Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/8664bf-e96a-4c0f-8be3-e72e9b4b7658/1/7XMrXBUl5guh00C3od83p0sdL2E.roa
File:                     7XMrXBUl5guh00C3od83p0sdL2E.roa (raw, json)
Hash identifier:          s4K7G9zJkdgY7spJ3jJ5e9+1XNKqCaxgKeKuHtLUBSY=
Subject key identifier:   ED:73:2B:5C:15:25:E6:0B:A1:D3:40:B7:A1:DF:37:A7:4B:1D:2F:61
Certificate issuer:       /CN=5b8b26c532fbc52b5de672ab35761d1c7d97eb26
Certificate serial:       0196F2552D4EC6E5C087B0A5FEBBAD7F19C9
Authority key identifier: 5B:8B:26:C5:32:FB:C5:2B:5D:E6:72:AB:35:76:1D:1C:7D:97:EB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W4smxTL7xStd5nKrNXYdHH2X6yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/8664bf-e96a-4c0f-8be3-e72e9b4b7658/1/7XMrXBUl5guh00C3od83p0sdL2E.roa
Signing time:             Wed 21 May 2025 10:13:10 +0000
ROA not before:           Wed 21 May 2025 10:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43268
IP address blocks:        188.190.96.0/22 maxlen: 22
                          188.190.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/8664bf-e96a-4c0f-8be3-e72e9b4b7658/1/W4smxTL7xStd5nKrNXYdHH2X6yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/8664bf-e96a-4c0f-8be3-e72e9b4b7658/1/W4smxTL7xStd5nKrNXYdHH2X6yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W4smxTL7xStd5nKrNXYdHH2X6yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:55:2d:4e:c6:e5:c0:87:b0:a5:fe:bb:ad:7f:19:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8b26c532fbc52b5de672ab35761d1c7d97eb26
        Validity
            Not Before: May 21 10:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed732b5c1525e60ba1d340b7a1df37a74b1d2f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f6:3b:f3:b7:25:00:7b:0b:8c:c2:e3:2e:2f:
                    9a:99:af:ca:2e:1a:35:b7:d5:94:f3:5a:17:21:ac:
                    70:8e:41:53:5f:ae:3b:97:4a:d3:c6:28:b3:97:ce:
                    24:1c:3a:f9:af:b7:d0:52:87:8b:0b:b5:56:af:f7:
                    ea:61:52:94:33:5f:b1:a9:de:7b:5b:c7:08:5e:29:
                    a5:79:42:ce:ea:e7:cc:42:9d:d5:1d:33:56:7a:b0:
                    a1:fd:4e:e6:20:bd:eb:22:fe:de:49:53:45:04:c4:
                    77:ac:91:da:f2:d7:96:b0:ca:6c:a2:9f:c4:99:f0:
                    71:e2:aa:6d:d2:67:24:53:de:c1:77:1c:d9:d7:ad:
                    c4:75:eb:ec:92:1c:9e:59:99:00:ec:fb:8d:e6:52:
                    33:a6:0a:21:57:c1:e2:ea:f7:80:31:a6:5b:3c:ad:
                    16:10:c5:d7:6c:9a:61:7c:8b:77:de:e0:a5:3a:17:
                    11:ae:2f:ad:41:3d:f0:14:3f:66:df:3e:e9:89:b6:
                    1b:0c:03:51:0b:32:1d:4e:19:10:42:35:6c:ef:2b:
                    8f:4a:42:e6:97:b4:ac:ae:fe:36:2c:a5:67:ea:ca:
                    5a:bb:4a:94:0d:e8:d9:81:e5:89:c3:03:48:31:3f:
                    98:26:8e:fe:b6:10:3c:d9:45:81:62:ea:22:4c:90:
                    f8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:73:2B:5C:15:25:E6:0B:A1:D3:40:B7:A1:DF:37:A7:4B:1D:2F:61
            X509v3 Authority Key Identifier:
                keyid:5B:8B:26:C5:32:FB:C5:2B:5D:E6:72:AB:35:76:1D:1C:7D:97:EB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W4smxTL7xStd5nKrNXYdHH2X6yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/8664bf-e96a-4c0f-8be3-e72e9b4b7658/1/7XMrXBUl5guh00C3od83p0sdL2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/8664bf-e96a-4c0f-8be3-e72e9b4b7658/1/W4smxTL7xStd5nKrNXYdHH2X6yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:12:ed:23:98:fc:fc:d9:ed:2e:32:fc:ad:b8:45:c4:d6:8f:
         f9:30:2c:b1:01:bb:b6:18:7d:d1:4c:59:3e:8f:e6:00:bb:95:
         73:32:74:78:b2:00:e1:d8:61:76:33:5a:ca:7b:e1:48:9c:02:
         20:32:77:c8:e3:26:81:63:36:31:94:b8:a3:70:c9:95:43:66:
         ca:b1:dd:8a:d1:c8:b2:ac:58:7b:3e:32:82:24:07:51:a7:c4:
         9f:69:00:11:bb:55:76:cc:e7:0a:7c:2a:85:a0:0a:e9:52:97:
         a0:bc:35:86:fa:fd:71:b1:51:59:f9:44:e9:41:d0:1a:e1:98:
         00:f2:1d:20:f8:bb:fc:e9:f9:d5:c8:99:59:90:67:27:ad:db:
         ad:2d:44:4d:16:62:38:62:ff:2d:60:1d:4b:1f:17:ef:af:5c:
         e1:5e:85:e9:9b:de:63:1a:c6:67:18:1b:2f:68:7b:19:40:5b:
         a0:c5:a7:e7:8d:47:30:b1:b2:56:73:89:52:a7:ff:0a:04:e1:
         e5:ae:ad:9b:62:9e:fa:dc:27:43:3f:da:81:f8:e3:4a:7c:f6:
         f4:88:b9:33:c5:d8:29:b3:b4:a0:03:a4:03:d6:03:a3:8d:ee:
         ca:94:28:03:5c:83:cd:3e:e7:6a:54:bf:ae:ef:bf:a9:00:d6:
         5f:a9:72:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbyVS1OxuXAh7Cl/rutfxnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOGIyNmM1MzJmYmM1MmI1ZGU2NzJhYjM1NzYxZDFjN2Q5
N2ViMjYwHhcNMjUwNTIxMTAxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDczMmI1YzE1MjVlNjBiYTFkMzQwYjdhMWRmMzdhNzRiMWQyZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPY787clAHsLjMLjLi+ama/KLho1
t9WU81oXIaxwjkFTX647l0rTxiizl84kHDr5r7fQUoeLC7VWr/fqYVKUM1+xqd57
W8cIXimleULO6ufMQp3VHTNWerCh/U7mIL3rIv7eSVNFBMR3rJHa8teWsMpsop/E
mfBx4qpt0mckU97BdxzZ163EdevskhyeWZkA7PuN5lIzpgohV8Hi6veAMaZbPK0W
EMXXbJphfIt33uClOhcRri+tQT3wFD9m3z7pibYbDANRCzIdThkQQjVs7yuPSkLm
l7Ssrv42LKVn6spau0qUDejZgeWJwwNIMT+YJo7+thA82UWBYuoiTJD4BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1zK1wVJeYLodNAt6HfN6dLHS9hMB8GA1UdIwQY
MBaAFFuLJsUy+8UrXeZyqzV2HRx9l+smMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzRzbXhUTDd4U3RkNW5Lck5YWWRISDJYNnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC84NjY0YmYtZTk2YS00YzBmLThiZTMt
ZTcyZTliNGI3NjU4LzEvN1hNclhCVWw1Z3VoMDBDM29kODNwMHNkTDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC84NjY0YmYtZTk2YS00YzBmLThiZTMtZTcyZTliNGI3NjU4
LzEvVzRzbXhUTDd4U3RkNW5Lck5YWWRISDJYNnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvL5gMA0G
CSqGSIb3DQEBCwUAA4IBAQBLEu0jmPz82e0uMvytuEXE1o/5MCyxAbu2GH3RTFk+
j+YAu5VzMnR4sgDh2GF2M1rKe+FInAIgMnfI4yaBYzYxlLijcMmVQ2bKsd2K0ciy
rFh7PjKCJAdRp8SfaQARu1V2zOcKfCqFoArpUpegvDWG+v1xsVFZ+UTpQdAa4ZgA
8h0g+Lv86fnVyJlZkGcnrdutLURNFmI4Yv8tYB1LHxfvr1zhXoXpm95jGsZnGBsv
aHsZQFugxafnjUcwsbJWc4lSp/8KBOHlrq2bYp763CdDP9qB+ONKfPb0iLkzxdgp
s7SgA6QD1gOjje7KlCgDXIPNPudqVL+u77+pANZfqXKl
-----END CERTIFICATE-----