Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/f8237c-e04a-4ddd-8ceb-d0f249bc3fed/1/iDD0dIi8FZu6HOhyS7tjvaUtgQE.roa
File:                     iDD0dIi8FZu6HOhyS7tjvaUtgQE.roa (raw, json)
Hash identifier:          0JHKcL5Vnxkq7EPVZmPbz9exzTMRAeW5CIg2FGWWjPE=
Subject key identifier:   88:30:F4:74:88:BC:15:9B:BA:1C:E8:72:4B:BB:63:BD:A5:2D:81:01
Certificate issuer:       /CN=8ab0a86cdef1d6855d19de74175373cdc81aefcc
Certificate serial:       0196EDB94BA26781437333C7ADD90F89FCE9
Authority key identifier: 8A:B0:A8:6C:DE:F1:D6:85:5D:19:DE:74:17:53:73:CD:C8:1A:EF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/irCobN7x1oVdGd50F1Nzzcga78w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/f8237c-e04a-4ddd-8ceb-d0f249bc3fed/1/iDD0dIi8FZu6HOhyS7tjvaUtgQE.roa
Signing time:             Tue 20 May 2025 12:44:25 +0000
ROA not before:           Tue 20 May 2025 12:44:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42552
IP address blocks:        91.192.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/f8237c-e04a-4ddd-8ceb-d0f249bc3fed/1/irCobN7x1oVdGd50F1Nzzcga78w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/f8237c-e04a-4ddd-8ceb-d0f249bc3fed/1/irCobN7x1oVdGd50F1Nzzcga78w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/irCobN7x1oVdGd50F1Nzzcga78w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:b9:4b:a2:67:81:43:73:33:c7:ad:d9:0f:89:fc:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ab0a86cdef1d6855d19de74175373cdc81aefcc
        Validity
            Not Before: May 20 12:44:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8830f47488bc159bba1ce8724bbb63bda52d8101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:15:69:4f:7d:2f:a5:67:e8:3b:b5:c0:44:7e:
                    f5:ba:e5:2a:e6:4b:f7:5c:ca:b7:d8:a1:34:c1:f0:
                    4d:36:a3:a2:08:8b:02:d0:7f:a5:05:df:90:06:d2:
                    47:6f:17:b4:e0:1c:e0:b7:0e:6b:9b:20:bf:17:62:
                    75:22:43:0c:5d:9c:92:86:54:8a:ac:71:3b:17:0d:
                    7c:09:30:c4:df:16:e5:50:5e:72:89:09:20:34:b6:
                    d2:b3:6e:e3:38:0d:0e:b0:11:58:a7:3f:00:23:52:
                    80:5d:b6:6b:c5:07:72:71:8b:d5:0f:17:a5:73:a1:
                    aa:64:e1:19:08:c8:21:ac:f5:14:bc:81:50:65:62:
                    96:79:9e:26:cb:09:65:9f:e2:79:21:da:37:3a:0d:
                    6f:4a:81:77:c2:a3:d6:12:a4:8d:47:2f:ec:5a:9c:
                    ec:b8:64:3c:7b:95:6e:70:a1:c0:cb:2e:08:f6:e6:
                    43:6f:f2:94:4d:f1:2e:34:e0:3b:d2:2f:24:6a:98:
                    69:10:10:ee:b0:21:e2:54:c3:78:dd:bb:3d:13:ef:
                    95:b9:77:ec:b3:5a:67:0e:0a:97:e2:fc:00:1b:c1:
                    d8:3c:33:c0:7c:ef:f2:90:b2:68:d7:76:4e:df:c3:
                    e9:95:16:d3:f5:7d:fb:79:a9:0e:90:fb:25:1b:d2:
                    a6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:30:F4:74:88:BC:15:9B:BA:1C:E8:72:4B:BB:63:BD:A5:2D:81:01
            X509v3 Authority Key Identifier:
