Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/xD2UD_5NoLtd0VK4LndF2pETSBk.roa
File:                     xD2UD_5NoLtd0VK4LndF2pETSBk.roa (raw, json)
Hash identifier:          VjvfcStj2ykMEo8Ecd88j1JXnEvqtzpee6oBEje6v9E=
Subject key identifier:   C4:3D:94:0F:FE:4D:A0:BB:5D:D1:52:B8:2E:77:45:DA:91:13:48:19
Certificate issuer:       /CN=e83a2cce9083e8c15a1d325cf48767559f92b623
Certificate serial:       01978C88C7AC5FDD516A25A81DE300E76995
Authority key identifier: E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/xD2UD_5NoLtd0VK4LndF2pETSBk.roa
Signing time:             Fri 20 Jun 2025 08:51:03 +0000
ROA not before:           Fri 20 Jun 2025 08:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34693
IP address blocks:        176.123.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:88:c7:ac:5f:dd:51:6a:25:a8:1d:e3:00:e7:69:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e83a2cce9083e8c15a1d325cf48767559f92b623
        Validity
            Not Before: Jun 20 08:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c43d940ffe4da0bb5dd152b82e7745da91134819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fe:b1:ca:52:da:0a:95:2a:f8:6c:3c:21:b7:
                    b9:87:57:dd:b5:77:c6:6d:64:03:5a:3f:ef:24:79:
                    19:6b:3b:4b:26:46:76:38:fd:e2:e0:75:13:b4:c7:
                    c2:60:f8:04:31:c6:dd:f4:57:e4:1f:f3:a1:1b:6c:
                    e7:1c:d3:29:44:b7:c0:06:b9:5e:e7:d9:22:8d:4f:
                    e4:40:fb:6e:c0:84:52:f7:e4:81:ce:88:cc:4a:5e:
                    b1:12:fc:97:80:91:bf:95:b7:22:6c:bf:83:93:33:
                    08:6a:7b:b4:b8:d7:4d:b1:c6:22:a1:c3:5e:1a:23:
                    d2:5c:40:e4:ac:aa:88:bc:f0:c9:1d:aa:d9:b8:f2:
                    ea:c5:43:10:b8:80:a6:68:50:a3:8a:3d:98:bb:19:
                    f7:98:05:d4:7a:d0:71:58:7f:bc:15:b6:13:e5:2b:
                    0e:33:af:6e:06:3e:18:83:cd:d9:a4:50:c2:96:4b:
                    8b:c0:05:b6:4e:57:a8:e5:14:60:1f:b5:86:31:db:
                    aa:6f:b2:c6:a2:d7:32:b9:29:14:54:0f:6a:8b:f2:
                    90:a0:7d:1a:54:70:cb:c0:26:c4:01:ee:e4:96:8b:
                    34:4d:bd:95:f9:c1:e8:fe:a5:f8:a3:8e:c2:d3:95:
                    e3:6e:d2:43:a6:c0:e3:76:55:bd:45:f6:ed:b4:2e:
                    a6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3D:94:0F:FE:4D:A0:BB:5D:D1:52:B8:2E:77:45:DA:91:13:48:19
            X509v3 Authority Key Identifier:
                keyid:E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/xD2UD_5NoLtd0VK4LndF2pETSBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:b4:a2:34:e0:57:13:73:a3:71:10:63:e3:4e:08:bd:a9:58:
         ac:27:4d:4d:d8:fc:41:20:0a:75:a2:9e:24:22:d7:f2:82:41:
         74:60:7d:3d:27:e3:64:0d:7a:9e:8c:de:cd:ae:91:0b:83:28:
         60:e2:68:1a:4e:9a:e4:43:d6:f4:c9:09:48:9a:98:68:f1:67:
         26:bb:27:fa:d5:cd:bd:86:00:12:ab:7e:f9:58:b9:a5:5e:20:
         a4:7c:e0:33:a8:df:92:f6:ce:38:09:b7:15:72:88:73:c6:f2:
         df:78:25:7a:05:b4:e4:e2:fb:94:4d:b7:7c:90:61:63:18:50:
         4b:79:d7:b4:a2:2b:8a:49:7f:5e:69:ea:ed:52:a5:8a:30:08:
         8f:03:64:3d:93:81:ee:94:45:dc:be:75:43:16:e0:d0:01:80:
         20:6b:1d:e1:61:34:c4:46:45:4a:77:3c:8a:37:2e:63:0f:96:
         c2:bb:0b:85:f9:26:a7:95:4b:5f:47:2a:c9:e3:6f:cf:c6:e8:
         5a:a6:ca:6c:b4:03:8c:ca:e3:e8:c7:c5:38:8f:d5:ef:0d:29:
         da:fb:10:ac:04:65:2c:9f:73:c6:92:2c:1f:2a:d0:23:c4:1e:
         2b:a8:3e:cb:a3:bf:76:0b:ae:ce:fa:bf:01:a6:ef:e3:28:cc:
         34:5d:42:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeMiMesX91RaiWoHeMA52mVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4M2EyY2NlOTA4M2U4YzE1YTFkMzI1Y2Y0ODc2NzU1OWY5
MmI2MjMwHhcNMjUwNjIwMDg1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDNkOTQwZmZlNGRhMGJiNWRkMTUyYjgyZTc3NDVkYTkxMTM0ODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif6xylLaCpUq+Gw8Ibe5h1fdtXfG
bWQDWj/vJHkZaztLJkZ2OP3i4HUTtMfCYPgEMcbd9FfkH/OhG2znHNMpRLfABrle
59kijU/kQPtuwIRS9+SBzojMSl6xEvyXgJG/lbcibL+DkzMIanu0uNdNscYiocNe
GiPSXEDkrKqIvPDJHarZuPLqxUMQuICmaFCjij2Yuxn3mAXUetBxWH+8FbYT5SsO
M69uBj4Yg83ZpFDClkuLwAW2Tleo5RRgH7WGMduqb7LGotcyuSkUVA9qi/KQoH0a
VHDLwCbEAe7klos0Tb2V+cHo/qX4o47C05XjbtJDpsDjdlW9RfbttC6mjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQ9lA/+TaC7XdFSuC53RdqRE0gZMB8GA1UdIwQY
MBaAFOg6LM6Qg+jBWh0yXPSHZ1WfkrYjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYt
MzU2M2Y5NTQzNDg3LzEveEQyVURfNU5vTHRkMFZLNExuZEYycEVUU0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYtMzU2M2Y5NTQzNDg3
LzEvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHs7MA0G
CSqGSIb3DQEBCwUAA4IBAQCltKI04FcTc6NxEGPjTgi9qVisJ01N2PxBIAp1op4k
ItfygkF0YH09J+NkDXqejN7NrpELgyhg4mgaTprkQ9b0yQlImpho8Wcmuyf61c29
hgASq375WLmlXiCkfOAzqN+S9s44CbcVcohzxvLfeCV6BbTk4vuUTbd8kGFjGFBL
ede0oiuKSX9eaertUqWKMAiPA2Q9k4HulEXcvnVDFuDQAYAgax3hYTTERkVKdzyK
Ny5jD5bCuwuF+SanlUtfRyrJ42/PxuhapspstAOMyuPox8U4j9XvDSna+xCsBGUs
n3PGkiwfKtAjxB4rqD7Lo792C67O+r8Bpu/jKMw0XUJt
-----END CERTIFICATE-----