Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/XnOuIokBdMAkCep62IYd6iA-AP0.roa
File:                     XnOuIokBdMAkCep62IYd6iA-AP0.roa (raw, json)
Hash identifier:          46xujjI9s3TgttzYiibmkBsBEPkKuAgurV4IijrOPnY=
Subject key identifier:   5E:73:AE:22:89:01:74:C0:24:09:EA:7A:D8:86:1D:EA:20:3E:00:FD
Certificate issuer:       /CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
Certificate serial:       0197A853E76CCF776A8276D124EF2D26A59E
Authority key identifier: 9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/XnOuIokBdMAkCep62IYd6iA-AP0.roa
Signing time:             Wed 25 Jun 2025 18:22:40 +0000
ROA not before:           Wed 25 Jun 2025 18:22:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        194.54.181.0/24 maxlen: 24
                          194.54.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:53:e7:6c:cf:77:6a:82:76:d1:24:ef:2d:26:a5:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
        Validity
            Not Before: Jun 25 18:22:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e73ae22890174c02409ea7ad8861dea203e00fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:00:b7:ce:fa:4e:a7:30:a2:cc:8c:40:96:79:
                    29:19:6a:bc:87:a2:21:2d:bb:65:09:7b:31:fb:6d:
                    35:4d:26:52:d4:82:78:ed:aa:1f:29:9e:9b:6d:5b:
                    28:57:af:35:37:05:e5:96:27:27:0f:da:6c:f8:33:
                    ff:dd:c3:c0:5e:c5:af:ee:2f:2c:ca:cb:e2:cd:7f:
                    97:e8:24:2f:28:71:67:07:1e:b8:48:24:1e:89:43:
                    f0:46:99:75:40:cb:04:22:4a:57:e4:c0:72:44:12:
                    43:17:d1:f9:c6:02:11:4e:de:fe:66:54:1b:c1:4e:
                    57:1d:96:d5:c8:30:b9:fd:cf:66:c0:4f:d9:95:b6:
                    ad:9b:ab:e4:b1:12:ca:4a:c4:67:74:57:93:b1:f1:
                    7d:e7:ff:14:4a:ab:3b:14:ed:40:80:6c:e1:a5:b6:
                    47:19:9e:aa:3d:96:6b:d4:45:a4:6e:cb:cb:30:bf:
                    a1:ef:30:c1:af:60:2c:9f:72:c0:29:2f:0b:12:74:
                    44:d1:1c:68:70:82:fa:8b:92:2a:58:3e:3a:bd:c0:
                    73:2c:3d:27:37:c0:e5:1b:17:9b:d3:35:7b:52:6b:
                    c2:1c:e2:d3:07:26:65:fa:ed:a3:fb:69:4a:fd:5a:
                    43:34:fb:93:2e:79:aa:da:ea:57:6f:31:ce:32:76:
                    78:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:73:AE:22:89:01:74:C0:24:09:EA:7A:D8:86:1D:EA:20:3E:00:FD
            X509v3 Authority Key Identifier:
                keyid:9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/XnOuIokBdMAkCep62IYd6iA-AP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.181.0-194.54.182.255

    Signature Algorithm: sha256WithRSAEncryption
         8f:0b:cd:cc:f4:18:ea:17:45:dc:e0:e9:c5:2b:ba:d3:f4:16:
         b9:a6:89:79:0d:d8:3f:ba:ce:0e:29:f8:23:34:8d:56:c8:f2:
         be:c8:c4:ee:1c:64:dc:2a:98:5a:ea:04:64:a4:c8:56:ed:ec:
         f4:82:ff:7e:1a:f8:35:07:dc:47:9b:b9:d0:89:48:45:71:5c:
         57:2f:1d:9b:e4:e2:f2:27:d1:c3:63:8c:84:17:54:b9:2e:f4:
         b7:6f:c2:bc:f0:f0:9f:0e:47:ae:25:18:97:f7:f6:d8:79:47:
         58:94:6c:f2:a0:01:30:1d:68:2e:8a:5b:06:30:7f:ae:99:31:
         ca:32:d1:e3:c0:ef:ea:7f:78:b7:9b:af:68:e6:7a:bf:ae:18:
         b0:90:23:42:54:0f:a8:5a:68:dc:7f:e8:5c:bb:3c:7a:28:a7:
         5b:d9:23:ea:8e:4b:7b:a2:55:fd:61:e1:50:d9:17:6c:b3:9f:
         ea:5a:41:58:39:4b:d2:0f:c0:d4:6e:02:7f:3a:46:44:36:cb:
         a5:2e:68:74:2b:9b:ba:fb:bc:ae:75:e2:ff:3f:95:70:e1:53:
         e3:07:3d:59:2e:76:b6:23:d9:52:5c:d2:a5:0f:a2:56:5c:13:
         1f:4b:d9:f9:94:04:0a:24:97:b5:87:ba:74:65:77:b2:db:10:
         8b:59:b5:e6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZeoU+dsz3dqgnbRJO8tJqWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNWU3NmY5MjlkMjFiNTg2ZjQyZTMwZjdkOWIwMDM5OWIz
ZGNiZjAwHhcNMjUwNjI1MTgyMjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTczYWUyMjg5MDE3NGMwMjQwOWVhN2FkODg2MWRlYTIwM2UwMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wC3zvpOpzCizIxAlnkpGWq8h6Ih
LbtlCXsx+201TSZS1IJ47aofKZ6bbVsoV681NwXllicnD9ps+DP/3cPAXsWv7i8s
ysvizX+X6CQvKHFnBx64SCQeiUPwRpl1QMsEIkpX5MByRBJDF9H5xgIRTt7+ZlQb
wU5XHZbVyDC5/c9mwE/Zlbatm6vksRLKSsRndFeTsfF95/8USqs7FO1AgGzhpbZH
GZ6qPZZr1EWkbsvLML+h7zDBr2Asn3LAKS8LEnRE0RxocIL6i5IqWD46vcBzLD0n
N8DlGxeb0zV7UmvCHOLTByZl+u2j+2lK/VpDNPuTLnmq2upXbzHOMnZ48wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF5zriKJAXTAJAnqetiGHeogPgD9MB8GA1UdIwQY
MBaAFJpedvkp0htYb0LjD32bADmbPcvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAt
YjRhYWEyM2ZkYWE5LzEvWG5PdUlva0JkTUFrQ2VwNjJJWWQ2aUEtQVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAtYjRhYWEyM2ZkYWE5
LzEvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCNrUD
BADCNrYwDQYJKoZIhvcNAQELBQADggEBAI8Lzcz0GOoXRdzg6cUrutP0FrmmiXkN
2D+6zg4p+CM0jVbI8r7IxO4cZNwqmFrqBGSkyFbt7PSC/34a+DUH3EebudCJSEVx
XFcvHZvk4vIn0cNjjIQXVLku9Ldvwrzw8J8OR64lGJf39th5R1iUbPKgATAdaC6K
WwYwf66ZMcoy0ePA7+p/eLebr2jmer+uGLCQI0JUD6haaNx/6Fy7PHoop1vZI+qO
S3uiVf1h4VDZF2yzn+paQVg5S9IPwNRuAn86RkQ2y6UuaHQrm7r7vK514v8/lXDh
U+MHPVkudrYj2VJc0qUPolZcEx9L2fmUBAokl7WHunRld7LbEItZteY=
-----END CERTIFICATE-----