Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/_xekjSFtSAUujx70CN_lqAzDOTI.roa
File:                     _xekjSFtSAUujx70CN_lqAzDOTI.roa (raw, json)
Hash identifier:          RCBKZCow8/qZDtOMSChrlpX+0rMSwhsyivwOBDzZ8y0=
Subject key identifier:   FF:17:A4:8D:21:6D:48:05:2E:8F:1E:F4:08:DF:E5:A8:0C:C3:39:32
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       01978850747C74A99A5BF663ECE7D3AA7F40
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/_xekjSFtSAUujx70CN_lqAzDOTI.roa
Signing time:             Thu 19 Jun 2025 13:11:03 +0000
ROA not before:           Thu 19 Jun 2025 13:11:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        193.164.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 04:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:50:74:7c:74:a9:9a:5b:f6:63:ec:e7:d3:aa:7f:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Jun 19 13:11:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff17a48d216d48052e8f1ef408dfe5a80cc33932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5c:ca:03:81:74:98:db:8d:db:1e:af:a0:fd:
                    54:5c:5b:42:2a:9a:03:b7:e2:b9:04:ae:31:0b:1c:
                    eb:96:59:d9:c1:11:5c:6a:02:a9:7d:25:a8:5f:5a:
                    8f:1e:da:37:ce:b7:aa:48:a7:8b:8e:46:4a:2f:22:
                    9c:83:a9:82:ab:c7:01:dd:b1:4a:20:9c:fc:43:45:
                    d1:36:e7:0a:29:d3:8b:48:51:f1:ce:c2:d4:28:21:
                    c5:45:7c:49:ec:bf:13:f4:4b:3d:c8:70:67:62:c0:
                    5e:c9:56:bc:82:9c:6e:ab:98:46:ed:6c:5a:6f:b5:
                    ad:73:a1:8e:63:75:26:43:be:cd:ea:9d:86:15:60:
                    a9:7e:77:76:eb:de:60:66:48:c5:16:9c:49:fa:d4:
                    ec:b6:58:75:6e:1b:6d:5d:1a:c0:37:84:bb:78:ce:
                    2a:17:f8:b1:9f:70:5d:49:98:85:36:7e:94:d1:bb:
                    dd:02:0a:c4:69:64:22:4e:bd:79:e4:f0:cf:4a:92:
                    40:33:7d:b5:d8:97:0f:6e:08:25:e7:34:57:2f:64:
                    53:9a:ed:23:33:44:fc:79:10:39:96:97:18:29:56:
                    2a:9a:fb:65:b4:87:6f:90:3a:0e:10:ac:2d:a5:a3:
                    37:34:6a:1b:f5:24:c5:29:60:eb:f4:33:6d:e5:52:
                    7c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:17:A4:8D:21:6D:48:05:2E:8F:1E:F4:08:DF:E5:A8:0C:C3:39:32
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/_xekjSFtSAUujx70CN_lqAzDOTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:e2:d1:4c:2e:90:f6:c0:67:ef:96:ec:3d:2b:7a:d4:6f:a2:
         d5:64:a1:da:c6:6d:57:4c:94:36:c9:53:95:c6:8b:7a:a3:03:
         f3:c0:6c:27:9d:7a:67:c2:d7:0c:26:3d:31:d2:16:b9:b2:9b:
         a3:86:40:17:90:01:d8:64:4d:cc:9f:a9:be:4f:0a:35:c9:d7:
         9c:22:ce:9d:65:e1:7f:26:94:91:60:c7:6d:14:f9:91:15:7c:
         25:95:15:68:d4:b4:89:27:a3:8a:18:8d:6d:03:fa:c3:5b:fc:
         58:ff:9b:f7:31:57:48:78:e2:7a:3c:71:cb:1e:98:4f:41:06:
         ba:a9:c3:a0:c0:cf:e4:6f:ec:e2:0b:09:22:8f:17:c0:3d:1f:
         5f:f3:a2:ba:e1:a6:b3:93:2b:c9:33:42:a9:a9:d9:fd:d1:1c:
         4f:fb:f7:22:85:35:d9:79:9b:04:d8:2e:5b:24:f0:8d:44:4e:
         ba:c2:ec:d7:ea:fd:54:54:ff:74:ce:2c:16:43:74:3b:38:af:
         df:19:be:6b:16:7a:c2:35:81:a0:f1:b1:50:83:fd:b1:d3:f6:
         09:12:81:b9:83:3e:7a:7f:53:ed:c0:1c:e3:f8:22:01:ce:de:
         3b:21:6a:2e:67:7c:a0:3a:f9:fa:d3:83:3f:4c:4c:91:dc:94:
         98:7c:12:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeIUHR8dKmaW/Zj7OfTqn9AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjUwNjE5MTMxMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE3YTQ4ZDIxNmQ0ODA1MmU4ZjFlZjQwOGRmZTVhODBjYzMzOTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFzKA4F0mNuN2x6voP1UXFtCKpoD
t+K5BK4xCxzrllnZwRFcagKpfSWoX1qPHto3zreqSKeLjkZKLyKcg6mCq8cB3bFK
IJz8Q0XRNucKKdOLSFHxzsLUKCHFRXxJ7L8T9Es9yHBnYsBeyVa8gpxuq5hG7Wxa
b7Wtc6GOY3UmQ77N6p2GFWCpfnd2695gZkjFFpxJ+tTstlh1bhttXRrAN4S7eM4q
F/ixn3BdSZiFNn6U0bvdAgrEaWQiTr155PDPSpJAM3212JcPbggl5zRXL2RTmu0j
M0T8eRA5lpcYKVYqmvtltIdvkDoOEKwtpaM3NGob9STFKWDr9DNt5VJ8WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8XpI0hbUgFLo8e9Ajf5agMwzkyMB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvX3hla2pTRnRTQVV1ang3MENOX2xxQXpET1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaQFMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ4tFMLpD2wGfvluw9K3rUb6LVZKHaxm1XTJQ2yVOV
xot6owPzwGwnnXpnwtcMJj0x0ha5spujhkAXkAHYZE3Mn6m+Two1ydecIs6dZeF/
JpSRYMdtFPmRFXwllRVo1LSJJ6OKGI1tA/rDW/xY/5v3MVdIeOJ6PHHLHphPQQa6
qcOgwM/kb+ziCwkijxfAPR9f86K64aazkyvJM0Kpqdn90RxP+/cihTXZeZsE2C5b
JPCNRE66wuzX6v1UVP90ziwWQ3Q7OK/fGb5rFnrCNYGg8bFQg/2x0/YJEoG5gz56
f1PtwBzj+CIBzt47IWouZ3ygOvn604M/TEyR3JSYfBIj
-----END CERTIFICATE-----