Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/iNP53awYopMvAC4_B7BQl71kOxY.roa
File:                     iNP53awYopMvAC4_B7BQl71kOxY.roa (raw, json)
Hash identifier:          bB0RVg76/44F7S9NnPgzE3dfYBZqeAvXewkbyz58CrI=
Subject key identifier:   88:D3:F9:DD:AC:18:A2:93:2F:00:2E:3F:07:B0:50:97:BD:64:3B:16
Certificate issuer:       /CN=d1d78826e1717ec993eb64dd1187876b065e8f58
Certificate serial:       019570BEFDB22B86C16995FBB7AB26F89FD7
Authority key identifier: D1:D7:88:26:E1:71:7E:C9:93:EB:64:DD:11:87:87:6B:06:5E:8F:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/iNP53awYopMvAC4_B7BQl71kOxY.roa
Signing time:             Fri 07 Mar 2025 13:15:19 +0000
ROA not before:           Fri 07 Mar 2025 13:15:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206109
IP address blocks:        185.195.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:70:be:fd:b2:2b:86:c1:69:95:fb:b7:ab:26:f8:9f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1d78826e1717ec993eb64dd1187876b065e8f58
        Validity
            Not Before: Mar  7 13:15:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88d3f9ddac18a2932f002e3f07b05097bd643b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7d:a2:7c:a9:2c:1a:36:8f:93:2b:b6:b7:64:
                    7b:a3:ae:6a:07:85:bb:99:6a:67:70:22:79:ff:e9:
                    4f:76:eb:4c:fa:71:68:09:78:3b:7e:27:15:93:3e:
                    47:5f:67:09:29:6e:55:c9:b7:d3:20:c5:3e:6f:69:
                    d5:68:5f:6b:12:83:67:63:ac:ec:4e:32:21:5b:93:
                    2c:57:7f:63:17:25:8b:55:75:c7:6a:a2:c4:fa:07:
                    eb:58:7c:19:7a:88:f1:0a:a7:40:ba:76:39:7e:29:
                    9e:0e:41:5e:9c:28:54:d9:97:27:af:c7:1c:ef:53:
                    bd:2b:63:9a:56:62:0d:45:42:ff:76:51:23:88:13:
                    77:62:98:9d:16:65:b5:68:f2:b5:45:a8:a0:d2:10:
                    15:ba:5c:39:b2:4e:1f:4d:7d:c0:2e:fc:a0:76:c2:
                    0d:7c:71:e6:85:26:60:8f:ca:0e:01:9d:84:c9:e7:
                    9c:c8:b0:82:64:bf:c1:1f:94:14:76:a6:2c:37:64:
                    da:71:c9:a9:df:10:c7:cc:62:52:b2:67:f4:6e:20:
                    e9:cf:60:21:6a:36:15:3a:94:3c:ab:c2:cf:3f:0f:
                    1f:2e:d5:40:23:ea:55:f7:43:de:ef:6c:08:38:2b:
                    6f:a6:87:64:c5:37:bc:a2:74:e5:7e:04:d2:33:2b:
                    93:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D3:F9:DD:AC:18:A2:93:2F:00:2E:3F:07:B0:50:97:BD:64:3B:16
            X509v3 Authority Key Identifier:
                keyid:D1:D7:88:26:E1:71:7E:C9:93:EB:64:DD:11:87:87:6B:06:5E:8F:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/iNP53awYopMvAC4_B7BQl71kOxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:4c:72:16:8a:a7:34:3f:0f:73:6d:94:73:56:af:bc:7f:62:
