Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/xLGDaC118LcfUDYtMnB3DY44_sc.roa
File:                     xLGDaC118LcfUDYtMnB3DY44_sc.roa (raw, json)
Hash identifier:          4ZP2Bk0aJ3rot/Ut/uex6Y+e07pNyyqnsZS0TCsrmZk=
Subject key identifier:   C4:B1:83:68:2D:75:F0:B7:1F:50:36:2D:32:70:77:0D:8E:38:FE:C7
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0196B46B9268F243DC9DC428FBE00341D1E9
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/xLGDaC118LcfUDYtMnB3DY44_sc.roa
Signing time:             Fri 09 May 2025 09:41:10 +0000
ROA not before:           Fri 09 May 2025 09:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        194.39.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b4:6b:92:68:f2:43:dc:9d:c4:28:fb:e0:03:41:d1:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: May  9 09:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4b183682d75f0b71f50362d3270770d8e38fec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:81:ba:70:a0:6f:57:d9:57:9c:19:8a:93:c5:
                    86:9b:bf:08:86:42:8e:12:eb:0a:6e:07:5f:5e:58:
                    f6:15:23:24:3a:3f:30:b2:b4:3b:1c:9c:92:e4:62:
                    77:34:d9:ee:43:df:96:80:ce:a6:32:ef:ba:37:b0:
                    43:f2:8a:6d:6e:21:50:25:43:90:cb:9a:b2:4f:65:
                    36:41:31:d2:0f:9e:e6:0d:42:43:d1:03:08:71:3f:
                    c2:ab:e3:f5:dd:ba:ea:4a:b7:8c:10:19:dc:9f:01:
                    23:f3:f8:8d:63:f3:79:41:da:7c:35:c6:59:83:61:
                    2e:ad:cc:a0:9e:5f:c7:d2:9b:32:41:34:b8:5e:bc:
                    d5:1d:3a:ee:8e:23:9c:04:b6:49:be:f7:a2:5d:e5:
                    71:d1:1c:8a:62:68:25:99:35:62:8e:13:ce:11:2a:
                    b6:0f:c7:25:36:aa:31:48:c3:96:af:6c:2f:05:8e:
                    8c:b9:6e:1a:1f:41:3a:db:ec:4c:dc:d3:ea:03:5d:
                    a3:94:eb:c6:34:41:31:5a:a7:d7:05:0e:ae:7f:a0:
                    e2:14:e7:47:fa:2d:62:bc:43:57:54:f3:ef:35:f6:
                    ee:4c:cc:39:9b:8c:11:94:1d:5c:2a:a7:95:e6:98:
                    b1:02:48:66:bb:15:93:d5:d1:ff:f7:a4:e3:24:a3:
                    18:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:B1:83:68:2D:75:F0:B7:1F:50:36:2D:32:70:77:0D:8E:38:FE:C7
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/xLGDaC118LcfUDYtMnB3DY44_sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:c8:74:2d:75:3d:7a:e6:bd:03:4e:4e:22:5c:6e:0f:a4:0f:
         53:92:f5:82:4a:b7:1d:dc:a4:b8:3b:27:91:d0:f3:69:f8:a7:
         ef:12:6d:9a:bd:47:aa:63:55:9d:28:7d:9e:f1:a2:82:0d:40:
         b4:38:ff:cc:dd:d9:bf:66:b4:65:f4:d7:86:6d:2b:61:ab:dd:
         50:c8:d0:88:3d:12:c7:18:75:a5:e8:4d:93:52:d1:4e:69:63:
         c5:fa:9a:3a:4d:88:1d:01:27:a7:c8:85:74:fa:03:58:6d:48:
         96:42:67:ec:1e:21:f8:cd:ff:23:c4:63:ee:64:2c:a0:db:02:
         19:64:8f:45:03:6a:55:d6:aa:45:db:01:73:bc:9f:37:33:32:
         ef:ab:a0:e4:4d:86:7d:32:13:e2:49:eb:6e:d4:86:22:34:47:
         08:db:27:d7:d8:b8:bb:57:03:ca:86:b6:2c:06:6b:cd:3f:0a:
         89:0b:be:b6:9f:b1:9e:61:66:18:10:ab:2d:52:50:0d:10:ea:
         6a:7f:83:4a:7e:69:ae:2d:aa:5b:8d:52:91:4f:8e:19:0f:d5:
         49:ea:b6:da:c8:56:8a:ea:54:94:fb:89:98:5a:c9:e6:84:b3:
         08:67:58:60:05:35:e3:28:4d:49:02:10:dd:97:02:46:86:c7:
         db:5c:c9:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa0a5Jo8kPcncQo++ADQdHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwNTA5MDk0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGIxODM2ODJkNzVmMGI3MWY1MDM2MmQzMjcwNzcwZDhlMzhmZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoG6cKBvV9lXnBmKk8WGm78IhkKO
EusKbgdfXlj2FSMkOj8wsrQ7HJyS5GJ3NNnuQ9+WgM6mMu+6N7BD8optbiFQJUOQ
y5qyT2U2QTHSD57mDUJD0QMIcT/Cq+P13brqSreMEBncnwEj8/iNY/N5Qdp8NcZZ
g2Eurcygnl/H0psyQTS4XrzVHTrujiOcBLZJvveiXeVx0RyKYmglmTVijhPOESq2
D8clNqoxSMOWr2wvBY6MuW4aH0E62+xM3NPqA12jlOvGNEExWqfXBQ6uf6DiFOdH
+i1ivENXVPPvNfbuTMw5m4wRlB1cKqeV5pixAkhmuxWT1dH/96TjJKMYvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSxg2gtdfC3H1A2LTJwdw2OOP7HMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEveExHRGFDMTE4TGNmVURZdE1uQjNEWTQ0X3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifYMA0G
CSqGSIb3DQEBCwUAA4IBAQCGyHQtdT165r0DTk4iXG4PpA9TkvWCSrcd3KS4OyeR
0PNp+KfvEm2avUeqY1WdKH2e8aKCDUC0OP/M3dm/ZrRl9NeGbSthq91QyNCIPRLH
GHWl6E2TUtFOaWPF+po6TYgdASenyIV0+gNYbUiWQmfsHiH4zf8jxGPuZCyg2wIZ
ZI9FA2pV1qpF2wFzvJ83MzLvq6DkTYZ9MhPiSetu1IYiNEcI2yfX2Li7VwPKhrYs
BmvNPwqJC762n7GeYWYYEKstUlANEOpqf4NKfmmuLapbjVKRT44ZD9VJ6rbayFaK
6lSU+4mYWsnmhLMIZ1hgBTXjKE1JAhDdlwJGhsfbXMll
-----END CERTIFICATE-----