Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/xkDVDS74gDDghtjYO_lZo1jkZAw.roa
File:                     xkDVDS74gDDghtjYO_lZo1jkZAw.roa (raw, json)
Hash identifier:          U2DpQz2gMSrA9mkY42SKxIWprno9ie8cfBuo5TlCH84=
Subject key identifier:   C6:40:D5:0D:2E:F8:80:30:E0:86:D8:D8:3B:F9:59:A3:58:E4:64:0C
Certificate issuer:       /CN=1a2474ce5b5e220b9f431afc86af4ec140f5f16c
Certificate serial:       01942747B229E27B1BB3D93E3C083087D728
Authority key identifier: 1A:24:74:CE:5B:5E:22:0B:9F:43:1A:FC:86:AF:4E:C1:40:F5:F1:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/xkDVDS74gDDghtjYO_lZo1jkZAw.roa
Signing time:             Thu 02 Jan 2025 13:49:57 +0000
ROA not before:           Thu 02 Jan 2025 13:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212341
IP address blocks:        85.202.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b2:29:e2:7b:1b:b3:d9:3e:3c:08:30:87:d7:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a2474ce5b5e220b9f431afc86af4ec140f5f16c
        Validity
            Not Before: Jan  2 13:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c640d50d2ef88030e086d8d83bf959a358e4640c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:93:03:f7:93:dd:c0:2b:e8:e3:c3:38:26:c4:
                    f3:d5:a3:27:5b:05:6e:ed:df:b4:d5:72:02:cb:93:
                    9b:71:ff:06:fb:6c:69:e1:0e:cd:95:7b:84:cc:83:
                    94:d0:03:0b:f6:a8:ba:be:24:76:fc:16:b2:2b:86:
                    43:93:1f:05:27:d2:75:62:2b:28:0a:08:b3:3a:55:
                    b2:91:3d:2c:e6:a4:b4:60:94:ff:53:59:a7:48:82:
                    d3:95:94:61:05:10:12:e7:33:b8:5a:14:ab:ab:53:
                    0e:cd:6a:8c:c2:9f:c7:a0:bc:41:27:f4:ac:57:6b:
                    f1:bf:63:cc:dd:aa:a7:f7:3a:b0:ae:dc:f6:da:9a:
                    c8:29:ab:42:48:8f:d7:6b:3a:52:87:13:63:d9:2c:
                    82:bd:bf:f6:9f:ff:7d:06:a8:35:88:6a:fb:f8:62:
                    8a:6a:98:2c:46:02:3e:b8:59:1a:70:ae:1f:62:8e:
                    fe:94:57:60:d0:74:68:00:8a:6d:1f:86:3f:ea:f8:
                    e7:84:16:5d:20:07:33:e2:3b:3a:77:dd:fe:1a:39:
                    88:f7:19:d4:b3:cb:4f:68:6b:18:8a:20:dc:d6:9c:
                    91:7d:a8:9f:91:ac:38:39:82:bf:c1:c5:af:17:28:
                    f6:53:6b:d5:8e:34:16:b8:c4:a9:48:41:98:c9:a8:
                    74:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:40:D5:0D:2E:F8:80:30:E0:86:D8:D8:3B:F9:59:A3:58:E4:64:0C
            X509v3 Authority Key Identifier:
                keyid:1A:24:74:CE:5B:5E:22:0B:9F:43:1A:FC:86:AF:4E:C1:40:F5:F1:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/xkDVDS74gDDghtjYO_lZo1jkZAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:8b:d3:0e:eb:77:1d:f1:fc:97:bb:b2:54:07:00:d6:44:9d:
         42:98:dd:f2:19:6f:68:ae:f0:bc:b6:8a:3b:78:11:01:bf:cf:
         27:02:de:b1:39:50:d8:14:b5:11:f4:8b:a5:d0:16:01:4a:48:
         89:aa:3d:7d:dd:64:cc:7b:97:5e:c3:d3:67:e5:87:7a:36:cc:
         27:46:ad:a2:85:f1:90:3f:65:71:38:25:97:02:42:f4:82:1b:
         9b:7c:c1:1e:53:6f:22:4e:57:f5:ae:48:a6:94:45:1e:c8:1f:
         de:4b:c7:e7:67:43:1e:eb:fb:2c:e5:cf:22:65:3d:cc:8f:ca:
         cb:4c:b4:ba:c5:cb:2e:56:3e:d3:91:b1:05:d8:6a:6b:bd:61:
         b0:49:27:ef:29:9f:89:0c:db:53:3d:f0:66:e5:49:1b:1b:7f:
         2b:a3:d4:e5:a1:8f:f6:a7:4a:eb:0a:02:f1:09:1c:0c:c9:b5:
         8b:38:a5:40:c9:99:29:97:c7:bb:c2:b9:0b:1a:b0:df:63:e4:
         90:cb:d8:67:3d:1c:86:f5:b0:16:9d:9e:30:32:76:a3:be:09:
         ab:44:d7:43:eb:1e:5d:50:f0:7e:8a:e3:ed:50:5f:fd:46:21:
         b7:c7:2b:ef:de:1c:66:1e:ae:eb:b6:c0:0e:55:26:db:ed:eb:
         f6:e1:93:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR7Ip4nsbs9k+PAgwh9coMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMjQ3NGNlNWI1ZTIyMGI5ZjQzMWFmYzg2YWY0ZWMxNDBm
NWYxNmMwHhcNMjUwMTAyMTM0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQwZDUwZDJlZjg4MDMwZTA4NmQ4ZDgzYmY5NTlhMzU4ZTQ2NDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpMD95PdwCvo48M4JsTz1aMnWwVu
7d+01XICy5Obcf8G+2xp4Q7NlXuEzIOU0AML9qi6viR2/BayK4ZDkx8FJ9J1Yiso
CgizOlWykT0s5qS0YJT/U1mnSILTlZRhBRAS5zO4WhSrq1MOzWqMwp/HoLxBJ/Ss
V2vxv2PM3aqn9zqwrtz22prIKatCSI/XazpShxNj2SyCvb/2n/99Bqg1iGr7+GKK
apgsRgI+uFkacK4fYo7+lFdg0HRoAIptH4Y/6vjnhBZdIAcz4js6d93+GjmI9xnU
s8tPaGsYiiDc1pyRfaifkaw4OYK/wcWvFyj2U2vVjjQWuMSpSEGYyah0TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZA1Q0u+IAw4IbY2Dv5WaNY5GQMMB8GA1UdIwQY
MBaAFBokdM5bXiILn0Ma/IavTsFA9fFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2lSMHpsdGVJZ3VmUXhyOGhxOU93VUQxOFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jMDQzNTktNGFlNC00ZTQ3LTkxY2It
ZDdkMDJlOTdlMjVkLzEveGtEVkRTNzRnRERnaHRqWU9fbFpvMWprWkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jMDQzNTktNGFlNC00ZTQ3LTkxY2ItZDdkMDJlOTdlMjVk
LzEvR2lSMHpsdGVJZ3VmUXhyOGhxOU93VUQxOFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcpYMA0G
CSqGSIb3DQEBCwUAA4IBAQBVi9MO63cd8fyXu7JUBwDWRJ1CmN3yGW9orvC8too7
eBEBv88nAt6xOVDYFLUR9Iul0BYBSkiJqj193WTMe5dew9Nn5Yd6NswnRq2ihfGQ
P2VxOCWXAkL0ghubfMEeU28iTlf1rkimlEUeyB/eS8fnZ0Me6/ss5c8iZT3Mj8rL
TLS6xcsuVj7TkbEF2GprvWGwSSfvKZ+JDNtTPfBm5UkbG38ro9TloY/2p0rrCgLx
CRwMybWLOKVAyZkpl8e7wrkLGrDfY+SQy9hnPRyG9bAWnZ4wMnajvgmrRNdD6x5d
UPB+iuPtUF/9RiG3xyvv3hxmHq7rtsAOVSbb7ev24ZPR
-----END CERTIFICATE-----