Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/18fc14-0877-4fa8-a4a4-603b29fd1a08/1/xjXrY-VAjEXl4AAAJVLLeMGfATA.roa
File:                     xjXrY-VAjEXl4AAAJVLLeMGfATA.roa (raw, json)
Hash identifier:          4ceK2GE5dyzV4qQFHetdVESaIRknf36gz2mazUprQdk=
Subject key identifier:   C6:35:EB:63:E5:40:8C:45:E5:E0:00:00:25:52:CB:78:C1:9F:01:30
Certificate issuer:       /CN=e22d83b78308d09e65d2150eac1623dee96d4c4b
Certificate serial:       01991976847AAF63E801CFE334ECAD51E2A9
Authority key identifier: E2:2D:83:B7:83:08:D0:9E:65:D2:15:0E:AC:16:23:DE:E9:6D:4C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4i2Dt4MI0J5l0hUOrBYj3ultTEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/18fc14-0877-4fa8-a4a4-603b29fd1a08/1/xjXrY-VAjEXl4AAAJVLLeMGfATA.roa
Signing time:             Fri 05 Sep 2025 10:40:21 +0000
ROA not before:           Fri 05 Sep 2025 10:40:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133295
IP address blocks:        167.94.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/18fc14-0877-4fa8-a4a4-603b29fd1a08/1/4i2Dt4MI0J5l0hUOrBYj3ultTEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/18fc14-0877-4fa8-a4a4-603b29fd1a08/1/4i2Dt4MI0J5l0hUOrBYj3ultTEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4i2Dt4MI0J5l0hUOrBYj3ultTEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:76:84:7a:af:63:e8:01:cf:e3:34:ec:ad:51:e2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e22d83b78308d09e65d2150eac1623dee96d4c4b
        Validity
            Not Before: Sep  5 10:40:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c635eb63e5408c45e5e000002552cb78c19f0130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b2:0f:62:66:49:13:84:50:fc:51:f2:ee:25:
                    41:30:e9:9a:e0:b6:03:0c:1a:cc:28:7a:22:0e:59:
                    cd:f8:55:32:25:29:00:79:69:64:ec:7c:81:4e:99:
                    ba:40:22:1a:1a:95:5a:ec:47:de:88:78:fc:6c:5e:
                    7f:56:bf:f2:24:84:37:2d:fd:b1:ec:ac:0d:6f:5d:
                    8b:a5:09:6b:49:85:7f:24:e5:36:79:a9:bd:45:89:
                    ed:2c:5a:02:d0:a5:9a:59:c5:8d:9d:13:7c:88:42:
                    ff:60:7a:9d:a2:34:ec:e3:2e:e5:11:66:04:26:eb:
                    7b:ec:ed:af:c6:d7:1c:f6:44:4f:25:68:d0:53:66:
                    f7:c4:c2:9d:93:0b:3c:93:06:cc:94:22:bd:77:ec:
                    42:0c:66:6d:d8:21:f6:e5:f2:6d:c2:10:92:85:f0:
                    84:79:a3:95:1c:30:ed:5b:f1:d9:9d:89:24:b7:42:
                    0a:cc:ae:30:b2:2e:d9:bb:66:5a:ec:6d:75:42:a8:
                    55:0b:d7:d8:23:78:df:a9:f6:20:a9:43:74:e6:f5:
                    9b:0a:08:c7:9e:0c:86:c8:cb:18:19:2f:02:22:20:
                    2d:7b:18:d2:43:11:be:2f:25:19:a8:c0:fb:ad:51:
                    d4:34:4f:1f:13:82:3e:da:02:b3:82:d9:ea:7b:27:
                    f3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:35:EB:63:E5:40:8C:45:E5:E0:00:00:25:52:CB:78:C1:9F:01:30
            X509v3 Authority Key Identifier:
