Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/XlA1qfNQB0WYdkYaQ8Rvj1L2tb4.roa
File:                     XlA1qfNQB0WYdkYaQ8Rvj1L2tb4.roa (raw, json)
Hash identifier:          +4/ESRGuqWyL+/uODQWa3AjOUUB/k5+3UHyaNoG32/E=
Subject key identifier:   5E:50:35:A9:F3:50:07:45:98:76:46:1A:43:C4:6F:8F:52:F6:B5:BE
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       01941FFA7435D4D372E5E71A3E5C6E7C4E54
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/XlA1qfNQB0WYdkYaQ8Rvj1L2tb4.roa
Signing time:             Wed 01 Jan 2025 03:48:14 +0000
ROA not before:           Wed 01 Jan 2025 03:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42923
IP address blocks:        88.199.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:74:35:d4:d3:72:e5:e7:1a:3e:5c:6e:7c:4e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 03:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e5035a9f35007459876461a43c46f8f52f6b5be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:99:6d:11:c3:69:45:a0:cf:a9:47:83:61:d6:
                    c7:af:a4:2f:07:4e:bf:ad:ab:49:13:9a:30:04:96:
                    c0:99:fd:60:46:3c:76:25:43:c2:7e:2e:1a:68:66:
                    6b:8e:8b:53:5b:61:f9:7d:15:fc:45:c2:67:bc:6d:
                    f7:85:42:e1:a7:06:63:52:7b:99:1a:90:44:bc:0c:
                    93:4d:7e:35:a2:ef:4b:50:a4:12:3f:63:06:ea:1b:
                    d3:d9:4b:ff:0e:85:6f:42:e6:2d:6d:11:60:72:24:
                    ae:e5:5b:54:0d:0b:f3:36:62:59:be:7a:32:d2:46:
                    9e:e8:03:7f:0e:96:01:3f:79:3f:d6:52:43:64:a0:
                    db:b2:b8:68:60:fa:3b:b9:bb:b3:f6:75:75:4b:5f:
                    74:78:e7:3d:98:20:9a:c8:35:21:59:d9:1e:d2:37:
                    06:08:41:86:f5:b8:ca:e3:9c:d0:53:d4:42:14:7b:
                    3f:e9:e6:ee:86:04:42:b4:61:05:98:7a:6f:15:09:
                    77:c6:24:a1:97:dc:7a:52:7e:4b:e9:8b:44:7a:1e:
                    0a:b8:81:44:00:9c:99:23:63:eb:74:f1:8a:9d:cc:
                    d0:95:23:7c:df:ad:1e:20:5d:f9:a8:69:f4:51:76:
                    3d:e9:93:00:c0:c5:27:2e:df:e8:e8:02:ef:aa:a7:
                    6a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:50:35:A9:F3:50:07:45:98:76:46:1A:43:C4:6F:8F:52:F6:B5:BE
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/XlA1qfNQB0WYdkYaQ8Rvj1L2tb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.199.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:ef:bf:ee:44:c3:ac:ec:d0:67:e5:ec:8e:66:f3:4a:06:25:
         7f:c6:f0:b2:52:ea:31:ef:3a:0c:cb:10:db:ff:d4:7d:c8:1b:
         d8:17:e6:46:ba:0a:b5:1c:c5:b9:7b:00:80:2a:ec:15:62:43:
         90:ba:96:90:35:25:a1:e8:1f:8a:82:6f:ff:a2:72:d9:22:e7:
         d3:ad:c2:7d:d6:2a:56:c3:9b:34:4d:17:a2:bd:36:77:ed:50:
         1d:a7:14:21:e6:c3:40:83:78:6a:fd:79:fd:91:c7:26:be:4e:
         94:a2:7e:4d:5b:21:16:7f:9d:28:7a:4f:79:12:cf:1a:c8:ed:
         7b:2a:7f:bf:94:13:e8:23:50:67:90:6d:89:e1:aa:6d:b3:da:
         9e:c7:60:3d:f4:ca:f5:3a:fe:15:5a:69:bd:a9:9d:58:ab:72:
         5b:48:d4:65:1c:a5:b5:11:f9:73:46:c1:4e:7d:0f:e8:50:2b:
         62:1e:d7:c1:7b:3d:9d:a8:4e:14:39:4d:03:a8:c7:69:14:3c:
         20:13:48:cd:b2:3f:92:58:6b:0a:e5:36:90:fb:08:e8:29:e2:
         17:c9:18:bb:47:44:42:82:f4:55:f1:20:29:cf:cd:07:9d:9c:
         50:d7:0f:2f:3a:0a:f4:ef:72:95:00:9a:33:60:c0:da:91:ae:
         44:3f:03:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nQ11NNy5ecaPlxufE5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjUwMTAxMDM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUwMzVhOWYzNTAwNzQ1OTg3NjQ2MWE0M2M0NmY4ZjUyZjZiNWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpltEcNpRaDPqUeDYdbHr6QvB06/
ratJE5owBJbAmf1gRjx2JUPCfi4aaGZrjotTW2H5fRX8RcJnvG33hULhpwZjUnuZ
GpBEvAyTTX41ou9LUKQSP2MG6hvT2Uv/DoVvQuYtbRFgciSu5VtUDQvzNmJZvnoy
0kae6AN/DpYBP3k/1lJDZKDbsrhoYPo7ubuz9nV1S190eOc9mCCayDUhWdke0jcG
CEGG9bjK45zQU9RCFHs/6ebuhgRCtGEFmHpvFQl3xiShl9x6Un5L6YtEeh4KuIFE
AJyZI2PrdPGKnczQlSN8360eIF35qGn0UXY96ZMAwMUnLt/o6ALvqqdq0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5QNanzUAdFmHZGGkPEb49S9rW+MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvWGxBMXFmTlFCMFdZZGtZYVE4UnZqMUwydGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWMeiMA0G
CSqGSIb3DQEBCwUAA4IBAQDG77/uRMOs7NBn5eyOZvNKBiV/xvCyUuox7zoMyxDb
/9R9yBvYF+ZGugq1HMW5ewCAKuwVYkOQupaQNSWh6B+Kgm//onLZIufTrcJ91ipW
w5s0TReivTZ37VAdpxQh5sNAg3hq/Xn9kccmvk6Uon5NWyEWf50oek95Es8ayO17
Kn+/lBPoI1BnkG2J4apts9qex2A99Mr1Ov4VWmm9qZ1Yq3JbSNRlHKW1EflzRsFO
fQ/oUCtiHtfBez2dqE4UOU0DqMdpFDwgE0jNsj+SWGsK5TaQ+wjoKeIXyRi7R0RC
gvRV8SApz80HnZxQ1w8vOgr073KVAJozYMDaka5EPwMj
-----END CERTIFICATE-----