Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/1DkWoYQm2CYL8NcPditLkUCz0lY.roa
File:                     1DkWoYQm2CYL8NcPditLkUCz0lY.roa (raw, json)
Hash identifier:          WyOC+C/qv1YH3uRFOHpvx69KEYldJQ9ngZYV7GVibxI=
Subject key identifier:   D4:39:16:A1:84:26:D8:26:0B:F0:D7:0F:76:2B:4B:91:40:B3:D2:56
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       0194221F7D7B6AEB08A948496B3AECF3115A
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/1DkWoYQm2CYL8NcPditLkUCz0lY.roa
Signing time:             Wed 01 Jan 2025 13:47:56 +0000
ROA not before:           Wed 01 Jan 2025 13:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32806
IP address blocks:        88.151.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7d:7b:6a:eb:08:a9:48:49:6b:3a:ec:f3:11:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: Jan  1 13:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d43916a18426d8260bf0d70f762b4b9140b3d256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4e:21:65:97:fd:5a:95:fa:69:6d:27:66:aa:
                    31:9d:e3:2c:94:3d:5b:29:6d:cf:e1:cc:75:1f:8a:
                    88:50:e2:90:99:42:fa:f3:05:49:66:78:61:13:36:
                    df:1d:b9:ee:5a:66:1c:84:84:51:7c:17:fb:10:9a:
                    19:e7:04:5c:9a:7b:ee:a6:7f:ae:96:1d:7f:c4:6c:
                    71:3c:1e:35:0f:3f:08:af:e4:b6:87:12:f8:35:e4:
                    55:79:3c:9f:ce:64:4d:44:f3:78:09:40:cd:7b:48:
                    57:74:32:81:2f:e9:a3:57:9e:02:41:95:be:ce:b3:
                    28:52:56:dd:c1:bf:aa:1c:71:2e:30:1f:0e:b3:c5:
                    30:7d:b4:62:12:74:db:92:74:45:7c:5a:65:90:e8:
                    65:5e:7c:15:7d:f4:60:99:45:a1:91:af:4a:44:a6:
                    24:41:bf:f4:4b:51:f6:ff:59:e7:6e:ee:3b:36:33:
                    4a:c1:9f:e4:b3:1d:ed:fe:93:8e:39:e6:7a:46:d5:
                    83:a1:39:b7:47:9f:d2:78:a6:f4:7c:1f:76:48:6d:
                    54:a8:ce:b9:8f:24:b8:0d:71:00:97:34:0c:09:37:
                    e7:64:b3:74:95:51:98:38:de:1c:ab:39:2b:00:5e:
                    6b:e5:43:9d:4a:c1:8c:27:53:3a:a3:80:2e:bf:0f:
                    59:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:39:16:A1:84:26:D8:26:0B:F0:D7:0F:76:2B:4B:91:40:B3:D2:56
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/1DkWoYQm2CYL8NcPditLkUCz0lY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:a7:6f:b6:38:25:15:43:3c:20:47:53:4d:c6:18:26:8e:33:
         06:d6:3d:72:ae:cf:8e:29:49:8c:6e:13:67:d3:72:6b:97:13:
         15:00:0f:3f:57:26:9f:d6:78:04:d3:16:4a:7c:6d:78:4b:15:
         a5:df:7d:e0:c8:76:61:e8:1b:5b:ef:32:e9:96:57:ef:0f:7d:
         e6:bb:a2:a8:de:ce:cb:28:0e:74:cf:8f:69:2c:6f:bd:a8:07:
         83:56:4f:02:8a:4e:a7:39:03:ff:cf:9e:b0:d5:61:d1:0a:8f:
         d0:a1:8c:80:77:26:78:2f:9b:19:b3:88:74:5a:cd:50:ff:c1:
         b2:77:4c:d5:ca:ca:c8:b2:11:82:4e:80:78:e7:dd:3b:38:b8:
         0b:26:95:2c:83:8f:fc:5f:e4:b4:74:04:ca:d2:37:b2:59:71:
         6d:4b:1c:5d:e1:7e:a2:41:0d:a5:4a:c1:3d:f8:d2:b1:7e:55:
         62:e2:c9:ec:90:d4:cf:ba:a3:de:7a:70:46:67:49:f2:09:6e:
         e2:7b:5e:20:29:cc:c0:9e:bc:a5:c7:47:12:dd:3b:37:64:5e:
         12:41:5c:dc:34:3a:6f:5c:8e:1b:eb:a2:17:fb:7a:aa:fc:c3:
         02:08:4a:83:20:99:bf:1c:8d:8a:e3:f6:95:2f:dd:d2:d2:2d:
         da:af:d0:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH317ausIqUhJazrs8xFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjUwMTAxMTM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDM5MTZhMTg0MjZkODI2MGJmMGQ3MGY3NjJiNGI5MTQwYjNkMjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr04hZZf9WpX6aW0nZqoxneMslD1b
KW3P4cx1H4qIUOKQmUL68wVJZnhhEzbfHbnuWmYchIRRfBf7EJoZ5wRcmnvupn+u
lh1/xGxxPB41Dz8Ir+S2hxL4NeRVeTyfzmRNRPN4CUDNe0hXdDKBL+mjV54CQZW+
zrMoUlbdwb+qHHEuMB8Os8UwfbRiEnTbknRFfFplkOhlXnwVffRgmUWhka9KRKYk
Qb/0S1H2/1nnbu47NjNKwZ/ksx3t/pOOOeZ6RtWDoTm3R5/SeKb0fB92SG1UqM65
jyS4DXEAlzQMCTfnZLN0lVGYON4cqzkrAF5r5UOdSsGMJ1M6o4Auvw9ZaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQ5FqGEJtgmC/DXD3YrS5FAs9JWMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvMURrV29ZUW0yQ1lMOE5jUGRpdExrVUN6MGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfkMA0G
CSqGSIb3DQEBCwUAA4IBAQDFp2+2OCUVQzwgR1NNxhgmjjMG1j1yrs+OKUmMbhNn
03JrlxMVAA8/Vyaf1ngE0xZKfG14SxWl333gyHZh6Btb7zLpllfvD33mu6Ko3s7L
KA50z49pLG+9qAeDVk8Cik6nOQP/z56w1WHRCo/QoYyAdyZ4L5sZs4h0Ws1Q/8Gy
d0zVysrIshGCToB45907OLgLJpUsg4/8X+S0dATK0jeyWXFtSxxd4X6iQQ2lSsE9
+NKxflVi4snskNTPuqPeenBGZ0nyCW7ie14gKczAnrylx0cS3Ts3ZF4SQVzcNDpv
XI4b66IX+3qq/MMCCEqDIJm/HI2K4/aVL93S0i3ar9Bb
-----END CERTIFICATE-----