         cc:f6:b4:1b:69:53:d3:07:89:a9:b3:20:62:93:d6:22:b8:6e:
         18:c6:07:db:c2:bc:fc:46:48:c0:1d:7e:df:15:d8:10:9b:5b:
         d2:c6:03:fc:94:e6:47:e9:f6:83:0b:17:c7:7e:70:53:1b:df:
         c6:47:54:ac:d9:1a:b2:7d:49:a0:68:bb:44:56:13:ce:cf:8c:
         5b:43:a1:13:74:19:5f:f0:65:39:83:ed:ab:1b:9a:7c:96:88:
         50:5f:2c:71:d2:fd:75:49:5b:53:7e:6a:b9:6c:5d:bb:d2:a7:
         5a:d8:91:c6:01:18:63:63:16:c1:1c:be:75:57:e5:40:3a:c7:
         7b:4d:34:67:1c:b3:2f:cf:91:65:80:ef:0d:82:44:4e:9d:84:
         9c:7a:e1:d9:ce:21:b9:ce:cc:08:f2:26:6e:72:c0:d5:57:3f:
         e0:a0:ab:cb:11:c5:30:11:a3:c5:b3:34:fe:77:b8:22:6a:fd:
         f7:40:57:cd:53:b9:9f:cb:5b:b1:65:6d:24:45:d2:89:92:2e:
         f1:63:f2:0d:4f:e9:98:63:2c:53:b3:9b:ca:6d:67:b6:3c:4d:
         87:8f:b0:41:38:c4:74:c4:16:f0:d5:32:a0:8f:5a:08:a6:05:
         e7:0e:19:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVwvv2yK4bBaZX7t6sm+J/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZDc4ODI2ZTE3MTdlYzk5M2ViNjRkZDExODc4NzZiMDY1
ZThmNTgwHhcNMjUwMzA3MTMxNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQzZjlkZGFjMThhMjkzMmYwMDJlM2YwN2IwNTA5N2JkNjQzYjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3X2ifKksGjaPkyu2t2R7o65qB4W7
mWpncCJ5/+lPdutM+nFoCXg7ficVkz5HX2cJKW5VybfTIMU+b2nVaF9rEoNnY6zs
TjIhW5MsV39jFyWLVXXHaqLE+gfrWHwZeojxCqdAunY5fimeDkFenChU2Zcnr8cc
71O9K2OaVmINRUL/dlEjiBN3YpidFmW1aPK1Raig0hAVulw5sk4fTX3ALvygdsIN
fHHmhSZgj8oOAZ2EyeecyLCCZL/BH5QUdqYsN2Taccmp3xDHzGJSsmf0biDpz2Ah
ajYVOpQ8q8LPPw8fLtVAI+pV90Pe72wIOCtvpodkxTe8onTlfgTSMyuTSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjT+d2sGKKTLwAuPwewUJe9ZDsWMB8GA1UdIwQY
MBaAFNHXiCbhcX7Jk+tk3RGHh2sGXo9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGRlSUp1Rnhmc21UNjJUZEVZZUhhd1plajFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wZWViMmYtMWFhMC00NzYyLWI0ZTgt
YjU5YzJhYzk1MWNiLzEvaU5QNTNhd1lvcE12QUM0X0I3QlFsNzFrT3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wZWViMmYtMWFhMC00NzYyLWI0ZTgtYjU5YzJhYzk1MWNi
LzEvMGRlSUp1Rnhmc21UNjJUZEVZZUhhd1plajFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucPMMA0G
CSqGSIb3DQEBCwUAA4IBAQBtTHIWiqc0Pw9zbZRzVq+8f2LM9rQbaVPTB4mpsyBi
k9YiuG4Yxgfbwrz8RkjAHX7fFdgQm1vSxgP8lOZH6faDCxfHfnBTG9/GR1Ss2Rqy
fUmgaLtEVhPOz4xbQ6ETdBlf8GU5g+2rG5p8lohQXyxx0v11SVtTfmq5bF270qda
2JHGARhjYxbBHL51V+VAOsd7TTRnHLMvz5FlgO8NgkROnYSceuHZziG5zswI8iZu
csDVVz/goKvLEcUwEaPFszT+d7giav33QFfNU7mfy1uxZW0kRdKJki7xY/INT+mY
YyxTs5vKbWe2PE2Hj7BBOMR0xBbw1TKgj1oIpgXnDhkv
-----END CERTIFICATE-----