Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/RiXc0w7t5xX26ELQVBzhzQ5s3W8.roa
File:                     RiXc0w7t5xX26ELQVBzhzQ5s3W8.roa (raw, json)
Hash identifier:          1Vxr9lUuAjIlr6KEnNoJwv1Uhv0dUKXRd0yNKLuxU4U=
Subject key identifier:   46:25:DC:D3:0E:ED:E7:15:F6:E8:42:D0:54:1C:E1:CD:0E:6C:DD:6F
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019422200483031D7BA9F7BD899284483D0D
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/RiXc0w7t5xX26ELQVBzhzQ5s3W8.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204957
IP address blocks:        185.88.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:04:83:03:1d:7b:a9:f7:bd:89:92:84:48:3d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4625dcd30eede715f6e842d0541ce1cd0e6cdd6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b0:a4:df:3f:8f:9e:dd:7b:df:97:45:a4:0c:
                    4e:7a:d1:77:ef:67:b4:dc:3f:5d:a9:6d:8f:46:16:
                    8a:5d:73:d5:dc:d2:9d:45:ea:0a:80:5a:38:ec:e9:
                    ed:ef:1d:63:5e:76:2e:d9:ae:04:2e:c1:b3:f6:d3:
                    4d:8a:66:0c:58:78:f3:e7:0f:62:3b:7a:f5:fe:6e:
                    c0:ee:57:d3:82:24:7f:9c:e2:66:7c:34:25:9c:be:
                    f3:16:4c:d4:30:09:cd:9d:c9:d3:38:39:b4:4d:3c:
                    91:b3:25:4f:da:83:03:fe:49:42:12:e2:81:53:00:
                    4b:ad:54:78:cf:72:e7:8d:0f:d3:cc:df:20:01:19:
                    cf:b7:b9:98:c4:60:dd:1f:2f:4a:51:d5:ac:c8:51:
                    c6:ab:4a:6d:35:14:49:e2:f0:46:28:96:17:b8:5f:
                    fc:5b:00:8b:c0:6f:e9:6a:30:a5:99:d7:6f:30:12:
                    58:dc:d1:7e:3a:6b:e5:80:3d:ed:32:35:41:85:af:
                    07:ec:03:07:19:79:47:53:a5:b1:1d:ef:ab:c3:b3:
                    ee:31:de:c5:80:70:ee:7d:12:8a:ce:c2:87:78:d6:
                    bf:38:51:02:c9:60:07:e8:be:09:d4:17:c6:91:1d:
                    0f:dc:60:b0:eb:27:f2:4a:07:37:9e:e8:46:0c:0e:
                    f5:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:25:DC:D3:0E:ED:E7:15:F6:E8:42:D0:54:1C:E1:CD:0E:6C:DD:6F
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/RiXc0w7t5xX26ELQVBzhzQ5s3W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:86:ac:a7:3a:06:7d:69:9e:f7:7b:72:9b:9b:8a:ab:41:7b:
         31:61:e5:2b:0d:91:4f:a1:9a:26:1f:f6:bc:da:54:f5:cc:a6:
         bb:7f:3b:a7:fa:09:ba:cb:be:a2:67:73:09:eb:02:a1:7c:f9:
         95:21:b8:37:b7:07:9a:49:a5:f0:26:63:6a:ab:79:3a:da:2d:
         9c:44:08:37:6c:ea:13:b8:06:98:33:8a:05:c0:d1:9b:a2:04:
         3a:39:df:4e:6f:76:ca:4b:c6:e2:23:92:73:92:c1:df:ea:8e:
         54:eb:f1:10:50:a2:78:80:cf:61:66:4e:69:b6:40:cf:05:4b:
         22:b0:d6:2a:a1:15:9b:33:49:ff:f6:fa:89:8b:15:42:12:f1:
         b0:b3:a5:e9:44:5c:b0:30:10:2c:5f:e2:42:d0:78:4c:a1:92:
         69:a8:63:f4:31:b4:3b:4f:58:3e:1a:80:ff:e3:8c:59:56:9f:
         76:c0:a0:2c:a4:48:71:d6:04:83:46:bf:c8:f7:7d:11:a6:5a:
         be:81:de:b6:69:59:32:b1:79:59:5c:6d:b7:33:aa:31:da:bb:
         d7:aa:93:ff:4c:c8:54:df:d6:7e:ac:e3:d6:3c:0a:4a:85:e4:
         a8:98:c5:f2:03:03:a8:14:64:62:8d:ae:d3:0e:67:b6:94:a5:
         a8:87:f5:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIASDAx17qfe9iZKESD0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjI1ZGNkMzBlZWRlNzE1ZjZlODQyZDA1NDFjZTFjZDBlNmNkZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrCk3z+Pnt1735dFpAxOetF372e0
3D9dqW2PRhaKXXPV3NKdReoKgFo47Ont7x1jXnYu2a4ELsGz9tNNimYMWHjz5w9i
O3r1/m7A7lfTgiR/nOJmfDQlnL7zFkzUMAnNncnTODm0TTyRsyVP2oMD/klCEuKB
UwBLrVR4z3LnjQ/TzN8gARnPt7mYxGDdHy9KUdWsyFHGq0ptNRRJ4vBGKJYXuF/8
WwCLwG/pajClmddvMBJY3NF+OmvlgD3tMjVBha8H7AMHGXlHU6WxHe+rw7PuMd7F
gHDufRKKzsKHeNa/OFECyWAH6L4J1BfGkR0P3GCw6yfySgc3nuhGDA71hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYl3NMO7ecV9uhC0FQc4c0ObN1vMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvUmlYYzB3N3Q1eFgyNkVMUVZCemh6UTVzM1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVgmMA0G
CSqGSIb3DQEBCwUAA4IBAQBehqynOgZ9aZ73e3Kbm4qrQXsxYeUrDZFPoZomH/a8
2lT1zKa7fzun+gm6y76iZ3MJ6wKhfPmVIbg3tweaSaXwJmNqq3k62i2cRAg3bOoT
uAaYM4oFwNGbogQ6Od9Ob3bKS8biI5JzksHf6o5U6/EQUKJ4gM9hZk5ptkDPBUsi
sNYqoRWbM0n/9vqJixVCEvGws6XpRFywMBAsX+JC0HhMoZJpqGP0MbQ7T1g+GoD/
44xZVp92wKAspEhx1gSDRr/I930Rplq+gd62aVkysXlZXG23M6ox2rvXqpP/TMhU
39Z+rOPWPApKheSomMXyAwOoFGRija7TDme2lKWoh/W3
-----END CERTIFICATE-----