Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/XuOrgtRzE9gXasO2G2GQUlhhC_E.roa
File:                     XuOrgtRzE9gXasO2G2GQUlhhC_E.roa (raw, json)
Hash identifier:          82ZSIBplAucZfgDH8SReo99lDoJBL0zr+wxMTMhQR7I=
Subject key identifier:   5E:E3:AB:82:D4:73:13:D8:17:6A:C3:B6:1B:61:90:52:58:61:0B:F1
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0197D05B6F0046F79EA6EAF54159E2267980
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/XuOrgtRzE9gXasO2G2GQUlhhC_E.roa
Signing time:             Thu 03 Jul 2025 12:55:42 +0000
ROA not before:           Thu 03 Jul 2025 12:55:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211686
IP address blocks:        188.132.166.0/24 maxlen: 24
                          188.132.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 21:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:5b:6f:00:46:f7:9e:a6:ea:f5:41:59:e2:26:79:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jul  3 12:55:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ee3ab82d47313d8176ac3b61b61905258610bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a4:6f:66:c6:01:dd:d9:66:13:52:61:9d:a9:
                    a3:a1:a5:36:89:48:98:9a:36:87:59:0c:06:06:b1:
                    2e:a8:93:77:7f:cc:38:24:0f:e6:29:8d:96:ac:04:
                    de:ac:ec:59:20:fd:e7:3e:c5:3a:57:e4:55:24:bc:
                    7c:6f:16:b5:6f:0b:cd:f0:43:84:8b:a5:c8:9b:bd:
                    d1:43:49:8b:68:30:1b:cd:86:d3:a6:cd:ef:e3:8c:
                    79:c7:f1:28:51:11:41:83:9b:2c:01:4d:d2:24:b6:
                    5b:20:25:96:68:02:fb:f7:30:a0:a9:54:f8:14:53:
                    fe:45:6c:e0:aa:6d:b5:e3:c9:c4:d1:08:50:2d:d7:
                    0e:6c:66:1d:35:0b:43:93:a8:e6:09:ee:79:8d:3c:
                    bc:26:7d:f2:5d:e2:df:0e:28:88:57:68:e2:7b:16:
                    f3:22:a3:ad:5c:e0:ee:05:a3:0e:f2:1c:9d:33:d3:
                    8d:02:8a:90:cb:3f:33:00:5a:28:35:95:75:64:5b:
                    ac:d7:c5:70:98:d7:9f:5f:60:39:d4:68:9c:5b:0e:
                    04:e4:02:34:07:d0:02:d7:84:30:cd:16:d5:d3:13:
                    1b:a6:4a:bc:74:06:42:cf:f4:65:be:33:2e:41:8b:
                    6c:51:be:29:4f:ba:20:29:30:59:64:8f:20:91:cb:
                    2f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E3:AB:82:D4:73:13:D8:17:6A:C3:B6:1B:61:90:52:58:61:0B:F1
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/XuOrgtRzE9gXasO2G2GQUlhhC_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:73:f4:ce:25:76:3c:84:7f:aa:7c:06:2a:c6:89:aa:2a:a8:
         8e:fa:72:38:1b:86:d5:ff:a0:ae:ec:86:d7:2c:dd:af:97:cc:
         ea:6a:fb:9e:63:a1:79:5b:19:3c:50:ee:ca:bb:be:f8:df:e3:
         85:f0:e1:37:76:e7:5d:6e:ce:b8:d3:f5:cb:c8:28:b9:c9:67:
         44:96:26:ce:13:31:1f:54:95:12:52:28:8c:c4:4c:f6:60:59:
         08:a2:68:46:ec:99:df:ed:8f:e1:62:43:17:85:0f:80:70:b5:
         c0:0c:66:0e:a4:0d:89:43:05:28:8c:05:c5:e8:5f:a2:4e:09:
         b3:e8:9c:39:7f:86:97:33:5d:b1:ee:16:e2:5d:1d:93:2e:1a:
         9e:7b:20:96:14:b7:90:72:e6:b4:1b:b6:52:3b:34:38:34:3f:
         36:9c:cc:87:68:f7:1d:5e:63:0f:de:35:bb:4d:b3:b0:1a:32:
         de:85:73:89:ae:2d:d3:03:39:0a:01:3f:d7:5c:54:b9:81:bc:
         84:49:1f:9b:c2:33:96:71:4b:fb:2f:b5:44:c0:2e:93:45:6d:
         60:6f:5b:46:77:80:12:04:c2:7a:78:81:f5:28:70:7a:f9:42:
         05:21:53:70:42:bd:ca:c2:e0:87:53:f4:1f:2b:b0:2c:f1:74:
         ff:bf:a7:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfQW28ARveepur1QVniJnmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwNzAzMTI1NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWUzYWI4MmQ0NzMxM2Q4MTc2YWMzYjYxYjYxOTA1MjU4NjEwYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraRvZsYB3dlmE1JhnamjoaU2iUiY
mjaHWQwGBrEuqJN3f8w4JA/mKY2WrATerOxZIP3nPsU6V+RVJLx8bxa1bwvN8EOE
i6XIm73RQ0mLaDAbzYbTps3v44x5x/EoURFBg5ssAU3SJLZbICWWaAL79zCgqVT4
FFP+RWzgqm2148nE0QhQLdcObGYdNQtDk6jmCe55jTy8Jn3yXeLfDiiIV2jiexbz
IqOtXODuBaMO8hydM9ONAoqQyz8zAFooNZV1ZFus18VwmNefX2A51GicWw4E5AI0
B9AC14QwzRbV0xMbpkq8dAZCz/RlvjMuQYtsUb4pT7ogKTBZZI8gkcsvFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7jq4LUcxPYF2rDththkFJYYQvxMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvWHVPcmd0UnpFOWdYYXNPMkcyR1FVbGhoQ19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvISmMA0G
CSqGSIb3DQEBCwUAA4IBAQCBc/TOJXY8hH+qfAYqxomqKqiO+nI4G4bV/6Cu7IbX
LN2vl8zqavueY6F5Wxk8UO7Ku7743+OF8OE3duddbs640/XLyCi5yWdElibOEzEf
VJUSUiiMxEz2YFkIomhG7Jnf7Y/hYkMXhQ+AcLXADGYOpA2JQwUojAXF6F+iTgmz
6Jw5f4aXM12x7hbiXR2TLhqeeyCWFLeQcua0G7ZSOzQ4ND82nMyHaPcdXmMP3jW7
TbOwGjLehXOJri3TAzkKAT/XXFS5gbyESR+bwjOWcUv7L7VEwC6TRW1gb1tGd4AS
BMJ6eIH1KHB6+UIFIVNwQr3KwuCHU/QfK7As8XT/v6f0
-----END CERTIFICATE-----