Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/g9Xis0X9LNCOyDX1kA4xgId4bUU.roa
File:                     g9Xis0X9LNCOyDX1kA4xgId4bUU.roa (raw, json)
Hash identifier:          eAC0STaybazrwMkwNWuW4cD5J/cTK9sETsg7k83JaD8=
Subject key identifier:   83:D5:E2:B3:45:FD:2C:D0:8E:C8:35:F5:90:0E:31:80:87:78:6D:45
Certificate issuer:       /CN=fbbf4d59cbd978ae1127c67fd22f04c62ff837cf
Certificate serial:       019421B20B755961401BC1A791376CBCCDDA
Authority key identifier: FB:BF:4D:59:CB:D9:78:AE:11:27:C6:7F:D2:2F:04:C6:2F:F8:37:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/g9Xis0X9LNCOyDX1kA4xgId4bUU.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57707
IP address blocks:        217.28.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0b:75:59:61:40:1b:c1:a7:91:37:6c:bc:cd:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbbf4d59cbd978ae1127c67fd22f04c62ff837cf
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83d5e2b345fd2cd08ec835f5900e318087786d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b5:6d:3a:08:57:c7:3c:37:b8:ec:8c:99:02:
                    d6:f1:f5:08:d5:2e:5f:ce:97:a6:e8:e2:45:40:68:
                    d8:54:3b:c7:61:35:b4:fe:8c:cf:d9:5d:ba:5f:45:
                    9d:cb:5d:28:fb:16:3d:7b:3d:d4:bc:50:e9:10:00:
                    ac:f7:6c:bb:0e:1e:51:1d:45:07:1c:33:e5:8c:7a:
                    81:af:cb:6f:7a:36:03:8e:98:3e:cc:8b:15:f7:59:
                    b7:dc:53:bb:64:f0:e2:58:77:2e:4f:c5:cb:a4:c5:
                    a7:e7:66:75:6e:ef:3f:e7:a5:58:e7:01:e5:45:a6:
                    84:9f:b8:03:7b:30:02:04:db:ef:e2:bf:2c:2a:06:
                    82:a1:94:b6:37:5f:a0:e0:2a:46:5f:da:8c:65:21:
                    59:c1:39:15:83:53:c6:0d:4e:d0:a4:a0:48:8e:a9:
                    0d:70:ce:e9:11:33:7f:0a:18:79:2c:57:8b:e4:0a:
                    67:cc:9d:c3:a1:fe:89:7c:c8:9d:c0:2b:a0:ae:0e:
                    eb:ac:aa:4d:2d:de:85:29:de:ff:81:f3:f1:60:22:
                    c9:d1:4e:39:89:83:11:6f:f7:44:e9:a2:ef:6a:07:
                    65:b3:da:15:b9:c4:c2:a6:db:a2:a7:bc:5d:4c:49:
                    0a:73:ee:63:f5:14:1b:c6:ee:12:f7:83:99:34:fa:
                    d2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D5:E2:B3:45:FD:2C:D0:8E:C8:35:F5:90:0E:31:80:87:78:6D:45
            X509v3 Authority Key Identifier:
                keyid:FB:BF:4D:59:CB:D9:78:AE:11:27:C6:7F:D2:2F:04:C6:2F:F8:37:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/g9Xis0X9LNCOyDX1kA4xgId4bUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b0:29:93:be:42:19:b6:55:7e:09:57:8e:67:5c:b7:8a:c5:1c:
         b5:51:6f:31:23:50:df:4e:39:0d:58:db:b9:b4:6c:fd:5c:76:
         a6:5e:2f:52:db:40:e2:0a:67:7e:ec:f1:eb:7e:8f:c1:06:5e:
         f8:a7:05:aa:b7:2a:d8:45:d1:a8:b3:3b:08:8d:94:d7:0a:bc:
         59:a1:86:69:65:c6:a9:c0:71:1c:6f:91:d1:67:0d:f9:69:ce:
         f5:94:9f:82:2c:eb:24:28:de:68:9a:34:06:66:95:c7:47:cc:
         92:ba:cb:c0:ee:c2:6c:d9:04:24:1a:fb:c4:3c:97:70:f0:15:
         82:8f:2d:63:2e:a1:2d:d5:09:4c:68:70:e6:a8:f4:75:61:9e:
         cb:d7:85:9a:db:46:7c:21:b0:a0:fb:74:9f:5e:72:42:50:97:
         a5:c3:34:6a:61:1b:0b:9d:2a:df:00:5f:d8:5d:b2:69:86:12:
         c1:61:49:76:2c:55:e9:d3:8d:b0:cb:13:2e:e1:bf:d4:28:ee:
         11:35:f4:32:87:2b:43:89:e1:f9:88:eb:6e:4e:4b:49:93:ff:
         19:01:17:85:d6:17:f4:dd:ef:68:2e:e0:1d:c3:32:26:8b:cb:
         27:c9:a7:34:ab:f1:1f:49:8b:0a:d4:e4:9d:a7:1f:57:28:ea:
         84:fb:c6:da
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQhsgt1WWFAG8GnkTdsvM3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYmY0ZDU5Y2JkOTc4YWUxMTI3YzY3ZmQyMmYwNGM2MmZm
ODM3Y2YwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q1ZTJiMzQ1ZmQyY2QwOGVjODM1ZjU5MDBlMzE4MDg3Nzg2ZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobVtOghXxzw3uOyMmQLW8fUI1S5f
zpem6OJFQGjYVDvHYTW0/ozP2V26X0Wdy10o+xY9ez3UvFDpEACs92y7Dh5RHUUH
HDPljHqBr8tvejYDjpg+zIsV91m33FO7ZPDiWHcuT8XLpMWn52Z1bu8/56VY5wHl
RaaEn7gDezACBNvv4r8sKgaCoZS2N1+g4CpGX9qMZSFZwTkVg1PGDU7QpKBIjqkN
cM7pETN/Chh5LFeL5ApnzJ3Dof6JfMidwCugrg7rrKpNLd6FKd7/gfPxYCLJ0U45
iYMRb/dE6aLvagdls9oVucTCptuip7xdTEkKc+5j9RQbxu4S94OZNPrSywIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIPV4rNF/SzQjsg19ZAOMYCHeG1FMB8GA1UdIwQY
MBaAFPu/TVnL2XiuESfGf9IvBMYv+DfPMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS03OU5XY3ZaZUs0Uko4Wl8waThFeGlfNE44OC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvODhjOTk1LWVkZTAtNGNjNC1hNjZk
LTI1YmFhODIzMGZjYi8xL2c5WGlzMFg5TE5DT3lEWDFrQTR4Z0lkNGJVVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzQvODhjOTk1LWVkZTAtNGNjNC1hNjZkLTI1YmFhODIzMGZj
Yi8xLzEtNzlOV2N2WmVLNFJKOFpfMGk4RXhpXzROODguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPZHFgw
DQYJKoZIhvcNAQELBQADggEBALApk75CGbZVfglXjmdct4rFHLVRbzEjUN9OOQ1Y
27m0bP1cdqZeL1LbQOIKZ37s8et+j8EGXvinBaq3KthF0aizOwiNlNcKvFmhhmll
xqnAcRxvkdFnDflpzvWUn4Is6yQo3miaNAZmlcdHzJK6y8DuwmzZBCQa+8Q8l3Dw
FYKPLWMuoS3VCUxocOao9HVhnsvXhZrbRnwhsKD7dJ9eckJQl6XDNGphGwudKt8A
X9hdsmmGEsFhSXYsVenTjbDLEy7hv9Qo7hE19DKHK0OJ4fmI625OS0mT/xkBF4XW
F/Td72gu4B3DMiaLyyfJpzSr8R9JiwrU5J2nH1co6oT7xto=
-----END CERTIFICATE-----