Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/88cbd2-51ab-4cd3-8d46-0a1c13a68be4/1/W8sGLPfZJfk-AE8QSt5pW51bYBc.roa
File:                     W8sGLPfZJfk-AE8QSt5pW51bYBc.roa (raw, json)
Hash identifier:          WTLS8/lHH8tSlHx/vjXHMnAP1canB1yYuL3OZnBm/0I=
Subject key identifier:   5B:CB:06:2C:F7:D9:25:F9:3E:00:4F:10:4A:DE:69:5B:9D:5B:60:17
Certificate issuer:       /CN=7a88d30d3502d1dfbae930d5ea9cc9d7263e9508
Certificate serial:       0194266BEF4E5FF686DB13926196A2394BCA
Authority key identifier: 7A:88:D3:0D:35:02:D1:DF:BA:E9:30:D5:EA:9C:C9:D7:26:3E:95:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eojTDTUC0d-66TDV6pzJ1yY-lQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/88cbd2-51ab-4cd3-8d46-0a1c13a68be4/1/W8sGLPfZJfk-AE8QSt5pW51bYBc.roa
Signing time:             Thu 02 Jan 2025 09:49:54 +0000
ROA not before:           Thu 02 Jan 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209590
IP address blocks:        195.248.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/88cbd2-51ab-4cd3-8d46-0a1c13a68be4/1/eojTDTUC0d-66TDV6pzJ1yY-lQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/88cbd2-51ab-4cd3-8d46-0a1c13a68be4/1/eojTDTUC0d-66TDV6pzJ1yY-lQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eojTDTUC0d-66TDV6pzJ1yY-lQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ef:4e:5f:f6:86:db:13:92:61:96:a2:39:4b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a88d30d3502d1dfbae930d5ea9cc9d7263e9508
        Validity
            Not Before: Jan  2 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bcb062cf7d925f93e004f104ade695b9d5b6017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5f:f4:e4:cc:73:4a:f2:80:17:8b:5d:82:6c:
                    6c:86:3d:1e:1f:46:bf:1c:20:31:3e:71:72:50:b1:
                    07:52:3b:70:10:a4:b3:f8:6d:0a:f0:2a:ba:9a:80:
                    cd:54:61:61:cf:6e:cd:e5:fc:d0:01:c2:81:fb:7c:
                    77:5c:50:72:a3:51:98:b3:5c:b5:65:4a:9c:39:02:
                    cf:c8:42:15:57:74:c4:1f:b9:27:68:40:3b:0a:fb:
                    0a:bf:b2:4c:fb:20:f9:32:d4:1f:e0:8d:ca:96:00:
                    ee:c7:e0:ca:d0:d8:89:d7:8c:e1:0e:1e:de:39:c1:
                    09:12:c3:21:f3:87:40:6c:c0:7a:b4:55:c9:ea:87:
                    73:95:49:f9:e9:de:99:33:94:9b:e5:b9:da:90:c4:
                    ca:d4:76:f9:65:27:7a:0f:3b:73:2a:55:bd:76:65:
                    e6:ad:0d:8e:7f:d1:c2:ec:d0:66:b1:84:68:0c:05:
                    49:eb:52:14:0e:7a:eb:b2:9c:56:6b:c6:cc:61:6e:
                    4b:2b:11:97:8c:dd:ef:2a:70:96:fa:e0:13:82:9a:
                    38:b2:ca:bb:f2:ec:9e:66:28:68:41:a3:6b:2c:d0:
                    4c:f8:d2:7f:f8:17:b2:be:56:db:4e:5f:60:79:58:
                    4e:8d:d6:37:92:88:2e:ea:e7:5d:7a:53:fe:c3:26:
                    ff:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CB:06:2C:F7:D9:25:F9:3E:00:4F:10:4A:DE:69:5B:9D:5B:60:17
            X509v3 Authority Key Identifier:
