Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/7kdmagU4QbQazPFAKJN_jh3ESjI.roa
File:                     7kdmagU4QbQazPFAKJN_jh3ESjI.roa (raw, json)
Hash identifier:          UKie7fx67vGuUXCr+OJM9sf2md8+FYbcDpZ0gOMQ3f0=
Subject key identifier:   EE:47:66:6A:05:38:41:B4:1A:CC:F1:40:28:93:7F:8E:1D:C4:4A:32
Certificate issuer:       /CN=c20e65caddbecd48d2f87787993113842bdfce5d
Certificate serial:       019423D7553F21CE61DC26922F6F3364DCB9
Authority key identifier: C2:0E:65:CA:DD:BE:CD:48:D2:F8:77:87:99:31:13:84:2B:DF:CE:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wg5lyt2-zUjS-HeHmTEThCvfzl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/7kdmagU4QbQazPFAKJN_jh3ESjI.roa
Signing time:             Wed 01 Jan 2025 21:48:22 +0000
ROA not before:           Wed 01 Jan 2025 21:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49227
IP address blocks:        195.88.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/wg5lyt2-zUjS-HeHmTEThCvfzl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/wg5lyt2-zUjS-HeHmTEThCvfzl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wg5lyt2-zUjS-HeHmTEThCvfzl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:55:3f:21:ce:61:dc:26:92:2f:6f:33:64:dc:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c20e65caddbecd48d2f87787993113842bdfce5d
        Validity
            Not Before: Jan  1 21:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee47666a053841b41accf14028937f8e1dc44a32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2f:ab:aa:5d:21:7c:52:93:98:ff:ab:34:c1:
                    2f:15:2f:e2:e4:f9:9d:54:3e:00:b4:b7:39:7c:2d:
                    cf:90:ea:81:62:79:95:02:06:1d:bd:8f:e8:62:33:
                    b8:ab:9e:9e:dd:8b:16:25:77:30:19:65:1b:b7:a5:
                    a1:ca:c5:5c:c9:25:29:65:e1:f3:1a:80:bf:1c:eb:
                    12:c8:f2:02:6b:a2:3d:f0:1c:01:e8:20:ec:2b:b1:
                    a8:1a:d1:0f:1f:75:d0:9f:38:5a:fb:ab:69:27:81:
                    eb:84:56:2c:14:b1:05:34:59:00:c8:e5:ee:ec:69:
                    a4:f1:d2:a9:51:ba:91:d9:38:4c:26:24:ee:93:bc:
                    78:41:2b:8e:f0:7c:f4:c8:e8:55:f5:f7:71:8e:73:
                    98:61:23:72:5f:83:5f:be:77:29:b9:bb:21:43:d7:
                    90:15:61:8a:1a:7e:0e:2f:1c:01:4f:6a:b9:e8:52:
                    75:ad:0a:95:a4:75:8c:c5:df:0f:fc:98:70:d0:e4:
                    97:4f:b6:35:3b:b9:2b:59:01:2a:06:bf:7f:ce:64:
                    cb:4c:7b:31:d9:cc:dc:d2:fe:a0:a6:94:a5:e5:11:
                    22:95:d5:13:eb:fe:73:11:07:ac:7d:21:76:94:84:
                    d3:d5:98:97:f1:f6:21:b9:6e:25:a6:26:81:ef:54:
                    8f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:47:66:6A:05:38:41:B4:1A:CC:F1:40:28:93:7F:8E:1D:C4:4A:32
            X509v3 Authority Key Identifier:
