Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/dXGr5BqS128mRLd0J3At49a2qzg.roa
File:                     dXGr5BqS128mRLd0J3At49a2qzg.roa (raw, json)
Hash identifier:          wuoQDj1SJzE/S7y91rkdzuUmyIzNX+hGJtJoYwKPBvU=
Subject key identifier:   75:71:AB:E4:1A:92:D7:6F:26:44:B7:74:27:70:2D:E3:D6:B6:AB:38
Certificate issuer:       /CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
Certificate serial:       0194236A39963B2C3F14D42F3BE1B672372F
Authority key identifier: 88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/dXGr5BqS128mRLd0J3At49a2qzg.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12310
IP address blocks:        195.245.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:39:96:3b:2c:3f:14:d4:2f:3b:e1:b6:72:37:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7571abe41a92d76f2644b77427702de3d6b6ab38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9f:19:2b:0e:70:d6:3f:f9:e1:1f:13:70:a1:
                    12:11:af:97:0c:85:69:eb:dd:ca:a5:be:c6:eb:98:
                    af:91:f2:53:20:fe:26:5c:ca:91:d4:b3:0e:bc:fc:
                    2b:9c:86:ff:19:6d:2b:ce:29:19:64:2a:b3:16:ef:
                    32:36:b7:d7:5d:89:70:d2:79:1e:cb:27:49:91:38:
                    ee:f2:1c:0c:bb:09:a8:09:d7:2b:35:87:f3:c4:26:
                    ee:c3:dd:2d:ec:83:e9:9b:3e:dd:7e:20:ce:8c:2c:
                    c6:b0:99:d3:0b:fc:96:84:c7:95:e6:24:14:78:d6:
                    f4:d3:2b:8d:fe:45:04:99:05:0b:66:b2:a5:0c:1b:
                    12:67:c3:cd:16:cf:a5:e7:a0:14:4e:a9:f4:fc:e8:
                    52:de:89:64:17:b3:9f:7b:16:1d:9a:18:67:d0:8e:
                    39:b7:0e:c8:93:1d:c1:b3:70:cd:bf:e6:3f:e4:30:
                    87:9f:78:15:b5:6a:05:98:c7:3e:fa:ff:08:fe:ad:
                    cc:f8:11:14:b0:9a:82:d3:d4:c7:94:2b:cc:fa:3a:
                    fe:58:e9:1c:4f:ff:e7:5e:b0:1a:bd:5f:39:e3:56:
                    5b:2c:b7:8e:a9:d0:d9:8a:1f:4a:3b:f9:3f:b5:03:
                    df:dd:17:00:14:f5:3b:4f:f7:24:b9:14:1e:18:56:
                    c1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:71:AB:E4:1A:92:D7:6F:26:44:B7:74:27:70:2D:E3:D6:B6:AB:38
            X509v3 Authority Key Identifier:
                keyid:88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/dXGr5BqS128mRLd0J3At49a2qzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:27:21:a6:80:d5:0f:18:26:06:c5:d2:2b:73:42:9e:4f:d9:
         ab:63:78:cc:f9:1a:58:45:4e:b9:c4:d5:59:dc:a6:48:c5:7e:
         40:24:16:f7:f4:e4:7a:9f:17:90:c7:77:fd:b3:a9:9e:29:32:
         44:76:96:21:8f:47:49:2a:83:e7:8e:4e:6a:0e:40:ac:da:f3:
         fa:3b:8b:26:bf:4d:89:49:5b:e6:52:dd:e6:3d:8e:df:37:10:
         71:c0:bb:71:fc:c9:d2:c8:47:9b:ec:b8:58:31:34:ee:22:e1:
         2c:e0:a5:1a:ee:59:e5:ea:53:57:6b:6a:a7:94:98:02:0c:53:
         be:10:a4:3a:b7:8a:db:64:29:c7:cc:66:f1:a7:fa:e0:85:a0:
         3b:a8:06:7f:04:d9:d2:6f:13:5f:57:d4:08:7a:8a:63:6c:4a:
         e4:a0:2b:2a:5d:29:97:de:73:63:6f:0e:32:e2:89:ae:11:9f:
         ac:5d:fc:9a:e1:ea:6b:17:f1:7d:c8:39:b0:b6:c4:de:96:8c:
         3e:43:53:af:26:88:79:f2:01:de:1a:00:5a:85:a6:58:d1:ca:
         f0:48:9b:2d:f4:02:f4:3d:46:6d:6b:43:23:43:cc:4b:c9:30:
         21:aa:19:fd:8c:67:4b:d0:99:1a:ed:85:a3:b5:e8:d9:2c:aa:
         e1:e0:4d:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajmWOyw/FNQvO+G2cjcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YTVhYjY2OWZhYmU3MmRlYzJlODM3ODQ3NmE3ZTkxNWMy
NGVkY2YwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTcxYWJlNDFhOTJkNzZmMjY0NGI3NzQyNzcwMmRlM2Q2YjZhYjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ8ZKw5w1j/54R8TcKESEa+XDIVp
693Kpb7G65ivkfJTIP4mXMqR1LMOvPwrnIb/GW0rzikZZCqzFu8yNrfXXYlw0nke
yydJkTju8hwMuwmoCdcrNYfzxCbuw90t7IPpmz7dfiDOjCzGsJnTC/yWhMeV5iQU
eNb00yuN/kUEmQULZrKlDBsSZ8PNFs+l56AUTqn0/OhS3olkF7OfexYdmhhn0I45
tw7Ikx3Bs3DNv+Y/5DCHn3gVtWoFmMc++v8I/q3M+BEUsJqC09THlCvM+jr+WOkc
T//nXrAavV8541ZbLLeOqdDZih9KO/k/tQPf3RcAFPU7T/ckuRQeGFbBzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVxq+QaktdvJkS3dCdwLePWtqs4MB8GA1UdIwQY
MBaAFIilq2afq+ct7C6DeEdqfpFcJO3PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTkt
MTVhMDIwN2Q0NjA5LzEvZFhHcjVCcVMxMjhtUkxkMEozQXQ0OWEycXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTktMTVhMDIwN2Q0NjA5
LzEvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XcMA0G
CSqGSIb3DQEBCwUAA4IBAQBIJyGmgNUPGCYGxdIrc0KeT9mrY3jM+RpYRU65xNVZ
3KZIxX5AJBb39OR6nxeQx3f9s6meKTJEdpYhj0dJKoPnjk5qDkCs2vP6O4smv02J
SVvmUt3mPY7fNxBxwLtx/MnSyEeb7LhYMTTuIuEs4KUa7lnl6lNXa2qnlJgCDFO+
EKQ6t4rbZCnHzGbxp/rghaA7qAZ/BNnSbxNfV9QIeopjbErkoCsqXSmX3nNjbw4y
4omuEZ+sXfya4eprF/F9yDmwtsTelow+Q1OvJoh58gHeGgBahaZY0crwSJst9AL0
PUZta0MjQ8xLyTAhqhn9jGdL0Jka7YWjtejZLKrh4E29
-----END CERTIFICATE-----