Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/1UIx6z7jU4irLxLbnLzZBvRy3G4.roa
File:                     1UIx6z7jU4irLxLbnLzZBvRy3G4.roa (raw, json)
Hash identifier:          X1FeAQ5pR3l+YD3ZhmHac/oJWgd/xhCnXQiRD7DlUkU=
Subject key identifier:   D5:42:31:EB:3E:E3:53:88:AB:2F:12:DB:9C:BC:D9:06:F4:72:DC:6E
Certificate issuer:       /CN=8da02b1da4aa71e65b6fb9be23a6b208c25c57d8
Certificate serial:       0196D8EBAA15129B55937D78D7DF36A8A994
Authority key identifier: 8D:A0:2B:1D:A4:AA:71:E6:5B:6F:B9:BE:23:A6:B2:08:C2:5C:57:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jaArHaSqceZbb7m-I6ayCMJcV9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/1UIx6z7jU4irLxLbnLzZBvRy3G4.roa
Signing time:             Fri 16 May 2025 11:47:25 +0000
ROA not before:           Fri 16 May 2025 11:47:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208326
IP address blocks:        195.88.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/jaArHaSqceZbb7m-I6ayCMJcV9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/jaArHaSqceZbb7m-I6ayCMJcV9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jaArHaSqceZbb7m-I6ayCMJcV9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d8:eb:aa:15:12:9b:55:93:7d:78:d7:df:36:a8:a9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8da02b1da4aa71e65b6fb9be23a6b208c25c57d8
        Validity
            Not Before: May 16 11:47:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d54231eb3ee35388ab2f12db9cbcd906f472dc6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fc:43:72:ea:2f:4a:f0:3f:0c:5b:55:54:48:
                    28:f3:31:5b:d9:1d:10:5c:df:2b:3e:a4:18:7d:57:
                    4c:ab:ff:07:36:75:3f:2f:41:73:f4:1a:5e:9d:f7:
                    82:c7:10:d5:5a:16:32:d2:0c:c5:1a:61:41:8b:f6:
                    0e:e5:98:3e:a4:bb:c4:50:b3:31:ec:70:b7:45:59:
                    cc:0c:d4:18:3e:a8:a2:4d:9b:9a:16:78:fd:ac:5f:
                    5b:8c:87:8e:a3:57:ad:e9:93:34:14:61:0c:39:d2:
                    9c:90:f9:ff:7d:24:6b:28:eb:b4:c7:95:56:cf:f3:
                    42:cf:5b:b8:d0:d9:37:2d:3d:6b:be:78:80:50:4d:
                    75:86:d0:e8:8e:9e:d5:87:8d:12:8b:3f:cc:ab:9d:
                    44:8f:ed:5d:3d:72:6f:79:96:1e:15:a9:75:2b:63:
                    f0:81:a2:e7:3e:0d:e8:ae:59:58:9b:13:cc:bf:57:
                    53:d5:aa:6b:02:a7:c5:6a:ca:9b:01:76:80:b0:46:
                    1a:c9:a5:d7:4b:9d:6b:35:76:d7:9c:76:6a:04:8e:
                    72:f4:92:5c:45:14:4f:26:7b:30:06:ad:de:c6:42:
                    69:12:70:00:26:11:63:21:54:36:20:3b:a5:8a:1c:
                    7d:73:4f:dd:50:61:28:d6:24:72:dc:86:63:9e:e6:
                    3d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:42:31:EB:3E:E3:53:88:AB:2F:12:DB:9C:BC:D9:06:F4:72:DC:6E
            X509v3 Authority Key Identifier:
