Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/DFd9o3Kqf0BVU6lcEZciF4r6lBA.roa
File:                     DFd9o3Kqf0BVU6lcEZciF4r6lBA.roa (raw, json)
Hash identifier:          EWPLgyEQTIGRbBoCx+GqZVBzb1s0D5VRpVNQV31Wm1k=
Subject key identifier:   0C:57:7D:A3:72:AA:7F:40:55:53:A9:5C:11:97:22:17:8A:FA:94:10
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747D48515BE4AFC84731E0AB42E0AB0
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/DFd9o3Kqf0BVU6lcEZciF4r6lBA.roa
Signing time:             Thu 02 Jan 2025 13:50:06 +0000
ROA not before:           Thu 02 Jan 2025 13:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209973
IP address blocks:        188.130.244.0/24 maxlen: 24
                          188.130.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 09:59:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d4:85:15:be:4a:fc:84:73:1e:0a:b4:2e:0a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c577da372aa7f405553a95c119722178afa9410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:18:a0:a6:1b:e6:35:08:bc:53:9e:c6:d2:2f:
                    e7:74:59:64:6d:46:eb:ba:6d:47:4c:b1:36:aa:4c:
                    99:eb:a6:68:5b:a0:27:72:b1:02:3b:6c:c9:f2:df:
                    71:1e:3b:d9:83:9c:d5:b8:0d:c0:b7:70:ac:bf:b9:
                    b0:83:e5:09:dd:5c:6c:a9:69:cd:71:7d:ed:0f:5f:
                    4c:0a:f2:6e:a7:91:e9:4a:cb:ea:e0:6f:c9:5c:60:
                    28:7f:f6:e7:ed:fd:f3:56:6e:9c:21:62:eb:c3:4b:
                    c6:58:db:80:a6:35:15:c2:d6:f3:05:c4:dd:53:b8:
                    bc:1c:34:09:34:25:31:7c:3b:43:48:e9:d1:4c:d3:
                    5d:7c:c5:16:99:45:ed:93:ac:78:bd:ed:ba:93:23:
                    06:fc:bb:7d:3a:57:1b:29:89:dc:98:75:4d:2b:a0:
                    f0:5c:70:54:50:25:e5:68:f4:c4:b4:3a:5e:fb:1a:
                    48:12:19:cc:98:20:82:24:4b:68:44:7d:e6:6d:e1:
                    35:d4:28:bf:8a:f6:b1:76:5b:02:08:a7:d2:0d:ce:
                    48:1d:d7:16:a2:4a:ed:3a:6f:23:3d:5b:1d:91:b8:
                    d4:db:3c:71:71:ec:ca:08:f1:3a:03:57:fd:26:10:
                    e9:eb:a3:d4:1d:d8:c0:dc:db:ef:e8:dd:b7:10:0c:
                    13:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:57:7D:A3:72:AA:7F:40:55:53:A9:5C:11:97:22:17:8A:FA:94:10
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/DFd9o3Kqf0BVU6lcEZciF4r6lBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:eb:5f:b9:ff:83:fe:7f:f0:72:02:10:a2:e7:d2:17:cd:e2:
         c6:67:38:a6:e3:4d:bd:2a:a0:ec:a9:c7:d6:5a:d3:38:f0:17:
         b5:ca:fa:bc:35:6a:1b:26:13:80:c3:ca:f8:3b:0a:28:1d:68:
         e1:59:be:49:4b:1e:60:18:6a:40:e2:6b:50:81:06:02:e7:ec:
         67:51:51:1d:f8:4a:2b:43:5d:22:d7:31:33:59:49:8e:81:ae:
         b8:d2:a4:d4:b7:01:92:4d:92:3f:4a:fb:2a:8c:ed:ac:1d:90:
         0b:ab:be:93:13:01:cb:e2:fe:b1:ae:83:aa:81:d3:42:8b:12:
         d4:a4:8c:15:2f:18:19:3f:9c:72:51:95:c6:8f:5c:93:8e:05:
         4d:09:c1:77:7c:73:0e:d1:49:bd:6d:81:30:b2:35:22:f3:d9:
         18:3e:e0:f9:d1:86:bc:26:bc:de:32:17:08:b6:bf:43:a9:f7:
         23:6e:55:7a:dc:19:9a:a9:e6:41:13:4c:71:ba:3d:01:49:7c:
         19:66:bf:fb:83:ef:78:a2:7b:98:ea:2c:df:19:78:57:5a:6e:
         a0:17:7b:cb:45:15:1e:35:51:6b:d9:8c:20:83:0b:4d:5b:28:
         cf:fe:dd:1d:26:42:f9:dd:27:15:99:81:95:20:8e:e0:fe:8e:
         dc:dd:09:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR9SFFb5K/IRzHgq0LgqwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzU3N2RhMzcyYWE3ZjQwNTU1M2E5NWMxMTk3MjIxNzhhZmE5NDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRigphvmNQi8U57G0i/ndFlkbUbr
um1HTLE2qkyZ66ZoW6AncrECO2zJ8t9xHjvZg5zVuA3At3Csv7mwg+UJ3VxsqWnN
cX3tD19MCvJup5HpSsvq4G/JXGAof/bn7f3zVm6cIWLrw0vGWNuApjUVwtbzBcTd
U7i8HDQJNCUxfDtDSOnRTNNdfMUWmUXtk6x4ve26kyMG/Lt9OlcbKYncmHVNK6Dw
XHBUUCXlaPTEtDpe+xpIEhnMmCCCJEtoRH3mbeE11Ci/ivaxdlsCCKfSDc5IHdcW
okrtOm8jPVsdkbjU2zxxcezKCPE6A1f9JhDp66PUHdjA3Nvv6N23EAwTlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxXfaNyqn9AVVOpXBGXIheK+pQQMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvREZkOW8zS3FmMEJWVTZsY0VaY2lGNHI2bEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvIL0MA0G
CSqGSIb3DQEBCwUAA4IBAQAJ61+5/4P+f/ByAhCi59IXzeLGZzim4029KqDsqcfW
WtM48Be1yvq8NWobJhOAw8r4OwooHWjhWb5JSx5gGGpA4mtQgQYC5+xnUVEd+Eor
Q10i1zEzWUmOga640qTUtwGSTZI/SvsqjO2sHZALq76TEwHL4v6xroOqgdNCixLU
pIwVLxgZP5xyUZXGj1yTjgVNCcF3fHMO0Um9bYEwsjUi89kYPuD50Ya8JrzeMhcI
tr9DqfcjblV63BmaqeZBE0xxuj0BSXwZZr/7g+94onuY6izfGXhXWm6gF3vLRRUe
NVFr2YwggwtNWyjP/t0dJkL53ScVmYGVII7g/o7c3Qme
-----END CERTIFICATE-----