Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/wkXSNgmrYa8rCdcuzp6T9kjqo9c.roa
File:                     wkXSNgmrYa8rCdcuzp6T9kjqo9c.roa (raw, json)
Hash identifier:          PKA5n5GL19/MWS8CZc9zMrpSRD9clDPEtJzbH91PkU8=
Subject key identifier:   C2:45:D2:36:09:AB:61:AF:2B:09:D7:2E:CE:9E:93:F6:48:EA:A3:D7
Certificate issuer:       /CN=0a220da9b6e295855b627fea610e1cb61646894b
Certificate serial:       019420D6015FD6B5C65D0EA990F2AC9AA2EE
Authority key identifier: 0A:22:0D:A9:B6:E2:95:85:5B:62:7F:EA:61:0E:1C:B6:16:46:89:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CiINqbbilYVbYn_qYQ4cthZGiUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/wkXSNgmrYa8rCdcuzp6T9kjqo9c.roa
Signing time:             Wed 01 Jan 2025 07:48:03 +0000
ROA not before:           Wed 01 Jan 2025 07:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196754
IP address blocks:        195.88.248.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/CiINqbbilYVbYn_qYQ4cthZGiUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/CiINqbbilYVbYn_qYQ4cthZGiUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CiINqbbilYVbYn_qYQ4cthZGiUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:01:5f:d6:b5:c6:5d:0e:a9:90:f2:ac:9a:a2:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a220da9b6e295855b627fea610e1cb61646894b
        Validity
            Not Before: Jan  1 07:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c245d23609ab61af2b09d72ece9e93f648eaa3d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bf:31:4c:fa:71:c5:b1:6c:0f:61:b4:db:f9:
                    69:30:ed:8f:37:ad:cb:31:a1:14:c7:aa:7b:1e:63:
                    aa:95:2e:0f:df:00:e6:17:a7:1b:32:1c:49:fe:2c:
                    dd:1f:36:a7:fb:68:1c:15:81:0f:8c:44:9b:cf:3a:
                    fa:7c:1d:99:ca:68:d4:d7:97:6e:1f:58:8e:1c:f6:
                    16:93:7d:cc:86:18:7b:30:0f:75:1c:ba:1c:83:ac:
                    a6:3c:2e:f7:04:85:8c:c3:e0:2f:d3:50:68:92:57:
                    9f:1e:5e:44:34:3e:cf:9c:10:b0:45:a5:32:5d:be:
                    a1:17:91:22:7b:e0:da:48:95:47:ec:9b:79:b2:0c:
                    76:73:a7:59:7a:b8:0e:20:4f:b5:04:3b:f4:ef:7e:
                    5a:79:6c:b5:fe:db:98:43:a6:6e:a6:8b:6c:b6:fc:
                    2f:4f:7a:fd:67:cd:bf:b9:7c:86:40:df:e1:66:95:
                    e7:d4:24:05:cf:45:58:f6:4c:b7:c1:54:a9:99:ef:
                    1a:b8:2b:eb:0d:61:1b:36:10:0c:1b:87:75:e7:8b:
                    27:4e:03:c6:bf:0f:ec:01:cd:3a:5a:7b:9b:34:16:
                    33:92:4e:bf:22:68:1c:8a:de:20:46:55:8b:4d:ba:
                    2d:38:e5:11:31:a6:8d:17:87:5e:f0:c8:31:4a:85:
                    12:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:45:D2:36:09:AB:61:AF:2B:09:D7:2E:CE:9E:93:F6:48:EA:A3:D7
            X509v3 Authority Key Identifier:
