Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/283d32-380a-4e6e-a957-c5baea3f1729/1/u0k0ZcdUu0HWts_QzMnRtt7idjE.roa
File:                     u0k0ZcdUu0HWts_QzMnRtt7idjE.roa (raw, json)
Hash identifier:          gQ41j+zd/N93xs0pAJ6I2F+Zc4DvWJ1HscP8bcl0MW8=
Subject key identifier:   BB:49:34:65:C7:54:BB:41:D6:B6:CF:D0:CC:C9:D1:B6:DE:E2:76:31
Certificate issuer:       /CN=b2d2c11aff072bec37a58262114e1c06bedb4942
Certificate serial:       01990F35231E3757A440E0F3CBFBB8368B16
Authority key identifier: B2:D2:C1:1A:FF:07:2B:EC:37:A5:82:62:11:4E:1C:06:BE:DB:49:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/stLBGv8HK-w3pYJiEU4cBr7bSUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/283d32-380a-4e6e-a957-c5baea3f1729/1/u0k0ZcdUu0HWts_QzMnRtt7idjE.roa
Signing time:             Wed 03 Sep 2025 10:52:44 +0000
ROA not before:           Wed 03 Sep 2025 10:52:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30456
IP address blocks:        194.54.88.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/283d32-380a-4e6e-a957-c5baea3f1729/1/stLBGv8HK-w3pYJiEU4cBr7bSUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/283d32-380a-4e6e-a957-c5baea3f1729/1/stLBGv8HK-w3pYJiEU4cBr7bSUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/stLBGv8HK-w3pYJiEU4cBr7bSUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:35:23:1e:37:57:a4:40:e0:f3:cb:fb:b8:36:8b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2d2c11aff072bec37a58262114e1c06bedb4942
        Validity
            Not Before: Sep  3 10:52:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb493465c754bb41d6b6cfd0ccc9d1b6dee27631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:82:8f:cc:71:b0:e8:39:f9:20:8a:e9:23:3c:
                    27:24:33:e6:c2:f1:e9:69:fb:de:db:03:9f:8a:fd:
                    d3:0a:19:23:83:c3:db:fa:c6:c1:6a:df:6b:dd:54:
                    4c:60:e6:61:27:b9:8b:5c:b5:50:25:3f:47:60:20:
                    a6:00:1b:bc:fc:45:1c:e2:d1:79:a6:ae:1c:b9:8d:
                    cb:04:19:01:f0:0b:ce:cf:42:a0:58:bb:d1:33:cd:
                    e5:8e:a8:79:fc:ea:78:ff:63:9b:ed:ae:42:5e:3f:
                    64:b3:0f:be:a5:cd:5b:48:22:e6:94:3e:49:19:31:
                    7e:19:51:46:08:94:de:ec:b4:21:b2:a9:70:45:26:
                    25:9a:91:01:a0:42:dd:68:bd:02:3f:6a:8f:b2:54:
                    a2:c5:a5:02:42:94:8e:4b:f9:58:5b:10:d3:bc:08:
                    4f:74:bb:6e:0b:b3:3e:a1:99:e3:58:5b:d0:74:5c:
                    5c:e3:cd:4b:4b:6c:f3:ce:c2:f5:2e:6d:fb:2f:fb:
                    5a:c3:51:56:18:0c:ef:ed:b9:8b:d7:fd:c4:4f:6b:
                    bc:bb:47:2e:a9:45:e6:88:06:30:5a:16:80:fb:58:
                    43:74:d4:21:8d:00:f9:42:17:f2:41:d6:cf:ac:97:
                    b7:79:ed:88:30:bf:93:e7:04:38:a6:31:e1:53:cf:
                    d6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:49:34:65:C7:54:BB:41:D6:B6:CF:D0:CC:C9:D1:B6:DE:E2:76:31
            X509v3 Authority Key Identifier:
