Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/9cpO-nZxtqMUubV4pWueZ4cvJIY.roa
File:                     9cpO-nZxtqMUubV4pWueZ4cvJIY.roa (raw, json)
Hash identifier:          Yqu6kAVntsTqHIpwqi7qsyZ4dgIQqJmqpLTuen8ldhs=
Subject key identifier:   F5:CA:4E:FA:76:71:B6:A3:14:B9:B5:78:A5:6B:9E:67:87:2F:24:86
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01927B218D412718EAFB73DD1899FEAD2129
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/9cpO-nZxtqMUubV4pWueZ4cvJIY.roa
Signing time:             Fri 11 Oct 2024 10:30:49 +0000
ROA not before:           Fri 11 Oct 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209973
IP address blocks:        188.130.244.0/24 maxlen: 24
                          188.130.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:21:8d:41:27:18:ea:fb:73:dd:18:99:fe:ad:21:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Oct 11 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5ca4efa7671b6a314b9b578a56b9e67872f2486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:92:34:48:a9:dc:0a:26:51:88:17:75:12:21:
                    bf:bc:48:89:21:ba:18:94:64:71:84:e4:e4:6d:6e:
                    d5:79:73:0e:ab:1c:9b:7c:49:ea:f6:8c:be:f9:80:
                    1b:ec:37:85:39:b1:79:a9:4c:14:a4:19:97:70:83:
                    55:6f:e1:a1:2a:6a:ec:b5:17:38:cd:24:68:3d:56:
                    5c:90:29:9f:1f:a3:1f:b5:9c:2f:a6:86:8e:67:48:
                    87:09:7f:aa:24:3e:0d:75:d8:2c:5a:8e:30:fd:de:
                    fd:e3:8a:55:04:a6:e0:14:a8:4e:a6:54:ad:c2:0f:
                    d0:d1:3f:c4:60:d9:33:76:93:e6:28:be:44:73:44:
                    86:40:60:fb:ec:06:b2:cf:cf:7f:cf:56:37:2c:b3:
                    b5:1e:89:3b:b6:8f:a1:05:9a:91:a1:4b:3f:46:f9:
                    6a:97:3b:40:86:4b:e6:1b:22:7a:be:3a:97:96:58:
                    87:f6:98:a4:90:be:2a:46:fa:73:09:3e:94:f6:ee:
                    68:a1:8a:84:9e:1d:53:9c:7b:7a:d0:10:6f:74:69:
                    44:e5:ee:16:78:0b:0a:ad:19:f7:bd:ac:3a:08:63:
                    7a:47:34:0b:15:63:a7:43:02:29:07:db:2f:95:1f:
                    c5:d7:fe:5c:c7:9a:39:b3:5e:e5:4c:72:ba:bb:8b:
                    5b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CA:4E:FA:76:71:B6:A3:14:B9:B5:78:A5:6B:9E:67:87:2F:24:86
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/9cpO-nZxtqMUubV4pWueZ4cvJIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:96:91:32:9e:7c:a0:c0:b0:6f:01:ca:be:93:4c:86:3d:8c:
         19:1e:54:bf:07:bf:86:b0:12:50:18:ee:7b:1d:d3:0a:46:59:
         9f:06:83:f8:68:c5:38:fb:e2:c8:61:4c:45:c7:0f:f2:5c:07:
         28:14:30:06:bc:10:b7:11:a6:32:00:69:25:43:03:2e:5c:d1:
         07:bb:f0:57:10:c6:84:9d:1e:80:46:c5:bf:3b:0a:b7:db:57:
         ea:a3:64:79:1d:0b:7b:ba:a2:f1:6e:a1:05:04:46:d8:32:ac:
         b9:2d:d7:73:1f:10:4b:39:d1:e6:bc:21:8f:d6:ae:26:78:ff:
         cc:b7:ee:67:df:3d:ff:73:b5:09:c4:ea:7f:94:2e:7d:6a:27:
         ab:a0:58:d6:8f:4e:8c:3f:c7:f9:4b:95:2a:eb:84:be:70:25:
         73:e6:5b:70:f0:e9:c1:c8:e3:7b:1b:13:10:2c:9e:eb:22:29:
         1c:e6:31:09:1e:cb:75:2e:61:6f:d0:11:7f:16:67:5d:71:ea:
         2f:1e:1f:5f:4c:4e:09:54:e3:91:46:d8:61:ad:de:32:89:fe:
         e4:8a:e7:75:10:4e:09:ad:63:96:e6:89:c3:ec:07:fb:34:58:
         03:57:a6:5d:27:75:99:f6:55:c3:80:de:d5:ed:e2:55:44:52:
         62:9b:55:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ7IY1BJxjq+3PdGJn+rSEpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQxMDExMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWNhNGVmYTc2NzFiNmEzMTRiOWI1NzhhNTZiOWU2Nzg3MmYyNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpI0SKncCiZRiBd1EiG/vEiJIboY
lGRxhOTkbW7VeXMOqxybfEnq9oy++YAb7DeFObF5qUwUpBmXcINVb+GhKmrstRc4
zSRoPVZckCmfH6MftZwvpoaOZ0iHCX+qJD4NddgsWo4w/d7944pVBKbgFKhOplSt
wg/Q0T/EYNkzdpPmKL5Ec0SGQGD77Aayz89/z1Y3LLO1Hok7to+hBZqRoUs/Rvlq
lztAhkvmGyJ6vjqXlliH9pikkL4qRvpzCT6U9u5ooYqEnh1TnHt60BBvdGlE5e4W
eAsKrRn3vaw6CGN6RzQLFWOnQwIpB9svlR/F1/5cx5o5s17lTHK6u4tbtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXKTvp2cbajFLm1eKVrnmeHLySGMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvOWNwTy1uWnh0cU1VdWJWNHBXdWVaNGN2SklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvIL0MA0G
CSqGSIb3DQEBCwUAA4IBAQAylpEynnygwLBvAcq+k0yGPYwZHlS/B7+GsBJQGO57
HdMKRlmfBoP4aMU4++LIYUxFxw/yXAcoFDAGvBC3EaYyAGklQwMuXNEHu/BXEMaE
nR6ARsW/Owq321fqo2R5HQt7uqLxbqEFBEbYMqy5LddzHxBLOdHmvCGP1q4meP/M
t+5n3z3/c7UJxOp/lC59aieroFjWj06MP8f5S5Uq64S+cCVz5ltw8OnByON7GxMQ
LJ7rIikc5jEJHst1LmFv0BF/FmddceovHh9fTE4JVOORRthhrd4yif7kiud1EE4J
rWOW5onD7Af7NFgDV6ZdJ3WZ9lXDgN7V7eJVRFJim1Ug
-----END CERTIFICATE-----