Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/IKYkPycoZ16me6Kb0OaEhELdyLo.roa
File:                     IKYkPycoZ16me6Kb0OaEhELdyLo.roa (raw, json)
Hash identifier:          Um/+K1DsE/fHN8bVJfVKmH+mN7B9+NKyvrFzBu4jUT0=
Subject key identifier:   20:A6:24:3F:27:28:67:5E:A6:7B:A2:9B:D0:E6:84:84:42:DD:C8:BA
Certificate issuer:       /CN=f75b02a29c766e5b13b3eb176a971c12dde1d4ce
Certificate serial:       0194228D24A9FCC493826D6843EC49C4679F
Authority key identifier: F7:5B:02:A2:9C:76:6E:5B:13:B3:EB:17:6A:97:1C:12:DD:E1:D4:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/91sCopx2blsTs-sXapccEt3h1M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/IKYkPycoZ16me6Kb0OaEhELdyLo.roa
Signing time:             Wed 01 Jan 2025 15:47:42 +0000
ROA not before:           Wed 01 Jan 2025 15:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39145
IP address blocks:        88.82.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/91sCopx2blsTs-sXapccEt3h1M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/91sCopx2blsTs-sXapccEt3h1M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/91sCopx2blsTs-sXapccEt3h1M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 15:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:24:a9:fc:c4:93:82:6d:68:43:ec:49:c4:67:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75b02a29c766e5b13b3eb176a971c12dde1d4ce
        Validity
            Not Before: Jan  1 15:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20a6243f2728675ea67ba29bd0e6848442ddc8ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:69:4b:5f:6b:bc:33:d1:4a:b4:05:3c:2b:88:
                    af:3b:51:af:f0:3f:81:df:7a:7c:4e:1f:21:3f:e2:
                    32:76:4c:5f:3c:7e:48:33:d6:97:c5:fc:79:c4:b6:
                    e5:9a:9f:81:26:cf:c0:dc:dc:eb:f6:17:7c:e5:19:
                    b4:54:c4:cf:2a:db:0c:5c:88:56:3b:c3:40:45:40:
                    ef:f6:88:7f:ac:b8:2e:60:44:c3:05:67:1a:cb:13:
                    38:47:2b:f2:be:53:f0:c6:89:2d:d2:0d:79:37:bf:
                    d7:65:c6:dd:51:bb:75:49:1a:26:06:e5:7d:93:76:
                    a3:40:5e:db:c5:f8:06:b1:29:19:b6:ac:64:be:b9:
                    07:1d:f8:ae:db:47:b1:6c:3d:90:42:a5:73:60:55:
                    fd:7b:2c:77:70:b8:0f:4c:3f:23:1e:ba:48:4c:23:
                    d5:c7:db:20:4e:89:a2:bf:8a:8e:41:12:a7:24:24:
                    49:9d:51:85:cf:11:57:68:a0:bb:75:64:0f:3a:df:
                    a1:4f:b1:33:04:8f:c4:84:cb:ad:94:91:f7:3b:82:
                    5a:5c:23:b0:5d:de:e2:a9:b3:93:1b:10:32:2f:fd:
                    a5:05:7f:b2:37:d7:a4:39:8b:6f:b9:a9:e8:7b:39:
                    08:c1:98:90:29:e2:2f:31:9e:d2:0f:53:23:e8:28:
                    9a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A6:24:3F:27:28:67:5E:A6:7B:A2:9B:D0:E6:84:84:42:DD:C8:BA
            X509v3 Authority Key Identifier:
