Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/TrekbKofwJJgypIh3djYyzsCUwU.roa
File:                     TrekbKofwJJgypIh3djYyzsCUwU.roa (raw, json)
Hash identifier:          TCCyZiFHD9x34gvfVDyLYWKAPcQuU4dBBXrQhqnIl2k=
Subject key identifier:   4E:B7:A4:6C:AA:1F:C0:92:60:CA:92:21:DD:D8:D8:CB:3B:02:53:05
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       01942143B299888EE785FC8866D977C5E9C4
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/TrekbKofwJJgypIh3djYyzsCUwU.roa
Signing time:             Wed 01 Jan 2025 09:47:52 +0000
ROA not before:           Wed 01 Jan 2025 09:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49190
IP address blocks:        195.88.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b2:99:88:8e:e7:85:fc:88:66:d9:77:c5:e9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 09:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4eb7a46caa1fc09260ca9221ddd8d8cb3b025305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ba:68:83:82:6d:a1:15:85:a4:48:ce:82:99:
                    6b:c3:ab:0b:99:cf:bc:b4:46:d2:fb:fe:cd:08:9f:
                    14:ef:f9:38:52:e2:70:7b:05:f6:60:03:d4:1b:18:
                    86:2c:62:74:4f:bf:f3:b6:18:bd:ef:0e:84:30:e4:
                    3f:ff:50:78:65:a5:18:47:97:50:64:98:63:1a:e5:
                    52:dd:7f:ed:bc:3d:ae:67:cb:51:70:d1:80:85:68:
                    17:76:52:ca:90:b1:04:fb:e7:76:bd:8f:be:43:5a:
                    33:aa:6a:65:bc:01:f9:f6:9a:f7:28:dc:0f:35:3c:
                    0c:82:c6:4a:6b:8e:c3:73:7d:0f:e0:8f:22:21:fd:
                    03:b5:84:69:5b:fd:e7:d7:d0:bb:23:50:ae:1b:da:
                    d3:b3:64:04:8a:a6:89:43:90:43:b8:04:34:b0:2f:
                    6b:d0:b9:ff:e6:74:5c:5a:49:94:0b:7d:fb:03:f2:
                    42:c0:e3:d9:25:3e:23:a6:31:33:ff:bb:56:44:ef:
                    9b:e5:d8:b4:2a:a6:e3:81:62:58:9c:0c:28:6e:7c:
                    64:9c:f5:b3:eb:05:10:15:ea:17:50:7d:18:a1:97:
                    fa:0b:58:b2:32:09:ef:d4:42:34:5d:49:22:73:aa:
                    61:c8:16:d8:4a:0e:10:7e:e3:95:e6:c6:31:32:34:
                    c4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B7:A4:6C:AA:1F:C0:92:60:CA:92:21:DD:D8:D8:CB:3B:02:53:05
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/TrekbKofwJJgypIh3djYyzsCUwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:ff:4e:38:99:4a:4f:46:d5:81:a9:38:14:c5:1a:c2:7c:97:
         af:a6:09:d3:27:ec:ae:03:11:2f:74:e4:e3:e5:e9:c0:7d:05:
         89:32:88:34:e8:91:53:a1:43:0c:4c:ec:4f:5d:cd:6b:a8:f5:
         44:e8:4c:16:d2:2a:c5:94:ed:cf:69:1e:b6:96:93:ca:a1:c0:
         e0:fd:5d:6b:cf:e8:3a:52:7e:f1:52:0e:5c:f5:63:13:85:8b:
         b3:fc:96:43:72:7c:db:2e:c6:24:7d:14:13:70:d7:85:eb:77:
         85:12:36:19:ce:05:cc:92:ed:b9:43:c5:93:df:e2:36:c8:1c:
         e5:94:45:3a:e3:ff:c9:2d:5e:d5:f8:1c:9e:13:63:e6:4c:82:
         f1:cc:1c:3a:78:35:17:00:86:f5:4d:46:61:2b:96:8d:28:2e:
         5e:4d:1c:51:4f:eb:8e:48:10:c6:fd:58:96:91:b4:2b:7c:7f:
         b2:82:4c:a8:76:33:03:f5:ff:4a:36:32:aa:e5:59:ef:71:df:
         3a:39:5f:f2:ab:fe:ac:0e:c4:43:22:a4:77:4f:eb:1e:e1:54:
         81:bf:1f:5c:b2:1f:f5:97:2e:a8:fe:4e:e8:32:c5:69:20:7f:
         60:57:43:39:a3:77:83:af:60:16:31:f4:f6:70:af:8c:93:bd:
         f7:7d:14:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ7KZiI7nhfyIZtl3xenEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTZjZDlmNGJlYjdiMGMwNGQzMWZmZTVjNjc0YTg3YTc3
MzlkMjEwHhcNMjUwMTAxMDk0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWI3YTQ2Y2FhMWZjMDkyNjBjYTkyMjFkZGQ4ZDhjYjNiMDI1MzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbpog4JtoRWFpEjOgplrw6sLmc+8
tEbS+/7NCJ8U7/k4UuJwewX2YAPUGxiGLGJ0T7/zthi97w6EMOQ//1B4ZaUYR5dQ
ZJhjGuVS3X/tvD2uZ8tRcNGAhWgXdlLKkLEE++d2vY++Q1ozqmplvAH59pr3KNwP
NTwMgsZKa47Dc30P4I8iIf0DtYRpW/3n19C7I1CuG9rTs2QEiqaJQ5BDuAQ0sC9r
0Ln/5nRcWkmUC337A/JCwOPZJT4jpjEz/7tWRO+b5di0KqbjgWJYnAwobnxknPWz
6wUQFeoXUH0YoZf6C1iyMgnv1EI0XUkic6phyBbYSg4QfuOV5sYxMjTEdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE63pGyqH8CSYMqSId3Y2Ms7AlMFMB8GA1UdIwQY
MBaAFImmzZ9L63sMBNMf/lxnSoenc50hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYt
MWY5MjQ0OTVmY2RkLzEvVHJla2JLb2Z3SkpneXBJaDNkall5enNDVXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYtMWY5MjQ0OTVmY2Rk
LzEvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1iAMA0G
CSqGSIb3DQEBCwUAA4IBAQAs/044mUpPRtWBqTgUxRrCfJevpgnTJ+yuAxEvdOTj
5enAfQWJMog06JFToUMMTOxPXc1rqPVE6EwW0irFlO3PaR62lpPKocDg/V1rz+g6
Un7xUg5c9WMThYuz/JZDcnzbLsYkfRQTcNeF63eFEjYZzgXMku25Q8WT3+I2yBzl
lEU64//JLV7V+ByeE2PmTILxzBw6eDUXAIb1TUZhK5aNKC5eTRxRT+uOSBDG/ViW
kbQrfH+ygkyodjMD9f9KNjKq5Vnvcd86OV/yq/6sDsRDIqR3T+se4VSBvx9csh/1
ly6o/k7oMsVpIH9gV0M5o3eDr2AWMfT2cK+Mk733fRT0
-----END CERTIFICATE-----