                keyid:7A:88:D3:0D:35:02:D1:DF:BA:E9:30:D5:EA:9C:C9:D7:26:3E:95:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eojTDTUC0d-66TDV6pzJ1yY-lQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/88cbd2-51ab-4cd3-8d46-0a1c13a68be4/1/W8sGLPfZJfk-AE8QSt5pW51bYBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/88cbd2-51ab-4cd3-8d46-0a1c13a68be4/1/eojTDTUC0d-66TDV6pzJ1yY-lQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:01:89:d4:b4:48:1c:13:69:0d:ce:60:22:99:5a:70:31:62:
         cc:71:09:69:83:9c:24:2d:ea:cb:bc:ff:dc:04:cd:0c:d3:13:
         db:ba:29:a6:df:e9:16:61:e6:ac:e7:8b:6e:df:b7:af:36:8e:
         ee:4f:fd:85:1f:f3:e4:d4:b7:3e:63:7e:1b:5c:0e:0f:c6:08:
         6b:d5:d6:55:cf:1a:28:7c:8e:ff:55:d1:12:26:03:77:33:2f:
         b1:f5:a0:c6:bb:d0:ad:cb:91:4e:fb:f9:6f:f4:94:af:90:4c:
         84:38:a4:0f:b4:b2:e4:d6:5e:08:dc:4d:ec:22:4e:74:74:1f:
         5e:ff:2c:f6:9f:37:7b:13:07:5a:c0:89:87:65:70:21:44:72:
         eb:ac:97:88:14:74:84:6b:ca:f7:c3:d8:d0:0c:7f:72:1f:f0:
         0d:ea:22:5b:74:53:e7:00:99:cd:03:d9:4b:06:10:87:33:8e:
         18:8f:68:ef:8f:6c:77:0b:94:2f:80:14:2d:3b:9b:f9:6b:15:
         cf:bd:37:3a:fd:65:61:8f:50:2c:bf:ae:e7:25:71:ad:69:f7:
         2d:9c:03:eb:f8:28:fb:d9:c2:3a:10:8b:43:36:c8:1d:52:95:
         9d:68:61:c5:1c:2b:6e:41:84:99:ad:92:9b:71:09:24:7a:07:
         23:a0:1d:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+9OX/aG2xOSYZaiOUvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhODhkMzBkMzUwMmQxZGZiYWU5MzBkNWVhOWNjOWQ3MjYz
ZTk1MDgwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNiMDYyY2Y3ZDkyNWY5M2UwMDRmMTA0YWRlNjk1YjlkNWI2MDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF/05MxzSvKAF4tdgmxshj0eH0a/
HCAxPnFyULEHUjtwEKSz+G0K8Cq6moDNVGFhz27N5fzQAcKB+3x3XFByo1GYs1y1
ZUqcOQLPyEIVV3TEH7knaEA7CvsKv7JM+yD5MtQf4I3KlgDux+DK0NiJ14zhDh7e
OcEJEsMh84dAbMB6tFXJ6odzlUn56d6ZM5Sb5bnakMTK1Hb5ZSd6DztzKlW9dmXm
rQ2Of9HC7NBmsYRoDAVJ61IUDnrrspxWa8bMYW5LKxGXjN3vKnCW+uATgpo4ssq7
8uyeZihoQaNrLNBM+NJ/+BeyvlbbTl9geVhOjdY3kogu6uddelP+wyb/dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvLBiz32SX5PgBPEEreaVudW2AXMB8GA1UdIwQY
MBaAFHqI0w01AtHfuukw1eqcydcmPpUIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZW9qVERUVUMwZC02NlREVjZwekoxeVktbFFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84OGNiZDItNTFhYi00Y2QzLThkNDYt
MGExYzEzYTY4YmU0LzEvVzhzR0xQZlpKZmstQUU4UVN0NXBXNTFiWUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84OGNiZDItNTFhYi00Y2QzLThkNDYtMGExYzEzYTY4YmU0
LzEvZW9qVERUVUMwZC02NlREVjZwekoxeVktbFFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/hNMA0G
CSqGSIb3DQEBCwUAA4IBAQCSAYnUtEgcE2kNzmAimVpwMWLMcQlpg5wkLerLvP/c
BM0M0xPbuimm3+kWYeas54tu37evNo7uT/2FH/Pk1Lc+Y34bXA4Pxghr1dZVzxoo
fI7/VdESJgN3My+x9aDGu9Cty5FO+/lv9JSvkEyEOKQPtLLk1l4I3E3sIk50dB9e
/yz2nzd7EwdawImHZXAhRHLrrJeIFHSEa8r3w9jQDH9yH/AN6iJbdFPnAJnNA9lL
BhCHM44Yj2jvj2x3C5QvgBQtO5v5axXPvTc6/WVhj1Asv67nJXGtafctnAPr+Cj7
2cI6EItDNsgdUpWdaGHFHCtuQYSZrZKbcQkkegcjoB3A
-----END CERTIFICATE-----