Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb6bf5-3ac5-413d-b898-4fef15e7dead/1/xDdJemGsGlnwmpl5xZcYblz1F1E.roa
File:                     xDdJemGsGlnwmpl5xZcYblz1F1E.roa (raw, json)
Hash identifier:          XMJejRWNcdPi5zWMZF0Nrh6edEuHq3xZbSAPEeCgs1I=
Subject key identifier:   C4:37:49:7A:61:AC:1A:59:F0:9A:99:79:C5:97:18:6E:5C:F5:17:51
Certificate issuer:       /CN=5ccf35e13616d797630d1e25400c13c6211f500c
Certificate serial:       0198D1B284B6EC646CC439168E691BBFBFB6
Authority key identifier: 5C:CF:35:E1:36:16:D7:97:63:0D:1E:25:40:0C:13:C6:21:1F:50:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XM814TYW15djDR4lQAwTxiEfUAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb6bf5-3ac5-413d-b898-4fef15e7dead/1/xDdJemGsGlnwmpl5xZcYblz1F1E.roa
Signing time:             Fri 22 Aug 2025 12:13:14 +0000
ROA not before:           Fri 22 Aug 2025 12:13:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197548
IP address blocks:        91.223.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb6bf5-3ac5-413d-b898-4fef15e7dead/1/XM814TYW15djDR4lQAwTxiEfUAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb6bf5-3ac5-413d-b898-4fef15e7dead/1/XM814TYW15djDR4lQAwTxiEfUAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XM814TYW15djDR4lQAwTxiEfUAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:b2:84:b6:ec:64:6c:c4:39:16:8e:69:1b:bf:bf:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ccf35e13616d797630d1e25400c13c6211f500c
        Validity
            Not Before: Aug 22 12:13:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c437497a61ac1a59f09a9979c597186e5cf51751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ab:56:99:73:a5:1a:41:ec:b4:e9:73:5c:25:
                    d9:94:ce:97:69:0d:64:f3:49:2e:90:19:c5:79:3d:
                    93:b9:de:fd:26:c1:3f:f6:9c:e5:1b:4d:99:52:ff:
                    e8:57:2e:99:d6:13:86:be:c5:c3:2d:de:7a:4f:69:
                    58:62:7d:bd:53:b5:31:87:0e:a6:1e:5c:a6:2f:5c:
                    bb:01:6b:c2:0c:b5:6c:96:ba:c0:05:7b:8b:7a:52:
                    0b:67:57:27:83:77:ad:a1:81:17:8f:f7:7f:74:fb:
                    53:63:45:d6:0d:8e:24:13:fd:87:da:83:6f:91:1a:
                    52:6e:7f:d7:3c:1b:f1:c6:15:99:ce:c5:47:54:6e:
                    44:f9:26:52:73:d7:6a:9f:b1:37:75:43:8f:cf:98:
                    cb:bc:5e:54:3b:14:b2:fd:11:21:c2:4b:8d:4c:26:
                    f5:1a:fa:c8:76:69:d3:0f:36:47:09:95:e4:cf:33:
                    6c:85:19:a5:2e:f1:2a:ed:0a:32:03:87:11:ce:dc:
                    5e:67:92:b6:f4:9b:af:8a:37:ca:2a:5f:36:b9:eb:
                    7c:e6:2a:0e:b7:ee:30:3d:1d:67:72:0e:d9:ff:18:
                    8c:06:0c:8c:f8:e3:f4:9a:0c:74:27:ce:e1:37:64:
                    a6:db:2a:0e:b4:fb:8d:f4:f3:1c:1e:d8:a8:3b:e3:
                    59:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:37:49:7A:61:AC:1A:59:F0:9A:99:79:C5:97:18:6E:5C:F5:17:51
            X509v3 Authority Key Identifier:
