Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b89704-4fd2-4e07-a039-66f56ef9ce26/1/aKf7cpyzNQSyfw8b7-Pr38WCYnc.roa
File:                     aKf7cpyzNQSyfw8b7-Pr38WCYnc.roa (raw, json)
Hash identifier:          oRGD5ClevpyjAOYjV/aBq4YhQP42jPwVRjMhzooXQlg=
Subject key identifier:   68:A7:FB:72:9C:B3:35:04:B2:7F:0F:1B:EF:E3:EB:DF:C5:82:62:77
Certificate issuer:       /CN=88a780738b853acffbabdb23914c50e36421f773
Certificate serial:       01942067F88C2448CB74AA73B3DF6887027E
Authority key identifier: 88:A7:80:73:8B:85:3A:CF:FB:AB:DB:23:91:4C:50:E3:64:21:F7:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iKeAc4uFOs_7q9sjkUxQ42Qh93M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b89704-4fd2-4e07-a039-66f56ef9ce26/1/aKf7cpyzNQSyfw8b7-Pr38WCYnc.roa
Signing time:             Wed 01 Jan 2025 05:47:52 +0000
ROA not before:           Wed 01 Jan 2025 05:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39392
IP address blocks:        185.247.28.0/22 maxlen: 32
                          185.247.30.0/23 maxlen: 32
                          2a0d:b880::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b89704-4fd2-4e07-a039-66f56ef9ce26/1/iKeAc4uFOs_7q9sjkUxQ42Qh93M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b89704-4fd2-4e07-a039-66f56ef9ce26/1/iKeAc4uFOs_7q9sjkUxQ42Qh93M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iKeAc4uFOs_7q9sjkUxQ42Qh93M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 05:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f8:8c:24:48:cb:74:aa:73:b3:df:68:87:02:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88a780738b853acffbabdb23914c50e36421f773
        Validity
            Not Before: Jan  1 05:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68a7fb729cb33504b27f0f1befe3ebdfc5826277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:72:b3:12:be:93:8c:23:00:37:f8:2a:6c:43:
                    5d:99:c7:99:b1:12:91:32:15:63:23:f1:33:89:37:
                    68:0d:70:ee:60:b8:c9:36:6c:19:8a:c0:c0:68:fc:
                    81:4c:28:a5:4c:4e:32:df:19:e7:65:8f:e7:45:af:
                    d2:24:28:d5:45:1a:90:e8:0a:0b:d9:89:10:58:b6:
                    a1:63:d3:a1:3e:82:cd:ef:11:a0:18:bd:cf:81:5c:
                    5d:7f:fb:4b:31:38:d3:6d:91:25:d3:5e:fd:c9:44:
                    34:01:7a:20:61:6b:f6:1f:47:a1:9e:b5:b8:89:3d:
                    82:85:a0:08:7e:5d:4d:11:d3:fb:68:7c:09:2a:c1:
                    86:46:f4:35:fa:73:62:5c:72:2e:ce:4b:4b:05:2a:
                    90:35:bb:99:77:69:4d:6e:ec:07:5e:72:83:60:35:
                    29:85:31:ca:ea:2e:ef:8b:ba:3d:54:0d:4f:60:80:
                    81:e0:c3:49:f5:92:90:48:83:0b:c2:86:83:41:6b:
                    4e:35:e0:65:05:23:c6:df:2b:7c:a4:f0:c2:ea:6e:
                    3a:ca:9a:50:b6:8a:41:47:fc:05:93:dc:be:51:9c:
                    db:27:fc:d3:06:ec:70:eb:f0:02:38:da:10:d6:db:
                    fc:78:38:0c:48:ca:ae:b7:53:67:d9:8c:1d:c0:96:
                    60:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A7:FB:72:9C:B3:35:04:B2:7F:0F:1B:EF:E3:EB:DF:C5:82:62:77
            X509v3 Authority Key Identifier:
