Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1kMDe5Xm6sJaRrAD3zP-ZkxyEsk.roa
File:                     1kMDe5Xm6sJaRrAD3zP-ZkxyEsk.roa (raw, json)
Hash identifier:          ljEzvlPIQ8PQL8sFj3dQ/5Ng1dGLgmWnxmyMh+TaQbg=
Subject key identifier:   D6:43:03:7B:95:E6:EA:C2:5A:46:B0:03:DF:33:FE:66:4C:72:12:C9
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747CF7E24B592DCFEC6E3ECC2FECFDD
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1kMDe5Xm6sJaRrAD3zP-ZkxyEsk.roa
Signing time:             Thu 02 Jan 2025 13:50:05 +0000
ROA not before:           Thu 02 Jan 2025 13:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204846
IP address blocks:        188.130.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:cf:7e:24:b5:92:dc:fe:c6:e3:ec:c2:fe:cf:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d643037b95e6eac25a46b003df33fe664c7212c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e0:09:4b:5a:68:a7:28:fc:a2:95:4a:ea:06:
                    d1:46:77:88:cd:12:db:80:0d:32:dc:f9:26:f3:5d:
                    6e:53:71:fc:a3:42:14:2a:02:e5:46:9c:6e:45:16:
                    5b:44:d2:8a:9b:36:b8:bf:37:04:12:c4:61:61:7d:
                    fa:f9:2e:7d:7e:0e:01:9a:a9:7e:eb:be:52:f4:6d:
                    02:09:7a:6c:c6:8e:0a:47:24:f9:10:29:ef:0d:cb:
                    bf:a3:a8:a8:49:1a:b8:7c:50:46:ef:28:ac:d6:a1:
                    9f:bc:fc:d7:09:6c:ca:5d:87:69:19:09:5b:5b:a0:
                    95:32:5f:2d:0d:c2:a4:9f:f0:22:bc:ad:67:6d:26:
                    12:c4:5d:66:28:58:ab:19:f7:ec:96:1f:7f:62:87:
                    28:b6:d5:d4:df:ac:ae:9a:15:36:65:6b:28:c7:b8:
                    b6:ae:e1:6c:9c:55:45:16:f5:98:47:ce:cf:76:cd:
                    77:5f:0b:bd:b5:53:d5:d9:9e:6e:75:d3:64:af:9a:
                    bf:5a:be:ae:0c:df:96:41:5e:c7:e8:e3:ab:7c:17:
                    f3:39:f7:a6:5c:a5:e1:54:c5:9f:da:68:6b:b3:40:
                    90:17:84:62:54:52:0b:18:91:75:8c:aa:1d:c2:8e:
                    ec:dc:da:c5:13:ca:6e:24:47:8d:59:9d:ad:e8:8f:
                    5a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:43:03:7B:95:E6:EA:C2:5A:46:B0:03:DF:33:FE:66:4C:72:12:C9
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1kMDe5Xm6sJaRrAD3zP-ZkxyEsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:7c:be:b0:00:09:f7:37:d1:a4:ea:9a:99:36:2a:3c:f7:ae:
         a6:09:d2:d3:4e:46:b5:16:b5:8b:71:51:ee:32:5a:f7:69:e9:
         14:17:bb:59:18:bc:07:bf:74:39:7b:c5:fe:be:88:30:f4:7b:
         d1:da:23:a9:39:19:10:93:fd:26:1d:47:0c:79:23:03:19:fd:
         40:5c:d7:9d:76:67:fb:b1:cf:e5:70:f7:ed:51:19:29:83:25:
         06:c6:29:85:d5:35:37:56:ed:2e:99:81:3a:34:50:4d:4a:55:
         ea:85:19:79:bc:1a:ca:92:89:94:9a:a1:8e:70:01:e0:5e:57:
         ae:b9:37:6b:6d:c3:e3:09:5c:ce:05:61:41:58:a1:f7:11:a8:
         87:b3:85:40:14:56:f2:67:13:25:9c:23:93:04:c2:23:86:95:
         49:37:d9:56:de:6a:76:d7:8d:cb:75:01:8f:5e:ab:dd:6b:31:
         6b:34:99:7c:48:73:4b:3d:f4:59:5b:c1:99:a1:06:a8:3b:4b:
         b0:ad:d4:6d:c2:c7:23:3a:9e:c3:de:10:1e:3e:fe:2d:f0:16:
         42:24:c4:13:5d:0d:9e:8f:c4:96:71:d7:99:8c:f9:9f:46:55:
         a0:43:37:6a:d2:02:e9:09:c4:62:ee:8c:4f:6e:4c:6c:0d:7e:
         44:85:dc:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR89+JLWS3P7G4+zC/s/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQzMDM3Yjk1ZTZlYWMyNWE0NmIwMDNkZjMzZmU2NjRjNzIxMmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeAJS1popyj8opVK6gbRRneIzRLb
gA0y3Pkm811uU3H8o0IUKgLlRpxuRRZbRNKKmza4vzcEEsRhYX36+S59fg4Bmql+
675S9G0CCXpsxo4KRyT5ECnvDcu/o6ioSRq4fFBG7yis1qGfvPzXCWzKXYdpGQlb
W6CVMl8tDcKkn/AivK1nbSYSxF1mKFirGffslh9/YocottXU36yumhU2ZWsox7i2
ruFsnFVFFvWYR87Pds13Xwu9tVPV2Z5uddNkr5q/Wr6uDN+WQV7H6OOrfBfzOfem
XKXhVMWf2mhrs0CQF4RiVFILGJF1jKodwo7s3NrFE8puJEeNWZ2t6I9azQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZDA3uV5urCWkawA98z/mZMchLJMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvMWtNRGU1WG02c0phUnJBRDN6UC1aa3h5RXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIKZMA0G
CSqGSIb3DQEBCwUAA4IBAQCGfL6wAAn3N9Gk6pqZNio8966mCdLTTka1FrWLcVHu
Mlr3aekUF7tZGLwHv3Q5e8X+vogw9HvR2iOpORkQk/0mHUcMeSMDGf1AXNeddmf7
sc/lcPftURkpgyUGximF1TU3Vu0umYE6NFBNSlXqhRl5vBrKkomUmqGOcAHgXleu
uTdrbcPjCVzOBWFBWKH3EaiHs4VAFFbyZxMlnCOTBMIjhpVJN9lW3mp2143LdQGP
XqvdazFrNJl8SHNLPfRZW8GZoQaoO0uwrdRtwscjOp7D3hAePv4t8BZCJMQTXQ2e
j8SWcdeZjPmfRlWgQzdq0gLpCcRi7oxPbkxsDX5Ehdz4
-----END CERTIFICATE-----