Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XVmyW3ZRf8rj-X5YMPVsDqIHey0.roa
File:                     XVmyW3ZRf8rj-X5YMPVsDqIHey0.roa (raw, json)
Hash identifier:          jIux34xdDae7sAC2ZHKMC9mVdd17ccOQOWyqfKdYEp8=
Subject key identifier:   5D:59:B2:5B:76:51:7F:CA:E3:F9:7E:58:30:F5:6C:0E:A2:07:7B:2D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0197A5BD1040A9B29C88113C05DAFF2AAEB3
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XVmyW3ZRf8rj-X5YMPVsDqIHey0.roa
Signing time:             Wed 25 Jun 2025 06:18:40 +0000
ROA not before:           Wed 25 Jun 2025 06:18:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207136
IP address blocks:        94.198.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a5:bd:10:40:a9:b2:9c:88:11:3c:05:da:ff:2a:ae:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jun 25 06:18:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d59b25b76517fcae3f97e5830f56c0ea2077b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1d:69:99:ea:dd:a0:bd:35:4b:d1:98:cb:a3:
                    72:f2:35:aa:13:84:a3:ff:f6:08:7f:26:ba:71:50:
                    db:d7:fc:1b:0c:6a:49:8e:f2:ec:90:80:4a:dd:dd:
                    17:81:4a:35:88:39:9b:cf:8f:09:1b:48:c9:9d:b5:
                    15:36:32:f0:03:14:1c:33:c5:59:5c:18:8d:4f:44:
                    ae:42:d9:8a:e3:d4:49:b6:5e:21:65:2a:5c:64:fb:
                    b0:7d:e9:c8:01:b0:3e:20:1e:56:52:29:ed:75:45:
                    2f:a4:41:97:a0:3a:88:7c:da:94:f9:9e:fe:36:cb:
                    6b:ee:d9:75:be:9f:50:3d:73:52:70:96:ab:8b:93:
                    60:96:13:c9:15:c5:26:44:6c:ba:77:f2:93:ff:f7:
                    6b:1b:e5:fb:de:1f:be:70:5c:35:43:7d:62:2a:66:
                    9d:f9:1e:68:ba:8b:cc:3e:95:67:53:10:09:dc:1d:
                    f2:8d:98:87:fd:82:98:f1:8a:5c:b7:18:7d:91:e3:
                    4d:b5:51:43:f1:f7:8b:f4:f1:9a:7a:7f:82:60:21:
                    9c:8b:a1:24:56:cc:b0:8b:17:74:84:46:b9:75:a0:
                    d2:ad:4d:52:1b:58:0b:39:6c:dc:f9:87:fc:f1:4e:
                    02:c4:34:88:4d:89:1d:a8:3d:90:9f:8f:44:55:cc:
                    26:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:59:B2:5B:76:51:7F:CA:E3:F9:7E:58:30:F5:6C:0E:A2:07:7B:2D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XVmyW3ZRf8rj-X5YMPVsDqIHey0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.198.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:fc:62:bd:81:19:7f:83:dd:09:96:27:3b:e4:5b:71:1a:62:
         a7:68:22:c9:fd:0d:e1:5d:83:7f:7c:22:71:36:f2:fb:62:ef:
         bb:43:b9:4d:64:38:ab:67:d0:30:2f:67:4e:51:65:c2:47:34:
         10:dc:57:bb:5b:a0:95:54:e0:e9:19:c3:4e:ed:e0:54:93:56:
         77:1c:a6:d8:86:00:28:93:a8:84:a6:ec:b4:4c:fe:ca:a4:d6:
         4c:77:70:56:dc:17:88:09:be:6d:e8:cf:e2:bc:c5:93:40:b3:
         82:bc:3a:32:dc:55:07:83:49:83:96:8d:c3:26:83:45:df:d0:
         a8:57:0d:0b:d0:d7:c9:5e:28:88:cf:45:fb:e6:b7:04:22:d8:
         6f:ff:03:e7:6c:86:6c:43:d1:06:ec:10:43:e7:64:30:e7:ed:
         6c:b5:2d:3a:6f:1f:fb:28:d6:d6:67:0d:de:72:d5:d2:08:1a:
         98:75:62:f7:e4:39:a8:dd:f7:ef:1d:1a:d9:4d:54:f7:75:51:
         f6:9c:a1:af:82:98:fa:5c:7e:5e:1b:54:c9:0e:26:e7:8b:69:
         27:4e:fa:f7:0c:80:00:a8:6a:7c:84:9c:e5:2c:96:64:5e:8e:
         cc:6e:83:71:a7:3e:2e:a0:11:28:7f:86:9f:68:b7:ca:6b:4b:
         18:82:7d:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZelvRBAqbKciBE8Bdr/Kq6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNjI1MDYxODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDU5YjI1Yjc2NTE3ZmNhZTNmOTdlNTgzMGY1NmMwZWEyMDc3YjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB1pmerdoL01S9GYy6Ny8jWqE4Sj
//YIfya6cVDb1/wbDGpJjvLskIBK3d0XgUo1iDmbz48JG0jJnbUVNjLwAxQcM8VZ
XBiNT0SuQtmK49RJtl4hZSpcZPuwfenIAbA+IB5WUintdUUvpEGXoDqIfNqU+Z7+
Nstr7tl1vp9QPXNScJari5NglhPJFcUmRGy6d/KT//drG+X73h++cFw1Q31iKmad
+R5ouovMPpVnUxAJ3B3yjZiH/YKY8Ypctxh9keNNtVFD8feL9PGaen+CYCGci6Ek
Vsywixd0hEa5daDSrU1SG1gLOWzc+Yf88U4CxDSITYkdqD2Qn49EVcwmEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1Zslt2UX/K4/l+WDD1bA6iB3stMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvWFZteVczWlJmOHJqLVg1WU1QVnNEcUlIZXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXsYsMA0G
CSqGSIb3DQEBCwUAA4IBAQCe/GK9gRl/g90Jlic75FtxGmKnaCLJ/Q3hXYN/fCJx
NvL7Yu+7Q7lNZDirZ9AwL2dOUWXCRzQQ3Fe7W6CVVODpGcNO7eBUk1Z3HKbYhgAo
k6iEpuy0TP7KpNZMd3BW3BeICb5t6M/ivMWTQLOCvDoy3FUHg0mDlo3DJoNF39Co
Vw0L0NfJXiiIz0X75rcEIthv/wPnbIZsQ9EG7BBD52Qw5+1stS06bx/7KNbWZw3e
ctXSCBqYdWL35Dmo3ffvHRrZTVT3dVH2nKGvgpj6XH5eG1TJDibni2knTvr3DIAA
qGp8hJzlLJZkXo7MboNxpz4uoBEof4afaLfKa0sYgn2a
-----END CERTIFICATE-----