Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/kA7t86VhHLfxpZem9_pfnrfA8Jw.roa
File:                     kA7t86VhHLfxpZem9_pfnrfA8Jw.roa (raw, json)
Hash identifier:          JdzmdB6Yw1EEixYlbi2OlJNyDFF6uk/A+LWmVNqQ7XY=
Subject key identifier:   90:0E:ED:F3:A5:61:1C:B7:F1:A5:97:A6:F7:FA:5F:9E:B7:C0:F0:9C
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       0194221F7CF3E513455B38E5629A4C9F832F
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/kA7t86VhHLfxpZem9_pfnrfA8Jw.roa
Signing time:             Wed 01 Jan 2025 13:47:56 +0000
ROA not before:           Wed 01 Jan 2025 13:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22351
IP address blocks:        88.151.225.0/24 maxlen: 24
                          88.151.226.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 19:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7c:f3:e5:13:45:5b:38:e5:62:9a:4c:9f:83:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: Jan  1 13:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=900eedf3a5611cb7f1a597a6f7fa5f9eb7c0f09c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a9:28:6c:25:87:92:36:30:d3:0e:78:9e:52:
                    62:e4:8f:84:53:23:c8:13:46:23:0e:f6:ac:86:62:
                    8a:ee:b2:a4:f2:6b:71:db:84:74:16:cf:81:26:c6:
                    19:75:a4:48:6b:50:7a:ab:11:8a:0c:83:c8:7f:bc:
                    91:c9:e9:52:6d:ba:5f:66:72:ce:e5:8b:ca:df:ad:
                    60:48:85:dd:9e:20:63:18:1c:5d:d3:0d:e8:cc:91:
                    0a:20:00:2a:56:f4:8f:63:3d:b6:ec:f2:b9:6b:61:
                    0c:1d:55:bc:1d:87:8f:30:10:1e:c2:a1:64:6f:ad:
                    cb:e9:50:99:3d:7d:a0:3e:ce:d9:d5:b5:df:08:81:
                    db:10:48:ba:f6:10:65:04:c3:98:01:04:15:a5:b6:
                    99:18:04:5b:3d:30:ff:7d:6a:c2:50:a9:58:71:2f:
                    d1:49:8b:ad:57:c8:b3:c6:bc:c7:1c:09:f9:78:fb:
                    2f:cb:9a:6a:de:e6:16:45:f5:eb:8d:8e:5c:51:df:
                    ea:ca:08:98:c1:8e:a4:63:3c:ab:7d:ae:eb:c5:5a:
                    fc:a7:c7:41:4d:99:3d:a8:7b:cc:c2:e6:23:17:27:
                    ce:7b:54:11:0a:e4:1b:a2:9d:90:8d:0c:76:82:a1:
                    47:bb:49:71:3a:b6:cf:19:90:ea:02:eb:f4:02:7a:
                    8a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:0E:ED:F3:A5:61:1C:B7:F1:A5:97:A6:F7:FA:5F:9E:B7:C0:F0:9C
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/kA7t86VhHLfxpZem9_pfnrfA8Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.225.0-88.151.227.255

    Signature Algorithm: sha256WithRSAEncryption
         24:2a:6f:4f:64:90:28:61:5d:fe:e1:6c:fb:c9:08:ad:24:88:
         fa:5f:81:11:85:26:37:00:af:dc:15:84:62:73:d4:07:44:22:
         56:46:3d:48:f4:a0:2f:0d:65:6c:ec:02:32:65:bc:97:f1:38:
         4a:e2:17:da:21:11:9c:af:2f:a5:1d:ff:f1:9c:c5:32:f4:16:
         1d:7e:37:ae:f9:af:b9:3f:0b:46:9f:6d:47:b9:2f:c8:6b:e8:
         8e:c6:75:76:02:62:4f:5c:ad:43:0e:ce:1c:77:10:02:14:3c:
         f2:cc:2e:85:fc:b6:c9:45:8e:b6:87:0f:eb:a6:c3:66:78:93:
         09:70:20:d1:a6:e5:2d:27:0c:84:b1:fa:1d:68:3e:fc:1a:7e:
         8a:d2:67:35:75:1e:54:d9:ce:7f:f1:02:2f:e0:4d:fd:a3:1d:
         85:4a:aa:28:c8:15:25:e2:16:4b:ef:46:a8:93:da:f7:f2:46:
         d5:37:96:82:66:0c:31:2d:9f:71:5c:8d:17:b0:d2:af:60:dd:
         bb:7b:da:ee:b7:00:c9:94:61:11:9f:70:01:26:22:ad:e8:46:
         cf:40:b2:05:e9:4f:bb:b7:43:48:a3:3c:28:01:bd:43:2b:25:
         be:ed:7b:63:21:05:bf:1f:22:cb:72:af:74:30:4d:a6:38:c9:
         17:ca:3d:d3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQiH3zz5RNFWzjlYppMn4MvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjUwMTAxMTM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDBlZWRmM2E1NjExY2I3ZjFhNTk3YTZmN2ZhNWY5ZWI3YzBmMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApakobCWHkjYw0w54nlJi5I+EUyPI
E0YjDvashmKK7rKk8mtx24R0Fs+BJsYZdaRIa1B6qxGKDIPIf7yRyelSbbpfZnLO
5YvK361gSIXdniBjGBxd0w3ozJEKIAAqVvSPYz227PK5a2EMHVW8HYePMBAewqFk
b63L6VCZPX2gPs7Z1bXfCIHbEEi69hBlBMOYAQQVpbaZGARbPTD/fWrCUKlYcS/R
SYutV8izxrzHHAn5ePsvy5pq3uYWRfXrjY5cUd/qygiYwY6kYzyrfa7rxVr8p8dB
TZk9qHvMwuYjFyfOe1QRCuQbop2QjQx2gqFHu0lxOrbPGZDqAuv0AnqKeQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJAO7fOlYRy38aWXpvf6X563wPCcMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEva0E3dDg2VmhITGZ4cFplbTlfcGZucmZBOEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABYl+ED
BAJYl+AwDQYJKoZIhvcNAQELBQADggEBACQqb09kkChhXf7hbPvJCK0kiPpfgRGF
JjcAr9wVhGJz1AdEIlZGPUj0oC8NZWzsAjJlvJfxOEriF9ohEZyvL6Ud//GcxTL0
Fh1+N675r7k/C0afbUe5L8hr6I7GdXYCYk9crUMOzhx3EAIUPPLMLoX8tslFjraH
D+umw2Z4kwlwINGm5S0nDISx+h1oPvwaforSZzV1HlTZzn/xAi/gTf2jHYVKqijI
FSXiFkvvRqiT2vfyRtU3loJmDDEtn3FcjRew0q9g3bt72u63AMmUYRGfcAEmIq3o
Rs9AsgXpT7u3Q0ijPCgBvUMrJb7te2MhBb8fIstyr3QwTaY4yRfKPdM=
-----END CERTIFICATE-----