                keyid:E2:2D:83:B7:83:08:D0:9E:65:D2:15:0E:AC:16:23:DE:E9:6D:4C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4i2Dt4MI0J5l0hUOrBYj3ultTEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/18fc14-0877-4fa8-a4a4-603b29fd1a08/1/xjXrY-VAjEXl4AAAJVLLeMGfATA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/18fc14-0877-4fa8-a4a4-603b29fd1a08/1/4i2Dt4MI0J5l0hUOrBYj3ultTEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.94.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:a4:ef:5f:b0:08:9a:35:cb:b3:19:2d:e7:f0:d7:8f:d6:81:
         80:34:5c:63:23:e5:b2:27:31:a8:e1:f7:56:c9:55:1a:47:4a:
         72:c6:9b:a3:c0:6d:97:bf:1a:6f:a0:a9:36:1b:1b:a2:73:b2:
         50:d3:9a:3a:69:19:5c:a9:9b:d8:aa:52:79:a9:26:56:38:9f:
         bc:34:83:2a:79:39:0b:f9:92:f0:ca:b6:46:8b:0f:1e:94:8d:
         a1:b3:f7:df:96:7c:a4:ed:f1:1e:a8:bf:ee:0f:28:6c:ad:bd:
         7a:d8:8e:49:81:9b:98:13:fa:67:2c:33:34:05:f7:c8:20:f4:
         1c:d9:a3:f8:f7:a6:b4:8a:53:fd:89:23:9e:1f:f5:1d:70:0b:
         9d:96:76:71:d7:81:23:d9:4e:9c:15:41:a3:6d:db:63:e1:9b:
         af:5f:58:02:36:fc:59:01:ec:b9:f4:b8:72:15:77:83:80:a9:
         a3:71:e6:95:c0:9f:19:c9:27:fc:c2:05:e2:fa:02:2a:74:a0:
         2d:43:c6:58:b4:55:5c:84:10:7d:cd:ce:94:4f:99:88:b4:ff:
         f3:3d:bf:e9:a6:bb:97:80:b5:52:08:46:40:cb:36:44:6a:db:
         78:65:0d:ba:c4:cd:a2:0b:f6:40:55:93:38:93:f4:93:96:fc:
         3c:2d:9a:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkZdoR6r2PoAc/jNOytUeKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMmQ4M2I3ODMwOGQwOWU2NWQyMTUwZWFjMTYyM2RlZTk2
ZDRjNGIwHhcNMjUwOTA1MTA0MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM1ZWI2M2U1NDA4YzQ1ZTVlMDAwMDAyNTUyY2I3OGMxOWYwMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bIPYmZJE4RQ/FHy7iVBMOma4LYD
DBrMKHoiDlnN+FUyJSkAeWlk7HyBTpm6QCIaGpVa7EfeiHj8bF5/Vr/yJIQ3Lf2x
7KwNb12LpQlrSYV/JOU2eam9RYntLFoC0KWaWcWNnRN8iEL/YHqdojTs4y7lEWYE
Jut77O2vxtcc9kRPJWjQU2b3xMKdkws8kwbMlCK9d+xCDGZt2CH25fJtwhCShfCE
eaOVHDDtW/HZnYkkt0IKzK4wsi7Zu2Za7G11QqhVC9fYI3jfqfYgqUN05vWbCgjH
ngyGyMsYGS8CIiAtexjSQxG+LyUZqMD7rVHUNE8fE4I+2gKzgtnqeyfzjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY162PlQIxF5eAAACVSy3jBnwEwMB8GA1UdIwQY
MBaAFOItg7eDCNCeZdIVDqwWI97pbUxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGkyRHQ0TUkwSjVsMGhVT3JCWWozdWx0VEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8xOGZjMTQtMDg3Ny00ZmE4LWE0YTQt
NjAzYjI5ZmQxYTA4LzEveGpYclktVkFqRVhsNEFBQUpWTExlTUdmQVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8xOGZjMTQtMDg3Ny00ZmE4LWE0YTQtNjAzYjI5ZmQxYTA4
LzEvNGkyRHQ0TUkwSjVsMGhVT3JCWWozdWx0VEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp172MA0G
CSqGSIb3DQEBCwUAA4IBAQDJpO9fsAiaNcuzGS3n8NeP1oGANFxjI+WyJzGo4fdW
yVUaR0pyxpujwG2XvxpvoKk2Gxuic7JQ05o6aRlcqZvYqlJ5qSZWOJ+8NIMqeTkL
+ZLwyrZGiw8elI2hs/fflnyk7fEeqL/uDyhsrb162I5JgZuYE/pnLDM0BffIIPQc
2aP496a0ilP9iSOeH/UdcAudlnZx14Ej2U6cFUGjbdtj4ZuvX1gCNvxZAey59Lhy
FXeDgKmjceaVwJ8ZySf8wgXi+gIqdKAtQ8ZYtFVchBB9zc6UT5mItP/zPb/ppruX
gLVSCEZAyzZEatt4ZQ26xM2iC/ZAVZM4k/STlvw8LZqk
-----END CERTIFICATE-----