Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mxLS_XPgCjcPMOOyKkPaxq8hLpg.roa
File:                     mxLS_XPgCjcPMOOyKkPaxq8hLpg.roa (raw, json)
Hash identifier:          /BdTAEK63yHvdioxcARp2OOIsQV4nfSKYikrpjOktwY=
Subject key identifier:   9B:12:D2:FD:73:E0:0A:37:0F:30:E3:B2:2A:43:DA:C6:AF:21:2E:98
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0195D14DC6FF7020425D5190A7D733DA8ED4
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mxLS_XPgCjcPMOOyKkPaxq8hLpg.roa
Signing time:             Wed 26 Mar 2025 07:14:50 +0000
ROA not before:           Wed 26 Mar 2025 07:14:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        88.209.244.0/24 maxlen: 24
                          88.209.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d1:4d:c6:ff:70:20:42:5d:51:90:a7:d7:33:da:8e:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar 26 07:14:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b12d2fd73e00a370f30e3b22a43dac6af212e98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:94:ce:09:10:36:9f:06:3c:08:b9:9d:6a:cb:
                    2b:84:62:dc:e4:18:2e:11:c1:fb:fe:33:fe:81:9e:
                    5b:db:5d:d5:cc:f1:45:98:27:42:b7:ec:54:59:2b:
                    62:e2:b6:7d:69:37:ed:af:e9:73:4a:5e:ae:f1:18:
                    f2:d0:c8:c3:ca:8a:e2:e4:75:b8:b3:69:f4:32:d8:
                    3a:55:3a:ba:80:a8:fd:d0:bd:83:61:35:58:fb:3a:
                    a3:7f:c7:93:67:91:c3:94:d4:b0:ae:1f:3e:7f:21:
                    1e:69:df:13:99:81:c5:95:35:0d:c2:8a:5c:3e:ed:
                    b5:05:99:de:5a:26:ac:b0:f0:00:d0:ad:67:cc:1d:
                    f6:cf:e9:ff:2c:9c:59:17:c3:35:7d:b1:19:10:97:
                    88:81:39:8e:c1:47:d5:f2:cb:0f:13:88:59:bf:2e:
                    f0:00:42:28:72:51:45:c3:c4:b2:90:b4:10:6c:4e:
                    de:43:77:a8:d9:3a:28:dd:37:c6:86:94:51:96:77:
                    cb:a8:c6:fe:e9:fb:53:24:22:1b:e5:47:d9:f8:bc:
                    fa:41:5e:1c:54:c6:2d:a6:23:1f:e6:64:f4:75:4f:
                    34:73:eb:e8:51:9b:e7:c2:e4:10:8b:0c:0c:78:0f:
                    00:a5:d1:73:22:b6:7a:a6:0b:2f:ce:47:63:a9:0d:
                    37:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:12:D2:FD:73:E0:0A:37:0F:30:E3:B2:2A:43:DA:C6:AF:21:2E:98
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mxLS_XPgCjcPMOOyKkPaxq8hLpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.244.0/24
                  88.209.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:8a:3e:6f:ce:8d:46:e3:5e:fe:0b:12:e8:a3:ee:f1:cd:3a:
         48:1f:15:4c:c6:2e:5d:0b:4d:9e:d5:05:59:2b:a8:c2:b5:48:
         fc:7b:c0:c1:ad:77:f3:88:48:0a:74:76:92:d8:ea:0f:9e:a5:
         65:e3:82:aa:73:45:ee:8a:c1:0f:ee:8a:80:e8:96:9b:dc:d5:
         f7:14:d3:d9:63:9b:55:71:8e:bd:a5:87:36:62:eb:9e:6b:b5:
         f2:ae:42:31:d1:32:07:ff:94:94:1d:3e:b1:cd:8e:c2:03:35:
         37:bf:35:9e:3c:7f:cf:99:56:fa:79:15:05:b2:36:68:60:d2:
         39:d6:9f:aa:c6:05:39:10:aa:f4:d4:a0:df:4c:b0:69:d6:a3:
         e5:3b:16:46:c0:32:ef:77:8b:9b:96:c2:99:be:6c:e8:2e:8d:
         7a:67:dd:93:6a:a7:f0:64:7f:a5:df:5c:bf:ef:4f:c3:81:9c:
         f6:10:ea:c9:b2:ec:d2:87:47:a0:d4:ff:25:58:8d:95:c9:a1:
         ad:d8:78:a4:f7:4e:95:5b:b3:5b:1e:de:14:7f:a1:5c:e4:fa:
         0b:53:4b:83:13:bb:34:bf:e3:a7:3e:40:94:7c:c7:a5:1c:61:
         a4:25:99:91:1b:98:26:76:25:aa:17:82:f8:23:7d:ec:3f:84:
         e0:bb:ee:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXRTcb/cCBCXVGQp9cz2o7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMzI2MDcxNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjEyZDJmZDczZTAwYTM3MGYzMGUzYjIyYTQzZGFjNmFmMjEyZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5TOCRA2nwY8CLmdassrhGLc5Bgu
EcH7/jP+gZ5b213VzPFFmCdCt+xUWSti4rZ9aTftr+lzSl6u8Rjy0MjDyori5HW4
s2n0Mtg6VTq6gKj90L2DYTVY+zqjf8eTZ5HDlNSwrh8+fyEead8TmYHFlTUNwopc
Pu21BZneWiassPAA0K1nzB32z+n/LJxZF8M1fbEZEJeIgTmOwUfV8ssPE4hZvy7w
AEIoclFFw8SykLQQbE7eQ3eo2Too3TfGhpRRlnfLqMb+6ftTJCIb5UfZ+Lz6QV4c
VMYtpiMf5mT0dU80c+voUZvnwuQQiwwMeA8ApdFzIrZ6pgsvzkdjqQ03rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJsS0v1z4Ao3DzDjsipD2savIS6YMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbXhMU19YUGdDamNQTU9PeUtrUGF4cThoTHBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNH0AwQA
WNH2MA0GCSqGSIb3DQEBCwUAA4IBAQBSij5vzo1G417+CxLoo+7xzTpIHxVMxi5d
C02e1QVZK6jCtUj8e8DBrXfziEgKdHaS2OoPnqVl44Kqc0XuisEP7oqA6Jab3NX3
FNPZY5tVcY69pYc2Yuuea7XyrkIx0TIH/5SUHT6xzY7CAzU3vzWePH/PmVb6eRUF
sjZoYNI51p+qxgU5EKr01KDfTLBp1qPlOxZGwDLvd4ublsKZvmzoLo16Z92Taqfw
ZH+l31y/70/DgZz2EOrJsuzSh0eg1P8lWI2VyaGt2Hik906VW7NbHt4Uf6Fc5PoL
U0uDE7s0v+OnPkCUfMelHGGkJZmRG5gmdiWqF4L4I33sP4Tgu+47
-----END CERTIFICATE-----