Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NEBTrVrG2aOIqVsZMSsFHhwJFnw.roa
File:                     NEBTrVrG2aOIqVsZMSsFHhwJFnw.roa (raw, json)
Hash identifier:          f/aYHn25//7r/Dz9hT4MyKOdlYCxECJdfwrHVdjUJdo=
Subject key identifier:   34:40:53:AD:5A:C6:D9:A3:88:A9:5B:19:31:2B:05:1E:1C:09:16:7C
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019422FB9D12B978165B382BF071BFF63AE5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NEBTrVrG2aOIqVsZMSsFHhwJFnw.roa
Signing time:             Wed 01 Jan 2025 17:48:22 +0000
ROA not before:           Wed 01 Jan 2025 17:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200010
IP address blocks:        88.209.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:9d:12:b9:78:16:5b:38:2b:f0:71:bf:f6:3a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 17:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=344053ad5ac6d9a388a95b19312b051e1c09167c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:03:13:d2:a3:00:1a:3b:ac:4a:a7:bb:2e:dc:
                    f3:29:c2:9a:e0:b9:65:96:0c:77:3d:5f:69:d0:41:
                    36:03:2f:8f:6f:49:ce:05:68:67:f2:0b:e0:c2:43:
                    c2:28:33:fd:91:97:1a:8e:d4:4d:b5:2f:64:15:e6:
                    f7:63:51:0a:e3:b4:46:bd:1b:1d:c1:23:c5:6f:d6:
                    31:c0:08:49:e8:5a:55:41:fd:03:72:60:4d:93:1b:
                    cb:25:dd:0d:69:f9:79:1c:c1:ab:9a:62:b4:cf:52:
                    a4:c2:5c:97:3b:65:8f:a2:0c:0c:58:a4:f1:a6:12:
                    23:c7:f8:e8:c7:6e:7c:74:95:a5:90:15:dd:0c:6b:
                    3c:b7:fc:76:3d:ac:c1:48:ae:75:19:fd:5b:a9:93:
                    6d:bc:1c:05:6d:2e:43:70:d7:54:37:76:25:6b:86:
                    e1:13:52:3f:b0:79:bd:3f:dd:2c:13:fa:9d:94:ff:
                    5d:68:10:1a:f5:2a:1d:b8:a3:a3:df:cd:69:35:f0:
                    3e:1c:a4:e8:a2:6b:d3:a6:c6:e9:b5:99:4e:7a:a6:
                    20:1a:6d:09:24:04:32:b0:0d:73:b2:46:90:f9:68:
                    da:6c:d1:5e:7d:47:cc:e8:d6:d9:7c:86:d2:f0:59:
                    88:92:1c:74:8c:9c:fa:51:71:11:67:4f:da:e5:7f:
                    9c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:40:53:AD:5A:C6:D9:A3:88:A9:5B:19:31:2B:05:1E:1C:09:16:7C
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NEBTrVrG2aOIqVsZMSsFHhwJFnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:47:e2:9a:7d:b3:d3:cf:48:00:1c:bd:14:97:7f:73:b4:c2:
         1d:39:33:f0:06:50:d2:00:11:b1:8b:ce:44:31:0b:23:9d:81:
         f4:25:5c:0a:1e:08:22:e3:72:d9:2c:09:4d:c2:21:d9:b6:be:
         2e:1f:93:47:9e:b9:52:c3:15:80:b0:88:6c:ce:87:bf:a8:dd:
         5b:eb:bd:90:2a:17:da:60:bb:d9:1b:4c:6e:79:42:08:40:7a:
         e4:a7:95:74:24:f2:7d:01:f2:15:33:2e:43:22:8f:a4:80:08:
         e6:f6:7d:df:8d:89:9b:5b:9e:ef:47:d9:b9:f3:78:89:06:08:
         e8:6c:84:50:82:20:b2:d3:fa:0d:a1:55:bf:35:29:a0:32:9c:
         15:94:42:af:b2:c7:7a:6f:35:d0:5a:70:19:02:f6:37:76:56:
         9b:87:13:c4:6a:2f:88:b6:5b:4c:d0:b5:95:37:ba:48:53:2f:
         f8:db:eb:aa:c1:dc:4b:99:3b:de:2e:20:c4:3c:a7:89:cc:d6:
         2d:1a:05:ad:1b:ef:6f:51:c0:90:2e:b5:00:1f:66:62:a0:0a:
         fb:e6:44:42:24:53:02:19:c7:f0:64:ca:19:16:c1:29:c1:7d:
         1f:29:e6:ff:10:f0:ad:db:5e:1b:90:32:84:9c:a5:4b:a0:05:
         68:90:b5:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+50SuXgWWzgr8HG/9jrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMTAxMTc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQwNTNhZDVhYzZkOWEzODhhOTViMTkzMTJiMDUxZTFjMDkxNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwMT0qMAGjusSqe7LtzzKcKa4Lll
lgx3PV9p0EE2Ay+Pb0nOBWhn8gvgwkPCKDP9kZcajtRNtS9kFeb3Y1EK47RGvRsd
wSPFb9YxwAhJ6FpVQf0DcmBNkxvLJd0Nafl5HMGrmmK0z1KkwlyXO2WPogwMWKTx
phIjx/jox258dJWlkBXdDGs8t/x2PazBSK51Gf1bqZNtvBwFbS5DcNdUN3Yla4bh
E1I/sHm9P90sE/qdlP9daBAa9SoduKOj381pNfA+HKToomvTpsbptZlOeqYgGm0J
JAQysA1zskaQ+WjabNFefUfM6NbZfIbS8FmIkhx0jJz6UXERZ0/a5X+cqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRAU61axtmjiKlbGTErBR4cCRZ8MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTkVCVHJWckcyYU9JcVZzWk1Tc0ZIaHdKRm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHHMA0G
CSqGSIb3DQEBCwUAA4IBAQBRR+KafbPTz0gAHL0Ul39ztMIdOTPwBlDSABGxi85E
MQsjnYH0JVwKHggi43LZLAlNwiHZtr4uH5NHnrlSwxWAsIhszoe/qN1b672QKhfa
YLvZG0xueUIIQHrkp5V0JPJ9AfIVMy5DIo+kgAjm9n3fjYmbW57vR9m583iJBgjo
bIRQgiCy0/oNoVW/NSmgMpwVlEKvssd6bzXQWnAZAvY3dlabhxPEai+ItltM0LWV
N7pIUy/42+uqwdxLmTveLiDEPKeJzNYtGgWtG+9vUcCQLrUAH2ZioAr75kRCJFMC
GcfwZMoZFsEpwX0fKeb/EPCt214bkDKEnKVLoAVokLWx
-----END CERTIFICATE-----