Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/7L11AQBW5Wnzw1RJ5QDXM8J-LS4.roa
File:                     7L11AQBW5Wnzw1RJ5QDXM8J-LS4.roa (raw, json)
Hash identifier:          7PxFVm81jgp+RzU50dolYQUXwtYbuHhZCxbl0dEHSlQ=
Subject key identifier:   EC:BD:75:01:00:56:E5:69:F3:C3:54:49:E5:00:D7:33:C2:7E:2D:2E
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B23A1762C16885D4B72B49363CE94E
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/7L11AQBW5Wnzw1RJ5QDXM8J-LS4.roa
Signing time:             Wed 01 Jan 2025 11:48:35 +0000
ROA not before:           Wed 01 Jan 2025 11:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212305
IP address blocks:        88.220.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3a:17:62:c1:68:85:d4:b7:2b:49:36:3c:e9:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecbd75010056e569f3c35449e500d733c27e2d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:12:e0:5a:c0:c7:b3:a9:c5:c1:04:85:21:f3:
                    27:96:b6:8f:e5:58:fc:56:0e:29:f8:48:7e:64:79:
                    4d:d2:c2:80:a6:03:8d:47:68:d1:39:93:8c:db:5a:
                    b6:64:21:4e:a6:31:f6:59:dd:79:3b:64:2c:11:ec:
                    27:08:a2:74:90:31:f6:fb:f2:10:6d:3c:a9:43:08:
                    48:76:a7:eb:e0:52:48:79:76:60:32:8c:2d:f3:76:
                    49:ba:5e:5d:47:9a:0c:74:a1:33:9e:58:de:df:6c:
                    f0:0d:b3:e1:3d:d9:64:07:bd:39:03:56:71:89:d9:
                    cd:a5:3b:c4:41:11:dd:81:9b:6f:54:08:45:6d:44:
                    09:07:12:ff:64:bf:5b:1b:72:e9:7e:65:10:52:1c:
                    49:64:09:62:6c:49:1e:21:22:5a:d8:0d:f2:df:97:
                    ba:03:bf:9a:7d:c0:df:90:c8:2c:3f:00:5d:67:4c:
                    c1:14:60:7d:ef:6e:ac:a8:c5:98:74:54:2f:6c:70:
                    1a:ec:33:28:b4:b3:66:dd:a7:f7:c1:1c:23:e9:26:
                    f8:17:42:7c:fd:62:86:00:b0:b0:e8:9a:09:bd:72:
                    49:8f:15:24:73:81:ee:10:a5:4e:96:73:74:3c:5b:
                    71:0c:c3:dd:1d:30:5a:ed:62:32:4e:fc:92:34:02:
                    ef:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:BD:75:01:00:56:E5:69:F3:C3:54:49:E5:00:D7:33:C2:7E:2D:2E
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/7L11AQBW5Wnzw1RJ5QDXM8J-LS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:f3:c0:1d:4e:44:25:8d:8d:f2:5b:a0:9e:5d:64:2b:80:93:
         11:6d:8a:58:3a:13:38:e0:2d:c3:11:b7:af:b8:d6:19:7f:2e:
         f7:d1:11:28:38:9e:6e:be:6c:e8:a9:bb:70:53:f8:4b:b7:e6:
         d8:84:61:88:97:0f:8e:e6:d8:bb:50:b9:85:44:18:36:be:9a:
         e9:3d:4a:93:62:c8:34:e3:c1:3f:28:67:01:a9:59:23:26:66:
         30:4c:1d:4a:58:c6:8c:0e:4a:39:ec:97:e2:6e:4f:d7:54:c1:
         00:ca:ed:62:2f:83:88:2c:d4:27:71:0b:a5:6f:0e:f3:3f:68:
         32:e2:f3:ef:f3:71:47:b1:39:76:e8:4c:c4:7d:f5:3d:7c:c3:
         c3:a0:60:11:aa:0c:ec:f3:2a:e6:a9:f1:99:0f:ba:0b:28:35:
         f4:b7:8a:dc:b6:41:1e:d0:23:f9:55:9f:90:38:09:5c:3f:ee:
         e8:c7:7e:55:44:e9:72:10:84:56:9b:d0:e4:06:7e:d7:18:84:
         0f:d0:c6:b0:c4:93:aa:09:3c:da:15:99:10:52:4e:ee:ca:2d:
         0c:35:fc:7d:67:a8:c3:03:62:9a:e9:0c:44:6d:43:d6:44:70:
         f0:65:78:24:c4:d1:77:4b:d5:16:8e:9b:77:d3:3a:6d:ef:a9:
         7a:7b:b4:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjoXYsFohdS3K0k2POlOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2JkNzUwMTAwNTZlNTY5ZjNjMzU0NDllNTAwZDczM2MyN2UyZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhLgWsDHs6nFwQSFIfMnlraP5Vj8
Vg4p+Eh+ZHlN0sKApgONR2jROZOM21q2ZCFOpjH2Wd15O2QsEewnCKJ0kDH2+/IQ
bTypQwhIdqfr4FJIeXZgMowt83ZJul5dR5oMdKEznlje32zwDbPhPdlkB705A1Zx
idnNpTvEQRHdgZtvVAhFbUQJBxL/ZL9bG3LpfmUQUhxJZAlibEkeISJa2A3y35e6
A7+afcDfkMgsPwBdZ0zBFGB9726sqMWYdFQvbHAa7DMotLNm3af3wRwj6Sb4F0J8
/WKGALCw6JoJvXJJjxUkc4HuEKVOlnN0PFtxDMPdHTBa7WIyTvySNALvDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOy9dQEAVuVp88NUSeUA1zPCfi0uMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvN0wxMUFRQlc1V256dzFSSjVRRFhNOEotTFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNxaMA0G
CSqGSIb3DQEBCwUAA4IBAQAY88AdTkQljY3yW6CeXWQrgJMRbYpYOhM44C3DEbev
uNYZfy730REoOJ5uvmzoqbtwU/hLt+bYhGGIlw+O5ti7ULmFRBg2vprpPUqTYsg0
48E/KGcBqVkjJmYwTB1KWMaMDko57Jfibk/XVMEAyu1iL4OILNQncQulbw7zP2gy
4vPv83FHsTl26EzEffU9fMPDoGARqgzs8yrmqfGZD7oLKDX0t4rctkEe0CP5VZ+Q
OAlcP+7ox35VROlyEIRWm9DkBn7XGIQP0MawxJOqCTzaFZkQUk7uyi0MNfx9Z6jD
A2Ka6QxEbUPWRHDwZXgkxNF3S9UWjpt30zpt76l6e7T7
-----END CERTIFICATE-----