Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/MZ6xYFtxdQrHBhvq9x4yDITh6r4.roa
File:                     MZ6xYFtxdQrHBhvq9x4yDITh6r4.roa (raw, json)
Hash identifier:          qbK/ZmO17AT20ukIyQfbqqvKJQudIBqu9g/K4Rno+qc=
Subject key identifier:   31:9E:B1:60:5B:71:75:0A:C7:06:1B:EA:F7:1E:32:0C:84:E1:EA:BE
Certificate issuer:       /CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Certificate serial:       0197207AE7AA168D3D80B0E4DAC0BB81DFD6
Authority key identifier: 5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/MZ6xYFtxdQrHBhvq9x4yDITh6r4.roa
Signing time:             Fri 30 May 2025 09:16:54 +0000
ROA not before:           Fri 30 May 2025 09:16:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51809
IP address blocks:        88.97.160.0/21 maxlen: 21
                          88.97.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:7a:e7:aa:16:8d:3d:80:b0:e4:da:c0:bb:81:df:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf4501b755002d9143e8fa6736815e9f0f93695
        Validity
            Not Before: May 30 09:16:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=319eb1605b71750ac7061beaf71e320c84e1eabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:03:3b:04:91:7a:c7:00:d8:af:69:c5:b9:71:
                    40:fe:e1:5a:5f:db:9b:b5:38:01:ab:af:35:f1:bb:
                    73:7c:2f:17:06:36:53:1d:43:4e:b7:10:71:2e:c8:
                    f0:7e:3d:8f:52:53:64:1f:ec:93:72:c8:e3:95:db:
                    e3:96:aa:bd:94:dd:8e:71:04:33:d1:56:b7:23:d3:
                    06:f0:83:e6:e8:50:08:2c:f3:3b:33:58:22:9d:1c:
                    21:d5:6b:3f:b4:ac:8a:1e:0a:ef:9e:68:ab:52:6a:
                    4c:d8:27:6e:32:95:7e:b7:74:66:75:c1:4a:28:28:
                    af:7c:64:6b:f5:cb:2a:49:80:fd:8d:06:44:2d:4a:
                    11:78:25:2e:7d:e0:4d:86:fb:95:3b:9e:f1:13:cd:
                    7a:09:99:d1:52:8b:0a:c3:6c:88:be:41:a0:c9:4b:
                    f0:51:23:fb:d3:86:44:f7:30:bb:a7:2e:5f:56:4a:
                    57:d1:fd:b3:e4:53:70:81:ca:36:9d:57:97:c2:71:
                    2d:a3:12:79:42:6a:59:76:90:97:04:23:68:d3:2e:
                    0c:87:fb:bf:85:54:28:0f:f8:24:42:ca:f9:4c:f9:
                    cc:46:e3:af:4e:b3:4f:9a:d5:fa:55:20:23:6c:b8:
                    e2:3c:71:78:67:7b:40:8b:c4:c9:42:e5:17:af:27:
                    1d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:9E:B1:60:5B:71:75:0A:C7:06:1B:EA:F7:1E:32:0C:84:E1:EA:BE
            X509v3 Authority Key Identifier:
                keyid:5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/MZ6xYFtxdQrHBhvq9x4yDITh6r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.97.160.0/21
                  88.97.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         65:84:cb:e6:34:32:33:61:9e:b5:ce:a3:4f:a1:e8:56:26:78:
         bf:88:e0:a2:0b:bb:57:b5:b6:63:ee:b8:d0:79:81:a6:9f:d8:
         80:7a:55:93:d5:26:7e:38:7c:43:cf:f7:92:1f:f9:41:89:f2:
         5a:4d:d9:03:d3:92:cf:39:a4:26:5b:3f:f7:2f:9c:88:3f:90:
         f8:a8:df:e3:1d:4b:36:3d:54:c4:4f:d2:fc:83:5a:81:f2:2d:
         dd:ed:92:c5:42:2c:36:a5:c7:a3:71:4d:a2:8d:3f:e5:b8:2e:
         7e:fd:ea:bc:d3:e3:22:32:1b:96:9c:64:5a:07:29:02:ce:d8:
         66:5c:59:29:1f:de:93:80:bf:af:bc:e9:12:54:5a:57:90:68:
         d0:b3:4c:f9:64:7a:ed:6d:eb:90:42:33:fc:11:29:c2:ec:c1:
         81:6f:3b:72:e8:cc:3f:a9:cf:b2:a1:29:65:5e:98:d7:be:3e:
         4a:18:9e:e7:2b:50:8d:bb:be:c6:bd:8f:15:e9:39:e5:64:51:
         ff:3d:bb:00:0f:64:f3:9a:ed:d8:46:94:8f:89:54:62:32:f9:
         6c:80:f8:4a:6b:25:a7:11:7b:31:6e:31:04:1f:a6:dd:81:fc:
         6b:40:a3:c7:81:9e:92:ce:89:0a:72:05:5e:b5:18:47:af:05:
         7f:61:9b:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcgeueqFo09gLDk2sC7gd/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjQ1MDFiNzU1MDAyZDkxNDNlOGZhNjczNjgxNWU5ZjBm
OTM2OTUwHhcNMjUwNTMwMDkxNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTllYjE2MDViNzE3NTBhYzcwNjFiZWFmNzFlMzIwYzg0ZTFlYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAM7BJF6xwDYr2nFuXFA/uFaX9ub
tTgBq6818btzfC8XBjZTHUNOtxBxLsjwfj2PUlNkH+yTcsjjldvjlqq9lN2OcQQz
0Va3I9MG8IPm6FAILPM7M1ginRwh1Ws/tKyKHgrvnmirUmpM2CduMpV+t3RmdcFK
KCivfGRr9csqSYD9jQZELUoReCUufeBNhvuVO57xE816CZnRUosKw2yIvkGgyUvw
USP704ZE9zC7py5fVkpX0f2z5FNwgco2nVeXwnEtoxJ5QmpZdpCXBCNo0y4Mh/u/
hVQoD/gkQsr5TPnMRuOvTrNPmtX6VSAjbLjiPHF4Z3tAi8TJQuUXrycdCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDGesWBbcXUKxwYb6vceMgyE4eq+MB8GA1UdIwQY
MBaAFFz0UBt1UALZFD6PpnNoFenw+TaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUt
NjBjZjlhYjFiMTNlLzEvTVo2eFlGdHhkUXJIQmh2cTl4NHlESVRoNnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUtNjBjZjlhYjFiMTNl
LzEvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDWGGgAwQE
WGGwMA0GCSqGSIb3DQEBCwUAA4IBAQBlhMvmNDIzYZ61zqNPoehWJni/iOCiC7tX
tbZj7rjQeYGmn9iAelWT1SZ+OHxDz/eSH/lBifJaTdkD05LPOaQmWz/3L5yIP5D4
qN/jHUs2PVTET9L8g1qB8i3d7ZLFQiw2pcejcU2ijT/luC5+/eq80+MiMhuWnGRa
BykCzthmXFkpH96TgL+vvOkSVFpXkGjQs0z5ZHrtbeuQQjP8ESnC7MGBbzty6Mw/
qc+yoSllXpjXvj5KGJ7nK1CNu77GvY8V6TnlZFH/PbsAD2Tzmu3YRpSPiVRiMvls
gPhKayWnEXsxbjEEH6bdgfxrQKPHgZ6SzokKcgVetRhHrwV/YZue
-----END CERTIFICATE-----