Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iPUqVolhLmbwFocDgLV6ncA_LRs.roa
File:                     iPUqVolhLmbwFocDgLV6ncA_LRs.roa (raw, json)
Hash identifier:          Vf7btw8BxFTBWWeh1+kJas/26jHzb0LOznlp7bXnAAo=
Subject key identifier:   88:F5:2A:56:89:61:2E:66:F0:16:87:03:80:B5:7A:9D:C0:3F:2D:1B
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019420D5E86E233CD8E50053A80B11340A25
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iPUqVolhLmbwFocDgLV6ncA_LRs.roa
Signing time:             Wed 01 Jan 2025 07:47:57 +0000
ROA not before:           Wed 01 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216063
IP address blocks:        88.151.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e8:6e:23:3c:d8:e5:00:53:a8:0b:11:34:0a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88f52a5689612e66f016870380b57a9dc03f2d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:9b:34:55:aa:fd:f5:c7:6a:37:18:b4:a1:d6:
                    40:d8:7d:22:38:bc:22:2e:9b:5a:e4:9b:77:69:13:
                    8d:80:7c:7d:2b:c9:9c:9c:65:df:6f:3f:18:5a:d7:
                    4a:ee:99:63:61:b5:05:d4:4a:f4:b9:9e:56:51:a4:
                    0c:ae:c5:32:7e:61:82:1f:ba:0b:76:f9:ca:63:cc:
                    e7:d6:13:4b:33:ad:82:c9:61:9d:77:e8:af:1f:d6:
                    72:89:ec:22:89:86:3d:31:d5:e0:55:67:4e:81:1e:
                    10:8a:56:d4:26:65:c4:b9:de:b6:5f:73:0f:53:4f:
                    0d:ad:d2:2e:34:ca:56:dc:77:d7:0b:fa:3c:b9:5c:
                    b4:92:d8:65:d3:22:e0:15:68:7d:48:cd:99:92:ab:
                    27:e9:42:54:c1:9b:6e:54:07:17:c3:d9:f9:00:f4:
                    c0:bf:69:c6:98:0d:60:a9:c0:e2:40:4a:a8:b0:ff:
                    3e:ba:19:0c:07:05:e9:e3:de:92:16:ed:cd:78:1a:
                    ba:f8:00:89:92:fb:db:0c:ea:48:63:10:3c:99:73:
                    47:46:64:fe:21:d4:94:5a:d5:93:9b:60:3b:da:23:
                    7d:ee:a2:6b:73:f3:7d:4d:80:30:be:3d:65:d6:d6:
                    0f:03:a5:0e:01:20:32:1f:c9:a2:1c:25:17:cb:04:
                    19:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F5:2A:56:89:61:2E:66:F0:16:87:03:80:B5:7A:9D:C0:3F:2D:1B
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iPUqVolhLmbwFocDgLV6ncA_LRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:cb:52:11:48:d8:51:93:26:23:f7:fa:c7:b3:ec:ed:79:28:
         ce:2d:49:49:d7:39:6d:31:97:af:90:eb:20:04:ff:ab:85:22:
         d6:90:58:33:c3:c4:dc:d0:37:72:0f:fc:28:a3:d6:01:80:f8:
         8d:79:2f:13:8c:c5:21:0b:bc:f7:7f:4e:56:20:ce:ed:86:c0:
         77:32:fb:1f:1f:6b:e4:5a:4d:d2:5e:c7:e5:85:52:da:76:78:
         de:b2:5a:6a:36:78:2b:f0:09:f7:af:f1:7a:2c:7e:da:bf:03:
         1b:b3:0c:c1:ca:08:d8:dc:54:68:e9:59:f9:f2:58:f6:2e:95:
         da:7c:a7:dd:0c:50:a4:ba:a2:1e:51:2d:19:f2:97:98:c9:7a:
         af:20:3d:93:8f:4e:cf:04:59:58:98:90:28:d4:37:27:fb:3d:
         21:10:de:a1:8e:ec:c2:0a:0d:5f:98:a6:95:b0:51:ea:74:78:
         b9:ca:3d:15:85:7e:f0:75:b0:16:47:98:9a:18:3b:f7:47:29:
         36:3a:b6:c0:8a:24:7c:4e:47:94:cd:c2:5d:84:4f:d9:cf:b3:
         67:98:47:32:cb:4f:c4:f1:f6:c6:83:9c:91:a0:cb:a8:a5:96:
         43:8e:8d:46:27:ca:5e:19:9d:63:25:7f:86:01:ed:a3:47:3b:
         48:29:45:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ehuIzzY5QBTqAsRNAolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwMTAxMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY1MmE1Njg5NjEyZTY2ZjAxNjg3MDM4MGI1N2E5ZGMwM2YyZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZs0Var99cdqNxi0odZA2H0iOLwi
Lpta5Jt3aRONgHx9K8mcnGXfbz8YWtdK7pljYbUF1Er0uZ5WUaQMrsUyfmGCH7oL
dvnKY8zn1hNLM62CyWGdd+ivH9ZyiewiiYY9MdXgVWdOgR4QilbUJmXEud62X3MP
U08NrdIuNMpW3HfXC/o8uVy0kthl0yLgFWh9SM2Zkqsn6UJUwZtuVAcXw9n5APTA
v2nGmA1gqcDiQEqosP8+uhkMBwXp496SFu3NeBq6+ACJkvvbDOpIYxA8mXNHRmT+
IdSUWtWTm2A72iN97qJrc/N9TYAwvj1l1tYPA6UOASAyH8miHCUXywQZSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj1KlaJYS5m8BaHA4C1ep3APy0bMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvaVBVcVZvbGhMbWJ3Rm9jRGdMVjZuY0FfTFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfCMA0G
CSqGSIb3DQEBCwUAA4IBAQBjy1IRSNhRkyYj9/rHs+zteSjOLUlJ1zltMZevkOsg
BP+rhSLWkFgzw8Tc0DdyD/woo9YBgPiNeS8TjMUhC7z3f05WIM7thsB3MvsfH2vk
Wk3SXsflhVLadnjeslpqNngr8An3r/F6LH7avwMbswzBygjY3FRo6Vn58lj2LpXa
fKfdDFCkuqIeUS0Z8peYyXqvID2Tj07PBFlYmJAo1Dcn+z0hEN6hjuzCCg1fmKaV
sFHqdHi5yj0VhX7wdbAWR5iaGDv3Ryk2OrbAiiR8TkeUzcJdhE/Zz7NnmEcyy0/E
8fbGg5yRoMuopZZDjo1GJ8peGZ1jJX+GAe2jRztIKUU0
-----END CERTIFICATE-----