Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/XBo1pVVrARNWOJzVGLIS7aXEyvs.roa
File:                     XBo1pVVrARNWOJzVGLIS7aXEyvs.roa (raw, json)
Hash identifier:          LHmi+bbPW6X6RSAyxvQlIttnolx/pGqPJGLDRqAXVIU=
Subject key identifier:   5C:1A:35:A5:55:6B:01:13:56:38:9C:D5:18:B2:12:ED:A5:C4:CA:FB
Certificate issuer:       /CN=88f7b0dd9ffca2f85734c537cbef5ccd1199e5bc
Certificate serial:       019423D6B52AEE7D65126E0398347E857AA2
Authority key identifier: 88:F7:B0:DD:9F:FC:A2:F8:57:34:C5:37:CB:EF:5C:CD:11:99:E5:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPew3Z_8ovhXNMU3y-9czRGZ5bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/XBo1pVVrARNWOJzVGLIS7aXEyvs.roa
Signing time:             Wed 01 Jan 2025 21:47:41 +0000
ROA not before:           Wed 01 Jan 2025 21:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197680
IP address blocks:        91.213.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/iPew3Z_8ovhXNMU3y-9czRGZ5bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/iPew3Z_8ovhXNMU3y-9czRGZ5bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPew3Z_8ovhXNMU3y-9czRGZ5bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b5:2a:ee:7d:65:12:6e:03:98:34:7e:85:7a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88f7b0dd9ffca2f85734c537cbef5ccd1199e5bc
        Validity
            Not Before: Jan  1 21:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c1a35a5556b011356389cd518b212eda5c4cafb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b0:54:da:2d:a5:a9:3b:ce:10:28:58:44:2e:
                    f5:b2:9a:30:35:f5:b4:60:d5:71:21:6c:c4:73:62:
                    62:c0:e8:81:c1:96:64:16:4d:c7:c4:f1:78:8a:c7:
                    09:ee:79:08:06:0c:be:16:31:2f:92:0a:b7:36:f8:
                    bd:aa:76:a9:91:dd:a2:e6:ab:0b:fa:2a:2a:84:3c:
                    b2:a6:9b:b7:8d:d6:3c:d1:7c:dd:2c:b5:74:ba:7d:
                    7b:ba:8d:8d:6e:52:30:c6:42:5b:73:87:36:47:38:
                    3e:ae:bb:94:7f:ef:37:d1:43:18:e6:39:f6:01:00:
                    b4:67:d2:43:52:c3:d3:32:c6:4f:10:bf:a3:10:26:
                    8e:77:a4:0e:fa:8b:e8:3e:6b:4b:df:7f:51:44:a3:
                    8a:6c:e8:c0:61:82:65:ed:76:36:48:c4:45:69:1d:
                    7a:4a:a5:da:d6:eb:af:f9:b2:5c:bd:f8:3e:e3:c9:
                    f3:67:1a:12:f4:0e:d2:2a:b5:34:58:f5:f0:b7:5b:
                    af:e0:ec:31:02:a3:40:19:d6:9b:ec:5c:68:84:42:
                    09:c1:b2:24:9b:03:ae:38:f5:15:d2:4b:c6:c3:c4:
                    c9:13:f2:1d:9d:af:c2:26:20:ed:02:5e:d8:b2:90:
                    5a:28:af:5f:8a:a1:d0:04:8e:6e:ad:ad:6d:f0:11:
                    6d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1A:35:A5:55:6B:01:13:56:38:9C:D5:18:B2:12:ED:A5:C4:CA:FB
            X509v3 Authority Key Identifier:
                keyid:88:F7:B0:DD:9F:FC:A2:F8:57:34:C5:37:CB:EF:5C:CD:11:99:E5:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPew3Z_8ovhXNMU3y-9czRGZ5bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/XBo1pVVrARNWOJzVGLIS7aXEyvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/iPew3Z_8ovhXNMU3y-9czRGZ5bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:b1:03:29:e7:9a:23:ca:4e:6e:f0:ee:fd:ab:d2:eb:f0:a4:
         2d:69:74:71:45:d0:93:42:a5:ed:c2:68:2f:61:1c:43:ef:90:
         c9:dc:7f:b1:22:15:9d:46:ef:b4:09:ba:9f:42:c7:a4:28:3f:
         2f:19:3b:28:a9:0d:93:79:a6:73:49:42:b0:ff:c9:6f:54:26:
         c4:0b:de:9b:38:44:fa:81:9d:18:0a:a1:2a:a3:cc:0b:bb:c9:
         d5:1e:df:20:1a:98:f7:c5:5e:d7:5b:79:dd:92:10:b3:e2:1a:
         8f:f1:79:25:96:13:42:e2:d5:55:a8:c4:35:29:14:31:71:2f:
         bd:00:1b:3e:1d:20:0d:dd:d2:de:a0:29:96:1a:ba:8d:aa:10:
         3c:54:51:13:fb:13:aa:ce:cb:07:1d:c4:92:9d:89:70:43:cd:
         4c:1f:41:bb:d7:1e:85:a3:b5:c9:ae:0e:e5:15:f2:23:72:6c:
         64:2c:c3:6f:db:e8:0a:ba:08:aa:af:06:d5:61:0a:38:cc:9c:
         2e:4d:36:7e:b6:bb:0f:9a:8f:ed:08:ad:e1:b1:48:46:7b:01:
         3b:b3:d2:0c:66:98:85:7e:ca:6b:11:e4:91:83:98:ca:7d:ff:
         4f:8e:67:11:63:c3:27:07:c4:1f:3b:d5:78:c4:9a:a8:cc:29:
         45:49:b7:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rUq7n1lEm4DmDR+hXqiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZjdiMGRkOWZmY2EyZjg1NzM0YzUzN2NiZWY1Y2NkMTE5
OWU1YmMwHhcNMjUwMTAxMjE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFhMzVhNTU1NmIwMTEzNTYzODljZDUxOGIyMTJlZGE1YzRjYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbBU2i2lqTvOEChYRC71spowNfW0
YNVxIWzEc2JiwOiBwZZkFk3HxPF4iscJ7nkIBgy+FjEvkgq3Nvi9qnapkd2i5qsL
+ioqhDyyppu3jdY80XzdLLV0un17uo2NblIwxkJbc4c2Rzg+rruUf+830UMY5jn2
AQC0Z9JDUsPTMsZPEL+jECaOd6QO+ovoPmtL339RRKOKbOjAYYJl7XY2SMRFaR16
SqXa1uuv+bJcvfg+48nzZxoS9A7SKrU0WPXwt1uv4OwxAqNAGdab7FxohEIJwbIk
mwOuOPUV0kvGw8TJE/Idna/CJiDtAl7YspBaKK9fiqHQBI5ura1t8BFt5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwaNaVVawETVjic1RiyEu2lxMr7MB8GA1UdIwQY
MBaAFIj3sN2f/KL4VzTFN8vvXM0RmeW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVBldzNaXzhvdmhYTk1VM3ktOWN6UkdaNWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9kYzhjMDItNGY2ZC00OWY2LTg4MmMt
MTM2OTA1ZTJjN2M1LzEvWEJvMXBWVnJBUk5XT0p6VkdMSVM3YVhFeXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9kYzhjMDItNGY2ZC00OWY2LTg4MmMtMTM2OTA1ZTJjN2M1
LzEvaVBldzNaXzhvdmhYTk1VM3ktOWN6UkdaNWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XiMA0G
CSqGSIb3DQEBCwUAA4IBAQB4sQMp55ojyk5u8O79q9Lr8KQtaXRxRdCTQqXtwmgv
YRxD75DJ3H+xIhWdRu+0CbqfQsekKD8vGTsoqQ2TeaZzSUKw/8lvVCbEC96bOET6
gZ0YCqEqo8wLu8nVHt8gGpj3xV7XW3ndkhCz4hqP8XkllhNC4tVVqMQ1KRQxcS+9
ABs+HSAN3dLeoCmWGrqNqhA8VFET+xOqzssHHcSSnYlwQ81MH0G71x6Fo7XJrg7l
FfIjcmxkLMNv2+gKugiqrwbVYQo4zJwuTTZ+trsPmo/tCK3hsUhGewE7s9IMZpiF
fsprEeSRg5jKff9PjmcRY8MnB8QfO9V4xJqozClFSbeU
-----END CERTIFICATE-----