Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/55oEGc9wLBudjHdeETchWhH9KZs.roa
File:                     55oEGc9wLBudjHdeETchWhH9KZs.roa (raw, json)
Hash identifier:          e/bZCMCznr4+DAbZzAUkF91dpIh94nDv2OFOzeUq53o=
Subject key identifier:   E7:9A:04:19:CF:70:2C:1B:9D:8C:77:5E:11:37:21:5A:11:FD:29:9B
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0195CECBFDE22718D95D4D41228DF33AAAEE
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/55oEGc9wLBudjHdeETchWhH9KZs.roa
Signing time:             Tue 25 Mar 2025 19:33:49 +0000
ROA not before:           Tue 25 Mar 2025 19:33:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213274
IP address blocks:        188.132.216.0/24 maxlen: 24
                          188.132.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ce:cb:fd:e2:27:18:d9:5d:4d:41:22:8d:f3:3a:aa:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Mar 25 19:33:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e79a0419cf702c1b9d8c775e1137215a11fd299b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b8:b9:01:6c:c6:33:7f:d2:18:93:b7:e4:d8:
                    bf:94:1e:d7:3d:95:30:9d:c0:7a:38:54:78:ea:9a:
                    07:0d:ac:fb:ca:5a:7c:6b:67:a6:0c:22:7a:b9:4b:
                    99:c9:73:f8:e0:b5:74:43:9a:b9:7c:be:fd:6e:12:
                    26:5f:d4:e3:42:48:6d:63:7e:2f:aa:c5:c0:ba:4b:
                    ed:4c:1d:0c:4d:49:45:4a:60:0b:58:92:1d:5f:7c:
                    5b:64:3f:0e:b0:28:07:6b:ac:33:2e:81:c0:38:ef:
                    99:2a:ca:a5:eb:32:61:ff:64:28:93:ed:fa:a9:56:
                    89:ca:a4:9d:c2:0c:d7:b3:b8:90:7a:ec:5b:8a:68:
                    c8:f6:e2:33:26:05:fe:ba:94:41:95:85:d1:43:23:
                    6c:31:5b:be:d2:e9:a9:d9:ad:84:9e:11:b4:7e:38:
                    c4:d1:91:ea:76:12:4c:9e:10:0c:a4:31:63:c0:d5:
                    8d:7c:d6:7b:51:e4:83:82:10:c3:a3:c3:b2:73:04:
                    8e:ce:79:0e:ec:fa:01:27:dc:43:85:a7:e6:4f:40:
                    d7:56:51:cb:2d:d5:bd:e4:ec:33:e2:f8:25:56:a6:
                    cb:93:a1:48:12:ab:0d:26:3b:57:86:ec:a8:e9:6e:
                    d2:60:1b:31:56:4d:b0:ba:8f:04:31:31:70:05:c0:
                    00:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9A:04:19:CF:70:2C:1B:9D:8C:77:5E:11:37:21:5A:11:FD:29:9B
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/55oEGc9wLBudjHdeETchWhH9KZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:a0:c1:39:d2:03:f7:a5:7e:bc:0d:2b:14:fb:ef:a7:10:75:
         2b:4d:f4:b8:81:92:d8:e3:6b:3e:2e:54:e1:2a:91:0a:9f:7b:
         64:de:94:a6:8e:7e:15:c9:cf:08:50:0d:35:fe:5a:94:d2:71:
         77:56:b4:12:01:43:d7:8c:87:d1:c0:41:2a:10:79:5c:46:17:
         98:73:eb:7b:ff:25:13:ee:eb:3f:fc:61:d4:f5:00:60:72:ae:
         d4:9d:eb:3b:55:8f:f4:d9:01:67:d4:da:ac:c2:7c:37:dd:a4:
         3a:df:08:31:e9:ff:f7:64:e8:f6:e7:0d:7e:ac:48:25:0b:a7:
         09:01:fa:55:7d:45:b0:f9:5a:f3:b6:e1:5a:9d:18:69:ee:fa:
         55:9a:dd:1c:95:f5:2a:2f:7f:06:b9:fd:d2:84:82:23:31:08:
         6d:13:c2:3a:3f:b9:5e:57:7a:12:83:b1:d1:2e:20:85:de:ba:
         1a:e8:b6:42:b6:c2:9e:ca:77:f6:d6:ea:8a:bd:1c:b8:bd:1a:
         f9:c4:a0:cb:21:96:2b:eb:c0:7a:e9:0c:d3:02:0a:48:74:1d:
         f6:a9:ae:a8:21:e0:18:a1:b2:5d:0a:54:e3:b9:a1:c3:08:85:
         b4:cf:85:ed:4f:86:94:58:12:bb:a1:6f:a0:80:86:d8:f4:28:
         2d:ad:ad:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXOy/3iJxjZXU1BIo3zOqruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMzI1MTkzMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzlhMDQxOWNmNzAyYzFiOWQ4Yzc3NWUxMTM3MjE1YTExZmQyOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkri5AWzGM3/SGJO35Ni/lB7XPZUw
ncB6OFR46poHDaz7ylp8a2emDCJ6uUuZyXP44LV0Q5q5fL79bhImX9TjQkhtY34v
qsXAukvtTB0MTUlFSmALWJIdX3xbZD8OsCgHa6wzLoHAOO+ZKsql6zJh/2Qok+36
qVaJyqSdwgzXs7iQeuxbimjI9uIzJgX+upRBlYXRQyNsMVu+0ump2a2EnhG0fjjE
0ZHqdhJMnhAMpDFjwNWNfNZ7UeSDghDDo8OycwSOznkO7PoBJ9xDhafmT0DXVlHL
LdW95Owz4vglVqbLk6FIEqsNJjtXhuyo6W7SYBsxVk2wuo8EMTFwBcAA3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeaBBnPcCwbnYx3XhE3IVoR/SmbMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvNTVvRUdjOXdMQnVkakhkZUVUY2hXaEg5S1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvITYMA0G
CSqGSIb3DQEBCwUAA4IBAQCNoME50gP3pX68DSsU+++nEHUrTfS4gZLY42s+LlTh
KpEKn3tk3pSmjn4Vyc8IUA01/lqU0nF3VrQSAUPXjIfRwEEqEHlcRheYc+t7/yUT
7us//GHU9QBgcq7Unes7VY/02QFn1Nqswnw33aQ63wgx6f/3ZOj25w1+rEglC6cJ
AfpVfUWw+VrztuFanRhp7vpVmt0clfUqL38Guf3ShIIjMQhtE8I6P7leV3oSg7HR
LiCF3roa6LZCtsKeynf21uqKvRy4vRr5xKDLIZYr68B66QzTAgpIdB32qa6oIeAY
obJdClTjuaHDCIW0z4XtT4aUWBK7oW+ggIbY9Cgtra36
-----END CERTIFICATE-----