                keyid:88:A7:80:73:8B:85:3A:CF:FB:AB:DB:23:91:4C:50:E3:64:21:F7:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKeAc4uFOs_7q9sjkUxQ42Qh93M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b89704-4fd2-4e07-a039-66f56ef9ce26/1/aKf7cpyzNQSyfw8b7-Pr38WCYnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b89704-4fd2-4e07-a039-66f56ef9ce26/1/iKeAc4uFOs_7q9sjkUxQ42Qh93M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.28.0/22
                IPv6:
                  2a0d:b880::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:61:62:78:09:49:11:d6:04:7b:ad:ba:f6:6c:64:f4:dd:42:
         f8:97:5f:4e:48:4d:4b:db:74:68:18:7e:01:5e:8c:74:f9:2f:
         14:b7:fc:8f:ec:24:cf:60:d7:44:17:22:4e:36:5f:ee:d3:05:
         1c:46:40:00:2e:31:a1:ea:1e:e5:2b:7e:2f:dc:54:68:52:b0:
         b3:7c:f4:54:96:dc:a6:c5:c6:4c:e6:c2:42:56:fe:25:7b:a4:
         ce:95:74:74:a9:e1:f0:86:2c:4d:2a:79:44:4c:26:ec:9a:9c:
         e7:f1:c0:23:e4:d9:2e:81:f9:93:bf:d9:16:b9:ca:37:c8:02:
         f8:3a:3e:dc:b9:c6:a7:05:40:a8:59:ff:23:27:4e:fe:42:4f:
         52:2c:ee:bb:f2:5c:1e:81:ca:15:53:5c:7b:80:2b:0c:b6:ae:
         71:a2:63:9c:43:5a:c0:50:84:29:93:ed:3d:fc:c1:3a:f5:0c:
         7a:97:8a:b8:54:29:74:f5:04:29:a1:3e:75:52:5b:86:d2:cd:
         bb:e3:66:20:6f:88:88:a5:b1:00:2d:32:82:d7:27:64:db:9c:
         8e:e2:28:42:f6:33:7c:03:68:d9:5a:83:83:d4:03:44:e1:75:
         1f:92:e9:08:e6:47:3d:97:cd:f3:e0:77:96:b1:c3:a9:5d:f0:
         9c:43:ce:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ/iMJEjLdKpzs99ohwJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YTc4MDczOGI4NTNhY2ZmYmFiZGIyMzkxNGM1MGUzNjQy
MWY3NzMwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGE3ZmI3MjljYjMzNTA0YjI3ZjBmMWJlZmUzZWJkZmM1ODI2Mjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXKzEr6TjCMAN/gqbENdmceZsRKR
MhVjI/EziTdoDXDuYLjJNmwZisDAaPyBTCilTE4y3xnnZY/nRa/SJCjVRRqQ6AoL
2YkQWLahY9OhPoLN7xGgGL3PgVxdf/tLMTjTbZEl0179yUQ0AXogYWv2H0ehnrW4
iT2ChaAIfl1NEdP7aHwJKsGGRvQ1+nNiXHIuzktLBSqQNbuZd2lNbuwHXnKDYDUp
hTHK6i7vi7o9VA1PYICB4MNJ9ZKQSIMLwoaDQWtONeBlBSPG3yt8pPDC6m46yppQ
topBR/wFk9y+UZzbJ/zTBuxw6/ACONoQ1tv8eDgMSMqut1Nn2YwdwJZg0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGin+3KcszUEsn8PG+/j69/FgmJ3MB8GA1UdIwQY
MBaAFIingHOLhTrP+6vbI5FMUONkIfdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtlQWM0dUZPc183cTlzamtVeFE0MlFoOTNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iODk3MDQtNGZkMi00ZTA3LWEwMzkt
NjZmNTZlZjljZTI2LzEvYUtmN2NweXpOUVN5Znc4YjctUHIzOFdDWW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iODk3MDQtNGZkMi00ZTA3LWEwMzktNjZmNTZlZjljZTI2
LzEvaUtlQWM0dUZPc183cTlzamtVeFE0MlFoOTNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufccMA0E
AgACMAcDBQMqDbiAMA0GCSqGSIb3DQEBCwUAA4IBAQBSYWJ4CUkR1gR7rbr2bGT0
3UL4l19OSE1L23RoGH4BXox0+S8Ut/yP7CTPYNdEFyJONl/u0wUcRkAALjGh6h7l
K34v3FRoUrCzfPRUltymxcZM5sJCVv4le6TOlXR0qeHwhixNKnlETCbsmpzn8cAj
5NkugfmTv9kWuco3yAL4Oj7cucanBUCoWf8jJ07+Qk9SLO678lwegcoVU1x7gCsM
tq5xomOcQ1rAUIQpk+09/ME69Qx6l4q4VCl09QQpoT51UluG0s2742Ygb4iIpbEA
LTKC1ydk25yO4ihC9jN8A2jZWoOD1ANE4XUfkukI5kc9l83z4HeWscOpXfCcQ86j
-----END CERTIFICATE-----