Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/iKx7DVcDIp4-3Ht_VZ0qOWxo2fU.roa
File:                     iKx7DVcDIp4-3Ht_VZ0qOWxo2fU.roa (raw, json)
Hash identifier:          zpfuponymK+r2Tkz+w9BOZiVOOpvDfzySSg7CkzrHaM=
Subject key identifier:   88:AC:7B:0D:57:03:22:9E:3E:DC:7B:7F:55:9D:2A:39:6C:68:D9:F5
Certificate issuer:       /CN=a56ff71e4b8ec24b1c632b2fa2248739cc572205
Certificate serial:       019423D7199EAC06BFA5D4FC83281F27877D
Authority key identifier: A5:6F:F7:1E:4B:8E:C2:4B:1C:63:2B:2F:A2:24:87:39:CC:57:22:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/iKx7DVcDIp4-3Ht_VZ0qOWxo2fU.roa
Signing time:             Wed 01 Jan 2025 21:48:06 +0000
ROA not before:           Wed 01 Jan 2025 21:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61966
IP address blocks:        185.52.228.0/23 maxlen: 23
                          185.52.230.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:19:9e:ac:06:bf:a5:d4:fc:83:28:1f:27:87:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a56ff71e4b8ec24b1c632b2fa2248739cc572205
        Validity
            Not Before: Jan  1 21:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88ac7b0d5703229e3edc7b7f559d2a396c68d9f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2d:bb:8e:72:81:e2:15:4d:49:df:e1:a2:45:
                    92:f0:2d:7c:31:41:16:59:0b:2f:23:92:24:65:f3:
                    70:9b:a4:b5:0a:be:9c:c9:10:0f:16:7f:c0:ee:1d:
                    3e:da:1a:e9:81:d6:fe:f4:8e:c8:69:54:79:b0:ed:
                    ba:ae:95:35:fa:98:0a:f3:8a:b8:17:c4:1d:cf:a7:
                    9c:75:62:8f:f1:a0:b8:46:96:a3:47:0c:c4:db:14:
                    0b:98:45:85:40:94:36:6e:c3:86:54:54:68:ef:04:
                    8f:b8:b9:ed:c4:23:e0:00:45:2c:b0:83:cd:50:56:
                    c8:75:78:e4:13:8a:52:53:0e:69:e1:b1:16:0c:9d:
                    6a:c2:6c:45:5a:30:aa:36:ff:17:1f:d8:18:92:f5:
                    4e:b1:09:d2:54:3e:0b:5c:b7:21:2f:89:86:0a:86:
                    f1:e3:78:e5:4b:8f:bf:a8:0e:c0:b1:d4:1c:66:f1:
                    61:78:8f:81:82:b6:c7:0a:b9:d5:e3:44:13:eb:e7:
                    33:52:b3:49:71:d3:b8:28:2e:6c:d7:77:ef:f7:46:
                    f4:a3:b1:25:41:91:6a:c6:49:34:ea:24:d2:58:8c:
                    a7:63:2a:56:4f:10:20:3b:ae:18:ad:13:2d:43:c7:
                    22:3e:74:aa:a1:7c:5a:40:a3:3c:45:02:7a:dc:2a:
                    f4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:AC:7B:0D:57:03:22:9E:3E:DC:7B:7F:55:9D:2A:39:6C:68:D9:F5
            X509v3 Authority Key Identifier:
                keyid:A5:6F:F7:1E:4B:8E:C2:4B:1C:63:2B:2F:A2:24:87:39:CC:57:22:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/iKx7DVcDIp4-3Ht_VZ0qOWxo2fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:fd:37:db:62:bb:39:07:ab:e8:74:f8:2d:e6:65:ae:3a:62:
         77:9e:d3:6e:9b:07:c1:6f:ac:1b:8f:a5:fa:1e:92:5d:3d:f7:
         96:2b:2f:41:1b:ee:d0:6f:47:96:74:44:49:4a:78:93:c3:f8:
         c6:b0:e6:a7:c9:f7:89:c0:fb:44:33:db:cf:5a:0c:de:34:50:
         ae:82:ab:99:c7:c9:c7:83:7c:4b:0a:50:86:72:aa:2c:08:7c:
         7b:b7:76:96:79:90:4f:16:cc:2a:f5:06:e1:ca:f2:7d:0f:28:
         a6:ca:88:2b:ee:3f:75:1e:58:c0:54:b2:d1:74:e7:b4:ae:85:
         08:9b:36:50:cf:50:52:47:be:45:eb:5a:26:ca:a3:42:b0:01:
         02:2a:6c:ba:53:06:b3:e7:8d:a5:62:19:cf:90:2e:86:b0:42:
         bb:94:00:30:f0:6c:bc:5e:96:60:11:38:a7:64:0a:dd:dd:d8:
         c3:00:d6:ff:fa:08:5f:3e:f7:02:89:4d:88:06:8f:c8:11:6d:
         ca:50:7b:87:f0:69:f1:df:db:7c:07:10:8b:d0:36:f3:0d:90:
         b7:16:f7:3e:11:84:c1:38:b2:d9:78:b8:1e:2b:5d:b4:ff:a9:
         70:63:11:f8:4a:35:a3:73:e7:36:9e:7d:d7:d5:c9:8f:24:af:
         b9:78:59:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xmerAa/pdT8gygfJ4d9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NmZmNzFlNGI4ZWMyNGIxYzYzMmIyZmEyMjQ4NzM5Y2M1
NzIyMDUwHhcNMjUwMTAxMjE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGFjN2IwZDU3MDMyMjllM2VkYzdiN2Y1NTlkMmEzOTZjNjhkOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly27jnKB4hVNSd/hokWS8C18MUEW
WQsvI5IkZfNwm6S1Cr6cyRAPFn/A7h0+2hrpgdb+9I7IaVR5sO26rpU1+pgK84q4
F8Qdz6ecdWKP8aC4RpajRwzE2xQLmEWFQJQ2bsOGVFRo7wSPuLntxCPgAEUssIPN
UFbIdXjkE4pSUw5p4bEWDJ1qwmxFWjCqNv8XH9gYkvVOsQnSVD4LXLchL4mGCobx
43jlS4+/qA7AsdQcZvFheI+BgrbHCrnV40QT6+czUrNJcdO4KC5s13fv90b0o7El
QZFqxkk06iTSWIynYypWTxAgO64YrRMtQ8ciPnSqoXxaQKM8RQJ63Cr0hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIisew1XAyKePtx7f1WdKjlsaNn1MB8GA1UdIwQY
MBaAFKVv9x5LjsJLHGMrL6IkhznMVyIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdfM0hrdU93a3NjWXlzdm9pU0hPY3hYSWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS80YTMxMzktOGUxYi00YTFlLTg3ZGEt
ZTZhYWJiMDZiYmIwLzEvaUt4N0RWY0RJcDQtM0h0X1ZaMHFPV3hvMmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS80YTMxMzktOGUxYi00YTFlLTg3ZGEtZTZhYWJiMDZiYmIw
LzEvcFdfM0hrdU93a3NjWXlzdm9pU0hPY3hYSWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTTkMA0G
CSqGSIb3DQEBCwUAA4IBAQC8/TfbYrs5B6vodPgt5mWuOmJ3ntNumwfBb6wbj6X6
HpJdPfeWKy9BG+7Qb0eWdERJSniTw/jGsOanyfeJwPtEM9vPWgzeNFCugquZx8nH
g3xLClCGcqosCHx7t3aWeZBPFswq9QbhyvJ9Dyimyogr7j91HljAVLLRdOe0roUI
mzZQz1BSR75F61omyqNCsAECKmy6Uwaz542lYhnPkC6GsEK7lAAw8Gy8XpZgETin
ZArd3djDANb/+ghfPvcCiU2IBo/IEW3KUHuH8Gnx39t8BxCL0DbzDZC3Fvc+EYTB
OLLZeLgeK120/6lwYxH4SjWjc+c2nn3X1cmPJK+5eFkb
-----END CERTIFICATE-----