Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/0iDUFJnxa3p3pYn9wOd7dy5ufak.roa
File:                     0iDUFJnxa3p3pYn9wOd7dy5ufak.roa (raw, json)
Hash identifier:          3azQw0QyMVpE4/ttRjyWB6+sGCTH0gc4+eCuZ8gfhjY=
Subject key identifier:   D2:20:D4:14:99:F1:6B:7A:77:A5:89:FD:C0:E7:7B:77:2E:6E:7D:A9
Certificate issuer:       /CN=88e9fa23da4fe97aa9e0f39115620559a29f6b70
Certificate serial:       0196ED077237119DFB401D1BBCF3BFF584B3
Authority key identifier: 88:E9:FA:23:DA:4F:E9:7A:A9:E0:F3:91:15:62:05:59:A2:9F:6B:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iOn6I9pP6Xqp4PORFWIFWaKfa3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/0iDUFJnxa3p3pYn9wOd7dy5ufak.roa
Signing time:             Tue 20 May 2025 09:30:10 +0000
ROA not before:           Tue 20 May 2025 09:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212288
IP address blocks:        83.242.108.0/23 maxlen: 24
                          83.242.108.0/24 maxlen: 24
                          83.242.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/iOn6I9pP6Xqp4PORFWIFWaKfa3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/iOn6I9pP6Xqp4PORFWIFWaKfa3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iOn6I9pP6Xqp4PORFWIFWaKfa3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:07:72:37:11:9d:fb:40:1d:1b:bc:f3:bf:f5:84:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88e9fa23da4fe97aa9e0f39115620559a29f6b70
        Validity
            Not Before: May 20 09:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d220d41499f16b7a77a589fdc0e77b772e6e7da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:05:9e:f1:cb:44:30:1d:83:f9:7f:f4:b9:2b:
                    7b:2a:d0:e3:37:1c:71:50:77:54:fa:35:31:f1:88:
                    43:93:cc:3f:69:24:32:32:95:9e:4d:0a:5b:b1:b4:
                    9e:d7:83:87:94:37:1f:29:98:f2:a9:8b:45:97:d6:
                    19:f4:d5:37:77:26:67:ba:34:f0:56:fb:cd:40:69:
                    0f:9f:9b:b4:92:5d:e1:00:a1:d0:0d:18:20:ae:e9:
                    3f:20:a0:8e:ef:2a:83:38:1c:17:7f:1e:db:83:63:
                    e7:d6:d7:ef:82:6b:a6:ec:0f:5f:bd:c7:bc:67:a5:
                    b6:69:61:9b:b1:8d:82:1c:76:db:87:5b:c8:9b:04:
                    e8:95:42:8c:a1:98:d2:42:8f:45:63:94:e0:2e:4d:
                    7f:d3:ad:41:18:67:d7:68:29:29:4e:75:2b:2f:7a:
                    e6:8a:18:bc:6e:f0:4e:6b:f8:03:63:9c:27:7c:da:
                    df:33:83:53:fd:c3:e5:9a:16:ff:27:2d:99:61:d7:
                    91:7e:dc:a9:8d:54:90:d4:3f:68:a9:d9:da:7b:ef:
                    82:d9:29:37:3d:fc:64:c9:a8:a0:ac:af:ae:c9:9b:
                    e2:3d:65:4c:a9:42:81:4f:7b:ac:52:ed:a2:69:33:
                    4f:22:7b:f4:c9:bd:46:18:7c:b2:48:15:bb:ba:c1:
                    d7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:20:D4:14:99:F1:6B:7A:77:A5:89:FD:C0:E7:7B:77:2E:6E:7D:A9
            X509v3 Authority Key Identifier:
                keyid:88:E9:FA:23:DA:4F:E9:7A:A9:E0:F3:91:15:62:05:59:A2:9F:6B:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iOn6I9pP6Xqp4PORFWIFWaKfa3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/0iDUFJnxa3p3pYn9wOd7dy5ufak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/iOn6I9pP6Xqp4PORFWIFWaKfa3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.242.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:c9:6c:aa:f6:1c:4d:f3:dc:d0:c9:68:c9:8b:1c:33:10:69:
         37:17:79:48:cb:6a:5e:98:af:43:aa:61:51:3a:a3:58:f4:34:
         91:b4:c5:59:a4:56:60:11:60:99:49:9f:75:8c:92:c7:1a:45:
         7c:c8:97:a7:e4:69:69:1b:ca:9f:c4:6d:c4:b6:93:b9:eb:c2:
         f2:9f:d1:6e:bb:9a:b6:eb:36:63:6d:b2:4c:63:28:97:a1:77:
         42:b2:dd:6e:b6:68:d7:85:28:2b:33:f2:bb:2c:98:62:f3:84:
         70:38:a6:d7:33:12:67:86:0a:7e:27:cd:e6:57:21:1c:95:8c:
         3a:6a:fc:7b:c2:7b:49:07:4f:85:8b:91:ef:f5:7a:88:f5:e2:
         2d:1d:d1:4e:86:44:d9:d7:f9:6f:e5:c9:f5:e8:2f:24:90:40:
         59:ea:db:3e:54:76:eb:f6:ff:22:32:c1:92:f3:e8:c9:12:ad:
         4d:ad:f7:42:d3:87:45:ee:63:31:ee:4b:34:4a:84:86:4b:47:
         55:1b:f9:2a:5b:f5:c3:b8:69:03:dd:cd:31:3f:55:34:03:12:
         37:af:c4:96:60:93:ba:d7:48:5a:64:a3:44:0c:de:f3:ed:93:
         b9:b0:b2:fa:e5:18:c7:58:59:d5:d4:52:90:fb:7e:63:1c:ac:
         75:55:7b:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtB3I3EZ37QB0bvPO/9YSzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZTlmYTIzZGE0ZmU5N2FhOWUwZjM5MTE1NjIwNTU5YTI5
ZjZiNzAwHhcNMjUwNTIwMDkzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIwZDQxNDk5ZjE2YjdhNzdhNTg5ZmRjMGU3N2I3NzJlNmU3ZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAWe8ctEMB2D+X/0uSt7KtDjNxxx
UHdU+jUx8YhDk8w/aSQyMpWeTQpbsbSe14OHlDcfKZjyqYtFl9YZ9NU3dyZnujTw
VvvNQGkPn5u0kl3hAKHQDRggruk/IKCO7yqDOBwXfx7bg2Pn1tfvgmum7A9fvce8
Z6W2aWGbsY2CHHbbh1vImwTolUKMoZjSQo9FY5TgLk1/061BGGfXaCkpTnUrL3rm
ihi8bvBOa/gDY5wnfNrfM4NT/cPlmhb/Jy2ZYdeRftypjVSQ1D9oqdnae++C2Sk3
PfxkyaigrK+uyZviPWVMqUKBT3usUu2iaTNPInv0yb1GGHyySBW7usHXnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIg1BSZ8Wt6d6WJ/cDne3cubn2pMB8GA1UdIwQY
MBaAFIjp+iPaT+l6qeDzkRViBVmin2twMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU9uNkk5cFA2WHFwNFBPUkZXSUZXYUtmYTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS82ZDE1YzAtODBjYy00ZWRmLThmMTQt
M2UyNDc4OTQ3ZTZlLzEvMGlEVUZKbnhhM3AzcFluOXdPZDdkeTV1ZmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS82ZDE1YzAtODBjYy00ZWRmLThmMTQtM2UyNDc4OTQ3ZTZl
LzEvaU9uNkk5cFA2WHFwNFBPUkZXSUZXYUtmYTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU/JsMA0G
CSqGSIb3DQEBCwUAA4IBAQCHyWyq9hxN89zQyWjJixwzEGk3F3lIy2pemK9DqmFR
OqNY9DSRtMVZpFZgEWCZSZ91jJLHGkV8yJen5GlpG8qfxG3EtpO568Lyn9Fuu5q2
6zZjbbJMYyiXoXdCst1utmjXhSgrM/K7LJhi84RwOKbXMxJnhgp+J83mVyEclYw6
avx7wntJB0+Fi5Hv9XqI9eItHdFOhkTZ1/lv5cn16C8kkEBZ6ts+VHbr9v8iMsGS
8+jJEq1NrfdC04dF7mMx7ks0SoSGS0dVG/kqW/XDuGkD3c0xP1U0AxI3r8SWYJO6
10haZKNEDN7z7ZO5sLL65RjHWFnV1FKQ+35jHKx1VXs2
-----END CERTIFICATE-----