Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/32ae3e-d848-45f1-9cc1-6dec46994ba4/1/sFWfVthQNGnQ49NcUCzLqzLKdLQ.roa
File:                     sFWfVthQNGnQ49NcUCzLqzLKdLQ.roa (raw, json)
Hash identifier:          0QY65Rfkx/7KLARI1qnwkNUIqsM8Lktn3TNsmFMFb3s=
Subject key identifier:   B0:55:9F:56:D8:50:34:69:D0:E3:D3:5C:50:2C:CB:AB:32:CA:74:B4
Certificate issuer:       /CN=52dc49fe93a3f62add4ce9891d9033ead83d988c
Certificate serial:       019420685269450E76D74C621C2BC5C8D557
Authority key identifier: 52:DC:49:FE:93:A3:F6:2A:DD:4C:E9:89:1D:90:33:EA:D8:3D:98:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtxJ_pOj9irdTOmJHZAz6tg9mIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/32ae3e-d848-45f1-9cc1-6dec46994ba4/1/sFWfVthQNGnQ49NcUCzLqzLKdLQ.roa
Signing time:             Wed 01 Jan 2025 05:48:15 +0000
ROA not before:           Wed 01 Jan 2025 05:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        147.88.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/32ae3e-d848-45f1-9cc1-6dec46994ba4/1/UtxJ_pOj9irdTOmJHZAz6tg9mIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/32ae3e-d848-45f1-9cc1-6dec46994ba4/1/UtxJ_pOj9irdTOmJHZAz6tg9mIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtxJ_pOj9irdTOmJHZAz6tg9mIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:52:69:45:0e:76:d7:4c:62:1c:2b:c5:c8:d5:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc49fe93a3f62add4ce9891d9033ead83d988c
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0559f56d8503469d0e3d35c502ccbab32ca74b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7b:3b:04:49:6c:e7:53:7a:9a:8b:54:6d:16:
                    f0:21:b9:0e:5e:72:e2:62:ba:1a:52:59:ff:8e:77:
                    11:fb:8b:b3:3a:df:19:5e:17:91:f9:55:0c:a5:3f:
                    55:12:7c:e5:07:a0:bd:39:47:71:71:ba:ea:f4:1e:
                    6f:31:8f:9f:b3:ef:39:16:c2:f5:6c:4c:db:90:dd:
                    59:00:ce:54:12:f8:c2:a1:fa:e9:4e:a9:b1:e7:4a:
                    e7:e0:92:3a:b5:4c:ce:f3:81:9f:8d:c9:fc:3f:ff:
                    9c:3d:1c:a7:4e:7f:70:d5:4e:33:85:96:5a:c5:bd:
                    4e:20:48:ef:68:91:76:cc:87:86:88:78:49:69:87:
                    0a:87:35:85:b3:64:9a:02:30:93:08:ca:e3:33:3d:
                    69:95:c7:de:2f:41:d2:9d:69:f5:4f:b7:8f:ed:d6:
                    68:43:2f:5c:61:25:18:ea:d2:7c:9a:c4:12:49:ba:
                    1e:31:43:1a:fe:e3:a2:3c:5a:0d:da:a5:1d:0a:a0:
                    20:93:85:1f:fd:63:26:c9:11:be:4f:bd:85:d5:0b:
                    24:1f:1e:e0:fb:ac:55:1b:5e:5f:02:36:10:b0:2c:
                    12:14:8a:e0:9b:11:42:06:08:26:ad:06:00:be:35:
                    db:e1:37:86:1c:d5:93:7a:17:9d:08:63:ed:b6:6e:
                    d3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:55:9F:56:D8:50:34:69:D0:E3:D3:5C:50:2C:CB:AB:32:CA:74:B4
            X509v3 Authority Key Identifier:
                keyid:52:DC:49:FE:93:A3:F6:2A:DD:4C:E9:89:1D:90:33:EA:D8:3D:98:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtxJ_pOj9irdTOmJHZAz6tg9mIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/32ae3e-d848-45f1-9cc1-6dec46994ba4/1/sFWfVthQNGnQ49NcUCzLqzLKdLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/32ae3e-d848-45f1-9cc1-6dec46994ba4/1/UtxJ_pOj9irdTOmJHZAz6tg9mIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:9c:fb:fc:05:39:9f:2b:f7:a6:41:65:bf:2d:3e:e9:7c:9d:
         88:0d:65:25:f5:87:1d:f1:4a:2c:e1:cc:20:31:38:7b:83:4b:
         25:d7:bd:e0:60:38:6b:61:c6:02:dd:48:7d:c1:94:08:56:8e:
         1a:19:72:14:42:75:e8:01:8b:7b:cb:8e:73:39:2b:a8:87:6d:
         eb:79:4b:de:ce:8c:32:a8:af:47:38:13:d0:c7:4c:1c:17:e4:
         c8:f4:aa:99:ec:48:fb:9b:97:06:ba:2e:9a:18:62:0a:dd:87:
         08:6b:e2:cb:42:ac:b9:e6:d2:3c:e1:e5:50:21:ac:b0:c8:89:
         93:c6:51:dc:7b:eb:9a:19:98:71:5d:0b:f9:0e:76:e1:26:7d:
         bf:5e:be:22:8c:ee:2f:4c:fa:64:05:9f:96:55:64:db:67:cf:
         d8:77:c0:20:5e:3d:7b:09:45:ee:68:5c:03:56:ad:ce:ac:3e:
         b2:e2:17:6d:cd:29:74:b5:4d:56:8d:7c:b3:76:f4:a4:89:ef:
         98:58:33:84:b6:02:c7:00:50:aa:b8:1b:a6:f4:b5:2e:3d:78:
         63:fe:4a:6e:5e:e5:a1:4e:0c:cc:18:f4:52:bf:0c:af:40:02:
         d9:0d:71:5e:77:72:58:0f:d9:54:5f:1b:f6:bd:26:ad:65:2d:
         60:a2:69:64
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQgaFJpRQ5210xiHCvFyNVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM0OWZlOTNhM2Y2MmFkZDRjZTk4OTFkOTAzM2VhZDgz
ZDk4OGMwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDU1OWY1NmQ4NTAzNDY5ZDBlM2QzNWM1MDJjY2JhYjMyY2E3NGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ns7BEls51N6motUbRbwIbkOXnLi
YroaUln/jncR+4uzOt8ZXheR+VUMpT9VEnzlB6C9OUdxcbrq9B5vMY+fs+85FsL1
bEzbkN1ZAM5UEvjCofrpTqmx50rn4JI6tUzO84Gfjcn8P/+cPRynTn9w1U4zhZZa
xb1OIEjvaJF2zIeGiHhJaYcKhzWFs2SaAjCTCMrjMz1plcfeL0HSnWn1T7eP7dZo
Qy9cYSUY6tJ8msQSSboeMUMa/uOiPFoN2qUdCqAgk4Uf/WMmyRG+T72F1QskHx7g
+6xVG15fAjYQsCwSFIrgmxFCBggmrQYAvjXb4TeGHNWTehedCGPttm7TJwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLBVn1bYUDRp0OPTXFAsy6syynS0MB8GA1UdIwQY
MBaAFFLcSf6To/Yq3UzpiR2QM+rYPZiMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR4Sl9wT2o5aXJkVE9tSkhaQXo2dGc5bUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zMmFlM2UtZDg0OC00NWYxLTljYzEt
NmRlYzQ2OTk0YmE0LzEvc0ZXZlZ0aFFOR25RNDlOY1VDekxxekxLZExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zMmFlM2UtZDg0OC00NWYxLTljYzEtNmRlYzQ2OTk0YmE0
LzEvVXR4Sl9wT2o5aXJkVE9tSkhaQXo2dGc5bUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk1gwDQYJ
KoZIhvcNAQELBQADggEBADKc+/wFOZ8r96ZBZb8tPul8nYgNZSX1hx3xSizhzCAx
OHuDSyXXveBgOGthxgLdSH3BlAhWjhoZchRCdegBi3vLjnM5K6iHbet5S97OjDKo
r0c4E9DHTBwX5Mj0qpnsSPublwa6LpoYYgrdhwhr4stCrLnm0jzh5VAhrLDIiZPG
Udx765oZmHFdC/kOduEmfb9eviKM7i9M+mQFn5ZVZNtnz9h3wCBePXsJRe5oXANW
rc6sPrLiF23NKXS1TVaNfLN29KSJ75hYM4S2AscAUKq4G6b0tS49eGP+Sm5e5aFO
DMwY9FK/DK9AAtkNcV53clgP2VRfG/a9Jq1lLWCiaWQ=
-----END CERTIFICATE-----