Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rgeIy49dLmNJww9sp8JRWKXD-n8.roa
File:                     rgeIy49dLmNJww9sp8JRWKXD-n8.roa (raw, json)
Hash identifier:          L8MUX4zAy84NplfwfzJB7WI9HcrmosjCL1UuxDQCssQ=
Subject key identifier:   AE:07:88:CB:8F:5D:2E:63:49:C3:0F:6C:A7:C2:51:58:A5:C3:FA:7F
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       019424B3C0C4FAEF0E4825B9C4F812A8A6AD
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rgeIy49dLmNJww9sp8JRWKXD-n8.roa
Signing time:             Thu 02 Jan 2025 01:49:07 +0000
ROA not before:           Thu 02 Jan 2025 01:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216030
IP address blocks:        88.218.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c0:c4:fa:ef:0e:48:25:b9:c4:f8:12:a8:a6:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 01:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae0788cb8f5d2e6349c30f6ca7c25158a5c3fa7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:61:68:8e:15:6c:14:dd:2a:ca:cd:1c:1b:8a:
                    28:fd:70:f0:1f:98:ad:66:e5:2d:cf:e8:d0:cb:50:
                    ea:53:2d:8f:d9:d1:86:57:03:ec:d3:86:45:80:41:
                    0e:03:ee:ad:c7:46:5e:d6:96:b7:4c:04:78:4a:33:
                    ac:e8:e9:36:c3:19:6f:5c:a0:14:dd:25:8b:96:85:
                    0a:ee:bc:cd:4c:18:3c:e9:ab:aa:ff:19:5c:7d:3b:
                    8c:0a:57:a0:c7:24:e3:95:55:c3:a2:17:db:a3:81:
                    01:d5:8f:1f:28:b6:00:79:be:dc:14:ea:3b:76:43:
                    bf:ef:78:a2:08:08:e4:6a:03:ba:a1:54:ae:0c:65:
                    f3:4b:b0:72:35:6b:39:8b:7e:ac:46:91:52:c3:f6:
                    e9:11:4d:41:8c:41:3d:aa:9b:63:bb:8c:a1:49:a9:
                    10:04:d8:f7:7f:ac:9c:16:be:73:5a:61:fd:4a:51:
                    8e:8a:fc:3c:21:3c:94:69:fd:5f:01:5f:16:da:bc:
                    61:c5:fc:10:69:7c:de:b5:cb:18:e4:8b:ca:c7:aa:
                    4b:78:0f:9a:4c:7a:a7:26:64:3b:4a:02:c1:d9:29:
                    98:ba:5e:b3:20:e7:19:e3:5d:0b:7f:9f:47:7b:2f:
                    6d:93:cd:35:a4:5e:a1:de:34:8b:be:26:f0:9c:a1:
                    ba:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:07:88:CB:8F:5D:2E:63:49:C3:0F:6C:A7:C2:51:58:A5:C3:FA:7F
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rgeIy49dLmNJww9sp8JRWKXD-n8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:8c:27:50:ea:68:67:a1:10:0b:9f:b0:ce:5a:63:82:06:f9:
         8d:90:b2:ba:fa:d1:a8:55:4c:41:ec:64:b6:cb:78:d3:c2:6c:
         48:9d:d6:08:6b:12:bb:7e:bb:87:1b:e2:87:9a:dc:a3:a2:55:
         7f:38:a6:3e:fd:28:a0:16:a5:b5:73:4a:3f:75:f6:67:78:19:
         04:a4:19:dd:e7:f3:b0:f9:18:9f:da:6a:d6:13:d8:94:3f:5f:
         18:e0:72:f4:d0:fb:ab:5f:46:b0:4d:9e:3d:c1:dd:d2:9b:3d:
         a0:a5:22:4c:7e:dd:8f:80:77:c4:21:2c:46:ee:2c:53:f0:3e:
         fa:30:56:23:c4:54:10:f7:8e:56:15:11:31:d0:cb:50:6b:41:
         0d:47:0a:ef:02:04:83:99:80:ac:c0:06:00:19:9a:c9:25:af:
         ef:2e:a6:f9:f9:21:a5:a2:50:a8:0b:f8:73:69:97:01:9d:b7:
         94:20:f3:cf:a8:70:91:25:d7:9c:59:4a:d2:d2:e4:d7:42:9f:
         2d:2e:af:2f:82:70:d6:22:60:75:aa:44:20:b3:5a:7b:62:ba:
         1b:e4:58:6c:42:cb:ce:3b:d5:0f:8a:46:ef:f7:79:07:6e:47:
         63:c9:79:10:44:e5:43:ae:e7:58:49:65:dc:41:fa:e9:09:42:
         51:4a:37:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8DE+u8OSCW5xPgSqKatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjUwMTAyMDE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTA3ODhjYjhmNWQyZTYzNDljMzBmNmNhN2MyNTE1OGE1YzNmYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGFojhVsFN0qys0cG4oo/XDwH5it
ZuUtz+jQy1DqUy2P2dGGVwPs04ZFgEEOA+6tx0Ze1pa3TAR4SjOs6Ok2wxlvXKAU
3SWLloUK7rzNTBg86auq/xlcfTuMClegxyTjlVXDohfbo4EB1Y8fKLYAeb7cFOo7
dkO/73iiCAjkagO6oVSuDGXzS7ByNWs5i36sRpFSw/bpEU1BjEE9qptju4yhSakQ
BNj3f6ycFr5zWmH9SlGOivw8ITyUaf1fAV8W2rxhxfwQaXzetcsY5IvKx6pLeA+a
THqnJmQ7SgLB2SmYul6zIOcZ410Lf59Hey9tk801pF6h3jSLvibwnKG6tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4HiMuPXS5jScMPbKfCUVilw/p/MB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvcmdlSXk0OWRMbU5Kd3c5c3A4SlJXS1hELW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNrNMA0G
CSqGSIb3DQEBCwUAA4IBAQBVjCdQ6mhnoRALn7DOWmOCBvmNkLK6+tGoVUxB7GS2
y3jTwmxIndYIaxK7fruHG+KHmtyjolV/OKY+/SigFqW1c0o/dfZneBkEpBnd5/Ow
+Rif2mrWE9iUP18Y4HL00PurX0awTZ49wd3Smz2gpSJMft2PgHfEISxG7ixT8D76
MFYjxFQQ945WFREx0MtQa0ENRwrvAgSDmYCswAYAGZrJJa/vLqb5+SGlolCoC/hz
aZcBnbeUIPPPqHCRJdecWUrS0uTXQp8tLq8vgnDWImB1qkQgs1p7Yrob5FhsQsvO
O9UPikbv93kHbkdjyXkQROVDrudYSWXcQfrpCUJRSjdf
-----END CERTIFICATE-----