Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/67_iqcd-jnhgApAKTC6d4bs5Qro.roa
File:                     67_iqcd-jnhgApAKTC6d4bs5Qro.roa (raw, json)
Hash identifier:          e8mI5oDqjL7eXb9pexw5mS8lQPn8bQBHzfmgkkeV8Wg=
Subject key identifier:   EB:BF:E2:A9:C7:7E:8E:78:60:02:90:0A:4C:2E:9D:E1:BB:39:42:BA
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019422FB90BAEA31E8839A7F577E2F1D5721
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/67_iqcd-jnhgApAKTC6d4bs5Qro.roa
Signing time:             Wed 01 Jan 2025 17:48:19 +0000
ROA not before:           Wed 01 Jan 2025 17:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        88.209.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:90:ba:ea:31:e8:83:9a:7f:57:7e:2f:1d:57:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 17:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebbfe2a9c77e8e786002900a4c2e9de1bb3942ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e2:19:d4:ce:8b:83:f7:3c:6f:a8:9d:84:4f:
                    ad:3f:56:52:6b:40:40:96:e7:3e:9b:11:a5:de:bb:
                    5b:76:58:91:f0:fd:ca:8b:ae:99:54:fd:c5:00:f7:
                    ee:98:55:d1:92:fa:5c:00:2d:37:f1:86:6c:6d:6c:
                    37:e6:bf:c4:64:b0:c8:39:ea:60:42:6d:8e:77:be:
                    82:29:19:42:79:5a:7e:57:86:54:37:26:72:b9:86:
                    b4:50:76:a6:b5:d2:74:a7:98:37:0f:ca:77:5d:4b:
                    80:ed:fc:79:b5:48:ab:95:bc:19:e3:19:4f:21:8b:
                    ae:b7:fa:7e:80:b8:6f:89:ae:00:56:40:f9:fa:a7:
                    f4:a6:86:2d:d1:04:8f:c5:88:96:2a:5c:b3:bb:90:
                    53:fb:27:5e:38:a2:1d:cd:49:e5:57:b6:f8:30:b8:
                    a4:a5:79:93:1f:2a:ef:a1:2c:e5:c0:17:ad:bb:e4:
                    f9:89:9d:0f:d0:97:68:85:0a:9f:30:46:03:e0:90:
                    cf:7a:34:31:87:30:e1:8e:e8:b8:58:b7:9c:7a:f0:
                    5f:c5:1d:30:26:cc:00:76:c5:ab:c7:40:cc:f9:81:
                    88:08:60:b1:fe:c9:5a:91:b1:20:7e:b5:47:8f:4c:
                    ef:2a:f8:53:eb:17:39:a1:cb:67:38:67:0a:c0:1e:
                    65:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:BF:E2:A9:C7:7E:8E:78:60:02:90:0A:4C:2E:9D:E1:BB:39:42:BA
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/67_iqcd-jnhgApAKTC6d4bs5Qro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:bd:70:ca:23:21:14:24:56:db:a3:40:bd:a6:ed:d8:60:78:
         5c:e0:64:dc:db:d4:ef:6e:f1:21:d8:23:60:67:d0:77:4b:b0:
         ae:6d:1b:e7:df:43:12:a9:18:91:d9:9b:34:cc:9a:81:9b:9b:
         ec:bc:e8:63:eb:46:ca:08:36:eb:ae:5c:94:fb:28:e1:96:56:
         f5:df:87:66:77:5b:07:42:37:f4:b0:3b:ea:fa:05:d7:7c:0c:
         0c:b6:3b:ff:25:79:93:de:76:81:8a:ef:7a:ff:32:16:f9:b8:
         6a:44:b5:7b:2b:76:13:9a:6b:73:1b:4e:0e:3d:26:1c:73:14:
         68:7b:e5:99:d0:a2:08:28:d1:cf:5c:a2:59:95:6a:b5:d5:49:
         cb:a1:f0:5f:9b:c8:db:32:2b:96:cc:99:95:d8:3a:9b:54:6d:
         e7:ca:91:e3:5c:7d:0c:27:69:33:de:08:89:4b:2b:ff:85:dd:
         33:d3:11:1a:a3:9f:7c:1a:b2:94:bf:b2:20:02:97:f5:12:fc:
         de:08:30:07:51:f9:3f:cb:dd:0e:66:95:b4:79:74:9b:74:11:
         21:b5:cb:40:e7:d1:0c:6f:2a:d8:dd:9d:2a:da:a3:66:bb:7f:
         24:ea:4d:6f:ad:d1:28:19:0a:78:2e:98:88:6f:7f:a0:e2:12:
         a9:7c:23:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+5C66jHog5p/V34vHVchMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMTAxMTc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmJmZTJhOWM3N2U4ZTc4NjAwMjkwMGE0YzJlOWRlMWJiMzk0MmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOIZ1M6Lg/c8b6idhE+tP1ZSa0BA
luc+mxGl3rtbdliR8P3Ki66ZVP3FAPfumFXRkvpcAC038YZsbWw35r/EZLDIOepg
Qm2Od76CKRlCeVp+V4ZUNyZyuYa0UHamtdJ0p5g3D8p3XUuA7fx5tUirlbwZ4xlP
IYuut/p+gLhvia4AVkD5+qf0poYt0QSPxYiWKlyzu5BT+ydeOKIdzUnlV7b4MLik
pXmTHyrvoSzlwBetu+T5iZ0P0JdohQqfMEYD4JDPejQxhzDhjui4WLecevBfxR0w
JswAdsWrx0DM+YGICGCx/slakbEgfrVHj0zvKvhT6xc5octnOGcKwB5l/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOu/4qnHfo54YAKQCkwuneG7OUK6MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNjdfaXFjZC1qbmhnQXBBS1RDNmQ0YnM1UXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNHwMA0G
CSqGSIb3DQEBCwUAA4IBAQCEvXDKIyEUJFbbo0C9pu3YYHhc4GTc29TvbvEh2CNg
Z9B3S7CubRvn30MSqRiR2Zs0zJqBm5vsvOhj60bKCDbrrlyU+yjhllb134dmd1sH
Qjf0sDvq+gXXfAwMtjv/JXmT3naBiu96/zIW+bhqRLV7K3YTmmtzG04OPSYccxRo
e+WZ0KIIKNHPXKJZlWq11UnLofBfm8jbMiuWzJmV2DqbVG3nypHjXH0MJ2kz3giJ
Syv/hd0z0xEao598GrKUv7IgApf1EvzeCDAHUfk/y90OZpW0eXSbdBEhtctA59EM
byrY3Z0q2qNmu38k6k1vrdEoGQp4LpiIb3+g4hKpfCNx
-----END CERTIFICATE-----