Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/xZ2vcM-Bgt-peFWCq0zItN8_N0c.roa
File:                     xZ2vcM-Bgt-peFWCq0zItN8_N0c.roa (raw, json)
Hash identifier:          IJSnWW805B1m7rlymmTJG2w628sB6dalr9ieL5l/bMk=
Subject key identifier:   C5:9D:AF:70:CF:81:82:DF:A9:78:55:82:AB:4C:C8:B4:DF:3F:37:47
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       019424B3BFDBF7BF76486ED706FAED195B03
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/xZ2vcM-Bgt-peFWCq0zItN8_N0c.roa
Signing time:             Thu 02 Jan 2025 01:49:07 +0000
ROA not before:           Thu 02 Jan 2025 01:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215467
IP address blocks:        88.218.206.0/24 maxlen: 24
                          2a09:b280:fe00::/48 maxlen: 48
                          2a09:b280:fe01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bf:db:f7:bf:76:48:6e:d7:06:fa:ed:19:5b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 01:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c59daf70cf8182dfa9785582ab4cc8b4df3f3747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:26:9e:8f:8a:f4:d3:2d:0c:38:12:b9:2d:a3:
                    50:0a:83:53:70:c3:1a:fd:28:da:60:07:36:67:33:
                    f9:40:eb:11:f1:58:8e:9d:e4:94:75:45:24:63:e3:
                    36:10:52:07:1e:bb:78:a4:6c:07:97:9d:f4:2c:00:
                    35:a0:c9:5e:cf:32:91:63:62:4e:55:83:f7:c7:71:
                    91:3c:75:3d:28:d0:11:1c:e4:84:4b:c9:c3:39:4b:
                    a7:bf:33:0d:56:54:f0:64:6a:65:0f:33:59:ed:44:
                    5d:00:44:60:55:af:1b:b5:24:31:43:a3:b8:7e:b3:
                    7d:b2:5b:eb:df:de:40:f9:d4:aa:71:60:4b:ff:00:
                    90:70:03:6c:a4:f7:ea:44:fc:de:bb:4c:a8:e3:51:
                    99:87:de:8d:9c:7a:32:87:64:4a:f4:58:d8:33:b6:
                    0f:c2:6e:55:15:b0:9f:bf:2d:aa:51:4f:71:4c:a3:
                    6d:d0:f6:d1:73:56:03:59:27:a6:b5:7b:a9:6b:70:
                    89:ca:98:fa:d2:56:aa:7a:94:0c:83:4e:eb:7f:ac:
                    a7:08:ff:62:d3:ba:e0:20:ee:26:0f:1b:85:cd:2a:
                    f9:b6:69:69:cb:a8:7c:5c:37:2a:11:5d:89:10:ec:
                    f4:99:0b:81:84:5b:4b:b9:e2:bb:b4:4f:ae:77:43:
                    03:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9D:AF:70:CF:81:82:DF:A9:78:55:82:AB:4C:C8:B4:DF:3F:37:47
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/xZ2vcM-Bgt-peFWCq0zItN8_N0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.206.0/24
                IPv6:
                  2a09:b280:fe00::/47

    Signature Algorithm: sha256WithRSAEncryption
         6b:72:0e:e4:3e:db:ed:75:b4:ba:69:35:93:33:73:66:a1:83:
         05:bd:d7:a5:97:4a:37:7d:ae:96:52:14:cf:3a:e7:63:c8:cb:
         a1:a9:48:06:af:1c:d6:91:b8:0c:bf:aa:de:2c:6c:db:fe:60:
         1f:d2:68:39:19:7c:fe:0c:02:c6:28:67:72:82:c7:48:ec:71:
         c8:cc:59:22:1f:50:d0:ae:b1:4a:e2:e4:0b:a2:a8:0a:c1:d8:
         b2:24:63:1e:96:91:29:7c:54:0b:83:42:66:c8:84:e8:52:31:
         4c:05:b4:05:22:5e:26:f5:d0:48:d9:fb:90:d7:c6:9a:e6:9b:
         f0:e8:4b:2a:07:65:d2:0e:38:9b:9e:86:7f:36:38:75:57:40:
         38:5f:0f:e3:db:e2:1c:21:c8:61:70:e6:6e:fb:30:e1:e3:e8:
         80:26:51:15:2c:93:c7:ee:63:e7:29:e3:b9:ff:01:a6:9d:7c:
         3a:c4:a5:7b:71:33:c0:3c:46:af:d2:52:6d:5c:09:4b:4b:6f:
         bc:27:d1:e2:01:e0:e5:3b:b7:89:3b:be:e1:f4:cb:18:99:bd:
         25:9c:a0:8a:02:83:40:66:8d:29:e3:92:2d:4f:da:28:4f:b8:
         be:9e:49:d3:fe:2b:11:c8:7c:8a:b5:b0:d0:02:48:ae:e9:1a:
         55:e3:de:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks7/b9792SG7XBvrtGVsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjUwMTAyMDE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTlkYWY3MGNmODE4MmRmYTk3ODU1ODJhYjRjYzhiNGRmM2YzNzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Saej4r00y0MOBK5LaNQCoNTcMMa
/SjaYAc2ZzP5QOsR8ViOneSUdUUkY+M2EFIHHrt4pGwHl530LAA1oMlezzKRY2JO
VYP3x3GRPHU9KNARHOSES8nDOUunvzMNVlTwZGplDzNZ7URdAERgVa8btSQxQ6O4
frN9slvr395A+dSqcWBL/wCQcANspPfqRPzeu0yo41GZh96NnHoyh2RK9FjYM7YP
wm5VFbCfvy2qUU9xTKNt0PbRc1YDWSemtXupa3CJypj60laqepQMg07rf6ynCP9i
07rgIO4mDxuFzSr5tmlpy6h8XDcqEV2JEOz0mQuBhFtLueK7tE+ud0MD1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMWdr3DPgYLfqXhVgqtMyLTfPzdHMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEveFoydmNNLUJndC1wZUZXQ3Ewekl0TjhfTjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWNrOMA8E
AgACMAkDBwEqCbKA/gAwDQYJKoZIhvcNAQELBQADggEBAGtyDuQ+2+11tLppNZMz
c2ahgwW916WXSjd9rpZSFM8652PIy6GpSAavHNaRuAy/qt4sbNv+YB/SaDkZfP4M
AsYoZ3KCx0jsccjMWSIfUNCusUri5AuiqArB2LIkYx6WkSl8VAuDQmbIhOhSMUwF
tAUiXib10EjZ+5DXxprmm/DoSyoHZdIOOJuehn82OHVXQDhfD+Pb4hwhyGFw5m77
MOHj6IAmURUsk8fuY+cp47n/AaadfDrEpXtxM8A8Rq/SUm1cCUtLb7wn0eIB4OU7
t4k7vuH0yxiZvSWcoIoCg0BmjSnjki1P2ihPuL6eSdP+KxHIfIq1sNACSK7pGlXj
3sM=
-----END CERTIFICATE-----