Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/88P_skAGBFp7OKZHRnG0KVJmPoI.roa
File:                     88P_skAGBFp7OKZHRnG0KVJmPoI.roa (raw, json)
Hash identifier:          tGiqK/XqC0JOJiX2Em9KLLavk6JfLtdyVgtUQOZcMls=
Subject key identifier:   F3:C3:FF:B2:40:06:04:5A:7B:38:A6:47:46:71:B4:29:52:66:3E:82
Certificate issuer:       /CN=1cee91296c94992d151a232240e6cf3a176d2039
Certificate serial:       019423D77046145A5F400D5DCFF9FAEC32C2
Authority key identifier: 1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/88P_skAGBFp7OKZHRnG0KVJmPoI.roa
Signing time:             Wed 01 Jan 2025 21:48:29 +0000
ROA not before:           Wed 01 Jan 2025 21:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9205
IP address blocks:        2a04:5e40:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:70:46:14:5a:5f:40:0d:5d:cf:f9:fa:ec:32:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cee91296c94992d151a232240e6cf3a176d2039
        Validity
            Not Before: Jan  1 21:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3c3ffb24006045a7b38a6474671b42952663e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2b:58:f3:32:80:bd:53:30:8a:79:1e:ed:74:
                    31:e3:87:4a:12:3a:48:89:48:c5:5e:c8:0b:53:59:
                    b3:f8:66:77:32:9e:fa:32:75:b7:9f:e4:1d:26:ec:
                    10:95:3b:5b:bf:56:ad:cc:83:81:1d:a5:f8:93:46:
                    b4:0c:00:ab:4d:11:81:01:e7:66:3e:71:b5:aa:7f:
                    46:dd:80:a0:bc:3e:df:71:a1:85:78:ff:cd:e1:67:
                    1c:84:af:5b:85:61:c6:8e:7e:e7:17:13:5f:a5:d3:
                    cc:3c:d5:0f:02:f7:15:6a:1d:34:94:6d:83:e0:e4:
                    97:77:b1:1d:80:af:3a:3a:42:d4:7e:d1:8b:c1:ff:
                    1d:4d:1b:b9:d7:28:20:46:24:cd:7c:f6:1c:aa:b3:
                    54:58:dc:72:23:d1:07:f9:49:53:76:d6:7f:b8:60:
                    2a:3c:f2:e6:d9:e6:42:c7:e9:60:13:bf:ec:70:09:
                    d4:0a:21:75:8c:51:73:68:9c:47:03:29:7e:a9:f3:
                    78:2f:75:6f:a1:5f:dd:84:6d:9c:16:70:32:a7:69:
                    04:dd:e1:2e:26:1a:bf:10:be:3f:08:91:ea:f6:87:
                    6f:db:47:c0:b7:95:b4:09:d5:1d:3a:b5:0f:5a:f5:
                    20:39:88:11:78:87:55:3c:90:ea:8b:68:4c:fa:97:
                    ab:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C3:FF:B2:40:06:04:5A:7B:38:A6:47:46:71:B4:29:52:66:3E:82
            X509v3 Authority Key Identifier:
                keyid:1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/88P_skAGBFp7OKZHRnG0KVJmPoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5e40:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:f7:db:41:ab:5c:d6:f4:2c:1c:07:28:ba:e8:67:bb:d6:86:
         0e:72:47:30:6a:7e:b3:2b:87:60:0d:f3:fc:6c:8f:97:01:c6:
         dc:4e:3a:14:54:1d:2d:45:f7:41:87:11:fe:d8:80:91:5c:8c:
         ce:38:43:ab:06:1e:8e:b8:28:78:ce:cd:64:4a:62:a5:26:cb:
         71:eb:48:67:69:a5:42:91:97:d8:d8:05:db:a3:48:82:c4:44:
         11:15:7b:5f:15:db:95:dd:d1:41:63:01:49:2b:35:a8:a2:eb:
         f1:0f:ae:38:e1:6e:3c:52:88:7d:96:10:b9:5c:b1:1e:47:1c:
         23:78:d2:cb:96:fd:21:c8:14:96:3b:36:90:09:af:3f:f3:61:
         f4:73:78:f6:fc:16:5d:1a:a6:2b:df:91:a1:ce:49:05:08:a5:
         3a:e3:68:84:11:49:04:58:10:3c:5e:42:d2:25:3c:56:72:ce:
         6b:a0:95:30:88:b8:30:e3:c2:22:85:a1:8b:34:46:d1:c0:d5:
         24:17:11:e5:fa:8b:c2:51:9a:24:dc:33:b9:a7:4a:16:5b:0d:
         c9:82:8c:0b:1e:4b:fc:e7:67:83:1e:a5:c4:c1:c7:56:46:55:
         ff:ab:25:85:c1:95:24:7a:0c:4c:33:53:99:45:af:9f:d7:73:
         02:be:fc:aa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj13BGFFpfQA1dz/n67DLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZWU5MTI5NmM5NDk5MmQxNTFhMjMyMjQwZTZjZjNhMTc2
ZDIwMzkwHhcNMjUwMTAxMjE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2MzZmZiMjQwMDYwNDVhN2IzOGE2NDc0NjcxYjQyOTUyNjYzZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArytY8zKAvVMwinke7XQx44dKEjpI
iUjFXsgLU1mz+GZ3Mp76MnW3n+QdJuwQlTtbv1atzIOBHaX4k0a0DACrTRGBAedm
PnG1qn9G3YCgvD7fcaGFeP/N4WcchK9bhWHGjn7nFxNfpdPMPNUPAvcVah00lG2D
4OSXd7EdgK86OkLUftGLwf8dTRu51yggRiTNfPYcqrNUWNxyI9EH+UlTdtZ/uGAq
PPLm2eZCx+lgE7/scAnUCiF1jFFzaJxHAyl+qfN4L3VvoV/dhG2cFnAyp2kE3eEu
Jhq/EL4/CJHq9odv20fAt5W0CdUdOrUPWvUgOYgReIdVPJDqi2hM+per0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPPD/7JABgRaezimR0ZxtClSZj6CMB8GA1UdIwQY
MBaAFBzukSlslJktFRojIkDmzzoXbSA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQt
YmFjYWI0NzVlNmNjLzEvODhQX3NrQUdCRnA3T0taSFJuRzBLVkptUG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQtYmFjYWI0NzVlNmNj
LzEvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgReQAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQA199tBq1zW9CwcByi66Ge71oYOckcwan6zK4dg
DfP8bI+XAcbcTjoUVB0tRfdBhxH+2ICRXIzOOEOrBh6OuCh4zs1kSmKlJstx60hn
aaVCkZfY2AXbo0iCxEQRFXtfFduV3dFBYwFJKzWoouvxD6444W48Uoh9lhC5XLEe
RxwjeNLLlv0hyBSWOzaQCa8/82H0c3j2/BZdGqYr35GhzkkFCKU642iEEUkEWBA8
XkLSJTxWcs5roJUwiLgw48IihaGLNEbRwNUkFxHl+ovCUZok3DO5p0oWWw3JgowL
Hkv852eDHqXEwcdWRlX/qyWFwZUkegxMM1OZRa+f13MCvvyq
-----END CERTIFICATE-----