Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/O2VeVpIY0NqqJs4saKQoTuFoA6I.roa
File:                     O2VeVpIY0NqqJs4saKQoTuFoA6I.roa (raw, json)
Hash identifier:          eCU07QC/oP0X/AS+uAyqKGOShTlcgaS/MZcj5EXt1FQ=
Subject key identifier:   3B:65:5E:56:92:18:D0:DA:AA:26:CE:2C:68:A4:28:4E:E1:68:03:A2
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       0194266BF6A32A3A2E2513F15B47E659D3E1
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/O2VeVpIY0NqqJs4saKQoTuFoA6I.roa
Signing time:             Thu 02 Jan 2025 09:49:57 +0000
ROA not before:           Thu 02 Jan 2025 09:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204967
IP address blocks:        88.119.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f6:a3:2a:3a:2e:25:13:f1:5b:47:e6:59:d3:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 09:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b655e569218d0daaa26ce2c68a4284ee16803a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c7:e6:af:47:59:0f:b8:16:76:d6:41:23:2e:
                    d3:d0:d8:4e:66:0f:3a:3a:83:e6:f8:0f:4a:5f:b6:
                    da:a8:88:8a:98:2f:65:22:53:3b:89:9f:0b:12:85:
                    1a:04:c6:19:fb:1d:12:4f:c2:80:6f:db:9d:93:9f:
                    48:9d:f2:f2:be:9e:72:84:e3:2d:a9:00:a3:f8:67:
                    3a:e4:ed:01:e9:55:41:8a:94:c0:ed:04:63:24:43:
                    2b:61:d9:32:9e:5d:54:c6:d0:ea:a2:5d:ae:b8:61:
                    fe:12:77:16:f7:8e:08:84:b3:d3:1e:9d:05:83:26:
                    fd:ab:bb:db:19:c1:95:a0:7c:88:bc:4e:ed:1e:ae:
                    5f:50:bd:c1:37:4c:1b:41:e4:dd:d1:5b:a6:c7:49:
                    9b:c7:a4:fd:50:8c:d5:d5:b4:d4:12:73:cc:46:04:
                    8d:e4:04:74:5c:e1:d3:dc:73:a2:77:ef:33:7e:92:
                    5f:c4:5c:f2:91:62:1b:0c:87:a2:f6:ad:8f:b5:1f:
                    a3:58:3d:40:a4:5d:60:79:93:a2:95:54:b9:12:9d:
                    eb:e7:f7:9a:d7:db:f4:e4:10:db:ac:e1:09:79:07:
                    49:b8:fd:db:e7:de:50:23:f5:b5:0d:3b:2b:6e:89:
                    5d:30:8b:59:f4:9b:4a:26:f1:cb:c0:38:10:90:ea:
                    79:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:65:5E:56:92:18:D0:DA:AA:26:CE:2C:68:A4:28:4E:E1:68:03:A2
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/O2VeVpIY0NqqJs4saKQoTuFoA6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.119.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:be:1a:6b:25:c1:9b:ac:f0:f3:89:6b:91:3f:43:b0:be:92:
         76:24:5d:dd:d0:e2:b3:52:c9:35:40:79:1d:37:9f:d1:b4:a7:
         c0:b3:31:0c:ec:73:75:72:ac:54:22:75:2a:28:22:18:95:43:
         73:52:bf:be:1b:54:62:c9:5f:e3:91:10:12:25:80:97:7a:00:
         23:47:1d:0b:11:7b:ae:55:14:e9:f4:cb:dd:12:87:ff:ad:ac:
         89:76:ab:63:43:ef:ea:24:bc:16:17:45:ce:a8:b0:6f:45:f4:
         78:12:cf:88:5a:af:47:25:df:8e:9c:43:bd:5c:21:3f:27:85:
         aa:ab:d8:ef:2b:18:ac:16:ef:59:9e:62:10:20:02:c6:dd:c5:
         8e:8b:a6:99:b6:ad:9b:ed:02:74:b2:5a:16:40:0f:7f:8c:ee:
         df:e4:f3:9d:08:89:bf:6d:97:8f:39:31:91:0d:71:6d:3b:6d:
         b2:ca:32:da:ca:fb:37:97:e4:24:b9:38:77:1c:28:6c:c2:29:
         43:40:5b:5e:c9:d8:6b:5f:85:0f:a7:e0:da:61:6f:71:04:d2:
         e4:74:2e:a9:f2:b3:06:23:1b:3b:bb:61:b2:b8:29:a7:a2:32:
         08:fb:39:c4:0c:8d:40:c7:e2:a4:c7:d2:27:93:4a:0d:f7:47:
         f7:46:2e:56
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQma/ajKjouJRPxW0fmWdPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjUwMTAyMDk0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY1NWU1NjkyMThkMGRhYWEyNmNlMmM2OGE0Mjg0ZWUxNjgwM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8fmr0dZD7gWdtZBIy7T0NhOZg86
OoPm+A9KX7baqIiKmC9lIlM7iZ8LEoUaBMYZ+x0ST8KAb9udk59InfLyvp5yhOMt
qQCj+Gc65O0B6VVBipTA7QRjJEMrYdkynl1UxtDqol2uuGH+EncW944IhLPTHp0F
gyb9q7vbGcGVoHyIvE7tHq5fUL3BN0wbQeTd0Vumx0mbx6T9UIzV1bTUEnPMRgSN
5AR0XOHT3HOid+8zfpJfxFzykWIbDIei9q2PtR+jWD1ApF1geZOilVS5Ep3r5/ea
19v05BDbrOEJeQdJuP3b595QI/W1DTsrboldMItZ9JtKJvHLwDgQkOp5yQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDtlXlaSGNDaqibOLGikKE7haAOiMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL08yVmVWcElZME5xcUpzNHNhS1FvVHVGb0E2SS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABYd7Yw
DQYJKoZIhvcNAQELBQADggEBADi+GmslwZus8POJa5E/Q7C+knYkXd3Q4rNSyTVA
eR03n9G0p8CzMQzsc3VyrFQidSooIhiVQ3NSv74bVGLJX+OREBIlgJd6ACNHHQsR
e65VFOn0y90Sh/+trIl2q2ND7+okvBYXRc6osG9F9HgSz4har0cl346cQ71cIT8n
haqr2O8rGKwW71meYhAgAsbdxY6Lppm2rZvtAnSyWhZAD3+M7t/k850Iib9tl485
MZENcW07bbLKMtrK+zeX5CS5OHccKGzCKUNAW17J2GtfhQ+n4Nphb3EE0uR0Lqny
swYjGzu7YbK4KaeiMgj7OcQMjUDH4qTH0ieTSg33R/dGLlY=
-----END CERTIFICATE-----