Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/mV-huyQ7uf2YxiJ1JUpDypBxzhA.roa
File:                     mV-huyQ7uf2YxiJ1JUpDypBxzhA.roa (raw, json)
Hash identifier:          XQgQ9aC7Ey76psDYNwOwzM5lgNTkkh3rEJlv1Rte2h0=
Subject key identifier:   99:5F:A1:BB:24:3B:B9:FD:98:C6:22:75:25:4A:43:CA:90:71:CE:10
Certificate issuer:       /CN=39911375fcc4859612190ebecc7ae371a01a6a6d
Certificate serial:       019425FD7C44D686D993790B8619CE377506
Authority key identifier: 39:91:13:75:FC:C4:85:96:12:19:0E:BE:CC:7A:E3:71:A0:1A:6A:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZETdfzEhZYSGQ6-zHrjcaAaam0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/mV-huyQ7uf2YxiJ1JUpDypBxzhA.roa
Signing time:             Thu 02 Jan 2025 07:49:16 +0000
ROA not before:           Thu 02 Jan 2025 07:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210111
IP address blocks:        185.88.72.0/22 maxlen: 22
                          2a0d:b0c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/OZETdfzEhZYSGQ6-zHrjcaAaam0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/OZETdfzEhZYSGQ6-zHrjcaAaam0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OZETdfzEhZYSGQ6-zHrjcaAaam0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:7c:44:d6:86:d9:93:79:0b:86:19:ce:37:75:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39911375fcc4859612190ebecc7ae371a01a6a6d
        Validity
            Not Before: Jan  2 07:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=995fa1bb243bb9fd98c62275254a43ca9071ce10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:26:99:e9:d9:19:37:d7:c1:71:35:39:c3:60:
                    24:45:98:b8:62:68:56:ba:a5:62:81:3c:d3:2d:9b:
                    ef:03:9a:b1:3a:a6:c0:92:61:3e:2f:3c:c0:c2:83:
                    19:6f:7e:e7:6b:85:7d:79:e0:54:b0:61:fc:f8:6f:
                    0b:8d:98:01:02:4b:d4:a0:18:e5:19:c3:de:83:ee:
                    25:32:de:d0:35:4e:ec:d0:48:af:cf:3c:74:07:27:
                    87:f4:58:37:c4:11:e6:39:9f:1e:72:d0:5f:6c:6f:
                    a9:45:c4:ee:4a:d1:fb:e3:5b:6a:12:b1:f7:c7:8b:
                    ce:a0:80:b3:8a:f7:dc:9a:3e:4b:9c:03:2a:bc:86:
                    43:c2:15:93:82:98:1e:10:d4:a6:5d:5a:48:2c:18:
                    a4:f9:45:4d:1a:71:f5:66:cd:51:34:82:a3:6d:58:
                    0b:28:30:1f:2c:6c:f7:ee:ba:a3:e7:b0:e0:7c:9e:
                    df:a2:2f:ec:a1:08:bd:83:b7:18:50:bb:1f:7a:62:
                    7c:98:8d:b0:90:38:a2:1f:98:33:f2:b4:c3:42:40:
                    80:b5:77:7e:36:de:53:f0:47:79:a1:99:2f:72:65:
                    33:f4:2a:82:4f:03:71:85:1a:2e:d2:30:bd:24:e8:
                    34:04:82:b0:e8:a3:66:8c:38:19:19:0e:08:3c:b3:
                    43:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:5F:A1:BB:24:3B:B9:FD:98:C6:22:75:25:4A:43:CA:90:71:CE:10
            X509v3 Authority Key Identifier:
