Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/e73988-c1c2-408f-b738-39046b4a9170/1/Edf4BRC_SQM6caxUC9bnztO-Qtw.roa
File:                     Edf4BRC_SQM6caxUC9bnztO-Qtw.roa (raw, json)
Hash identifier:          jrSFQj+uOrtwJVK8tmCsyrdBIOLOL0+D+bgHO+lUMkU=
Subject key identifier:   11:D7:F8:05:10:BF:49:03:3A:71:AC:54:0B:D6:E7:CE:D3:BE:42:DC
Certificate issuer:       /CN=c557c19f6c72d8900c4d89ec7abb35d4fa92114b
Certificate serial:       0194222031F4926CB8E7889885EDA73F50A7
Authority key identifier: C5:57:C1:9F:6C:72:D8:90:0C:4D:89:EC:7A:BB:35:D4:FA:92:11:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVfBn2xy2JAMTYnsers11PqSEUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/e73988-c1c2-408f-b738-39046b4a9170/1/Edf4BRC_SQM6caxUC9bnztO-Qtw.roa
Signing time:             Wed 01 Jan 2025 13:48:42 +0000
ROA not before:           Wed 01 Jan 2025 13:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209848
IP address blocks:        213.184.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/e73988-c1c2-408f-b738-39046b4a9170/1/xVfBn2xy2JAMTYnsers11PqSEUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/e73988-c1c2-408f-b738-39046b4a9170/1/xVfBn2xy2JAMTYnsers11PqSEUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVfBn2xy2JAMTYnsers11PqSEUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:31:f4:92:6c:b8:e7:88:98:85:ed:a7:3f:50:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c557c19f6c72d8900c4d89ec7abb35d4fa92114b
        Validity
            Not Before: Jan  1 13:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11d7f80510bf49033a71ac540bd6e7ced3be42dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:25:39:f9:01:b3:fb:35:2d:71:e1:5b:58:2d:
                    e7:36:af:48:72:ab:6d:71:f9:33:db:cb:34:b4:0e:
                    d7:03:b1:f5:12:db:39:1b:0d:1f:b1:3d:0c:f6:49:
                    c1:40:78:67:47:93:60:b0:16:8a:5f:f9:74:d6:ee:
                    c8:db:98:dc:09:ac:6a:7d:b0:ec:a8:41:7b:0a:1d:
                    68:05:6b:5d:c5:74:1e:40:80:bc:ab:a9:ee:4b:6b:
                    3a:21:4f:9e:97:35:19:00:a0:bc:0e:82:9c:8e:05:
                    b4:b4:32:cd:a1:ab:47:18:0f:9e:b4:32:fc:2e:7b:
                    e2:f6:71:67:02:3f:05:dc:b3:b5:88:f8:e5:ef:8b:
                    41:50:03:af:bb:e9:a0:f9:59:b5:45:29:b5:e0:83:
                    9b:c9:83:df:91:bb:6a:0c:0f:20:36:3b:5e:a2:2d:
                    b0:74:c9:71:7e:c9:b1:59:38:c5:b0:10:31:cd:bc:
                    46:66:41:27:5a:72:3a:d4:89:63:a5:11:ac:f0:55:
                    31:f4:5a:64:42:3f:82:f3:a5:77:cd:bf:ed:1c:d2:
                    c1:f0:09:bd:86:47:27:92:21:01:64:cb:0f:f4:42:
                    d4:43:f0:cf:7e:fc:a8:f6:04:3a:b9:4a:85:42:81:
                    51:ce:44:62:6d:96:ec:e1:ac:ae:e1:71:aa:00:b2:
                    64:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D7:F8:05:10:BF:49:03:3A:71:AC:54:0B:D6:E7:CE:D3:BE:42:DC
            X509v3 Authority Key Identifier:
                keyid:C5:57:C1:9F:6C:72:D8:90:0C:4D:89:EC:7A:BB:35:D4:FA:92:11:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVfBn2xy2JAMTYnsers11PqSEUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/e73988-c1c2-408f-b738-39046b4a9170/1/Edf4BRC_SQM6caxUC9bnztO-Qtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/e73988-c1c2-408f-b738-39046b4a9170/1/xVfBn2xy2JAMTYnsers11PqSEUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.184.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:2d:35:04:ef:79:f1:e9:0a:c9:42:b5:3c:a1:85:dc:b6:34:
         85:4f:ed:11:79:db:c3:3b:b3:dc:dd:1e:57:1a:33:47:64:de:
         b8:bf:41:b8:1e:ba:d3:5d:3a:80:40:11:bc:1b:7c:23:79:f8:
         e2:b1:05:6b:2f:fe:17:8b:5d:7d:c6:f8:ef:85:86:1e:62:23:
         44:d1:9e:bc:e7:a5:2d:12:18:07:07:2b:d8:21:fe:25:d7:38:
         94:cc:40:af:58:6b:77:b0:12:6d:54:0c:54:12:01:07:2d:50:
         c1:95:e4:83:16:97:49:aa:30:38:85:cf:d6:20:81:0a:35:e4:
         2d:b9:31:8d:42:eb:71:43:6f:2e:ff:7c:c3:49:54:0e:bd:6c:
         d8:47:fb:a0:52:f8:29:f0:ac:65:01:ad:5b:76:cd:45:d0:6d:
         5e:29:4b:09:0a:c3:d9:d2:72:e8:24:de:36:89:c9:c5:7a:cc:
         ed:5e:3b:f9:ed:6d:92:02:02:ae:37:fe:b6:14:04:8d:16:d1:
         3d:02:10:52:c6:9e:87:1a:65:cf:4d:da:d0:f2:f5:f3:a6:74:
         32:11:bf:57:e9:38:a3:39:93:26:93:ea:c3:b3:b9:77:81:54:
         4d:cb:ca:a5:0c:23:31:03:23:77:75:c5:9d:d5:32:19:62:42:
         50:3b:d6:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDH0kmy454iYhe2nP1CnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NTdjMTlmNmM3MmQ4OTAwYzRkODllYzdhYmIzNWQ0ZmE5
MjExNGIwHhcNMjUwMTAxMTM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWQ3ZjgwNTEwYmY0OTAzM2E3MWFjNTQwYmQ2ZTdjZWQzYmU0MmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSU5+QGz+zUtceFbWC3nNq9Icqtt
cfkz28s0tA7XA7H1Ets5Gw0fsT0M9knBQHhnR5NgsBaKX/l01u7I25jcCaxqfbDs
qEF7Ch1oBWtdxXQeQIC8q6nuS2s6IU+elzUZAKC8DoKcjgW0tDLNoatHGA+etDL8
Lnvi9nFnAj8F3LO1iPjl74tBUAOvu+mg+Vm1RSm14IObyYPfkbtqDA8gNjteoi2w
dMlxfsmxWTjFsBAxzbxGZkEnWnI61IljpRGs8FUx9FpkQj+C86V3zb/tHNLB8Am9
hkcnkiEBZMsP9ELUQ/DPfvyo9gQ6uUqFQoFRzkRibZbs4ayu4XGqALJkOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHX+AUQv0kDOnGsVAvW587TvkLcMB8GA1UdIwQY
MBaAFMVXwZ9sctiQDE2J7Hq7NdT6khFLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZmQm4yeHkySkFNVFluc2VyczExUHFTRVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9lNzM5ODgtYzFjMi00MDhmLWI3Mzgt
MzkwNDZiNGE5MTcwLzEvRWRmNEJSQ19TUU02Y2F4VUM5Ym56dE8tUXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9lNzM5ODgtYzFjMi00MDhmLWI3MzgtMzkwNDZiNGE5MTcw
LzEveFZmQm4yeHkySkFNVFluc2VyczExUHFTRVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bhYMA0G
CSqGSIb3DQEBCwUAA4IBAQBYLTUE73nx6QrJQrU8oYXctjSFT+0RedvDO7Pc3R5X
GjNHZN64v0G4HrrTXTqAQBG8G3wjefjisQVrL/4Xi119xvjvhYYeYiNE0Z6856Ut
EhgHByvYIf4l1ziUzECvWGt3sBJtVAxUEgEHLVDBleSDFpdJqjA4hc/WIIEKNeQt
uTGNQutxQ28u/3zDSVQOvWzYR/ugUvgp8KxlAa1bds1F0G1eKUsJCsPZ0nLoJN42
icnFesztXjv57W2SAgKuN/62FASNFtE9AhBSxp6HGmXPTdrQ8vXzpnQyEb9X6Tij
OZMmk+rDs7l3gVRNy8qlDCMxAyN3dcWd1TIZYkJQO9b7
-----END CERTIFICATE-----