Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/jRiDpvu_1gsmAW-cEX_EipvwFFg.roa
File:                     jRiDpvu_1gsmAW-cEX_EipvwFFg.roa (raw, json)
Hash identifier:          Qbmjbd5cGRef4e0djstodVV63g38F6ajAw1lSYzsGYQ=
Subject key identifier:   8D:18:83:A6:FB:BF:D6:0B:26:01:6F:9C:11:7F:C4:8A:9B:F0:14:58
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019428283090E512815BD36059A3B3AD3D70
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/jRiDpvu_1gsmAW-cEX_EipvwFFg.roa
Signing time:             Thu 02 Jan 2025 17:55:10 +0000
ROA not before:           Thu 02 Jan 2025 17:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210853
IP address blocks:        88.203.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:30:90:e5:12:81:5b:d3:60:59:a3:b3:ad:3d:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 17:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d1883a6fbbfd60b26016f9c117fc48a9bf01458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:bc:e1:da:d1:32:78:18:c2:2d:31:d7:a4:a3:
                    af:4a:e8:78:1b:99:e1:62:52:0b:dd:05:30:3c:0b:
                    e0:62:f4:48:00:a7:9c:ae:12:d4:13:f4:40:32:bc:
                    18:5f:73:01:b6:73:46:cc:9b:35:7f:a7:c2:57:23:
                    96:0b:66:a6:0a:6e:32:f7:d6:29:7a:33:9a:79:26:
                    a2:de:c0:87:76:36:b0:d1:2f:e0:69:ef:e2:3a:cf:
                    50:f2:36:ce:92:6c:0b:25:46:cb:1b:63:2b:a2:8b:
                    38:ee:a5:eb:11:e7:87:d1:6a:ef:38:ba:ac:57:34:
                    9c:9e:2f:56:a6:65:20:31:a0:7b:ed:7c:01:4b:3c:
                    cf:3e:d2:ff:e0:95:05:20:58:59:8f:dc:b6:06:9a:
                    8b:9b:e2:97:55:82:41:21:bc:e1:8e:7b:e5:08:e3:
                    70:7f:3f:18:e4:a3:06:ae:56:02:a3:c0:0a:38:25:
                    59:5e:d5:da:a3:32:9f:18:90:87:61:ee:f0:20:19:
                    46:a7:d7:90:a8:47:8b:01:72:83:36:82:23:d5:d5:
                    b3:de:b7:3c:a7:68:a8:aa:e3:20:8a:07:54:32:e5:
                    c4:55:69:4b:f6:76:4e:3c:f3:f3:32:40:fa:ce:17:
                    17:4d:c6:2c:3e:58:f8:2a:60:16:ec:ea:2d:3a:26:
                    5e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:18:83:A6:FB:BF:D6:0B:26:01:6F:9C:11:7F:C4:8A:9B:F0:14:58
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/jRiDpvu_1gsmAW-cEX_EipvwFFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.203.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:f8:68:57:b5:f7:eb:d7:e0:c6:14:54:bb:bc:c8:f0:46:0a:
         62:7a:d4:e5:11:52:cd:49:44:ad:97:ba:f2:b7:0e:80:fd:91:
         89:c8:44:51:22:d6:53:b8:90:21:96:11:b8:9a:9e:aa:c0:8b:
         94:b0:1f:02:d1:69:04:cb:db:48:80:90:68:74:40:31:fb:e8:
         7f:bd:8a:e8:24:4f:3b:eb:b3:84:51:43:4e:3f:78:f2:d3:a2:
         45:d2:db:18:df:c4:28:0a:03:d6:4e:60:b1:2f:ec:a1:c2:95:
         77:0a:ed:9b:2d:67:4b:02:18:44:68:be:9d:6c:cb:2f:3a:65:
         8d:a3:b7:ba:18:24:ec:3f:e4:aa:fb:74:d4:ca:9d:c3:cd:8a:
         54:0f:cf:e1:1d:e4:a6:07:a0:d8:84:88:7e:fd:24:48:fd:7b:
         6f:eb:e4:32:44:25:3c:d6:4e:53:ac:be:9a:5d:bf:7f:b1:31:
         87:8f:1c:ab:a0:38:96:e7:52:88:62:13:9c:c1:84:4c:1a:79:
         be:ae:7d:83:55:52:0b:68:95:95:73:b7:0e:46:a0:15:57:0a:
         c5:39:20:b2:31:be:dc:7e:2f:e6:64:56:f7:fe:32:82:c3:0b:
         d9:57:a5:f4:41:e6:50:fd:44:45:1e:39:92:55:9c:ee:7e:69:
         6f:6b:96:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKDCQ5RKBW9NgWaOzrT1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwMTAyMTc1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDE4ODNhNmZiYmZkNjBiMjYwMTZmOWMxMTdmYzQ4YTliZjAxNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Lzh2tEyeBjCLTHXpKOvSuh4G5nh
YlIL3QUwPAvgYvRIAKecrhLUE/RAMrwYX3MBtnNGzJs1f6fCVyOWC2amCm4y99Yp
ejOaeSai3sCHdjaw0S/gae/iOs9Q8jbOkmwLJUbLG2Mroos47qXrEeeH0WrvOLqs
VzScni9WpmUgMaB77XwBSzzPPtL/4JUFIFhZj9y2BpqLm+KXVYJBIbzhjnvlCONw
fz8Y5KMGrlYCo8AKOCVZXtXaozKfGJCHYe7wIBlGp9eQqEeLAXKDNoIj1dWz3rc8
p2ioquMgigdUMuXEVWlL9nZOPPPzMkD6zhcXTcYsPlj4KmAW7OotOiZefQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0Yg6b7v9YLJgFvnBF/xIqb8BRYMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvalJpRHB2dV8xZ3NtQVctY0VYX0VpcHZ3RkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWMuxMA0G
CSqGSIb3DQEBCwUAA4IBAQAy+GhXtffr1+DGFFS7vMjwRgpietTlEVLNSUStl7ry
tw6A/ZGJyERRItZTuJAhlhG4mp6qwIuUsB8C0WkEy9tIgJBodEAx++h/vYroJE87
67OEUUNOP3jy06JF0tsY38QoCgPWTmCxL+yhwpV3Cu2bLWdLAhhEaL6dbMsvOmWN
o7e6GCTsP+Sq+3TUyp3DzYpUD8/hHeSmB6DYhIh+/SRI/Xtv6+QyRCU81k5TrL6a
Xb9/sTGHjxyroDiW51KIYhOcwYRMGnm+rn2DVVILaJWVc7cORqAVVwrFOSCyMb7c
fi/mZFb3/jKCwwvZV6X0QeZQ/URFHjmSVZzufmlva5bT
-----END CERTIFICATE-----