Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/nDf-d6X7xFDAQMGxs9iTVzm98Tc.roa
File:                     nDf-d6X7xFDAQMGxs9iTVzm98Tc.roa (raw, json)
Hash identifier:          ZZufmS7Rmg4xqd7NIWy17JuXQy0B3RpFtM9HUI45wuY=
Subject key identifier:   9C:37:FE:77:A5:FB:C4:50:C0:40:C1:B1:B3:D8:93:57:39:BD:F1:37
Certificate issuer:       /CN=7ee053cb9cb4f41c1e4773e7f16e84bb57522033
Certificate serial:       019823C230E79F39C52686AE4B5F3B264B23
Authority key identifier: 7E:E0:53:CB:9C:B4:F4:1C:1E:47:73:E7:F1:6E:84:BB:57:52:20:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/nDf-d6X7xFDAQMGxs9iTVzm98Tc.roa
Signing time:             Sat 19 Jul 2025 17:36:25 +0000
ROA not before:           Sat 19 Jul 2025 17:36:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42288
IP address blocks:        88.218.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:23:c2:30:e7:9f:39:c5:26:86:ae:4b:5f:3b:26:4b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee053cb9cb4f41c1e4773e7f16e84bb57522033
        Validity
            Not Before: Jul 19 17:36:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c37fe77a5fbc450c040c1b1b3d8935739bdf137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:35:74:98:19:52:a4:66:75:cb:7b:ae:32:67:
                    98:14:c1:44:da:cb:a3:f9:0b:60:78:19:a0:87:63:
                    d0:f0:bb:24:03:ce:5e:40:df:02:d6:4b:8b:06:2c:
                    3e:53:4f:7d:d9:b3:d2:01:d7:7e:78:38:a3:bc:29:
                    08:c9:b5:81:cd:b1:c9:ee:c9:f3:f2:b8:5d:cd:d1:
                    59:a2:0d:cd:c8:ca:29:9c:80:20:45:3d:68:43:19:
                    df:29:c3:f7:bc:16:f7:b5:92:3a:09:3b:f1:4f:09:
                    99:85:f9:e5:99:3c:05:6e:b7:ea:05:db:58:42:1b:
                    77:e3:9d:da:65:54:65:f2:e5:8f:7c:24:4e:51:bb:
                    40:a5:2a:5f:9b:1d:38:3b:a0:9d:71:9a:8c:c6:54:
                    48:59:c9:88:2b:9b:44:65:07:5a:61:54:c3:12:ac:
                    08:ae:f9:8f:a4:b9:01:4a:d5:96:1c:aa:f0:4b:9a:
                    32:20:d9:ee:c7:0c:be:14:28:a3:6c:b8:b9:69:1e:
                    6a:1b:f5:c1:aa:bd:02:60:d7:7a:26:2b:94:85:25:
                    98:a2:9c:a2:21:b4:d3:14:47:fc:ee:dd:bb:b3:17:
                    07:8c:6c:ae:0f:c6:a9:b1:f9:a9:b1:ac:70:6b:7f:
                    95:38:d3:5f:b0:c3:c4:ca:3d:1f:10:5e:9c:b1:5e:
                    b4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:37:FE:77:A5:FB:C4:50:C0:40:C1:B1:B3:D8:93:57:39:BD:F1:37
            X509v3 Authority Key Identifier:
                keyid:7E:E0:53:CB:9C:B4:F4:1C:1E:47:73:E7:F1:6E:84:BB:57:52:20:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/nDf-d6X7xFDAQMGxs9iTVzm98Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:5e:7d:58:f3:38:84:37:65:59:83:6a:2c:11:8d:92:17:0d:
