
         05:05:95:b2:e6:3a:bd:d1:6e:f2:dd:05:81:2f:0a:f5:b5:c6:
         b3:90:b2:7a:c7:39:7d:50:76:ba:bc:35:f9:00:f7:82:66:bb:
         6b:4b:35:df:97:4d:e5:a1:de:3c:eb:f0:26:e5:4c:8f:d1:c3:
         19:13:ce:55:a8:9d:50:bb:d5:30:62:3a:54:79:c6:43:c0:76:
         f6:f6:c7:61:35:52:72:25:a7:a7:b5:a0:97:f3:07:99:62:5e:
         54:bd:cd:bc:eb:ee:a0:8d:77:9d:0e:7e:d0:fc:40:83:17:04:
         dc:9c:16:9f:49:1e:a4:05:8f:e4:f2:89:48:6e:81:2c:74:fa:
         de:5b:cd:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdJ1ZwPuDqC44gUWPdLGtyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjUwNjA3MTAwMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWE2MmMzZTU4YTc3Zjc3ZTYyZjZkYTQwMzMyMTVhMWU2ZGU3OTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAA2bEBmSP6gse2QWlKibx6NGdT1
/ExMzkw4h3MU/8zbB/IgC+EfNVrTBnZy+HgiRltyItJW3w/N5cuRiKCpXcG2RTuu
G3zJUb7wjV/VkaT4Wpnf5I8y7IquE/CKeC1T2Y+vga7ZxlSfh3vFE8n641dWhhRZ
NAjv7Wvj7tpx1y6MHc9ow5k4IZ513xiGb8BhxGJmBObklrIflMf0yikhEOYfygTp
26qJaIPeTo97fASkrZOwjxe6cN3+AeDfCMvC/U/WRK3L+32q2HFW+4PxwYzpJb8H
yeuQQbhQ3PLLZOUdYb+rDBTXY27uAfRM/3xsGyRhHkR2V+xsG3nROyG9TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6mLD5Yp3935i9tpAMyFaHm3nl+MB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvWHFZc1BsaW5mM2ZtTDIya0F6SVZvZWJlZVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZU8MA0G
CSqGSIb3DQEBCwUAA4IBAQBo+zcTb58jEDlob3XVxo98zy88O3RkdFFOnnKBCazl
k9D3m0+dbSM4QtnaRRTl7GRdTVq6nGSrw6CoBeURy4GlokN3OfflTrWyMNTvwJlc
gQO4/p/ekf4A0XSfODBUITpRzzFY/sUUz786A5Op81aA2KbltlRduF1gfs8IL/sF
BZWy5jq90W7y3QWBLwr1tcazkLJ6xzl9UHa6vDX5APeCZrtrSzXfl03lod486/Am
5UyP0cMZE85VqJ1Qu9UwYjpUecZDwHb29sdhNVJyJaentaCX8weZYl5Uvc286+6g
jXedDn7Q/ECDFwTcnBafSR6kBY/k8olIboEsdPreW82e
-----END CERTIFICATE-----