                keyid:B2:D2:C1:1A:FF:07:2B:EC:37:A5:82:62:11:4E:1C:06:BE:DB:49:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/stLBGv8HK-w3pYJiEU4cBr7bSUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/283d32-380a-4e6e-a957-c5baea3f1729/1/u0k0ZcdUu0HWts_QzMnRtt7idjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/283d32-380a-4e6e-a957-c5baea3f1729/1/stLBGv8HK-w3pYJiEU4cBr7bSUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:bd:68:7d:3d:96:a4:a0:8f:58:18:9a:ed:9e:de:a6:f2:c7:
         76:0a:52:f8:81:29:74:f7:bd:49:ad:84:e8:b3:a0:db:4e:87:
         e5:82:b9:a4:88:a8:d8:ee:31:79:44:88:28:9f:e9:d0:12:b1:
         83:4f:b1:6a:db:b3:55:20:39:49:19:fa:e0:56:87:b2:4a:c3:
         39:e8:e6:5e:db:d5:83:c9:6a:0e:3a:1e:63:26:00:11:c5:7c:
         76:9b:9f:b7:e9:97:65:e4:1c:90:bc:49:c8:5a:59:2c:bc:78:
         93:69:3f:23:af:05:ed:eb:a4:2a:56:f5:0a:51:1d:ed:68:45:
         1e:80:57:e9:da:61:07:bb:02:15:54:23:3c:24:52:30:a7:3b:
         14:b3:79:88:21:b6:94:d7:06:8c:d1:40:b7:48:24:80:65:87:
         ba:bd:65:98:2b:c4:68:c5:b0:dd:8e:b7:ec:a6:6b:65:d9:a5:
         15:e5:92:a0:04:4c:f3:66:cc:62:64:8c:74:ff:e9:4d:08:12:
         73:1a:11:bc:09:66:8e:ea:9f:e1:43:c4:2d:27:36:02:35:2f:
         00:78:8a:32:c8:29:f3:fa:d0:43:c6:4d:bc:9b:5a:d8:f2:e3:
         fb:fa:26:66:39:b0:cb:29:7d:88:51:00:84:64:4e:a5:a2:3e:
         28:64:7d:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkPNSMeN1ekQODzy/u4NosWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZDJjMTFhZmYwNzJiZWMzN2E1ODI2MjExNGUxYzA2YmVk
YjQ5NDIwHhcNMjUwOTAzMTA1MjQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjQ5MzQ2NWM3NTRiYjQxZDZiNmNmZDBjY2M5ZDFiNmRlZTI3NjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoKPzHGw6Dn5IIrpIzwnJDPmwvHp
afve2wOfiv3TChkjg8Pb+sbBat9r3VRMYOZhJ7mLXLVQJT9HYCCmABu8/EUc4tF5
pq4cuY3LBBkB8AvOz0KgWLvRM83ljqh5/Op4/2Ob7a5CXj9ksw++pc1bSCLmlD5J
GTF+GVFGCJTe7LQhsqlwRSYlmpEBoELdaL0CP2qPslSixaUCQpSOS/lYWxDTvAhP
dLtuC7M+oZnjWFvQdFxc481LS2zzzsL1Lm37L/taw1FWGAzv7bmL1/3ET2u8u0cu
qUXmiAYwWhaA+1hDdNQhjQD5QhfyQdbPrJe3ee2IML+T5wQ4pjHhU8/WYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtJNGXHVLtB1rbP0MzJ0bbe4nYxMB8GA1UdIwQY
MBaAFLLSwRr/ByvsN6WCYhFOHAa+20lCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3RMQkd2OEhLLXczcFlKaUVVNGNCcjdiU1VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8yODNkMzItMzgwYS00ZTZlLWE5NTct
YzViYWVhM2YxNzI5LzEvdTBrMFpjZFV1MEhXdHNfUXpNblJ0dDdpZGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8yODNkMzItMzgwYS00ZTZlLWE5NTctYzViYWVhM2YxNzI5
LzEvc3RMQkd2OEhLLXczcFlKaUVVNGNCcjdiU1VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjZYMA0G
CSqGSIb3DQEBCwUAA4IBAQCWvWh9PZakoI9YGJrtnt6m8sd2ClL4gSl0971JrYTo
s6DbToflgrmkiKjY7jF5RIgon+nQErGDT7Fq27NVIDlJGfrgVoeySsM56OZe29WD
yWoOOh5jJgARxXx2m5+36Zdl5ByQvEnIWlksvHiTaT8jrwXt66QqVvUKUR3taEUe
gFfp2mEHuwIVVCM8JFIwpzsUs3mIIbaU1waM0UC3SCSAZYe6vWWYK8RoxbDdjrfs
pmtl2aUV5ZKgBEzzZsxiZIx0/+lNCBJzGhG8CWaO6p/hQ8QtJzYCNS8AeIoyyCnz
+tBDxk28m1rY8uP7+iZmObDLKX2IUQCEZE6loj4oZH3B
-----END CERTIFICATE-----