                keyid:8D:A0:2B:1D:A4:AA:71:E6:5B:6F:B9:BE:23:A6:B2:08:C2:5C:57:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jaArHaSqceZbb7m-I6ayCMJcV9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/1UIx6z7jU4irLxLbnLzZBvRy3G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/jaArHaSqceZbb7m-I6ayCMJcV9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:62:29:69:f9:d5:c6:4b:29:e5:9c:d1:8b:5a:a2:0c:05:18:
         c0:3b:72:ae:0d:9f:f8:63:e1:64:ae:ab:8c:00:67:86:e3:23:
         a2:5b:6c:8c:88:60:37:27:ea:4c:a4:48:ed:b6:6c:3b:ad:d1:
         90:ea:37:51:95:8e:c8:67:21:c8:29:4b:13:af:92:f7:98:b6:
         bb:d7:86:9d:c7:68:8d:ad:95:b0:fc:1c:bb:a4:18:d4:42:2d:
         f9:94:8c:80:10:48:07:7f:f4:ce:5e:1f:bb:1f:2f:af:5a:e1:
         76:e9:26:20:89:98:c7:3a:fa:0e:16:55:bc:2b:92:b5:fe:47:
         a6:d0:45:74:e9:82:98:f3:e6:a2:f9:d8:05:c4:40:7d:19:b7:
         5f:7d:21:c4:f2:91:c1:15:ca:38:c2:2a:09:66:76:24:c9:18:
         e4:e2:9d:15:97:fa:ac:09:cf:9b:3c:94:c1:39:ee:c6:bf:fd:
         37:d1:d8:15:0c:6d:94:ce:c0:e0:a3:bf:88:52:fd:9c:70:9f:
         a1:5a:5d:00:9f:d1:22:00:45:11:7d:04:5e:a4:a4:af:c5:53:
         0b:c9:36:db:75:b9:bc:57:34:1c:34:56:60:17:97:c4:f1:c0:
         89:bc:2c:52:77:0f:e6:5d:a6:2a:d9:5b:a1:02:8a:21:b7:39:
         a6:bd:de:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbY66oVEptVk3141982qKmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYTAyYjFkYTRhYTcxZTY1YjZmYjliZTIzYTZiMjA4YzI1
YzU3ZDgwHhcNMjUwNTE2MTE0NzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQyMzFlYjNlZTM1Mzg4YWIyZjEyZGI5Y2JjZDkwNmY0NzJkYzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvxDcuovSvA/DFtVVEgo8zFb2R0Q
XN8rPqQYfVdMq/8HNnU/L0Fz9BpenfeCxxDVWhYy0gzFGmFBi/YO5Zg+pLvEULMx
7HC3RVnMDNQYPqiiTZuaFnj9rF9bjIeOo1et6ZM0FGEMOdKckPn/fSRrKOu0x5VW
z/NCz1u40Nk3LT1rvniAUE11htDojp7Vh40Siz/Mq51Ej+1dPXJveZYeFal1K2Pw
gaLnPg3orllYmxPMv1dT1aprAqfFasqbAXaAsEYayaXXS51rNXbXnHZqBI5y9JJc
RRRPJnswBq3exkJpEnAAJhFjIVQ2IDulihx9c0/dUGEo1iRy3IZjnuY9xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVCMes+41OIqy8S25y82Qb0ctxuMB8GA1UdIwQY
MBaAFI2gKx2kqnHmW2+5viOmsgjCXFfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamFBckhhU3FjZVpiYjdtLUk2YXlDTUpjVjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kYmE2YzUtMjBlNS00MDczLTg1M2Et
YzllMjlkZWJhMjQ0LzEvMVVJeDZ6N2pVNGlyTHhMYm5MelpCdlJ5M0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kYmE2YzUtMjBlNS00MDczLTg1M2EtYzllMjlkZWJhMjQ0
LzEvamFBckhhU3FjZVpiYjdtLUk2YXlDTUpjVjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1gTMA0G
CSqGSIb3DQEBCwUAA4IBAQA0Yilp+dXGSynlnNGLWqIMBRjAO3KuDZ/4Y+FkrquM
AGeG4yOiW2yMiGA3J+pMpEjttmw7rdGQ6jdRlY7IZyHIKUsTr5L3mLa714adx2iN
rZWw/By7pBjUQi35lIyAEEgHf/TOXh+7Hy+vWuF26SYgiZjHOvoOFlW8K5K1/kem
0EV06YKY8+ai+dgFxEB9GbdffSHE8pHBFco4wioJZnYkyRjk4p0Vl/qsCc+bPJTB
Oe7Gv/030dgVDG2UzsDgo7+IUv2ccJ+hWl0An9EiAEURfQRepKSvxVMLyTbbdbm8
VzQcNFZgF5fE8cCJvCxSdw/mXaYq2VuhAoohtzmmvd72
-----END CERTIFICATE-----