                keyid:0A:22:0D:A9:B6:E2:95:85:5B:62:7F:EA:61:0E:1C:B6:16:46:89:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CiINqbbilYVbYn_qYQ4cthZGiUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/wkXSNgmrYa8rCdcuzp6T9kjqo9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/CiINqbbilYVbYn_qYQ4cthZGiUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:15:ef:ae:96:92:47:0b:bb:dc:c6:10:d6:29:03:8a:93:78:
         1a:6f:90:a2:1a:04:b3:a4:79:eb:e3:96:d6:b1:e2:3a:ac:b1:
         64:f8:2f:be:48:97:64:c7:f9:ad:d8:6b:90:43:23:2c:a0:44:
         c0:67:3c:cb:10:9d:34:de:bc:d8:41:4a:f2:33:f8:a2:94:03:
         c6:bb:a9:40:09:84:f3:a0:88:fa:5f:9f:2f:36:72:03:f8:81:
         45:42:2a:b7:5f:21:32:a9:60:f8:87:0d:18:c7:4e:fe:51:f5:
         de:7c:91:15:99:35:30:89:ec:1f:83:ff:ea:0d:40:92:18:56:
         08:f3:cf:44:d7:58:d4:3c:ed:9a:f8:24:d3:86:e6:ce:fd:f4:
         44:99:d2:37:ec:7e:77:5d:70:55:9f:5a:53:8f:89:ef:10:99:
         96:79:a2:db:f1:c2:05:1f:e1:17:e5:a8:47:0f:76:82:91:c6:
         d0:27:f3:d5:3b:6c:ba:f2:b7:07:45:7c:76:2d:ae:5f:14:44:
         03:7a:41:06:88:e6:cf:8c:c7:db:56:fc:c3:89:3c:1d:d3:55:
         01:26:eb:a2:2d:b5:72:5a:07:04:e3:ec:39:d5:02:77:c7:7c:
         df:c3:ec:a5:b1:34:be:a4:c3:bf:db:98:aa:ec:e6:d1:d1:1b:
         6a:f3:82:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gFf1rXGXQ6pkPKsmqLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMjIwZGE5YjZlMjk1ODU1YjYyN2ZlYTYxMGUxY2I2MTY0
Njg5NGIwHhcNMjUwMTAxMDc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQ1ZDIzNjA5YWI2MWFmMmIwOWQ3MmVjZTllOTNmNjQ4ZWFhM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1r8xTPpxxbFsD2G02/lpMO2PN63L
MaEUx6p7HmOqlS4P3wDmF6cbMhxJ/izdHzan+2gcFYEPjESbzzr6fB2ZymjU15du
H1iOHPYWk33Mhhh7MA91HLocg6ymPC73BIWMw+Av01BoklefHl5END7PnBCwRaUy
Xb6hF5Eie+DaSJVH7Jt5sgx2c6dZergOIE+1BDv0735aeWy1/tuYQ6Zupotstvwv
T3r9Z82/uXyGQN/hZpXn1CQFz0VY9ky3wVSpme8auCvrDWEbNhAMG4d154snTgPG
vw/sAc06WnubNBYzkk6/Imgcit4gRlWLTbotOOURMaaNF4de8MgxSoUSowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJF0jYJq2GvKwnXLs6ek/ZI6qPXMB8GA1UdIwQY
MBaAFAoiDam24pWFW2J/6mEOHLYWRolLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2lJTnFiYmlsWVZiWW5fcVlRNGN0aFpHaVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85ODE4MzktOWRmYS00MmQzLWFjYjEt
NjIxODgyOGVkODk2LzEvd2tYU05nbXJZYThyQ2RjdXpwNlQ5a2pxbzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85ODE4MzktOWRmYS00MmQzLWFjYjEtNjIxODgyOGVkODk2
LzEvQ2lJTnFiYmlsWVZiWW5fcVlRNGN0aFpHaVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1j4MA0G
CSqGSIb3DQEBCwUAA4IBAQCWFe+ulpJHC7vcxhDWKQOKk3gab5CiGgSzpHnr45bW
seI6rLFk+C++SJdkx/mt2GuQQyMsoETAZzzLEJ003rzYQUryM/iilAPGu6lACYTz
oIj6X58vNnID+IFFQiq3XyEyqWD4hw0Yx07+UfXefJEVmTUwiewfg//qDUCSGFYI
889E11jUPO2a+CTThubO/fREmdI37H53XXBVn1pTj4nvEJmWeaLb8cIFH+EX5ahH
D3aCkcbQJ/PVO2y68rcHRXx2La5fFEQDekEGiObPjMfbVvzDiTwd01UBJuuiLbVy
WgcE4+w51QJ3x3zfw+ylsTS+pMO/25iq7ObR0Rtq84Ix
-----END CERTIFICATE-----