Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/KWD7a0MawJkOY6KvjbHNLlSuvEs.roa
File:                     KWD7a0MawJkOY6KvjbHNLlSuvEs.roa (raw, json)
Hash identifier:          qmNFcYO8QPUS9sWwzinUFDYzi6mb2+i7tCjnCVK3kIw=
Subject key identifier:   29:60:FB:6B:43:1A:C0:99:0E:63:A2:AF:8D:B1:CD:2E:54:AE:BC:4B
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       01941FFA7A2585319BE0989170A3AC4AC393
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/KWD7a0MawJkOY6KvjbHNLlSuvEs.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203685
IP address blocks:        88.199.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7a:25:85:31:9b:e0:98:91:70:a3:ac:4a:c3:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2960fb6b431ac0990e63a2af8db1cd2e54aebc4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:dd:e1:4e:e3:9c:ce:b7:ec:b2:74:51:e2:76:
                    d0:cc:54:1b:48:0a:77:a0:f3:6e:4e:ec:ac:ea:64:
                    5e:94:11:6f:90:ec:f3:52:66:16:17:12:16:9c:7c:
                    4d:05:79:4b:85:a9:3d:db:99:e7:2e:78:a6:9a:53:
                    b3:56:87:a6:ee:65:78:43:b7:6f:63:53:41:27:da:
                    d7:d2:e5:8d:ce:39:4d:a2:9b:7e:0d:4d:9a:3e:fa:
                    ba:76:ac:31:5a:a6:1b:bb:a5:3b:0b:bd:0c:f4:70:
                    dc:14:4f:6c:1a:4e:02:fb:70:a0:68:e5:e9:21:98:
                    5d:b3:65:ec:94:ff:0d:f4:1a:b5:41:80:b2:5b:16:
                    8a:30:bf:cd:4c:8d:c9:53:36:84:70:23:56:6f:1f:
                    18:d2:1b:6c:66:ac:ea:1a:00:19:49:2c:7c:f1:7e:
                    8b:a8:ea:9e:cb:d1:73:17:2e:98:1c:e7:93:b9:be:
                    0f:a5:dd:f4:7c:d7:1e:7c:3a:53:c9:b1:f6:7d:c3:
                    9e:bb:23:d9:6c:b1:ed:7f:56:3d:b4:9e:15:41:a2:
                    52:75:9e:15:e3:83:81:4d:f0:6b:08:cb:ba:30:bb:
                    b6:c6:de:1d:a4:42:f8:ae:18:0b:61:dc:bc:d7:a2:
                    81:23:07:7b:00:06:dc:ee:02:ec:fb:70:12:9a:27:
                    f6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:60:FB:6B:43:1A:C0:99:0E:63:A2:AF:8D:B1:CD:2E:54:AE:BC:4B
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/KWD7a0MawJkOY6KvjbHNLlSuvEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.199.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:cf:32:5d:af:5d:58:07:56:be:4b:02:f6:19:5e:4f:fd:79:
         61:bb:d2:5a:b6:49:29:d4:a3:11:2d:f3:c0:3c:be:0f:c8:dc:
         7e:b8:d4:d8:3b:1d:c8:b1:6e:ae:65:0c:f6:89:21:5a:1d:34:
         24:51:b6:0b:ce:6e:e8:24:77:96:d5:b3:1b:b9:f3:6e:52:24:
         3a:d2:61:c0:eb:91:ce:0f:5b:a6:95:65:8d:3a:48:c5:47:42:
         53:dc:fa:28:0d:47:ea:dd:78:bb:e5:da:6b:71:4e:02:e6:d9:
         60:c5:17:53:b8:dc:7a:a2:96:2b:93:23:d6:ab:3c:ec:bc:d2:
         fd:c7:cd:61:33:7b:b3:1b:eb:cd:13:a8:80:fb:04:34:e7:6b:
         0a:29:f3:8c:bd:23:af:1d:92:9e:ab:83:0e:bc:ea:0c:97:f9:
         ad:b9:d1:7b:14:e8:16:3b:e0:45:58:9e:b3:dd:1e:93:64:2a:
         b2:07:f0:64:b2:06:96:5d:54:bf:b0:93:ec:7b:b2:91:3f:98:
         53:2c:36:cb:08:69:7e:9d:a7:08:93:3d:5a:12:8e:9d:1f:16:
         d8:75:c0:cc:c7:53:1b:cd:eb:f5:e0:05:fd:8d:d9:57:02:69:
         9e:3a:07:06:81:58:a5:b8:e8:7b:9c:c0:a2:c5:d1:3c:ba:20:
         3b:50:d1:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nolhTGb4JiRcKOsSsOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYwZmI2YjQzMWFjMDk5MGU2M2EyYWY4ZGIxY2QyZTU0YWViYzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx93hTuOczrfssnRR4nbQzFQbSAp3
oPNuTuys6mRelBFvkOzzUmYWFxIWnHxNBXlLhak925nnLnimmlOzVoem7mV4Q7dv
Y1NBJ9rX0uWNzjlNopt+DU2aPvq6dqwxWqYbu6U7C70M9HDcFE9sGk4C+3CgaOXp
IZhds2XslP8N9Bq1QYCyWxaKML/NTI3JUzaEcCNWbx8Y0htsZqzqGgAZSSx88X6L
qOqey9FzFy6YHOeTub4Ppd30fNcefDpTybH2fcOeuyPZbLHtf1Y9tJ4VQaJSdZ4V
44OBTfBrCMu6MLu2xt4dpEL4rhgLYdy816KBIwd7AAbc7gLs+3ASmif20QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClg+2tDGsCZDmOir42xzS5UrrxLMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvS1dEN2EwTWF3SmtPWTZLdmpiSE5MbFN1dkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWMclMA0G
CSqGSIb3DQEBCwUAA4IBAQC4zzJdr11YB1a+SwL2GV5P/Xlhu9Jatkkp1KMRLfPA
PL4PyNx+uNTYOx3IsW6uZQz2iSFaHTQkUbYLzm7oJHeW1bMbufNuUiQ60mHA65HO
D1umlWWNOkjFR0JT3PooDUfq3Xi75dprcU4C5tlgxRdTuNx6opYrkyPWqzzsvNL9
x81hM3uzG+vNE6iA+wQ052sKKfOMvSOvHZKeq4MOvOoMl/mtudF7FOgWO+BFWJ6z
3R6TZCqyB/BksgaWXVS/sJPse7KRP5hTLDbLCGl+nacIkz1aEo6dHxbYdcDMx1Mb
zev14AX9jdlXAmmeOgcGgViluOh7nMCixdE8uiA7UNG5
-----END CERTIFICATE-----