Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Xdb2GonGqu9DkyPtW1xL_ewg_Bo.roa
File:                     Xdb2GonGqu9DkyPtW1xL_ewg_Bo.roa (raw, json)
Hash identifier:          GVGr4S1zTr+dNdiuuONrJJ2q6Nn0ihVO0n5qN0zw/pQ=
Subject key identifier:   5D:D6:F6:1A:89:C6:AA:EF:43:93:23:ED:5B:5C:4B:FD:EC:20:FC:1A
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01977D1FFDE4D0FDF8447C68CE6D718A9250
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Xdb2GonGqu9DkyPtW1xL_ewg_Bo.roa
Signing time:             Tue 17 Jun 2025 09:02:17 +0000
ROA not before:           Tue 17 Jun 2025 09:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29014
IP address blocks:        193.168.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:1f:fd:e4:d0:fd:f8:44:7c:68:ce:6d:71:8a:92:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jun 17 09:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dd6f61a89c6aaef439323ed5b5c4bfdec20fc1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d7:d7:bc:a5:1d:e8:5d:6f:fe:02:0a:69:b9:
                    73:31:98:23:ca:14:c1:86:35:a3:7c:03:75:45:2b:
                    f0:6a:36:50:55:4f:83:04:77:fb:e3:ee:71:3e:47:
                    78:43:07:88:55:fb:6f:0c:00:5c:b5:ab:33:85:69:
                    7e:19:30:a2:23:2d:cb:5e:1b:80:af:08:0c:d3:52:
                    cc:dc:12:5c:85:44:ca:fb:dd:f4:7e:8b:4d:2e:c4:
                    d8:08:39:b5:44:ff:60:81:53:dd:ae:32:77:58:00:
                    05:5f:00:4e:46:1c:52:19:23:81:95:8a:53:9a:89:
                    3f:ad:57:2b:7a:b0:e7:61:57:9d:94:fc:ee:a2:ad:
                    56:b6:b6:2c:59:2b:5f:78:be:cd:b0:7a:42:09:c0:
                    35:ff:60:53:fd:9b:83:fb:ea:de:87:af:a7:93:fd:
                    77:e9:f2:9a:02:13:be:8a:38:0d:5d:cd:dd:3d:4d:
                    7f:9f:15:50:4f:70:6a:c0:97:18:4c:6f:7f:eb:f9:
                    e1:19:5e:22:c8:d5:9b:f9:2f:c7:3a:a9:d8:81:2b:
                    43:63:57:07:1d:e5:2d:f4:bf:e3:ec:f5:90:dc:b0:
                    d6:b2:ad:ee:85:da:6e:0d:b4:f5:8d:53:dd:cb:37:
                    ee:34:11:ca:f9:a0:b5:25:54:57:e5:fb:fb:6a:7d:
                    84:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D6:F6:1A:89:C6:AA:EF:43:93:23:ED:5B:5C:4B:FD:EC:20:FC:1A
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Xdb2GonGqu9DkyPtW1xL_ewg_Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:6e:1e:43:e3:1f:99:01:af:b6:c9:5c:08:63:dd:e8:69:fa:
         e7:92:7f:b4:64:81:b0:e1:86:a0:79:56:33:bc:0c:74:79:1d:
         7b:d8:90:66:9f:44:35:ec:b1:62:24:62:17:49:c3:de:75:ef:
         5d:71:32:2b:6c:20:0a:de:c9:80:f9:b3:89:71:93:4f:9f:b1:
         fb:7d:83:5f:98:92:93:a5:eb:30:da:ff:1a:e2:20:32:63:f0:
         cd:9d:4c:f5:92:79:7a:f1:e1:f4:12:b1:3b:5b:61:0a:4b:bc:
         d9:30:da:85:38:6f:ec:60:7f:1c:b2:b4:6b:d7:73:6f:c8:8d:
         87:ce:00:0a:ec:30:c3:db:14:eb:48:1f:f0:39:22:7b:a2:16:
         01:fb:50:8a:de:35:00:0d:71:c5:22:46:ec:76:72:8c:b9:95:
         57:2e:d0:94:03:65:78:66:32:ce:d4:13:f3:1a:5b:1f:83:ea:
         44:36:d4:e9:a9:3d:2d:28:dd:45:ba:9e:a0:56:9e:47:b0:2f:
         96:6b:d8:a2:da:e2:3e:73:01:28:43:85:1f:74:85:48:76:75:
         03:eb:2b:c6:ac:c4:6c:f9:1e:9a:1e:54:dd:9b:6d:e4:94:9c:
         79:02:7d:4e:df:2c:f4:7e:6f:a0:97:45:51:57:a0:f4:59:ef:
         89:53:39:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd9H/3k0P34RHxozm1xipJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNjE3MDkwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ2ZjYxYTg5YzZhYWVmNDM5MzIzZWQ1YjVjNGJmZGVjMjBmYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dfXvKUd6F1v/gIKablzMZgjyhTB
hjWjfAN1RSvwajZQVU+DBHf74+5xPkd4QweIVftvDABctaszhWl+GTCiIy3LXhuA
rwgM01LM3BJchUTK+930fotNLsTYCDm1RP9ggVPdrjJ3WAAFXwBORhxSGSOBlYpT
mok/rVcrerDnYVedlPzuoq1WtrYsWStfeL7NsHpCCcA1/2BT/ZuD++reh6+nk/13
6fKaAhO+ijgNXc3dPU1/nxVQT3BqwJcYTG9/6/nhGV4iyNWb+S/HOqnYgStDY1cH
HeUt9L/j7PWQ3LDWsq3uhdpuDbT1jVPdyzfuNBHK+aC1JVRX5fv7an2EowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3W9hqJxqrvQ5Mj7VtcS/3sIPwaMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvWGRiMkdvbkdxdTlEa3lQdFcxeExfZXdnX0JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwajKMA0G
CSqGSIb3DQEBCwUAA4IBAQBWbh5D4x+ZAa+2yVwIY93oafrnkn+0ZIGw4YageVYz
vAx0eR172JBmn0Q17LFiJGIXScPede9dcTIrbCAK3smA+bOJcZNPn7H7fYNfmJKT
pesw2v8a4iAyY/DNnUz1knl68eH0ErE7W2EKS7zZMNqFOG/sYH8csrRr13NvyI2H
zgAK7DDD2xTrSB/wOSJ7ohYB+1CK3jUADXHFIkbsdnKMuZVXLtCUA2V4ZjLO1BPz
Glsfg+pENtTpqT0tKN1Fup6gVp5HsC+Wa9ii2uI+cwEoQ4UfdIVIdnUD6yvGrMRs
+R6aHlTdm23klJx5An1O3yz0fm+gl0VRV6D0We+JUzkK
-----END CERTIFICATE-----