Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/a-Q3Lkpldbz69An3zTbXEKH8HqU.roa
File:                     a-Q3Lkpldbz69An3zTbXEKH8HqU.roa (raw, json)
Hash identifier:          0SDDVVFHM1z4OqmNV+UN7oIRoxmuAZ2ZjbRsJXXRQVw=
Subject key identifier:   6B:E4:37:2E:4A:65:75:BC:FA:F4:09:F7:CD:36:D7:10:A1:FC:1E:A5
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       01942828220E37FB77A1B571251C8A3194CB
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/a-Q3Lkpldbz69An3zTbXEKH8HqU.roa
Signing time:             Thu 02 Jan 2025 17:55:06 +0000
ROA not before:           Thu 02 Jan 2025 17:55:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197184
IP address blocks:        88.203.248.0/24 maxlen: 24
                          88.203.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:22:0e:37:fb:77:a1:b5:71:25:1c:8a:31:94:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 17:55:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6be4372e4a6575bcfaf409f7cd36d710a1fc1ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2b:c2:78:f1:54:ea:19:c7:3a:c1:a4:0f:5c:
                    7f:dd:30:6a:96:f7:b7:8d:6b:ab:11:bb:bf:c4:54:
                    43:b4:60:bd:b9:a5:ea:42:b4:c4:f8:6a:54:1f:75:
                    bd:fa:ae:9f:7c:0f:d8:cd:88:4d:ae:5d:fc:c7:ea:
                    29:54:18:4e:53:d1:e9:71:3c:d3:3b:c3:4a:60:ea:
                    ef:aa:df:4f:26:3b:e5:3e:8e:e8:1b:82:6c:22:5a:
                    b4:c1:93:ec:58:72:64:af:e8:47:a8:c9:7e:75:65:
                    7c:6f:08:c8:19:92:db:c1:92:fd:1d:50:62:1b:1c:
                    89:5c:ef:75:9b:d3:2c:1b:ed:43:d2:4e:63:94:2d:
                    59:06:77:ec:41:30:e2:d1:bc:18:81:d7:30:ea:fb:
                    c9:a8:6c:67:be:ae:61:2a:4d:1a:97:ee:ef:65:18:
                    d9:40:cc:cc:a6:f7:0d:34:e8:e0:dc:f7:12:4c:f2:
                    95:5b:29:22:96:2e:4c:6c:e7:01:a5:d5:c8:43:5f:
                    41:5d:f7:8c:8b:b9:75:b5:41:51:b3:d7:fb:3a:52:
                    6f:0c:6f:a2:4b:d3:d1:1d:b0:5e:9a:23:01:05:41:
                    4b:e2:ee:c9:c3:b4:6e:06:0a:0c:09:f1:c6:d2:ce:
                    19:34:74:a2:98:f3:28:0b:07:da:8f:43:90:c4:da:
                    2c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E4:37:2E:4A:65:75:BC:FA:F4:09:F7:CD:36:D7:10:A1:FC:1E:A5
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/a-Q3Lkpldbz69An3zTbXEKH8HqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.203.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:71:c7:b9:5c:d8:8b:21:c1:8a:6d:88:23:f3:e3:dd:80:96:
         cf:f1:70:29:9b:50:e7:4b:43:b0:3a:ca:9c:c8:3d:fd:84:b0:
         0d:18:44:ee:38:4d:b6:3d:1d:0d:35:db:e5:41:ed:ad:0c:7d:
         2a:dd:f1:88:48:7a:a4:58:2f:ea:9d:99:b8:4a:31:91:4c:48:
         d3:32:ad:94:f1:63:aa:12:98:59:d8:3f:2d:f1:c8:0d:d4:43:
         2e:bd:0f:13:d1:c6:c9:99:1c:45:e6:85:58:8a:a8:3b:b5:64:
         d9:44:8c:e8:02:27:5f:8a:97:40:43:76:b1:5b:0e:5d:b9:a7:
         12:fd:0f:10:6e:c6:0b:90:8f:4c:da:51:33:b5:1f:c7:2a:55:
         c6:cb:c0:0f:33:ff:89:0f:94:9d:67:3d:23:4a:5b:54:9a:6c:
         b3:1d:06:72:f0:4d:36:a9:91:1d:fc:d6:9c:36:80:b1:96:8a:
         3d:40:07:12:74:b0:dc:9b:c6:42:12:87:b3:ba:3b:16:8d:d0:
         7e:53:f4:9f:51:f8:09:aa:0b:b5:ae:fd:6f:ca:84:64:4f:78:
         c9:6b:9c:02:d5:bd:b9:30:fd:94:b3:ee:08:31:d6:ef:71:f8:
         ed:d0:4b:88:3c:2a:52:29:04:98:e0:68:af:7f:61:c7:07:be:
         28:6c:73:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKCION/t3obVxJRyKMZTLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwMTAyMTc1NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmU0MzcyZTRhNjU3NWJjZmFmNDA5ZjdjZDM2ZDcxMGExZmMxZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxivCePFU6hnHOsGkD1x/3TBqlve3
jWurEbu/xFRDtGC9uaXqQrTE+GpUH3W9+q6ffA/YzYhNrl38x+opVBhOU9HpcTzT
O8NKYOrvqt9PJjvlPo7oG4JsIlq0wZPsWHJkr+hHqMl+dWV8bwjIGZLbwZL9HVBi
GxyJXO91m9MsG+1D0k5jlC1ZBnfsQTDi0bwYgdcw6vvJqGxnvq5hKk0al+7vZRjZ
QMzMpvcNNOjg3PcSTPKVWykili5MbOcBpdXIQ19BXfeMi7l1tUFRs9f7OlJvDG+i
S9PRHbBemiMBBUFL4u7Jw7RuBgoMCfHG0s4ZNHSimPMoCwfaj0OQxNos3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvkNy5KZXW8+vQJ98021xCh/B6lMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvYS1RM0xrcGxkYno2OUFuM3pUYlhFS0g4SHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWMv4MA0G
CSqGSIb3DQEBCwUAA4IBAQAVcce5XNiLIcGKbYgj8+PdgJbP8XApm1DnS0OwOsqc
yD39hLANGETuOE22PR0NNdvlQe2tDH0q3fGISHqkWC/qnZm4SjGRTEjTMq2U8WOq
EphZ2D8t8cgN1EMuvQ8T0cbJmRxF5oVYiqg7tWTZRIzoAidfipdAQ3axWw5duacS
/Q8QbsYLkI9M2lEztR/HKlXGy8APM/+JD5SdZz0jSltUmmyzHQZy8E02qZEd/Nac
NoCxloo9QAcSdLDcm8ZCEoezujsWjdB+U/SfUfgJqgu1rv1vyoRkT3jJa5wC1b25
MP2Us+4IMdbvcfjt0EuIPCpSKQSY4Givf2HHB74obHNu
-----END CERTIFICATE-----