Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/cImZLtFc3FTrUvWUH9zYLXpr6w0.roa
File:                     cImZLtFc3FTrUvWUH9zYLXpr6w0.roa (raw, json)
Hash identifier:          H1qVOZh5c0wghrLhJ2ykZhb4n6/3rGYsTHz+ahBxVlo=
Subject key identifier:   70:89:99:2E:D1:5C:DC:54:EB:52:F5:94:1F:DC:D8:2D:7A:6B:EB:0D
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B237F8EB7C497C161E6CFB5A8CDDF0
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/cImZLtFc3FTrUvWUH9zYLXpr6w0.roa
Signing time:             Wed 01 Jan 2025 11:48:35 +0000
ROA not before:           Wed 01 Jan 2025 11:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209296
IP address blocks:        88.220.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:37:f8:eb:7c:49:7c:16:1e:6c:fb:5a:8c:dd:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7089992ed15cdc54eb52f5941fdcd82d7a6beb0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:94:9d:90:70:cc:a6:67:1e:7d:0f:49:4f:7e:
                    ba:85:5f:35:e8:e6:9c:7e:aa:69:12:fc:94:b6:60:
                    72:c8:b2:81:9b:ca:33:3a:52:d0:2d:45:10:23:41:
                    04:51:2b:44:dc:f6:2a:3e:c8:b3:63:96:07:04:d1:
                    8e:1e:75:68:db:db:ef:ce:32:08:05:ff:ea:f8:9f:
                    55:52:d1:d8:1e:36:dc:8e:a4:44:ae:85:01:95:08:
                    d1:de:b9:e5:1f:01:50:3c:81:61:6a:5a:b9:c8:aa:
                    73:f6:56:6c:63:01:94:59:93:ba:25:b0:47:48:ef:
                    28:2f:d9:ea:10:e4:83:25:fa:b4:f0:97:03:f8:4a:
                    87:59:47:b2:50:c5:a4:5f:b9:1d:23:df:c9:17:a2:
                    be:2a:3e:57:28:41:8a:9a:43:6e:0a:4f:cf:01:74:
                    6e:dd:33:92:44:bf:8a:48:99:66:0a:dc:d4:37:52:
                    8f:5f:15:a6:85:d6:59:c8:26:48:ca:08:95:85:1c:
                    91:12:87:6b:c7:d9:a9:82:03:ce:85:46:8f:ff:a2:
                    e4:43:a7:86:b0:9b:bf:38:a2:15:d4:dc:38:87:0e:
                    25:f4:a3:6f:4c:5b:94:63:a8:d9:22:97:95:6b:35:
                    39:c2:09:6b:7e:bf:9a:42:84:64:30:76:cc:15:ca:
                    fc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:89:99:2E:D1:5C:DC:54:EB:52:F5:94:1F:DC:D8:2D:7A:6B:EB:0D
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/cImZLtFc3FTrUvWUH9zYLXpr6w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:89:ab:1d:bb:ba:5b:c7:31:d9:28:f9:7a:f4:83:97:f1:20:
         19:61:e6:f8:6d:fd:17:1b:a0:d5:72:4a:b9:06:52:a0:d9:3a:
         4a:85:fc:6d:18:69:03:1f:ff:f0:6d:8f:50:3f:d2:8a:e2:bb:
         10:5a:45:03:0f:f5:20:e1:69:0d:02:f0:ad:6f:01:b0:08:bb:
         18:1c:ae:c4:49:bf:97:07:5a:37:1a:fb:b0:a4:82:d6:29:98:
         dd:05:dd:fd:b9:16:6b:b2:46:46:73:7f:5d:5e:c8:32:64:b1:
         93:db:b1:99:2e:76:4f:14:74:df:0f:35:23:1b:b5:b2:b6:ce:
         ef:e3:8d:36:10:30:1d:6e:3b:34:92:c6:34:92:09:63:65:0b:
         e0:b4:7f:c7:03:09:89:3d:5b:9a:f0:71:f3:a2:82:02:c2:67:
         76:ff:89:8c:29:4a:58:78:c0:77:dc:6a:67:6d:fd:c6:a3:25:
         03:8d:d5:3e:85:86:ea:2b:18:18:e7:1a:46:90:c9:e7:35:f3:
         be:e1:f0:96:50:1b:54:b9:8f:80:a1:e6:fc:4a:ca:6a:ae:dc:
         3d:c1:44:b5:b9:6b:94:f7:ce:ac:e3:ce:9a:de:31:6e:f8:17:
         8f:d3:01:5f:4f:f7:e0:f4:eb:77:af:3c:ec:03:02:32:76:3b:
         10:73:e6:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjf463xJfBYebPtajN3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg5OTkyZWQxNWNkYzU0ZWI1MmY1OTQxZmRjZDgyZDdhNmJlYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5SdkHDMpmcefQ9JT366hV816Oac
fqppEvyUtmByyLKBm8ozOlLQLUUQI0EEUStE3PYqPsizY5YHBNGOHnVo29vvzjII
Bf/q+J9VUtHYHjbcjqREroUBlQjR3rnlHwFQPIFhalq5yKpz9lZsYwGUWZO6JbBH
SO8oL9nqEOSDJfq08JcD+EqHWUeyUMWkX7kdI9/JF6K+Kj5XKEGKmkNuCk/PAXRu
3TOSRL+KSJlmCtzUN1KPXxWmhdZZyCZIygiVhRyREodrx9mpggPOhUaP/6LkQ6eG
sJu/OKIV1Nw4hw4l9KNvTFuUY6jZIpeVazU5wglrfr+aQoRkMHbMFcr8uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCJmS7RXNxU61L1lB/c2C16a+sNMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvY0ltWkx0RmMzRlRyVXZXVUg5ellMWHByNncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNwzMA0G
CSqGSIb3DQEBCwUAA4IBAQC+iasdu7pbxzHZKPl69IOX8SAZYeb4bf0XG6DVckq5
BlKg2TpKhfxtGGkDH//wbY9QP9KK4rsQWkUDD/Ug4WkNAvCtbwGwCLsYHK7ESb+X
B1o3GvuwpILWKZjdBd39uRZrskZGc39dXsgyZLGT27GZLnZPFHTfDzUjG7Wyts7v
4402EDAdbjs0ksY0kgljZQvgtH/HAwmJPVua8HHzooICwmd2/4mMKUpYeMB33Gpn
bf3GoyUDjdU+hYbqKxgY5xpGkMnnNfO+4fCWUBtUuY+Aoeb8Sspqrtw9wUS1uWuU
986s486a3jFu+BeP0wFfT/fg9Ot3rzzsAwIydjsQc+bl
-----END CERTIFICATE-----