Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/xhvXDF5NReB_r5mg1xGKbXkEdFM.roa
File:                     xhvXDF5NReB_r5mg1xGKbXkEdFM.roa (raw, json)
Hash identifier:          fYn61UgtUKFh3kPwOkhQR6oTFkKnZ0D60q03qcy4LKs=
Subject key identifier:   C6:1B:D7:0C:5E:4D:45:E0:7F:AF:99:A0:D7:11:8A:6D:79:04:74:53
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       0196812B256D78E0D233ECA63B715DD028C4
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/xhvXDF5NReB_r5mg1xGKbXkEdFM.roa
Signing time:             Tue 29 Apr 2025 10:50:10 +0000
ROA not before:           Tue 29 Apr 2025 10:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204412
IP address blocks:        195.136.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 05:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:2b:25:6d:78:e0:d2:33:ec:a6:3b:71:5d:d0:28:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Apr 29 10:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c61bd70c5e4d45e07faf99a0d7118a6d79047453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d9:23:41:e9:ee:a6:0d:37:84:d4:27:f1:3d:
                    e9:b3:85:04:d0:07:af:dd:bb:f7:70:e6:4f:5c:18:
                    0a:c7:ec:81:d3:b8:8a:dd:e7:ad:21:31:d7:ad:a3:
                    5f:43:09:f4:7e:56:71:da:9d:d4:d4:ff:ee:bd:8a:
                    94:ac:bc:c7:4b:1c:36:52:83:16:43:6f:97:c3:f2:
                    b5:f0:c5:da:c9:a2:d7:37:00:e3:17:62:aa:6c:53:
                    fa:cc:5f:01:b7:81:82:29:4e:bc:b8:b2:0f:33:31:
                    99:d7:3c:72:d2:a0:f5:46:5b:62:67:02:0e:cc:85:
                    1d:5c:61:45:3c:cf:4e:a6:70:d0:a5:7a:7a:83:36:
                    7b:42:ae:4a:3a:fd:fe:e6:82:a2:87:6a:b5:f7:ba:
                    23:fb:07:c1:ba:ed:02:99:68:d6:af:85:05:bc:a9:
                    e5:ae:4e:6c:0a:ba:d0:86:59:c5:86:b2:8e:15:48:
                    0c:02:e0:60:c9:3a:c6:8d:33:86:ec:45:32:47:e8:
                    94:73:43:9c:cb:e6:63:d8:9e:8b:ca:fc:7e:e8:3b:
                    be:81:0c:30:69:56:79:35:ed:f6:5d:61:81:70:aa:
                    d9:38:52:ec:26:48:fe:be:aa:c1:59:e6:a6:c3:2b:
                    bf:76:61:fe:39:08:76:da:86:6b:ca:6b:74:fb:89:
                    78:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1B:D7:0C:5E:4D:45:E0:7F:AF:99:A0:D7:11:8A:6D:79:04:74:53
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/xhvXDF5NReB_r5mg1xGKbXkEdFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:18:96:46:8c:92:87:a3:dc:b3:33:5e:81:80:ad:69:b2:4d:
         d9:51:ad:cc:33:a4:d9:96:09:23:d8:13:8e:ed:38:4b:73:ec:
         6d:3a:45:c3:b8:10:3e:d2:45:75:87:98:f6:ba:a2:6a:e8:59:
         fa:8a:be:3c:d2:84:74:74:9d:87:60:48:16:07:5c:72:2e:46:
         a3:cd:e5:68:f7:c2:71:e5:62:10:10:c2:b7:9e:9a:39:42:97:
         ae:d3:18:2b:25:6f:66:fa:6a:4d:5a:2f:0d:99:cb:a8:a6:d9:
         30:a3:ff:a3:58:81:26:78:08:a6:f6:7a:71:9c:27:09:46:dc:
         83:6f:32:9d:7e:03:48:bb:93:ab:f5:4f:e2:87:cf:eb:3e:bf:
         af:b2:1b:ff:96:b9:0e:2f:bc:fc:e2:4e:63:c8:15:71:49:6c:
         e1:db:04:b7:59:b2:c7:13:09:89:99:3f:81:a2:14:e0:ca:4a:
         9e:a9:2e:15:39:51:b2:a3:be:c8:46:f7:3d:30:e2:0f:81:a8:
         70:fc:67:3a:5a:96:50:8e:1b:41:76:41:06:42:14:f7:21:c0:
         46:b0:a0:ba:28:48:fe:fc:55:b5:e8:97:29:d1:a6:9a:cf:0a:
         cb:e7:89:4f:03:24:f3:a1:7c:7c:2d:b7:f2:62:30:e5:9c:cf:
         68:e9:2e:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBKyVteODSM+ymO3Fd0CjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwNDI5MTA1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjFiZDcwYzVlNGQ0NWUwN2ZhZjk5YTBkNzExOGE2ZDc5MDQ3NDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNkjQenupg03hNQn8T3ps4UE0Aev
3bv3cOZPXBgKx+yB07iK3eetITHXraNfQwn0flZx2p3U1P/uvYqUrLzHSxw2UoMW
Q2+Xw/K18MXayaLXNwDjF2KqbFP6zF8Bt4GCKU68uLIPMzGZ1zxy0qD1RltiZwIO
zIUdXGFFPM9OpnDQpXp6gzZ7Qq5KOv3+5oKih2q197oj+wfBuu0CmWjWr4UFvKnl
rk5sCrrQhlnFhrKOFUgMAuBgyTrGjTOG7EUyR+iUc0Ocy+Zj2J6Lyvx+6Du+gQww
aVZ5Ne32XWGBcKrZOFLsJkj+vqrBWeamwyu/dmH+OQh22oZrymt0+4l45QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYb1wxeTUXgf6+ZoNcRim15BHRTMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEveGh2WERGNU5SZUJfcjVtZzF4R0tiWGtFZEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4h5MA0G
CSqGSIb3DQEBCwUAA4IBAQB2GJZGjJKHo9yzM16BgK1psk3ZUa3MM6TZlgkj2BOO
7ThLc+xtOkXDuBA+0kV1h5j2uqJq6Fn6ir480oR0dJ2HYEgWB1xyLkajzeVo98Jx
5WIQEMK3npo5Qpeu0xgrJW9m+mpNWi8Nmcuoptkwo/+jWIEmeAim9npxnCcJRtyD
bzKdfgNIu5Or9U/ih8/rPr+vshv/lrkOL7z84k5jyBVxSWzh2wS3WbLHEwmJmT+B
ohTgykqeqS4VOVGyo77IRvc9MOIPgahw/Gc6WpZQjhtBdkEGQhT3IcBGsKC6KEj+
/FW16Jcp0aaazwrL54lPAyTzoXx8LbfyYjDlnM9o6S7u
-----END CERTIFICATE-----