                keyid:C2:0E:65:CA:DD:BE:CD:48:D2:F8:77:87:99:31:13:84:2B:DF:CE:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wg5lyt2-zUjS-HeHmTEThCvfzl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/7kdmagU4QbQazPFAKJN_jh3ESjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/wg5lyt2-zUjS-HeHmTEThCvfzl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:d7:09:54:c8:8c:e6:b2:12:1f:3b:82:26:03:7b:5d:6e:05:
         f2:36:39:09:1f:53:d5:91:a2:46:cc:4b:44:ef:75:1b:57:b6:
         1e:00:28:11:2f:42:cf:12:0a:20:dc:df:9a:7b:89:00:35:fb:
         4e:39:72:e4:b5:5f:f1:54:ce:fe:93:e4:a5:ff:77:14:15:e6:
         dc:88:32:62:6c:69:97:c3:cc:e6:cc:bf:28:a8:bb:33:d5:07:
         3e:c3:4d:cc:71:e5:21:bf:26:37:d4:78:4b:1b:cc:7c:b8:7c:
         a7:a6:b3:02:6f:49:25:42:cb:c3:05:96:db:d3:88:36:15:62:
         3a:6e:0e:89:98:e5:ba:e3:f5:f1:29:60:83:e7:ad:42:32:33:
         4b:05:f9:69:3e:aa:ac:2b:c9:d6:9f:a0:a9:79:99:aa:c5:72:
         c3:1f:b4:3e:4b:be:ec:6d:f1:39:dc:34:f8:75:3f:a0:74:6c:
         09:94:a4:ed:df:f2:bb:fb:97:fd:22:e6:e6:37:01:a0:af:1b:
         c1:5e:23:f9:c7:38:eb:78:d5:ca:01:e1:cd:ae:78:83:04:7a:
         dc:80:8a:51:57:91:f8:bc:78:95:8b:39:fb:b4:5f:a4:24:42:
         42:bc:2d:b2:a0:40:8d:a9:d4:55:b6:5e:c6:67:4b:98:ce:b9:
         df:ac:18:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj11U/Ic5h3CaSL28zZNy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMGU2NWNhZGRiZWNkNDhkMmY4Nzc4Nzk5MzExMzg0MmJk
ZmNlNWQwHhcNMjUwMTAxMjE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTQ3NjY2YTA1Mzg0MWI0MWFjY2YxNDAyODkzN2Y4ZTFkYzQ0YTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmi+rql0hfFKTmP+rNMEvFS/i5Pmd
VD4AtLc5fC3PkOqBYnmVAgYdvY/oYjO4q56e3YsWJXcwGWUbt6WhysVcySUpZeHz
GoC/HOsSyPICa6I98BwB6CDsK7GoGtEPH3XQnzha+6tpJ4HrhFYsFLEFNFkAyOXu
7Gmk8dKpUbqR2ThMJiTuk7x4QSuO8Hz0yOhV9fdxjnOYYSNyX4NfvncpubshQ9eQ
FWGKGn4OLxwBT2q56FJ1rQqVpHWMxd8P/Jhw0OSXT7Y1O7krWQEqBr9/zmTLTHsx
2czc0v6gppSl5REildUT6/5zEQesfSF2lITT1ZiX8fYhuW4lpiaB71SP/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5HZmoFOEG0GszxQCiTf44dxEoyMB8GA1UdIwQY
MBaAFMIOZcrdvs1I0vh3h5kxE4Qr385dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2c1bHl0Mi16VWpTLUhlSG1URVRoQ3ZmemwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8zNWVhZDItNGFhNC00ZmYwLWI1Y2It
N2VmYWE0YTc0Zjk3LzEvN2tkbWFnVTRRYlFhelBGQUtKTl9qaDNFU2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8zNWVhZDItNGFhNC00ZmYwLWI1Y2ItN2VmYWE0YTc0Zjk3
LzEvd2c1bHl0Mi16VWpTLUhlSG1URVRoQ3ZmemwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1jyMA0G
CSqGSIb3DQEBCwUAA4IBAQAy1wlUyIzmshIfO4ImA3tdbgXyNjkJH1PVkaJGzEtE
73UbV7YeACgRL0LPEgog3N+ae4kANftOOXLktV/xVM7+k+Sl/3cUFebciDJibGmX
w8zmzL8oqLsz1Qc+w03MceUhvyY31HhLG8x8uHynprMCb0klQsvDBZbb04g2FWI6
bg6JmOW64/XxKWCD561CMjNLBflpPqqsK8nWn6CpeZmqxXLDH7Q+S77sbfE53DT4
dT+gdGwJlKTt3/K7+5f9IubmNwGgrxvBXiP5xzjreNXKAeHNrniDBHrcgIpRV5H4
vHiVizn7tF+kJEJCvC2yoECNqdRVtl7GZ0uYzrnfrBgE
-----END CERTIFICATE-----