Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/5v_vrW0HvoruhQZTNV_0b8Xqqto.roa
File:                     5v_vrW0HvoruhQZTNV_0b8Xqqto.roa (raw, json)
Hash identifier:          GLURXBU690UhI1Gmf5xLttGeyafmzBhy8dobKw1u4ZA=
Subject key identifier:   E6:FF:EF:AD:6D:07:BE:8A:EE:85:06:53:35:5F:F4:6F:C5:EA:AA:DA
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019422FBA3BFBEB8C7B19F15F048F3F13F2E
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/5v_vrW0HvoruhQZTNV_0b8Xqqto.roa
Signing time:             Wed 01 Jan 2025 17:48:24 +0000
ROA not before:           Wed 01 Jan 2025 17:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        88.209.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:a3:bf:be:b8:c7:b1:9f:15:f0:48:f3:f1:3f:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 17:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6ffefad6d07be8aee850653355ff46fc5eaaada
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:43:f5:28:30:f5:37:da:79:88:a8:3b:3b:e9:
                    92:11:df:9f:8a:29:cc:e7:31:7c:70:09:d5:78:86:
                    90:c6:8e:bc:0b:40:5c:d2:2b:4a:e8:3d:4b:40:0d:
                    40:af:d9:36:34:84:b8:fd:e5:31:03:b2:11:49:14:
                    97:65:75:98:48:1b:39:79:c5:a7:c9:56:d1:b6:2a:
                    75:bd:d7:32:04:2a:bd:a3:bd:72:1d:52:6b:21:51:
                    0b:e1:60:b4:e7:b8:3b:7d:22:c9:e3:e6:fa:6d:97:
                    f6:69:25:d4:25:d1:7f:15:95:9e:76:19:65:66:a4:
                    fb:71:ac:79:ae:bf:11:bb:e7:56:41:41:b3:a3:ee:
                    62:50:62:f8:7f:92:96:1f:8a:56:f5:74:ee:52:e1:
                    07:c7:fc:3a:35:43:24:5a:c2:17:e3:bd:dd:ad:0a:
                    f5:24:45:d5:53:da:47:a1:97:3a:3b:90:be:61:55:
                    73:76:0c:71:7a:9c:21:03:a6:27:40:78:2e:09:14:
                    ee:cb:5f:2a:d7:91:2f:5e:6a:62:7c:73:a2:c3:8b:
                    11:ed:4e:aa:55:f3:ed:b7:c5:8a:fe:2b:14:0c:8b:
                    49:a5:d6:60:16:ae:5b:71:7e:56:85:2d:22:28:b8:
                    16:c3:e2:3e:45:97:f7:06:4f:cc:f3:c3:b0:6f:e4:
                    c7:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:FF:EF:AD:6D:07:BE:8A:EE:85:06:53:35:5F:F4:6F:C5:EA:AA:DA
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/5v_vrW0HvoruhQZTNV_0b8Xqqto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:42:f4:cf:46:e0:21:a1:5d:1d:7e:10:0f:5c:d4:cc:3c:30:
         a3:2c:34:1d:d3:54:68:fb:3f:fa:a2:07:9a:0f:52:2b:e2:3d:
         e9:b7:db:9f:d8:e0:40:eb:0a:ba:37:80:53:73:f8:ae:ce:13:
         3c:9d:fa:55:a5:18:34:cb:38:77:43:d9:72:e1:12:a6:ce:04:
         2b:71:61:55:4b:4a:c8:68:ca:78:db:ce:0f:31:f6:90:b4:fd:
         51:fd:e9:f7:11:68:95:cc:21:70:d2:52:74:65:5d:2b:09:c5:
         00:53:f6:4a:6c:ef:36:3b:f0:11:3f:5b:1d:d6:f1:80:e5:bb:
         a4:db:55:6b:39:5e:79:8c:05:5e:fd:d2:72:3e:05:bc:ff:17:
         21:36:73:df:46:94:83:67:48:5e:ae:53:1e:e0:6b:e7:89:4a:
         7f:39:41:4f:61:31:2b:4d:7e:25:65:9e:28:d5:70:73:7f:d3:
         01:1d:d3:6e:25:d2:db:da:6d:7f:27:dc:b1:d8:ab:18:1b:7a:
         0a:e7:28:01:7a:1d:80:d1:70:26:8e:10:6f:8e:b3:fe:7d:cd:
         57:be:bb:5c:e1:0f:72:e4:d4:f7:39:2e:14:7b:1c:2d:24:43:
         57:b8:ce:e3:2e:77:05:19:34:e1:02:fd:d2:75:d1:2d:43:03:
         53:43:1f:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+6O/vrjHsZ8V8Ejz8T8uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMTAxMTc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmZmZWZhZDZkMDdiZThhZWU4NTA2NTMzNTVmZjQ2ZmM1ZWFhYWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0P1KDD1N9p5iKg7O+mSEd+fiinM
5zF8cAnVeIaQxo68C0Bc0itK6D1LQA1Ar9k2NIS4/eUxA7IRSRSXZXWYSBs5ecWn
yVbRtip1vdcyBCq9o71yHVJrIVEL4WC057g7fSLJ4+b6bZf2aSXUJdF/FZWedhll
ZqT7cax5rr8Ru+dWQUGzo+5iUGL4f5KWH4pW9XTuUuEHx/w6NUMkWsIX473drQr1
JEXVU9pHoZc6O5C+YVVzdgxxepwhA6YnQHguCRTuy18q15EvXmpifHOiw4sR7U6q
VfPtt8WK/isUDItJpdZgFq5bcX5WhS0iKLgWw+I+RZf3Bk/M88Owb+THdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb/761tB76K7oUGUzVf9G/F6qraMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNXZfdnJXMEh2b3J1aFFaVE5WXzBiOFhxcXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNH8MA0G
CSqGSIb3DQEBCwUAA4IBAQCKQvTPRuAhoV0dfhAPXNTMPDCjLDQd01Ro+z/6ogea
D1Ir4j3pt9uf2OBA6wq6N4BTc/iuzhM8nfpVpRg0yzh3Q9ly4RKmzgQrcWFVS0rI
aMp4284PMfaQtP1R/en3EWiVzCFw0lJ0ZV0rCcUAU/ZKbO82O/ARP1sd1vGA5buk
21VrOV55jAVe/dJyPgW8/xchNnPfRpSDZ0herlMe4GvniUp/OUFPYTErTX4lZZ4o
1XBzf9MBHdNuJdLb2m1/J9yx2KsYG3oK5ygBeh2A0XAmjhBvjrP+fc1Xvrtc4Q9y
5NT3OS4UexwtJENXuM7jLncFGTThAv3SddEtQwNTQx+W
-----END CERTIFICATE-----