                keyid:F7:5B:02:A2:9C:76:6E:5B:13:B3:EB:17:6A:97:1C:12:DD:E1:D4:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/91sCopx2blsTs-sXapccEt3h1M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/IKYkPycoZ16me6Kb0OaEhELdyLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/91sCopx2blsTs-sXapccEt3h1M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.82.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0d:20:95:ad:f9:53:d1:3f:6e:a1:39:27:2b:64:f6:5e:42:ab:
         ef:3c:c7:91:f3:8b:ee:40:cc:08:ce:e2:ef:48:b1:be:f7:21:
         4e:9e:c5:a3:b2:c9:8b:3c:b9:31:97:38:7b:20:5e:01:2e:57:
         dc:62:1e:8e:85:12:eb:1e:2b:d4:96:c4:ed:11:f7:2c:a5:25:
         62:67:dd:b4:bd:40:c7:e2:2d:da:59:58:31:9b:94:df:d8:c9:
         f1:d1:a7:f5:28:ed:2e:29:15:8a:d6:2b:d0:96:5b:de:95:38:
         4a:18:00:ca:30:f4:49:87:79:d0:41:79:0b:bf:2a:98:69:8c:
         4d:9e:13:d2:30:65:52:a6:41:06:2b:8f:87:77:35:3d:09:a6:
         b4:c0:e5:9d:56:78:4e:09:6e:d5:15:9c:29:db:7c:17:9c:01:
         5a:ac:03:8a:c8:fd:9a:19:85:64:4a:eb:23:b7:4d:d2:34:6e:
         6f:ce:a8:fa:fe:f3:d4:58:0e:64:a8:7c:71:9d:a2:8e:06:d1:
         5d:5f:93:65:83:a8:7d:61:6f:42:02:a1:07:6d:a5:e7:18:ba:
         b5:2f:d5:ea:2e:a3:fd:cb:d3:63:a2:42:e1:63:fc:f9:13:39:
         9a:ae:19:5a:b7:25:f4:ea:18:e2:44:e0:37:9f:ff:35:c8:72:
         2c:b6:5b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSSp/MSTgm1oQ+xJxGefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWIwMmEyOWM3NjZlNWIxM2IzZWIxNzZhOTcxYzEyZGRl
MWQ0Y2UwHhcNMjUwMTAxMTU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE2MjQzZjI3Mjg2NzVlYTY3YmEyOWJkMGU2ODQ4NDQyZGRjOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mlLX2u8M9FKtAU8K4ivO1Gv8D+B
33p8Th8hP+IydkxfPH5IM9aXxfx5xLblmp+BJs/A3Nzr9hd85Rm0VMTPKtsMXIhW
O8NARUDv9oh/rLguYETDBWcayxM4RyvyvlPwxokt0g15N7/XZcbdUbt1SRomBuV9
k3ajQF7bxfgGsSkZtqxkvrkHHfiu20exbD2QQqVzYFX9eyx3cLgPTD8jHrpITCPV
x9sgTomiv4qOQRKnJCRJnVGFzxFXaKC7dWQPOt+hT7EzBI/EhMutlJH3O4JaXCOw
Xd7iqbOTGxAyL/2lBX+yN9ekOYtvuanoezkIwZiQKeIvMZ7SD1Mj6CiaOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCmJD8nKGdepnuim9DmhIRC3ci6MB8GA1UdIwQY
MBaAFPdbAqKcdm5bE7PrF2qXHBLd4dTOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTFzQ29weDJibHNUcy1zWGFwY2NFdDNoMU00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8wYTlmZjItN2RmOC00M2YzLWEzMWYt
YmNkYmI1NDJjYjVhLzEvSUtZa1B5Y29aMTZtZTZLYjBPYUVoRUxkeUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8wYTlmZjItN2RmOC00M2YzLWEzMWYtYmNkYmI1NDJjYjVh
LzEvOTFzQ29weDJibHNUcy1zWGFwY2NFdDNoMU00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWFJgMA0G
CSqGSIb3DQEBCwUAA4IBAQANIJWt+VPRP26hOScrZPZeQqvvPMeR84vuQMwIzuLv
SLG+9yFOnsWjssmLPLkxlzh7IF4BLlfcYh6OhRLrHivUlsTtEfcspSViZ920vUDH
4i3aWVgxm5Tf2Mnx0af1KO0uKRWK1ivQllvelThKGADKMPRJh3nQQXkLvyqYaYxN
nhPSMGVSpkEGK4+HdzU9Caa0wOWdVnhOCW7VFZwp23wXnAFarAOKyP2aGYVkSusj
t03SNG5vzqj6/vPUWA5kqHxxnaKOBtFdX5Nlg6h9YW9CAqEHbaXnGLq1L9XqLqP9
y9NjokLhY/z5EzmarhlatyX06hjiROA3n/81yHIstlt1
-----END CERTIFICATE-----