Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/iIlmR63znDA0-FxaY6vTy_DKL6M.roa
File:                     iIlmR63znDA0-FxaY6vTy_DKL6M.roa (raw, json)
Hash identifier:          CIfN4trJPKCVdpMsOe6p8BfBCulrZHS1m+gKQyYsogg=
Subject key identifier:   88:89:66:47:AD:F3:9C:30:34:F8:5C:5A:63:AB:D3:CB:F0:CA:2F:A3
Certificate issuer:       /CN=975c9ffa65c3c9b57c549e72cd6dc703005b2e0e
Certificate serial:       019421442CA289F7432CBF6EC792F2FA527C
Authority key identifier: 97:5C:9F:FA:65:C3:C9:B5:7C:54:9E:72:CD:6D:C7:03:00:5B:2E:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/iIlmR63znDA0-FxaY6vTy_DKL6M.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29196
IP address blocks:        195.69.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2c:a2:89:f7:43:2c:bf:6e:c7:92:f2:fa:52:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=975c9ffa65c3c9b57c549e72cd6dc703005b2e0e
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88896647adf39c3034f85c5a63abd3cbf0ca2fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8c:99:0d:bc:7f:fb:d6:6d:22:00:b4:26:44:
                    e8:80:9f:70:69:d4:70:4f:bc:19:ae:c5:fc:1d:03:
                    cb:27:2e:d5:cd:76:6c:64:42:0f:e2:86:e4:13:2f:
                    c8:53:0f:e3:e3:9d:9b:e7:0f:27:f8:08:fc:7d:0f:
                    07:a9:e2:80:5e:cd:8f:58:8b:58:c9:4a:7a:74:cd:
                    be:7b:e7:bd:f9:f4:20:ec:85:40:f6:68:f5:d1:b4:
                    be:3a:d5:e1:1e:1a:5c:d3:38:03:e9:02:ef:88:52:
                    1f:56:eb:5b:6c:2e:25:93:9c:17:e4:a5:4e:c5:9e:
                    0a:10:be:a8:af:dd:da:fe:f2:2a:9b:e8:ab:1a:ae:
                    95:c8:34:c5:4d:8e:9b:2a:ca:81:02:e6:29:f5:10:
                    0c:36:98:1a:6e:ea:49:6a:df:84:08:71:7a:97:04:
                    db:76:bf:fd:8a:59:ec:9b:ae:e4:b6:48:d8:8c:4e:
                    a7:7e:0e:a1:17:cb:7c:ff:7e:bb:78:90:82:84:6e:
                    16:23:cb:b4:cf:b1:21:a1:5b:65:d5:b8:6e:80:7d:
                    e3:f7:31:91:55:52:4f:49:42:9c:c6:b7:1e:57:6b:
                    1e:c3:34:f9:5b:8f:7a:fa:08:5d:ba:23:d0:27:ca:
                    54:82:73:54:18:ce:27:8c:d6:c4:10:19:34:64:6c:
                    b0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:89:66:47:AD:F3:9C:30:34:F8:5C:5A:63:AB:D3:CB:F0:CA:2F:A3
            X509v3 Authority Key Identifier:
                keyid:97:5C:9F:FA:65:C3:C9:B5:7C:54:9E:72:CD:6D:C7:03:00:5B:2E:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/iIlmR63znDA0-FxaY6vTy_DKL6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:58:7f:57:65:67:ae:fb:ab:c5:ae:bc:ef:b3:5e:1f:e3:a4:
         ac:c9:66:1e:79:fe:cc:ea:a7:12:69:5b:9e:5d:e4:1f:35:e6:
         38:24:c0:61:94:12:7e:08:21:95:cd:40:9c:a1:29:8c:af:30:
         96:14:87:fc:5d:91:4e:63:74:25:41:5a:42:07:16:91:72:3d:
         ff:34:3c:4d:9e:ce:49:08:91:52:2c:ba:fd:86:1c:47:15:9b:
         7d:09:b8:9b:96:8c:14:15:7e:98:9a:e4:35:b5:0d:9f:bb:74:
         2b:6f:9a:34:73:bb:0d:39:45:ac:11:09:35:3e:29:5d:78:46:
         70:7e:7e:ed:37:16:e1:18:21:73:d2:9e:62:e8:86:c1:55:6f:
         fa:b3:1e:84:d8:b9:65:1a:1a:04:5b:56:3c:fc:76:83:5e:37:
         55:7c:da:70:08:72:56:78:ae:e2:15:2b:67:ce:28:97:bf:a4:
         10:2b:48:76:65:fe:a3:6e:c2:b7:cc:69:54:a4:26:29:03:17:
         54:77:9f:29:fd:dd:b4:af:fa:83:9a:0f:67:0b:82:02:bf:ea:
         7f:0e:44:68:4f:43:89:db:4d:f3:05:2c:96:d2:10:7a:4f:7f:
         7d:9c:8f:7a:d5:97:3c:f6:f4:17:e2:ff:59:a4:a5:d2:54:77:
         7c:df:df:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCyiifdDLL9ux5Ly+lJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NWM5ZmZhNjVjM2M5YjU3YzU0OWU3MmNkNmRjNzAzMDA1
YjJlMGUwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg5NjY0N2FkZjM5YzMwMzRmODVjNWE2M2FiZDNjYmYwY2EyZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYyZDbx/+9ZtIgC0JkTogJ9wadRw
T7wZrsX8HQPLJy7VzXZsZEIP4obkEy/IUw/j452b5w8n+Aj8fQ8HqeKAXs2PWItY
yUp6dM2+e+e9+fQg7IVA9mj10bS+OtXhHhpc0zgD6QLviFIfVutbbC4lk5wX5KVO
xZ4KEL6or93a/vIqm+irGq6VyDTFTY6bKsqBAuYp9RAMNpgabupJat+ECHF6lwTb
dr/9ilnsm67ktkjYjE6nfg6hF8t8/367eJCChG4WI8u0z7EhoVtl1bhugH3j9zGR
VVJPSUKcxrceV2sewzT5W496+ghduiPQJ8pUgnNUGM4njNbEEBk0ZGyw3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiJZket85wwNPhcWmOr08vwyi+jMB8GA1UdIwQY
MBaAFJdcn/plw8m1fFSecs1txwMAWy4OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDF5Zi1tWER5YlY4Vko1eXpXM0hBd0JiTGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85MmVjZWEtM2YzYy00YmFhLTgzNGIt
MTI2YzdiNDhiODQ3LzEvaUlsbVI2M3puREEwLUZ4YVk2dlR5X0RLTDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85MmVjZWEtM2YzYy00YmFhLTgzNGItMTI2YzdiNDhiODQ3
LzEvbDF5Zi1tWER5YlY4Vko1eXpXM0hBd0JiTGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw0XYMA0G
CSqGSIb3DQEBCwUAA4IBAQA9WH9XZWeu+6vFrrzvs14f46SsyWYeef7M6qcSaVue
XeQfNeY4JMBhlBJ+CCGVzUCcoSmMrzCWFIf8XZFOY3QlQVpCBxaRcj3/NDxNns5J
CJFSLLr9hhxHFZt9CbiblowUFX6YmuQ1tQ2fu3Qrb5o0c7sNOUWsEQk1PildeEZw
fn7tNxbhGCFz0p5i6IbBVW/6sx6E2LllGhoEW1Y8/HaDXjdVfNpwCHJWeK7iFStn
ziiXv6QQK0h2Zf6jbsK3zGlUpCYpAxdUd58p/d20r/qDmg9nC4ICv+p/DkRoT0OJ
203zBSyW0hB6T399nI961Zc89vQX4v9ZpKXSVHd8398w
-----END CERTIFICATE-----