                keyid:39:91:13:75:FC:C4:85:96:12:19:0E:BE:CC:7A:E3:71:A0:1A:6A:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZETdfzEhZYSGQ6-zHrjcaAaam0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/mV-huyQ7uf2YxiJ1JUpDypBxzhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/61c0c5-5257-453c-8e74-933d92d0000c/1/OZETdfzEhZYSGQ6-zHrjcaAaam0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.72.0/22
                IPv6:
                  2a0d:b0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:d3:3c:37:d2:ac:ad:86:02:f8:f5:46:b1:c5:e5:d9:8e:9b:
         8e:45:2a:2a:58:6d:e2:e3:ed:03:b7:12:4f:38:5e:19:e8:77:
         d1:4f:79:6b:77:d2:1d:52:88:0a:74:6a:f4:6a:71:ce:59:68:
         4b:d3:7a:23:35:f5:66:af:e9:8a:02:30:71:5e:ff:91:ef:c9:
         a3:f0:d7:93:6c:6a:c5:c9:32:30:51:70:4b:2d:ea:dd:fd:8b:
         c7:4f:05:81:45:16:2d:c3:4a:c9:27:2a:c1:b7:81:f9:2d:c2:
         61:8f:3a:f6:93:45:66:cf:df:23:2e:c8:74:52:2a:16:82:17:
         ed:eb:ff:2c:fc:03:af:f0:98:fa:98:47:e4:17:69:f3:cf:48:
         ee:5b:a2:b5:20:3f:3b:0d:e1:b4:ec:89:bf:52:7a:03:69:ac:
         e6:6d:e4:07:0e:ac:98:e0:01:8f:b4:e3:25:20:f7:85:b6:db:
         47:0d:fc:2d:a3:94:91:fa:17:e8:a5:3c:5d:fe:7d:16:7e:03:
         38:18:01:db:87:11:11:6f:1c:32:d3:7c:6e:51:f8:ac:af:37:
         46:28:2b:61:74:dc:8f:43:2c:e0:84:35:fb:a5:00:22:5e:79:
         c6:60:d9:b8:28:0e:91:be:7f:8e:2d:5d:e8:46:ed:75:a3:30:
         c3:85:bf:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/XxE1obZk3kLhhnON3UGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OTExMzc1ZmNjNDg1OTYxMjE5MGViZWNjN2FlMzcxYTAx
YTZhNmQwHhcNMjUwMTAyMDc0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTVmYTFiYjI0M2JiOWZkOThjNjIyNzUyNTRhNDNjYTkwNzFjZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyaZ6dkZN9fBcTU5w2AkRZi4YmhW
uqVigTzTLZvvA5qxOqbAkmE+LzzAwoMZb37na4V9eeBUsGH8+G8LjZgBAkvUoBjl
GcPeg+4lMt7QNU7s0Eivzzx0ByeH9Fg3xBHmOZ8ectBfbG+pRcTuStH741tqErH3
x4vOoICzivfcmj5LnAMqvIZDwhWTgpgeENSmXVpILBik+UVNGnH1Zs1RNIKjbVgL
KDAfLGz37rqj57DgfJ7foi/soQi9g7cYULsfemJ8mI2wkDiiH5gz8rTDQkCAtXd+
Nt5T8Ed5oZkvcmUz9CqCTwNxhRou0jC9JOg0BIKw6KNmjDgZGQ4IPLNDFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJlfobskO7n9mMYidSVKQ8qQcc4QMB8GA1UdIwQY
MBaAFDmRE3X8xIWWEhkOvsx643GgGmptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1pFVGRmekVoWllTR1E2LXpIcmpjYUFhYW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82MWMwYzUtNTI1Ny00NTNjLThlNzQt
OTMzZDkyZDAwMDBjLzEvbVYtaHV5UTd1ZjJZeGlKMUpVcER5cEJ4emhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82MWMwYzUtNTI1Ny00NTNjLThlNzQtOTMzZDkyZDAwMDBj
LzEvT1pFVGRmekVoWllTR1E2LXpIcmpjYUFhYW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVhIMA0E
AgACMAcDBQMqDbDAMA0GCSqGSIb3DQEBCwUAA4IBAQBc0zw30qythgL49UaxxeXZ
jpuORSoqWG3i4+0DtxJPOF4Z6HfRT3lrd9IdUogKdGr0anHOWWhL03ojNfVmr+mK
AjBxXv+R78mj8NeTbGrFyTIwUXBLLerd/YvHTwWBRRYtw0rJJyrBt4H5LcJhjzr2
k0Vmz98jLsh0UioWghft6/8s/AOv8Jj6mEfkF2nzz0juW6K1ID87DeG07Im/UnoD
aazmbeQHDqyY4AGPtOMlIPeFtttHDfwto5SR+hfopTxd/n0WfgM4GAHbhxERbxwy
03xuUfisrzdGKCthdNyPQyzghDX7pQAiXnnGYNm4KA6Rvn+OLV3oRu11ozDDhb+V
-----END CERTIFICATE-----