Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0b4b70-6d61-43c6-8986-41933955b73f/1/xkzazz831mQOXNGmSz3uWho6Ohk.roa
File:                     xkzazz831mQOXNGmSz3uWho6Ohk.roa (raw, json)
Hash identifier:          kcYkLf+1B2AuNTj7vUuf68FA8ProRpgWzdWOYFENYJM=
Subject key identifier:   C6:4C:DA:CF:3F:37:D6:64:0E:5C:D1:A6:4B:3D:EE:5A:1A:3A:3A:19
Certificate issuer:       /CN=bbf98f8a44fd60eef6b749d214e56c811897660c
Certificate serial:       0196B49A4153494ADD09BB1A226D4DC69925
Authority key identifier: BB:F9:8F:8A:44:FD:60:EE:F6:B7:49:D2:14:E5:6C:81:18:97:66:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_mPikT9YO72t0nSFOVsgRiXZgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0b4b70-6d61-43c6-8986-41933955b73f/1/xkzazz831mQOXNGmSz3uWho6Ohk.roa
Signing time:             Fri 09 May 2025 10:32:10 +0000
ROA not before:           Fri 09 May 2025 10:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        195.190.0.0/24 maxlen: 24
                          2001:67c:24b4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0b4b70-6d61-43c6-8986-41933955b73f/1/u_mPikT9YO72t0nSFOVsgRiXZgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0b4b70-6d61-43c6-8986-41933955b73f/1/u_mPikT9YO72t0nSFOVsgRiXZgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_mPikT9YO72t0nSFOVsgRiXZgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b4:9a:41:53:49:4a:dd:09:bb:1a:22:6d:4d:c6:99:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf98f8a44fd60eef6b749d214e56c811897660c
        Validity
            Not Before: May  9 10:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c64cdacf3f37d6640e5cd1a64b3dee5a1a3a3a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:21:61:ed:fe:df:ce:82:5b:ea:de:ef:71:7d:
                    c6:62:10:fc:be:ca:7a:80:31:7b:27:2d:b8:e8:8a:
                    cf:08:b4:d0:a0:6a:cb:51:00:5d:e6:34:94:58:02:
                    e0:52:fc:7d:19:d0:a3:1f:74:99:f1:e9:8f:37:e1:
                    fa:ee:a3:1b:67:9c:a5:06:60:5d:b0:ef:eb:c3:76:
                    c8:23:86:aa:6e:64:8e:1d:37:f7:6c:f3:13:61:1e:
                    16:66:bd:04:29:14:83:9a:56:4e:48:4d:0a:34:25:
                    76:48:b9:d6:ca:6b:b2:88:68:38:f7:59:23:1d:9b:
                    04:52:12:88:d2:b3:aa:ef:d2:ee:9f:42:55:72:03:
                    93:98:ae:33:34:4f:40:ff:5b:f5:cb:1d:d6:b8:4e:
                    df:05:67:6b:4f:61:29:67:94:6c:67:5d:a8:cd:1c:
                    75:3c:d3:d1:5d:79:63:27:47:f2:4c:e3:46:3f:70:
                    59:54:d8:22:df:24:17:19:7c:e5:97:7e:1c:d0:bb:
                    bb:87:db:fc:21:83:94:ca:9a:5b:66:d3:d8:e2:6a:
                    43:f4:b5:b7:64:d7:d1:80:96:95:fa:72:30:82:a5:
                    8c:93:31:0c:d6:00:88:91:4a:fc:d8:63:c3:13:cc:
                    a0:1d:75:ae:90:bc:13:aa:d8:f5:29:8c:59:f3:ca:
                    f9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:4C:DA:CF:3F:37:D6:64:0E:5C:D1:A6:4B:3D:EE:5A:1A:3A:3A:19
            X509v3 Authority Key Identifier:
                keyid:BB:F9:8F:8A:44:FD:60:EE:F6:B7:49:D2:14:E5:6C:81:18:97:66:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_mPikT9YO72t0nSFOVsgRiXZgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0b4b70-6d61-43c6-8986-41933955b73f/1/xkzazz831mQOXNGmSz3uWho6Ohk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0b4b70-6d61-43c6-8986-41933955b73f/1/u_mPikT9YO72t0nSFOVsgRiXZgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.0.0/24
                IPv6:
                  2001:67c:24b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:44:71:0a:ed:e3:d1:58:e9:5e:cd:5b:c0:02:3f:f3:2c:e9:
         a5:3b:4f:f0:c7:c6:d3:f1:35:7c:4c:ea:47:74:d6:61:0a:0d:
         f0:11:b0:db:82:b2:5a:ca:cd:d9:db:c8:81:27:cd:4f:2d:fa:
         6e:48:78:43:83:33:b9:e4:f0:f7:b5:f6:7b:07:14:36:d4:17:
         d7:d9:f8:c5:85:bf:6b:06:13:47:76:a0:f6:6e:43:03:75:82:
         0a:e7:65:fe:e0:a8:ae:95:3b:09:08:52:eb:95:ab:ca:37:ce:
         3d:d9:12:f2:74:8d:41:39:71:9d:14:f8:db:fe:65:a8:61:64:
         5f:2f:c4:09:a6:06:a5:8c:d8:8a:af:6a:d8:3c:bc:5b:d5:9c:
         36:c3:53:50:f5:31:7e:a3:50:d4:dc:92:0c:d2:64:b7:76:8c:
         c1:a0:52:9c:d7:fc:e0:46:87:70:c9:46:4f:f7:26:48:68:45:
         07:d1:6e:9f:8e:0f:81:e0:eb:79:2e:6a:36:36:bf:a1:15:65:
         9f:0f:ec:20:07:4b:44:4f:92:08:12:f0:04:ba:35:3c:1a:f2:
         25:ba:ea:cc:31:46:87:d0:3d:d2:9e:5c:ab:6f:63:6b:fc:df:
         85:92:2e:84:82:58:73:3f:60:89:9b:20:7e:9b:da:02:a5:12:
         dc:25:0a:b3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZa0mkFTSUrdCbsaIm1NxpklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjk4ZjhhNDRmZDYwZWVmNmI3NDlkMjE0ZTU2YzgxMTg5
NzY2MGMwHhcNMjUwNTA5MTAzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjRjZGFjZjNmMzdkNjY0MGU1Y2QxYTY0YjNkZWU1YTFhM2EzYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSFh7f7fzoJb6t7vcX3GYhD8vsp6
gDF7Jy246IrPCLTQoGrLUQBd5jSUWALgUvx9GdCjH3SZ8emPN+H67qMbZ5ylBmBd
sO/rw3bII4aqbmSOHTf3bPMTYR4WZr0EKRSDmlZOSE0KNCV2SLnWymuyiGg491kj
HZsEUhKI0rOq79Lun0JVcgOTmK4zNE9A/1v1yx3WuE7fBWdrT2EpZ5RsZ12ozRx1
PNPRXXljJ0fyTONGP3BZVNgi3yQXGXzll34c0Lu7h9v8IYOUyppbZtPY4mpD9LW3
ZNfRgJaV+nIwgqWMkzEM1gCIkUr82GPDE8ygHXWukLwTqtj1KYxZ88r51QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMZM2s8/N9ZkDlzRpks97loaOjoZMB8GA1UdIwQY
MBaAFLv5j4pE/WDu9rdJ0hTlbIEYl2YMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9tUGlrVDlZTzcydDBuU0ZPVnNnUmlYWmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wYjRiNzAtNmQ2MS00M2M2LTg5ODYt
NDE5MzM5NTViNzNmLzEveGt6YXp6ODMxbVFPWE5HbVN6M3VXaG82T2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wYjRiNzAtNmQ2MS00M2M2LTg5ODYtNDE5MzM5NTViNzNm
LzEvdV9tUGlrVDlZTzcydDBuU0ZPVnNnUmlYWmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw74AMA8E
AgACMAkDBwAgAQZ8JLQwDQYJKoZIhvcNAQELBQADggEBAJtEcQrt49FY6V7NW8AC
P/Ms6aU7T/DHxtPxNXxM6kd01mEKDfARsNuCslrKzdnbyIEnzU8t+m5IeEODM7nk
8Pe19nsHFDbUF9fZ+MWFv2sGE0d2oPZuQwN1ggrnZf7gqK6VOwkIUuuVq8o3zj3Z
EvJ0jUE5cZ0U+Nv+ZahhZF8vxAmmBqWM2Iqvatg8vFvVnDbDU1D1MX6jUNTckgzS
ZLd2jMGgUpzX/OBGh3DJRk/3JkhoRQfRbp+OD4Hg63kuajY2v6EVZZ8P7CAHS0RP
kggS8AS6NTwa8iW66swxRofQPdKeXKtvY2v834WSLoSCWHM/YImbIH6b2gKlEtwl
CrM=
-----END CERTIFICATE-----