Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/7lgq0ctAzIlTDcpOLaQGdaGThZk.roa
File:                     7lgq0ctAzIlTDcpOLaQGdaGThZk.roa (raw, json)
Hash identifier:          e5z2Mfd4VCKCw2JmNleVEdAAScHXO8Xd9p2GShP5Y6E=
Subject key identifier:   EE:58:2A:D1:CB:40:CC:89:53:0D:CA:4E:2D:A4:06:75:A1:93:85:99
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       019427486079371D42569B21630CA36D5946
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/7lgq0ctAzIlTDcpOLaQGdaGThZk.roa
Signing time:             Thu 02 Jan 2025 13:50:42 +0000
ROA not before:           Thu 02 Jan 2025 13:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203425
IP address blocks:        93.95.8.0/21 maxlen: 24
                          151.236.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:60:79:37:1d:42:56:9b:21:63:0c:a3:6d:59:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  2 13:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee582ad1cb40cc89530dca4e2da40675a1938599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:89:20:ea:55:f2:65:b6:58:6b:ee:df:a1:ad:
                    41:16:ae:af:cf:19:95:80:f8:f6:a9:e5:07:a2:30:
                    78:31:24:8e:85:90:1a:54:a4:0d:c8:cc:54:67:c6:
                    fd:4e:63:37:9d:3f:97:4d:41:cf:93:eb:49:30:3e:
                    41:94:5d:77:76:0d:b3:00:33:0a:1d:75:c6:3f:2c:
                    ff:2f:cb:29:ac:5c:82:a6:39:49:86:e3:5c:2f:a8:
                    69:9c:c6:23:e4:52:d8:c2:87:1c:c7:34:57:a3:f5:
                    22:f9:66:65:02:82:e4:85:6a:0a:fd:04:38:0a:27:
                    22:c6:1e:1a:f4:a6:28:b8:6b:73:e7:91:11:da:bc:
                    70:26:7a:16:10:af:45:d0:4b:cb:34:b7:5e:a2:f5:
                    78:4a:b8:2d:16:95:f1:41:97:25:9e:f8:09:d6:21:
                    2a:11:63:cb:42:8e:8f:46:00:ed:af:f0:ea:6b:88:
                    2f:01:91:7e:ee:da:90:bd:d8:d2:3b:7c:86:f3:64:
                    e9:a7:bf:34:00:0b:0c:5c:e7:1a:d4:f0:95:91:c4:
                    8d:47:de:22:6a:f2:b3:4e:1a:f9:47:1e:8c:6a:2d:
                    3e:8e:51:ec:82:77:6a:e3:ae:8d:f6:fd:ba:f3:e7:
                    6a:67:5c:35:b8:4c:e2:11:fe:bb:04:c8:f6:72:64:
                    b3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:58:2A:D1:CB:40:CC:89:53:0D:CA:4E:2D:A4:06:75:A1:93:85:99
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/7lgq0ctAzIlTDcpOLaQGdaGThZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.8.0/21
                  151.236.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         06:12:ee:de:98:3c:08:13:e7:89:54:53:d3:f8:8d:80:45:b7:
         b5:f6:53:e2:d7:b1:39:f8:01:68:f7:f3:fc:8a:28:cc:e9:c5:
         df:f2:0d:7a:14:16:0e:59:18:49:9c:1f:27:49:2a:91:9f:8a:
         93:27:3e:bc:f3:5b:a5:e3:22:a6:04:28:ba:f3:72:65:08:3a:
         6e:71:84:51:d0:ba:e8:20:da:78:ff:dd:91:3e:16:33:2b:3e:
         cf:3c:d4:15:1d:06:d5:58:b9:9a:81:af:01:c6:2a:58:13:81:
         c0:d3:72:13:86:db:e1:a0:c5:ab:ac:6c:a7:bb:ee:d2:d3:29:
         d9:ae:f0:a3:ec:ed:63:e6:2e:35:90:d8:ae:26:0e:55:fc:f4:
         5b:11:5e:81:8d:36:13:c8:5a:e3:20:aa:81:96:52:e6:0c:cf:
         bf:88:6e:0c:64:87:ef:3f:36:79:8c:07:d9:a0:da:e9:32:e6:
         43:36:09:69:5e:c8:92:80:76:cf:14:e9:8d:be:1d:ac:67:b0:
         09:d5:32:d5:da:b6:98:73:2b:26:0e:b2:06:7d:ed:0b:d1:e6:
         24:a5:c0:38:e3:e9:a0:59:88:6a:59:dd:29:25:5e:86:29:53:
         9f:a8:1a:f7:d8:f0:2b:76:0d:b7:01:df:eb:95:47:25:91:f1:
         5c:aa:ea:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSGB5Nx1CVpshYwyjbVlGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjUwMTAyMTM1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTU4MmFkMWNiNDBjYzg5NTMwZGNhNGUyZGE0MDY3NWExOTM4NTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYkg6lXyZbZYa+7foa1BFq6vzxmV
gPj2qeUHojB4MSSOhZAaVKQNyMxUZ8b9TmM3nT+XTUHPk+tJMD5BlF13dg2zADMK
HXXGPyz/L8sprFyCpjlJhuNcL6hpnMYj5FLYwoccxzRXo/Ui+WZlAoLkhWoK/QQ4
Cicixh4a9KYouGtz55ER2rxwJnoWEK9F0EvLNLdeovV4SrgtFpXxQZclnvgJ1iEq
EWPLQo6PRgDtr/Dqa4gvAZF+7tqQvdjSO3yG82Tpp780AAsMXOca1PCVkcSNR94i
avKzThr5Rx6Mai0+jlHsgndq466N9v268+dqZ1w1uEziEf67BMj2cmSzrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO5YKtHLQMyJUw3KTi2kBnWhk4WZMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvN2xncTBjdEF6SWxURGNwT0xhUUdkYUdUaFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXV8IAwQD
l+zQMA0GCSqGSIb3DQEBCwUAA4IBAQAGEu7emDwIE+eJVFPT+I2ARbe19lPi17E5
+AFo9/P8iijM6cXf8g16FBYOWRhJnB8nSSqRn4qTJz6881ul4yKmBCi683JlCDpu
cYRR0LroINp4/92RPhYzKz7PPNQVHQbVWLmaga8BxipYE4HA03IThtvhoMWrrGyn
u+7S0ynZrvCj7O1j5i41kNiuJg5V/PRbEV6BjTYTyFrjIKqBllLmDM+/iG4MZIfv
PzZ5jAfZoNrpMuZDNglpXsiSgHbPFOmNvh2sZ7AJ1TLV2raYcysmDrIGfe0L0eYk
pcA44+mgWYhqWd0pJV6GKVOfqBr32PArdg23Ad/rlUclkfFcqupw
-----END CERTIFICATE-----