Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/ip2R2Tisi5jKbc_qdgXBOWJFXtw.roa
File:                     ip2R2Tisi5jKbc_qdgXBOWJFXtw.roa (raw, json)
Hash identifier:          5bdUYd5Eza7CtSh3uHJB03RxYnN5gu3Ya/NrYpmoSqM=
Subject key identifier:   8A:9D:91:D9:38:AC:8B:98:CA:6D:CF:EA:76:05:C1:39:62:45:5E:DC
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228D982B496D8D4A0A61D60A7380531C
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/ip2R2Tisi5jKbc_qdgXBOWJFXtw.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16135
IP address blocks:        176.88.56.0/24 maxlen: 24
                          212.252.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:98:2b:49:6d:8d:4a:0a:61:d6:0a:73:80:53:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a9d91d938ac8b98ca6dcfea7605c13962455edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a2:88:30:18:e1:1a:f7:c3:86:5a:2d:16:a5:
                    05:ec:4c:49:4b:6a:3a:f1:25:39:ca:4c:a4:af:c8:
                    04:85:d5:5b:86:d9:59:ca:7e:e5:8e:ba:7f:b5:21:
                    91:46:4b:64:ff:05:31:50:ab:b3:3c:31:0e:ff:26:
                    2c:9f:71:fc:4f:eb:52:fa:59:9a:49:b6:7a:68:fd:
                    22:93:2d:1c:e6:f7:64:5c:47:0a:8b:f4:09:38:28:
                    77:68:72:84:d6:af:43:d2:ed:b8:db:ee:43:16:c2:
                    8f:39:3a:69:d3:b2:1b:51:91:c8:db:31:40:d1:f7:
                    85:1e:6c:37:bc:24:a7:83:4d:90:f1:e8:c0:ae:23:
                    37:bc:b5:1c:0c:62:dd:f4:d8:5f:75:84:1b:b1:3c:
                    6a:e8:57:ba:64:45:f3:84:15:c5:b2:83:43:20:e0:
                    ac:15:5a:84:6b:f9:cf:86:bd:68:fb:b2:44:ea:6d:
                    89:55:09:1a:33:f2:96:e9:18:f6:50:0d:7f:a0:2c:
                    ed:3f:7b:1b:17:ce:d3:6a:75:4e:b7:f1:60:8b:6d:
                    21:b4:5e:00:b8:5b:f5:00:ef:01:80:e1:e3:2b:98:
                    a6:34:f4:39:1b:b5:fd:2c:bb:b8:c3:5f:cf:fb:0b:
                    c7:9e:fe:43:d3:26:ef:eb:61:0b:cc:b5:2e:93:15:
                    4f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:9D:91:D9:38:AC:8B:98:CA:6D:CF:EA:76:05:C1:39:62:45:5E:DC
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/ip2R2Tisi5jKbc_qdgXBOWJFXtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.88.56.0/24
                  212.252.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:e9:99:68:c2:c4:09:0c:c9:cd:35:16:bf:9f:60:b9:85:ce:
         79:94:ab:c4:e7:04:ef:a7:1f:95:dc:e3:4c:62:42:1f:81:42:
         54:e5:c0:57:6b:fc:3b:40:4c:d1:75:34:ff:0e:aa:ff:1c:bb:
         d9:e7:7c:08:16:5b:b2:a4:82:b4:3b:95:70:fe:55:c8:53:ba:
         4c:15:11:e2:c6:b6:24:30:c4:2d:3f:87:86:7b:64:e2:d0:29:
         ec:3e:d6:a6:36:e3:60:d9:38:46:d2:38:8c:9e:40:e4:9a:94:
         c5:c4:47:8c:21:72:f0:04:18:68:23:3a:b7:1f:18:88:e2:ec:
         dc:c8:0e:d3:30:29:b7:af:5e:e1:48:f5:79:ed:e9:8a:df:3a:
         7a:0b:30:47:dd:d7:ce:f5:13:d3:ef:10:ab:23:01:45:d2:a8:
         b9:98:46:3c:43:c9:e8:31:81:9e:bb:28:82:aa:66:f7:fe:98:
         df:e0:3f:bc:e6:de:f7:7d:8c:8e:6b:89:cc:5e:44:a1:09:e7:
         d4:2b:4e:ea:07:ff:cc:f7:ff:73:84:df:72:a0:60:99:53:ab:
         e1:19:1d:d9:43:55:9f:46:d7:bd:61:ea:cd:16:15:fa:c8:4d:
         b8:4f:16:ce:87:48:33:57:2d:a5:2a:cd:3c:eb:e2:ad:f8:10:
         d5:ca:9c:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijZgrSW2NSgph1gpzgFMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTlkOTFkOTM4YWM4Yjk4Y2E2ZGNmZWE3NjA1YzEzOTYyNDU1ZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKKIMBjhGvfDhlotFqUF7ExJS2o6
8SU5ykykr8gEhdVbhtlZyn7ljrp/tSGRRktk/wUxUKuzPDEO/yYsn3H8T+tS+lma
SbZ6aP0iky0c5vdkXEcKi/QJOCh3aHKE1q9D0u242+5DFsKPOTpp07IbUZHI2zFA
0feFHmw3vCSng02Q8ejAriM3vLUcDGLd9NhfdYQbsTxq6Fe6ZEXzhBXFsoNDIOCs
FVqEa/nPhr1o+7JE6m2JVQkaM/KW6Rj2UA1/oCztP3sbF87TanVOt/Fgi20htF4A
uFv1AO8BgOHjK5imNPQ5G7X9LLu4w1/P+wvHnv5D0ybv62ELzLUukxVPoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIqdkdk4rIuYym3P6nYFwTliRV7cMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvaXAyUjJUaXNpNWpLYmNfcWRnWEJPV0pGWHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsFg4AwQA
1PyoMA0GCSqGSIb3DQEBCwUAA4IBAQAT6ZlowsQJDMnNNRa/n2C5hc55lKvE5wTv
px+V3ONMYkIfgUJU5cBXa/w7QEzRdTT/Dqr/HLvZ53wIFluypIK0O5Vw/lXIU7pM
FRHixrYkMMQtP4eGe2Ti0CnsPtamNuNg2ThG0jiMnkDkmpTFxEeMIXLwBBhoIzq3
HxiI4uzcyA7TMCm3r17hSPV57emK3zp6CzBH3dfO9RPT7xCrIwFF0qi5mEY8Q8no
MYGeuyiCqmb3/pjf4D+85t73fYyOa4nMXkShCefUK07qB//M9/9zhN9yoGCZU6vh
GR3ZQ1WfRte9YerNFhX6yE24TxbOh0gzVy2lKs086+Kt+BDVypz5
-----END CERTIFICATE-----