Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/obdeRPKbOYg0TdkTFUjVSUL8oXE.roa
File:                     obdeRPKbOYg0TdkTFUjVSUL8oXE.roa (raw, json)
Hash identifier:          BP4BJLn84w/b9EROSrMEziDmPyaTFQ9fBu6r5N57qNc=
Subject key identifier:   A1:B7:5E:44:F2:9B:39:88:34:4D:D9:13:15:48:D5:49:42:FC:A1:71
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       0194228D2A3B473BC28C889E2E2AD7AD9E49
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/obdeRPKbOYg0TdkTFUjVSUL8oXE.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41219
IP address blocks:        185.88.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2a:3b:47:3b:c2:8c:88:9e:2e:2a:d7:ad:9e:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1b75e44f29b3988344dd9131548d54942fca171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:dc:49:12:be:0e:8c:61:7b:55:59:8a:86:f9:
                    c5:2f:05:56:fe:1d:ab:6a:a6:99:52:1c:1c:50:53:
                    0c:ca:5a:34:97:d0:41:2c:68:d3:62:36:c7:8d:6e:
                    69:a2:16:9f:f2:c6:5a:06:28:d3:99:4f:89:82:12:
                    f5:59:c6:03:4c:6f:ae:ca:40:2c:2c:01:72:a2:7c:
                    b2:04:57:14:97:f2:7f:f9:64:29:c7:77:73:76:e6:
                    37:f8:9f:58:1d:f6:f0:68:72:14:ee:7a:28:c0:91:
                    7b:c7:82:f3:86:b6:ae:a9:cb:70:9c:70:3b:41:f1:
                    37:58:05:7c:37:13:e6:3e:08:18:03:29:ad:ed:3a:
                    3b:3b:06:d8:58:b0:04:a6:4e:7f:b7:e1:e6:18:3e:
                    a3:99:c8:7b:48:2b:c4:40:03:64:85:dd:07:ba:51:
                    8a:21:37:dd:1b:1e:3e:25:69:44:ba:f1:1c:82:cf:
                    32:37:74:d7:66:66:61:03:d2:ff:e9:df:4f:41:83:
                    81:c6:cf:fc:d7:2b:19:6e:07:0d:da:b9:0d:7c:82:
                    37:ec:27:6f:1d:79:f2:a5:9c:d5:57:32:7d:2e:a2:
                    ce:61:77:f1:08:8e:bf:c6:23:eb:60:b3:cd:27:29:
                    21:2c:f4:86:b5:db:ce:b8:ee:ad:11:ef:2a:2c:ce:
                    5f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:B7:5E:44:F2:9B:39:88:34:4D:D9:13:15:48:D5:49:42:FC:A1:71
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/obdeRPKbOYg0TdkTFUjVSUL8oXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:63:9c:57:53:b7:98:ea:0e:a3:2b:43:4e:05:55:46:94:ad:
         bf:ef:9d:4e:aa:5f:46:07:a4:b7:79:84:24:33:c4:1d:c9:10:
         c8:f1:6b:0d:3a:b3:ae:6b:da:46:13:00:cf:57:9c:89:08:72:
         91:cb:51:24:e4:b8:0f:55:29:01:92:41:45:c3:2d:04:c3:20:
         bd:42:62:bf:43:1d:52:74:95:4c:ce:00:fa:b0:c6:75:5b:3d:
         a1:74:8c:ff:17:6f:3b:62:a0:5d:94:93:eb:0d:85:12:36:d6:
         95:59:e2:68:a2:3f:06:bd:2d:2e:b3:b2:df:f9:7d:35:e5:a4:
         37:26:7f:6b:eb:0d:f4:b1:1f:63:c7:dc:12:39:37:95:8e:e1:
         25:d4:90:0d:46:69:4f:fe:21:5b:9d:e1:fd:05:45:e9:a9:2d:
         27:31:66:fe:b6:c8:3e:4b:3c:e0:d6:b9:f3:01:b4:68:3d:86:
         75:b5:32:79:a0:86:e4:9b:4e:2b:e8:e3:46:9b:29:3c:51:e5:
         d7:26:3d:4a:2c:83:1d:c8:40:b4:7f:86:82:a6:ae:55:c3:f6:
         df:ac:56:c5:af:a3:ef:d7:2a:e0:d1:6b:e9:75:42:6e:3b:76:
         26:5f:96:1c:8a:1a:6d:73:b1:76:e9:59:67:14:a0:6e:e4:f9:
         30:0c:0f:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSo7RzvCjIieLirXrZ5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWI3NWU0NGYyOWIzOTg4MzQ0ZGQ5MTMxNTQ4ZDU0OTQyZmNhMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdxJEr4OjGF7VVmKhvnFLwVW/h2r
aqaZUhwcUFMMylo0l9BBLGjTYjbHjW5pohaf8sZaBijTmU+JghL1WcYDTG+uykAs
LAFyonyyBFcUl/J/+WQpx3dzduY3+J9YHfbwaHIU7noowJF7x4LzhrauqctwnHA7
QfE3WAV8NxPmPggYAymt7To7OwbYWLAEpk5/t+HmGD6jmch7SCvEQANkhd0HulGK
ITfdGx4+JWlEuvEcgs8yN3TXZmZhA9L/6d9PQYOBxs/81ysZbgcN2rkNfII37Cdv
HXnypZzVVzJ9LqLOYXfxCI6/xiPrYLPNJykhLPSGtdvOuO6tEe8qLM5fxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKG3XkTymzmINE3ZExVI1UlC/KFxMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvb2JkZVJQS2JPWWcwVGRrVEZValZTVUw4b1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuViAMA0G
CSqGSIb3DQEBCwUAA4IBAQBnY5xXU7eY6g6jK0NOBVVGlK2/751Oql9GB6S3eYQk
M8QdyRDI8WsNOrOua9pGEwDPV5yJCHKRy1Ek5LgPVSkBkkFFwy0EwyC9QmK/Qx1S
dJVMzgD6sMZ1Wz2hdIz/F287YqBdlJPrDYUSNtaVWeJooj8GvS0us7Lf+X015aQ3
Jn9r6w30sR9jx9wSOTeVjuEl1JANRmlP/iFbneH9BUXpqS0nMWb+tsg+Szzg1rnz
AbRoPYZ1tTJ5oIbkm04r6ONGmyk8UeXXJj1KLIMdyEC0f4aCpq5Vw/bfrFbFr6Pv
1yrg0WvpdUJuO3YmX5Ycihptc7F26VlnFKBu5PkwDA/J
-----END CERTIFICATE-----