Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/d-rt9f-dKC8oZEWyOv7rd6kbEo8.roa
File:                     d-rt9f-dKC8oZEWyOv7rd6kbEo8.roa (raw, json)
Hash identifier:          K8bXuYuwS4X0pfixId+iunQp5n4hsy6zV6Ye+pRdYtA=
Subject key identifier:   77:EA:ED:F5:FF:9D:28:2F:28:64:45:B2:3A:FE:EB:77:A9:1B:12:8F
Certificate issuer:       /CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
Certificate serial:       01942143C21FE20D20509F0A4F3C25CF1D53
Authority key identifier: 66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/d-rt9f-dKC8oZEWyOv7rd6kbEo8.roa
Signing time:             Wed 01 Jan 2025 09:47:56 +0000
ROA not before:           Wed 01 Jan 2025 09:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        185.208.88.0/22 maxlen: 24
                          2a0b:32c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c2:1f:e2:0d:20:50:9f:0a:4f:3c:25:cf:1d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
        Validity
            Not Before: Jan  1 09:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77eaedf5ff9d282f286445b23afeeb77a91b128f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:98:57:08:8b:0c:22:43:7a:a9:39:f7:b8:64:
                    6c:02:ba:da:24:e7:7b:eb:96:70:5d:f1:02:d2:9a:
                    8d:ef:a1:63:5a:cb:a6:2a:64:11:e7:e0:2e:8f:6b:
                    b8:bb:17:6b:6b:df:25:98:1d:23:84:d9:d0:43:84:
                    fa:e5:fb:6b:ef:e8:8b:0a:fb:cd:a1:94:9f:fd:bc:
                    26:81:25:b3:da:e1:39:20:80:8d:af:b9:75:15:c8:
                    99:15:19:1d:c3:b1:1a:75:55:9f:5a:39:09:21:a1:
                    ea:4c:db:ae:f7:e7:b0:9e:6d:bd:9c:0d:2d:a1:21:
                    6d:b2:ea:d1:ae:c1:c4:b5:c5:d2:ad:72:c1:f8:73:
                    c5:f6:38:cb:9b:1f:b4:92:a9:5e:cd:5f:b4:05:c5:
                    65:55:53:44:cc:67:fc:dd:e4:20:2e:8b:32:96:b5:
                    a7:50:1f:a2:55:56:57:f3:ed:25:62:ca:5e:3e:28:
                    3c:1b:41:f1:b7:27:8c:d0:4b:78:de:b7:c2:85:7c:
                    0a:c9:41:6a:82:ab:0f:24:9a:64:fe:0c:35:b1:4f:
                    37:f4:0e:79:59:1a:f8:ed:c8:18:e1:d9:1d:8f:bd:
                    28:65:7e:37:5c:7d:9e:32:81:00:17:fd:2c:db:35:
                    d6:cf:30:7c:87:5e:16:7c:7b:c8:60:7a:cf:7c:22:
                    ce:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:EA:ED:F5:FF:9D:28:2F:28:64:45:B2:3A:FE:EB:77:A9:1B:12:8F
            X509v3 Authority Key Identifier:
                keyid:66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/d-rt9f-dKC8oZEWyOv7rd6kbEo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.88.0/22
                IPv6:
                  2a0b:32c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:74:df:e0:6b:85:9e:3c:ae:8d:9f:03:46:cc:ae:7e:8f:7a:
         09:dd:59:66:f3:5f:94:8a:b3:85:26:2d:d2:e0:f1:6c:d1:35:
         ac:7b:fd:8c:86:ae:87:ce:da:7a:b7:10:e9:32:5f:1d:f7:9c:
         c3:ca:93:1d:21:57:c0:15:f7:5c:a0:e6:b0:8f:86:33:8a:44:
         42:03:97:80:ad:57:21:96:78:6f:c4:2d:e7:69:a0:05:7c:67:
         f6:ef:9e:12:e9:9b:2f:f3:ba:4b:49:3b:ab:d3:25:b1:96:22:
         5a:84:d9:d7:83:84:4e:1b:49:b0:1d:33:17:8c:ef:2a:f8:90:
         c1:da:4e:35:ca:49:3c:2c:d9:76:fc:18:f9:d1:9c:ef:71:88:
         74:07:86:46:e3:35:73:49:49:4c:93:11:09:ac:d1:6c:be:c3:
         e0:d6:e8:3d:50:d6:85:97:0e:10:ff:e1:91:ef:cb:46:ae:58:
         0f:0b:13:12:b7:64:86:d2:fa:29:cf:0a:a3:24:5a:e1:4e:a2:
         2d:52:da:5e:3a:e1:dc:68:7b:5b:e5:ed:3e:49:31:45:5e:08:
         49:33:d1:41:74:a8:29:9d:bf:34:83:ec:bd:51:3d:6b:e9:2e:
         03:9e:d9:62:d0:37:ee:29:a8:29:67:1e:97:a7:43:18:d0:49:
         7f:37:2e:28
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ8If4g0gUJ8KTzwlzx1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjM0ZjE0NTg2ZTM5OWNkMzgwMmQ5Yzg4YjFlNjdkOGRk
YjAzYTgwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VhZWRmNWZmOWQyODJmMjg2NDQ1YjIzYWZlZWI3N2E5MWIxMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZhXCIsMIkN6qTn3uGRsArraJOd7
65ZwXfEC0pqN76FjWsumKmQR5+Auj2u4uxdra98lmB0jhNnQQ4T65ftr7+iLCvvN
oZSf/bwmgSWz2uE5IICNr7l1FciZFRkdw7EadVWfWjkJIaHqTNuu9+ewnm29nA0t
oSFtsurRrsHEtcXSrXLB+HPF9jjLmx+0kqlezV+0BcVlVVNEzGf83eQgLosylrWn
UB+iVVZX8+0lYspePig8G0HxtyeM0Et43rfChXwKyUFqgqsPJJpk/gw1sU839A55
WRr47cgY4dkdj70oZX43XH2eMoEAF/0s2zXWzzB8h14WfHvIYHrPfCLOGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHfq7fX/nSgvKGRFsjr+63epGxKPMB8GA1UdIwQY
MBaAFGZjTxRYbjmc04AtnIix5n2N2wOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDct
MTcxZGI0NjkwYzBhLzEvZC1ydDlmLWRLQzhvWkVXeU92N3JkNmtiRW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDctMTcxZGI0NjkwYzBh
LzEvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudBYMA0E
AgACMAcDBQMqCzLAMA0GCSqGSIb3DQEBCwUAA4IBAQB/dN/ga4WePK6NnwNGzK5+
j3oJ3Vlm81+UirOFJi3S4PFs0TWse/2Mhq6Hztp6txDpMl8d95zDypMdIVfAFfdc
oOawj4YzikRCA5eArVchlnhvxC3naaAFfGf2754S6Zsv87pLSTur0yWxliJahNnX
g4ROG0mwHTMXjO8q+JDB2k41ykk8LNl2/Bj50ZzvcYh0B4ZG4zVzSUlMkxEJrNFs
vsPg1ug9UNaFlw4Q/+GR78tGrlgPCxMSt2SG0vopzwqjJFrhTqItUtpeOuHcaHtb
5e0+STFFXghJM9FBdKgpnb80g+y9UT1r6S4Dntli0DfuKagpZx6Xp0MY0El/Ny4o
-----END CERTIFICATE-----