Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/7_-XQ5S3ycvuSV1bhy-uYlLyOfc.roa
File:                     7_-XQ5S3ycvuSV1bhy-uYlLyOfc.roa (raw, json)
Hash identifier:          J+exth7L5Mno2CstKeAk8mFxBC1KnZRyQEI9CbsZFlU=
Subject key identifier:   EF:FF:97:43:94:B7:C9:CB:EE:49:5D:5B:87:2F:AE:62:52:F2:39:F7
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       0194266B9924B00FE67F03D429C0264E5C74
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/7_-XQ5S3ycvuSV1bhy-uYlLyOfc.roa
Signing time:             Thu 02 Jan 2025 09:49:33 +0000
ROA not before:           Thu 02 Jan 2025 09:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202658
IP address blocks:        88.148.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:99:24:b0:0f:e6:7f:03:d4:29:c0:26:4e:5c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 09:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efff974394b7c9cbee495d5b872fae6252f239f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b9:d2:c7:9e:a9:22:4f:27:f7:28:97:7f:9d:
                    6b:d8:c5:26:4a:c3:b8:a7:60:4c:c2:45:f3:20:a2:
                    50:aa:eb:b5:6e:81:c5:80:6a:63:42:f5:55:e2:90:
                    d8:44:3e:48:b4:9e:44:95:62:0e:2d:9e:4c:a4:a2:
                    1e:56:e4:14:dc:bd:16:c8:7c:d7:5f:cb:0c:39:6b:
                    7f:48:7e:49:22:b0:22:9b:83:30:26:0a:b6:c8:81:
                    d8:26:07:af:99:88:b0:05:39:4f:8c:2a:5c:4a:3e:
                    6c:ce:02:20:42:f1:45:61:45:47:cf:36:c4:9b:02:
                    97:d3:22:df:7f:8c:dd:d1:22:e7:64:fa:2b:cd:69:
                    e7:68:cc:51:56:c5:a6:a5:81:0b:8d:ad:4c:0b:a4:
                    2c:c8:2e:e3:f0:8a:cd:b8:13:88:cc:b6:83:97:80:
                    d3:36:06:b5:e6:86:c0:23:ff:58:d1:54:5d:f3:d6:
                    e3:83:35:18:02:ab:43:d4:b1:cb:99:57:20:f2:85:
                    dc:db:81:d9:24:3e:a3:d4:3c:e7:d1:c0:c4:73:81:
                    a1:a8:28:b1:f3:bd:ef:64:30:7b:a9:06:b5:eb:12:
                    e7:3e:8e:e5:39:47:90:28:e5:f9:fb:ed:66:93:20:
                    77:01:c8:f8:bb:c0:5c:ec:41:08:3c:35:bc:06:97:
                    f3:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FF:97:43:94:B7:C9:CB:EE:49:5D:5B:87:2F:AE:62:52:F2:39:F7
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/7_-XQ5S3ycvuSV1bhy-uYlLyOfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.148.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:f9:6e:fd:b5:38:27:97:65:22:63:bb:9c:f3:44:69:62:a8:
         d8:aa:01:34:c1:39:7a:f3:4d:1f:a2:89:87:64:8d:05:fe:5e:
         d2:82:fe:17:91:a7:4b:6a:81:87:5d:c8:f7:b7:c9:e0:37:54:
         a8:a4:b2:e7:3e:30:d7:a0:96:cc:5c:e2:a0:13:fe:77:c4:75:
         58:f8:44:67:99:3c:44:46:61:4f:27:98:73:d4:16:21:83:ec:
         96:79:53:35:3c:2c:aa:a2:54:45:ba:ce:45:ab:d1:76:86:5c:
         52:22:ac:dc:40:cb:42:04:c9:e7:6b:26:f2:21:ec:b6:ed:52:
         d0:a3:14:3b:49:c9:46:3a:ae:eb:23:82:ad:d1:d9:f2:1c:5b:
         9b:2f:40:2d:44:dd:62:e8:1d:ac:36:b8:ed:e0:6e:59:ac:da:
         ee:ce:0b:95:71:04:dc:fb:a0:62:f0:36:6f:e7:5c:12:aa:cd:
         28:1d:a2:36:49:62:98:74:a9:04:ad:ea:8c:1b:3e:81:71:0b:
         27:6d:3b:8f:47:ee:2a:7c:b7:82:74:a1:b6:19:4e:57:25:b7:
         81:14:c4:d1:33:a1:66:f8:3c:6c:20:91:7b:63:67:ba:89:c6:
         7a:bc:1a:b1:b6:c4:c7:a1:42:61:ba:15:c6:ed:6b:eb:0d:9a:
         a6:c6:02:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma5kksA/mfwPUKcAmTlx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUwMTAyMDk0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZmOTc0Mzk0YjdjOWNiZWU0OTVkNWI4NzJmYWU2MjUyZjIzOWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbnSx56pIk8n9yiXf51r2MUmSsO4
p2BMwkXzIKJQquu1boHFgGpjQvVV4pDYRD5ItJ5ElWIOLZ5MpKIeVuQU3L0WyHzX
X8sMOWt/SH5JIrAim4MwJgq2yIHYJgevmYiwBTlPjCpcSj5szgIgQvFFYUVHzzbE
mwKX0yLff4zd0SLnZPorzWnnaMxRVsWmpYELja1MC6QsyC7j8IrNuBOIzLaDl4DT
Nga15obAI/9Y0VRd89bjgzUYAqtD1LHLmVcg8oXc24HZJD6j1Dzn0cDEc4GhqCix
873vZDB7qQa16xLnPo7lOUeQKOX5++1mkyB3Acj4u8Bc7EEIPDW8BpfzvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO//l0OUt8nL7kldW4cvrmJS8jn3MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvN18tWFE1UzN5Y3Z1U1YxYmh5LXVZbEx5T2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJQxMA0G
CSqGSIb3DQEBCwUAA4IBAQAf+W79tTgnl2UiY7uc80RpYqjYqgE0wTl6800foomH
ZI0F/l7Sgv4XkadLaoGHXcj3t8ngN1SopLLnPjDXoJbMXOKgE/53xHVY+ERnmTxE
RmFPJ5hz1BYhg+yWeVM1PCyqolRFus5Fq9F2hlxSIqzcQMtCBMnnaybyIey27VLQ
oxQ7SclGOq7rI4Kt0dnyHFubL0AtRN1i6B2sNrjt4G5ZrNruzguVcQTc+6Bi8DZv
51wSqs0oHaI2SWKYdKkEreqMGz6BcQsnbTuPR+4qfLeCdKG2GU5XJbeBFMTRM6Fm
+DxsIJF7Y2e6icZ6vBqxtsTHoUJhuhXG7WvrDZqmxgJl
-----END CERTIFICATE-----