                keyid:8A:B0:A8:6C:DE:F1:D6:85:5D:19:DE:74:17:53:73:CD:C8:1A:EF:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/irCobN7x1oVdGd50F1Nzzcga78w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/f8237c-e04a-4ddd-8ceb-d0f249bc3fed/1/iDD0dIi8FZu6HOhyS7tjvaUtgQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/f8237c-e04a-4ddd-8ceb-d0f249bc3fed/1/irCobN7x1oVdGd50F1Nzzcga78w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:87:cb:9b:ef:b4:c8:58:1c:1d:a4:de:08:5a:bc:8b:2a:61:
         84:75:23:da:01:0e:8d:45:25:bc:94:5c:bf:04:97:35:61:a4:
         23:e3:79:56:be:9c:c7:d2:7a:6e:67:5e:1c:8a:bf:dc:d2:ad:
         32:b6:4e:c3:d6:de:1c:e0:c9:5b:29:fa:ef:09:ba:06:21:3b:
         41:7f:41:0a:28:ae:f8:b6:ed:99:3d:67:0a:90:c4:a9:5b:a7:
         e3:20:70:e0:c0:39:d0:17:a7:0d:6f:cb:6d:c9:b6:7b:fd:ef:
         86:b7:b8:65:68:6d:e4:5c:54:a5:6f:10:3d:16:0e:c8:95:4e:
         9f:15:01:f9:ed:19:ea:66:19:9a:af:fa:f0:c0:58:b4:dd:80:
         da:57:5b:63:6d:57:d4:b5:0d:aa:32:fe:d3:7c:be:28:a8:ee:
         c7:03:77:b3:da:61:b8:67:14:b2:55:8c:fc:e7:ab:ce:3f:b3:
         99:2f:26:ca:9a:22:9c:c7:5a:91:0a:16:90:5a:b1:5c:cd:63:
         0e:11:76:e9:71:60:61:2e:56:3e:ca:42:69:d8:7a:69:2f:89:
         de:0d:cd:65:90:e3:a8:7c:02:14:ba:e2:8f:96:62:15:c1:e6:
         4c:6f:10:2b:18:de:65:3d:66:b1:bf:aa:4a:d4:08:fd:d6:3e:
         ce:b2:8d:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtuUuiZ4FDczPHrdkPifzpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYjBhODZjZGVmMWQ2ODU1ZDE5ZGU3NDE3NTM3M2NkYzgx
YWVmY2MwHhcNMjUwNTIwMTI0NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODMwZjQ3NDg4YmMxNTliYmExY2U4NzI0YmJiNjNiZGE1MmQ4MTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxVpT30vpWfoO7XARH71uuUq5kv3
XMq32KE0wfBNNqOiCIsC0H+lBd+QBtJHbxe04Bzgtw5rmyC/F2J1IkMMXZyShlSK
rHE7Fw18CTDE3xblUF5yiQkgNLbSs27jOA0OsBFYpz8AI1KAXbZrxQdycYvVDxel
c6GqZOEZCMghrPUUvIFQZWKWeZ4mywlln+J5Ido3Og1vSoF3wqPWEqSNRy/sWpzs
uGQ8e5VucKHAyy4I9uZDb/KUTfEuNOA70i8kaphpEBDusCHiVMN43bs9E++VuXfs
s1pnDgqX4vwAG8HYPDPAfO/ykLJo13ZO38PplRbT9X37eakOkPslG9KmyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgw9HSIvBWbuhzocku7Y72lLYEBMB8GA1UdIwQY
MBaAFIqwqGze8daFXRnedBdTc83IGu/MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXJDb2JON3gxb1ZkR2Q1MEYxTnp6Y2dhNzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9mODIzN2MtZTA0YS00ZGRkLThjZWIt
ZDBmMjQ5YmMzZmVkLzEvaUREMGRJaThGWnU2SE9oeVM3dGp2YVV0Z1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9mODIzN2MtZTA0YS00ZGRkLThjZWItZDBmMjQ5YmMzZmVk
LzEvaXJDb2JON3gxb1ZkR2Q1MEYxTnp6Y2dhNzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8DMMA0G
CSqGSIb3DQEBCwUAA4IBAQCFh8ub77TIWBwdpN4IWryLKmGEdSPaAQ6NRSW8lFy/
BJc1YaQj43lWvpzH0npuZ14cir/c0q0ytk7D1t4c4MlbKfrvCboGITtBf0EKKK74
tu2ZPWcKkMSpW6fjIHDgwDnQF6cNb8ttybZ7/e+Gt7hlaG3kXFSlbxA9Fg7IlU6f
FQH57RnqZhmar/rwwFi03YDaV1tjbVfUtQ2qMv7TfL4oqO7HA3ez2mG4ZxSyVYz8
56vOP7OZLybKmiKcx1qRChaQWrFczWMOEXbpcWBhLlY+ykJp2HppL4neDc1lkOOo
fAIUuuKPlmIVweZMbxArGN5lPWaxv6pK1Aj91j7Oso3S
-----END CERTIFICATE-----