Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/160AKuSKxBERiP_kGuzYZNAR-SU.roa
File:                     160AKuSKxBERiP_kGuzYZNAR-SU.roa (raw, json)
Hash identifier:          VrqhjCUmjGynMUhAAPf5VeBlvmqIonSA2s8ZD3SG7nk=
Subject key identifier:   D7:AD:00:2A:E4:8A:C4:11:11:88:FF:E4:1A:EC:D8:64:D0:11:F9:25
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0196C9FEF3164E67124F1CB7B156247D5CA9
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/160AKuSKxBERiP_kGuzYZNAR-SU.roa
Signing time:             Tue 13 May 2025 14:14:10 +0000
ROA not before:           Tue 13 May 2025 14:14:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21299
IP address blocks:        188.130.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:fe:f3:16:4e:67:12:4f:1c:b7:b1:56:24:7d:5c:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: May 13 14:14:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7ad002ae48ac4111188ffe41aecd864d011f925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:84:68:67:f7:67:c2:9d:0c:bf:f8:70:0b:69:
                    98:87:83:e1:50:97:12:21:69:28:b3:45:2d:ee:47:
                    8a:b4:26:69:39:bc:6a:95:eb:9b:9c:38:09:14:3e:
                    90:0e:8e:41:78:78:b9:d6:d9:22:20:0d:b0:66:a8:
                    27:53:51:b3:99:0b:ca:cf:a0:16:cd:4f:e9:6e:cb:
                    a3:69:63:98:66:df:01:c9:58:58:32:70:bb:2f:f6:
                    ae:94:e2:4d:55:48:f8:dc:0c:8a:a6:76:a8:17:02:
                    52:f0:24:e9:3b:58:7b:9b:9a:ff:80:78:a4:f3:74:
                    8b:8c:7a:6f:b5:dc:52:21:f0:02:34:03:79:ec:dc:
                    89:e7:90:43:9a:d2:70:92:d6:9c:e8:da:17:37:c3:
                    e6:85:4c:9e:f7:33:e3:ab:61:4a:f2:00:e7:f8:63:
                    6c:5b:71:d9:4d:b1:07:39:2a:4e:53:0a:40:a3:c0:
                    d3:c8:75:3f:a4:6a:4a:3b:5b:23:e7:92:47:e7:9e:
                    9c:d9:6b:3a:8c:15:04:42:97:86:b5:15:3e:96:cf:
                    02:3f:ba:57:07:b3:e8:a9:d3:6a:e0:66:77:01:2f:
                    54:19:3a:11:cd:31:c3:22:b2:ce:97:75:3d:5e:e0:
                    b2:21:6d:ec:9f:8a:0b:9b:54:17:34:4c:68:8e:9a:
                    fc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:AD:00:2A:E4:8A:C4:11:11:88:FF:E4:1A:EC:D8:64:D0:11:F9:25
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/160AKuSKxBERiP_kGuzYZNAR-SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:4d:30:54:51:b5:56:26:0e:55:50:8d:91:c1:e8:42:a6:87:
         7a:6a:cb:3f:f9:c2:e6:8c:61:c1:9f:cd:23:9d:7f:65:6b:27:
         c5:16:06:b4:44:a4:1d:2a:17:6b:a1:66:8e:79:8b:3c:09:8e:
         f8:8e:49:da:ae:c8:6e:f5:77:76:b6:c5:2b:cf:a4:9e:9c:15:
         1c:23:48:e5:5d:2b:9d:9b:d6:14:6b:3e:b0:71:2f:e7:5c:47:
         89:2c:c3:30:fe:b4:21:d4:4b:c2:40:8b:85:c5:f4:06:70:46:
         8a:7c:ad:cd:62:83:e7:f2:86:b1:66:74:c2:2f:3d:71:79:e8:
         98:8b:47:b5:de:d2:c6:86:95:f7:71:dc:1e:ea:fa:02:de:b9:
         d6:ca:2b:be:10:2e:1f:77:34:ee:9b:09:16:da:c4:6a:ba:3b:
         2f:48:62:bd:ed:2a:3a:aa:a1:ba:40:8f:11:c5:a9:30:cf:42:
         e4:7e:2b:be:df:25:62:a4:66:80:99:d1:12:f0:95:be:c1:06:
         8b:85:25:8f:4b:80:2d:1d:c3:fe:ec:cb:0b:03:f3:15:85:e5:
         84:1a:c3:c2:1f:1f:84:70:62:cf:8a:9b:ed:6a:27:9c:36:c2:
         8a:6f:53:0f:f0:27:2d:d1:ee:89:bd:8a:b4:5b:c3:2e:15:72:
         5e:92:3e:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJ/vMWTmcSTxy3sVYkfVypMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwNTEzMTQxNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2FkMDAyYWU0OGFjNDExMTE4OGZmZTQxYWVjZDg2NGQwMTFmOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYRoZ/dnwp0Mv/hwC2mYh4PhUJcS
IWkos0Ut7keKtCZpObxqleubnDgJFD6QDo5BeHi51tkiIA2wZqgnU1GzmQvKz6AW
zU/pbsujaWOYZt8ByVhYMnC7L/aulOJNVUj43AyKpnaoFwJS8CTpO1h7m5r/gHik
83SLjHpvtdxSIfACNAN57NyJ55BDmtJwktac6NoXN8PmhUye9zPjq2FK8gDn+GNs
W3HZTbEHOSpOUwpAo8DTyHU/pGpKO1sj55JH556c2Ws6jBUEQpeGtRU+ls8CP7pX
B7PoqdNq4GZ3AS9UGToRzTHDIrLOl3U9XuCyIW3sn4oLm1QXNExojpr8uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNetACrkisQREYj/5Brs2GTQEfklMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvMTYwQUt1U0t4QkVSaVBfa0d1ellaTkFSLVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIL2MA0G
CSqGSIb3DQEBCwUAA4IBAQAYTTBUUbVWJg5VUI2RwehCpod6ass/+cLmjGHBn80j
nX9layfFFga0RKQdKhdroWaOeYs8CY74jknarshu9Xd2tsUrz6SenBUcI0jlXSud
m9YUaz6wcS/nXEeJLMMw/rQh1EvCQIuFxfQGcEaKfK3NYoPn8oaxZnTCLz1xeeiY
i0e13tLGhpX3cdwe6voC3rnWyiu+EC4fdzTumwkW2sRqujsvSGK97So6qqG6QI8R
xakwz0Lkfiu+3yVipGaAmdES8JW+wQaLhSWPS4AtHcP+7MsLA/MVheWEGsPCHx+E
cGLPipvtaiecNsKKb1MP8Cct0e6JvYq0W8MuFXJekj7R
-----END CERTIFICATE-----