                keyid:5C:CF:35:E1:36:16:D7:97:63:0D:1E:25:40:0C:13:C6:21:1F:50:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XM814TYW15djDR4lQAwTxiEfUAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb6bf5-3ac5-413d-b898-4fef15e7dead/1/xDdJemGsGlnwmpl5xZcYblz1F1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb6bf5-3ac5-413d-b898-4fef15e7dead/1/XM814TYW15djDR4lQAwTxiEfUAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:96:7b:a3:65:ef:2a:5c:b7:4a:4d:e0:bc:87:d3:2c:29:6d:
         2f:5e:33:c5:dd:7e:60:83:4a:fb:3b:5d:2f:57:01:77:4f:2c:
         9b:6a:a4:6a:9d:7d:a2:b1:ba:76:0e:35:69:b4:5e:4d:2c:d9:
         b3:8f:ab:be:d6:d3:95:7f:09:d1:d6:54:b8:b0:a9:25:4c:50:
         06:89:04:a2:f5:b6:13:0b:05:0b:eb:08:ce:b1:e0:9d:20:b1:
         9d:ef:94:d3:d3:d8:03:ca:ee:03:02:6c:7b:9f:73:47:86:cc:
         87:f9:ca:d1:77:25:3b:f6:f2:d1:9d:0a:5c:71:9e:92:66:f2:
         a5:9b:97:22:ac:ef:6a:c3:33:a3:7e:b7:db:ac:9f:c7:e9:2c:
         4b:23:3d:36:60:e7:42:c7:59:04:c5:67:28:98:0c:e2:f1:6a:
         12:a6:67:d4:4b:21:79:f6:ad:0d:eb:96:a9:5f:3f:26:ad:33:
         c5:b9:32:d2:74:c4:6b:b9:65:67:f9:cd:a1:8e:08:51:55:57:
         06:6a:d6:4b:96:22:ed:48:02:f3:5d:08:b1:9e:ac:6c:97:c6:
         a4:a2:c2:6e:6e:c7:13:a3:00:0d:f8:85:20:db:cf:38:95:91:
         04:ae:34:9e:a7:75:24:5b:34:7d:72:34:3a:31:ec:4d:bb:a1:
         71:a3:cd:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRsoS27GRsxDkWjmkbv7+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjY2YzNWUxMzYxNmQ3OTc2MzBkMWUyNTQwMGMxM2M2MjEx
ZjUwMGMwHhcNMjUwODIyMTIxMzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDM3NDk3YTYxYWMxYTU5ZjA5YTk5NzljNTk3MTg2ZTVjZjUxNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqtWmXOlGkHstOlzXCXZlM6XaQ1k
80kukBnFeT2Tud79JsE/9pzlG02ZUv/oVy6Z1hOGvsXDLd56T2lYYn29U7Uxhw6m
HlymL1y7AWvCDLVslrrABXuLelILZ1cng3etoYEXj/d/dPtTY0XWDY4kE/2H2oNv
kRpSbn/XPBvxxhWZzsVHVG5E+SZSc9dqn7E3dUOPz5jLvF5UOxSy/REhwkuNTCb1
GvrIdmnTDzZHCZXkzzNshRmlLvEq7QoyA4cRztxeZ5K29JuvijfKKl82uet85ioO
t+4wPR1ncg7Z/xiMBgyM+OP0mgx0J87hN2Sm2yoOtPuN9PMcHtioO+NZQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQ3SXphrBpZ8JqZecWXGG5c9RdRMB8GA1UdIwQY
MBaAFFzPNeE2FteXYw0eJUAME8YhH1AMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE04MTRUWVcxNWRqRFI0bFFBd1R4aUVmVUF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjZiZjUtM2FjNS00MTNkLWI4OTgt
NGZlZjE1ZTdkZWFkLzEveERkSmVtR3NHbG53bXBsNXhaY1libHoxRjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjZiZjUtM2FjNS00MTNkLWI4OTgtNGZlZjE1ZTdkZWFk
LzEvWE04MTRUWVcxNWRqRFI0bFFBd1R4aUVmVUF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW98+MA0G
CSqGSIb3DQEBCwUAA4IBAQBQlnujZe8qXLdKTeC8h9MsKW0vXjPF3X5gg0r7O10v
VwF3TyybaqRqnX2isbp2DjVptF5NLNmzj6u+1tOVfwnR1lS4sKklTFAGiQSi9bYT
CwUL6wjOseCdILGd75TT09gDyu4DAmx7n3NHhsyH+crRdyU79vLRnQpccZ6SZvKl
m5cirO9qwzOjfrfbrJ/H6SxLIz02YOdCx1kExWcomAzi8WoSpmfUSyF59q0N65ap
Xz8mrTPFuTLSdMRruWVn+c2hjghRVVcGatZLliLtSALzXQixnqxsl8akosJubscT
owAN+IUg2884lZEErjSep3UkWzR9cjQ6MexNu6Fxo80t
-----END CERTIFICATE-----