         5b:5a:19:a8:ea:5b:25:4d:3a:67:29:c6:86:f8:6e:0b:61:0a:
         51:ea:c4:26:52:75:ea:e1:de:26:a0:d0:df:a4:12:47:95:6c:
         b5:df:33:d8:b7:83:31:01:11:cd:ee:20:f7:30:96:ea:2c:72:
         be:a4:d8:38:19:39:16:a1:69:6e:6f:a9:5d:d5:3c:3e:d4:82:
         d5:6c:5e:43:b7:86:e8:60:07:ea:18:ce:4c:1a:88:db:0e:23:
         2c:4e:d9:71:13:cd:22:8c:1b:6e:9d:22:24:04:26:49:8e:96:
         c6:9d:3b:dd:60:1b:02:5d:69:fc:24:c5:b4:9c:c3:8a:cf:9c:
         5b:ec:6a:79:15:89:69:69:62:e2:8c:17:a7:ed:09:d7:84:ad:
         69:6b:47:df:4e:46:6b:42:f9:cb:56:ae:c5:d0:ad:b7:a9:9f:
         61:9a:fa:6b:34:fa:bd:98:6b:00:0f:35:2f:32:c2:19:a4:9c:
         4e:49:1c:ad:3c:c2:dd:de:1c:c1:6d:8e:bd:c4:24:54:3a:f6:
         ce:fb:44:4d:07:d4:14:c1:2e:bf:05:b2:d5:29:89:b6:ee:10:
         95:10:fc:55:22:8b:a4:15:d4:27:fa:36:47:4a:07:50:27:6b:
         d0:08:90:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgjwjDnnznFJoauS187JksjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTA1M2NiOWNiNGY0MWMxZTQ3NzNlN2YxNmU4NGJiNTc1
MjIwMzMwHhcNMjUwNzE5MTczNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzM3ZmU3N2E1ZmJjNDUwYzA0MGMxYjFiM2Q4OTM1NzM5YmRmMTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zV0mBlSpGZ1y3uuMmeYFMFE2suj
+QtgeBmgh2PQ8LskA85eQN8C1kuLBiw+U0992bPSAdd+eDijvCkIybWBzbHJ7snz
8rhdzdFZog3NyMopnIAgRT1oQxnfKcP3vBb3tZI6CTvxTwmZhfnlmTwFbrfqBdtY
Qht3453aZVRl8uWPfCROUbtApSpfmx04O6CdcZqMxlRIWcmIK5tEZQdaYVTDEqwI
rvmPpLkBStWWHKrwS5oyINnuxwy+FCijbLi5aR5qG/XBqr0CYNd6JiuUhSWYopyi
IbTTFEf87t27sxcHjGyuD8apsfmpsaxwa3+VONNfsMPEyj0fEF6csV60zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJw3/nel+8RQwEDBsbPYk1c5vfE3MB8GA1UdIwQY
MBaAFH7gU8uctPQcHkdz5/FuhLtXUiAzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVCVHk1eTA5QndlUjNQbjhXNkV1MWRTSURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wNjAwYTQtMTQ2NC00YTdjLWFmNTYt
MThlODZmMGIxZDgxLzEvbkRmLWQ2WDd4RkRBUU1HeHM5aVRWem05OFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wNjAwYTQtMTQ2NC00YTdjLWFmNTYtMThlODZmMGIxZDgx
LzEvZnVCVHk1eTA5QndlUjNQbjhXNkV1MWRTSURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNoTMA0G
CSqGSIb3DQEBCwUAA4IBAQBZXn1Y8ziEN2VZg2osEY2SFw1bWhmo6lslTTpnKcaG
+G4LYQpR6sQmUnXq4d4moNDfpBJHlWy13zPYt4MxARHN7iD3MJbqLHK+pNg4GTkW
oWlub6ld1Tw+1ILVbF5Dt4boYAfqGM5MGojbDiMsTtlxE80ijBtunSIkBCZJjpbG
nTvdYBsCXWn8JMW0nMOKz5xb7Gp5FYlpaWLijBen7QnXhK1pa0ffTkZrQvnLVq7F
0K23qZ9hmvprNPq9mGsADzUvMsIZpJxOSRytPMLd3hzBbY69xCRUOvbO+0RNB9QU
wS6/BbLVKYm27hCVEPxVIoukFdQn+jZHSgdQJ2vQCJCU
-----END CERTIFICATE-----