Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/ANPtCnGv8gHA7x3faWzBPJFvOXI.roa
File:                     ANPtCnGv8gHA7x3faWzBPJFvOXI.roa (raw, json)
Hash identifier:          47gT+uwBF8roCKnncbKY5zhpD+DW3HsUlU+dHgq1yW0=
Subject key identifier:   00:D3:ED:0A:71:AF:F2:01:C0:EF:1D:DF:69:6C:C1:3C:91:6F:39:72
Certificate issuer:       /CN=2e43dac8ea55693439dd1b8b4812ba71834f1031
Certificate serial:       019423D7EF3FB2D58B521ABE2DFE2618A749
Authority key identifier: 2E:43:DA:C8:EA:55:69:34:39:DD:1B:8B:48:12:BA:71:83:4F:10:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkPayOpVaTQ53RuLSBK6cYNPEDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/ANPtCnGv8gHA7x3faWzBPJFvOXI.roa
Signing time:             Wed 01 Jan 2025 21:49:01 +0000
ROA not before:           Wed 01 Jan 2025 21:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51559
IP address blocks:        88.214.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/LkPayOpVaTQ53RuLSBK6cYNPEDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/LkPayOpVaTQ53RuLSBK6cYNPEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkPayOpVaTQ53RuLSBK6cYNPEDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:ef:3f:b2:d5:8b:52:1a:be:2d:fe:26:18:a7:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e43dac8ea55693439dd1b8b4812ba71834f1031
        Validity
            Not Before: Jan  1 21:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00d3ed0a71aff201c0ef1ddf696cc13c916f3972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d8:7e:4b:b7:ba:db:4c:1a:77:75:05:41:d7:
                    ef:db:30:4a:b7:0d:71:66:cc:ee:60:e3:d9:98:01:
                    28:b4:2b:3d:99:da:64:8e:7b:fe:b8:65:45:fe:64:
                    74:c9:00:36:eb:68:71:c1:8c:24:1c:1d:99:89:e8:
                    40:5a:f2:15:c5:07:69:79:9f:b0:29:52:cb:4b:3e:
                    9e:2f:0f:69:27:2f:5d:2d:f9:f2:cb:e9:c3:c0:d7:
                    af:0e:99:ec:67:39:b1:25:57:45:a1:c3:76:33:8d:
                    57:51:e7:93:de:ad:d2:14:35:df:52:35:2d:82:88:
                    94:18:13:03:05:1d:bd:30:5d:a2:e4:dc:30:58:7a:
                    4c:45:4a:6e:f6:1f:b2:6b:3b:4b:69:ff:d1:a1:f5:
                    4a:39:57:7c:a7:aa:8a:7c:2e:b3:14:1c:82:59:91:
                    93:c8:73:1e:61:46:b9:78:be:88:f4:2a:30:bf:aa:
                    4c:d0:5b:6d:1a:6a:84:67:63:3f:ee:6b:be:46:0e:
                    b7:90:1c:da:b5:5e:e7:17:f6:b3:5c:eb:a7:37:31:
                    66:14:8a:08:8c:04:13:bc:2e:96:65:3a:92:87:f4:
                    93:04:72:65:f9:36:d3:78:2d:0e:c3:44:4a:7a:a2:
                    e7:85:f6:49:29:44:38:49:c8:32:3f:d8:93:ea:6a:
                    05:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D3:ED:0A:71:AF:F2:01:C0:EF:1D:DF:69:6C:C1:3C:91:6F:39:72
            X509v3 Authority Key Identifier:
                keyid:2E:43:DA:C8:EA:55:69:34:39:DD:1B:8B:48:12:BA:71:83:4F:10:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkPayOpVaTQ53RuLSBK6cYNPEDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/ANPtCnGv8gHA7x3faWzBPJFvOXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/LkPayOpVaTQ53RuLSBK6cYNPEDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:9d:6a:2a:58:92:29:24:97:4b:3e:6c:c4:9b:99:79:ff:9e:
         b6:c3:6b:42:b2:ca:68:18:2d:5b:dc:53:f3:6c:43:c1:7d:56:
         0a:4b:31:03:33:19:79:42:d4:38:93:87:d6:68:57:b4:7d:b3:
         20:0f:40:86:8d:11:f8:22:00:aa:32:0b:d4:87:82:5c:69:d5:
         6b:78:50:f1:87:ca:fb:68:ee:d1:0c:95:b3:43:77:c1:23:16:
         8f:51:65:07:17:aa:c6:82:d0:bb:17:28:87:ac:fd:e9:6a:58:
         64:7b:43:76:d0:5a:a6:a7:cf:a6:bd:58:05:9a:ce:c4:9c:df:
         b7:a1:5d:f7:89:77:27:20:c3:33:cd:56:97:70:b8:05:5d:39:
         ea:d4:0c:12:eb:9a:ff:91:84:82:b2:62:97:3d:31:81:78:3a:
         a9:73:f7:54:62:44:aa:c0:04:56:18:9c:db:41:e8:be:0e:39:
         f3:f6:78:52:49:fc:ea:8c:c4:9b:f5:b8:13:41:15:0c:f3:bc:
         b2:96:95:5f:3e:3f:c4:92:d2:c0:62:3b:54:89:83:d5:e6:70:
         a2:e3:56:4c:d7:4a:07:dc:e3:fd:3a:77:a3:ba:44:d2:0b:51:
         0d:d6:ff:0c:5f:0a:dd:c3:f2:57:bb:7f:08:5f:4b:89:18:63:
         70:7c:0e:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+8/stWLUhq+Lf4mGKdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNDNkYWM4ZWE1NTY5MzQzOWRkMWI4YjQ4MTJiYTcxODM0
ZjEwMzEwHhcNMjUwMTAxMjE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGQzZWQwYTcxYWZmMjAxYzBlZjFkZGY2OTZjYzEzYzkxNmYzOTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9h+S7e620wad3UFQdfv2zBKtw1x
ZszuYOPZmAEotCs9mdpkjnv+uGVF/mR0yQA262hxwYwkHB2ZiehAWvIVxQdpeZ+w
KVLLSz6eLw9pJy9dLfnyy+nDwNevDpnsZzmxJVdFocN2M41XUeeT3q3SFDXfUjUt
goiUGBMDBR29MF2i5NwwWHpMRUpu9h+yaztLaf/RofVKOVd8p6qKfC6zFByCWZGT
yHMeYUa5eL6I9Cowv6pM0FttGmqEZ2M/7mu+Rg63kBzatV7nF/azXOunNzFmFIoI
jAQTvC6WZTqSh/STBHJl+TbTeC0Ow0RKeqLnhfZJKUQ4ScgyP9iT6moFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADT7Qpxr/IBwO8d32lswTyRbzlyMB8GA1UdIwQY
MBaAFC5D2sjqVWk0Od0bi0gSunGDTxAxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGtQYXlPcFZhVFE1M1J1TFNCSzZjWU5QRURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84NmJhMzYtNzhiOC00NGJiLTlmYjQt
MjZjN2M5NjNhNzY5LzEvQU5QdENuR3Y4Z0hBN3gzZmFXekJQSkZ2T1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84NmJhMzYtNzhiOC00NGJiLTlmYjQtMjZjN2M5NjNhNzY5
LzEvTGtQYXlPcFZhVFE1M1J1TFNCSzZjWU5QRURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNYrMA0G
CSqGSIb3DQEBCwUAA4IBAQBpnWoqWJIpJJdLPmzEm5l5/562w2tCsspoGC1b3FPz
bEPBfVYKSzEDMxl5QtQ4k4fWaFe0fbMgD0CGjRH4IgCqMgvUh4JcadVreFDxh8r7
aO7RDJWzQ3fBIxaPUWUHF6rGgtC7FyiHrP3palhke0N20Fqmp8+mvVgFms7EnN+3
oV33iXcnIMMzzVaXcLgFXTnq1AwS65r/kYSCsmKXPTGBeDqpc/dUYkSqwARWGJzb
Qei+Djnz9nhSSfzqjMSb9bgTQRUM87yylpVfPj/EktLAYjtUiYPV5nCi41ZM10oH
3OP9OnejukTSC1EN1v8MXwrdw/JXu38IX0uJGGNwfA6I
-----END CERTIFICATE-----