Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/7CwgXlJaDaMQuXpiwY_V_j_b2ZA.roa
File:                     7CwgXlJaDaMQuXpiwY_V_j_b2ZA.roa (raw, json)
Hash identifier:          wMDAbWuY+gsTinWm/gMiRK08BfHdxSGMJM0nF4XFeHc=
Subject key identifier:   EC:2C:20:5E:52:5A:0D:A3:10:B9:7A:62:C1:8F:D5:FE:3F:DB:D9:90
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       01956531D70C4E4FB0232DFF992363BDAA40
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/7CwgXlJaDaMQuXpiwY_V_j_b2ZA.roa
Signing time:             Wed 05 Mar 2025 07:25:19 +0000
ROA not before:           Wed 05 Mar 2025 07:25:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        93.88.144.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:65:31:d7:0c:4e:4f:b0:23:2d:ff:99:23:63:bd:aa:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Mar  5 07:25:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec2c205e525a0da310b97a62c18fd5fe3fdbd990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:49:ad:0b:42:6f:d9:c6:7f:03:b8:c1:9a:f0:
                    28:c9:01:e1:c3:3b:d5:45:c0:f7:98:be:3c:f4:a8:
                    a4:ed:13:de:76:c9:b0:a2:c0:d4:fb:e1:d1:70:72:
                    fb:9a:fc:eb:51:83:12:f8:d3:b8:94:8b:62:9d:ab:
                    2b:c3:b7:bc:c6:eb:e0:ff:c0:7e:a8:fc:cf:9e:ae:
                    8f:a9:29:6e:dc:84:8b:5c:9a:f3:f5:38:22:35:d3:
                    ef:e7:3c:fc:cc:e3:0d:44:5a:ca:7d:85:c5:ab:17:
                    da:3c:58:49:7f:ea:c9:e0:80:73:b5:03:89:61:bd:
                    ad:bb:0d:72:c5:45:4b:da:73:8f:1e:ef:be:8b:ef:
                    6f:a1:43:ee:69:1c:2f:d8:e8:91:ba:81:ce:a9:0d:
                    2b:01:32:35:33:36:b6:05:6c:45:b4:48:ec:d4:62:
                    77:6a:0f:83:ee:15:0f:7d:cf:9e:19:73:78:48:71:
                    e6:71:02:87:5c:22:6d:f4:4b:3a:2b:4d:f8:08:60:
                    b5:fd:4c:87:14:73:4d:73:48:ff:6c:9f:2d:bd:5c:
                    89:a7:ff:98:4c:26:f9:68:d4:3b:e8:7a:01:3b:18:
                    84:5f:3b:43:e0:f5:ec:44:af:de:38:9d:9e:fc:50:
                    c7:e5:48:56:d5:42:e6:f6:09:df:61:35:ab:e6:01:
                    83:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:2C:20:5E:52:5A:0D:A3:10:B9:7A:62:C1:8F:D5:FE:3F:DB:D9:90
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/7CwgXlJaDaMQuXpiwY_V_j_b2ZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:11:e6:23:7f:ba:c5:5f:67:ee:af:d7:e9:b3:25:60:55:d6:
         d2:36:48:bc:a0:be:37:c7:58:bc:56:47:1a:0d:ca:ad:82:93:
         45:e4:d9:de:9f:ea:c7:ba:02:ac:bf:de:f5:c7:47:62:b5:51:
         61:80:85:0a:08:6d:56:92:1a:d8:60:cf:54:8c:d4:33:56:5b:
         96:1a:93:e3:49:8a:c6:1c:62:5e:01:a8:19:73:78:29:cf:48:
         77:f9:cf:89:85:16:fa:ea:b8:0d:d9:46:50:70:19:c6:d2:c3:
         ca:67:fa:9c:6f:18:4c:8d:e1:9f:ca:07:f5:41:34:ca:cd:37:
         64:43:8e:db:3d:ff:64:cd:ba:4a:48:c3:a1:61:5c:e1:fb:92:
         cc:79:dd:db:10:0a:d4:92:29:46:ce:d5:a1:67:46:f6:02:5d:
         44:21:dc:79:e2:dd:0e:82:c1:76:f2:04:18:27:ff:9b:e6:a3:
         28:08:bf:f0:22:65:da:31:d0:72:d9:b2:45:32:86:34:94:20:
         f6:0f:80:6b:3e:7d:a8:6f:5f:cf:b9:5d:8f:ce:49:1c:96:22:
         76:64:8e:c5:3a:d5:00:d9:91:c6:10:d7:bb:f5:d7:ca:93:30:
         03:ba:4c:fb:d6:9b:d9:69:60:60:3c:1f:b0:3b:1d:c3:5b:4d:
         b6:c7:03:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVlMdcMTk+wIy3/mSNjvapAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUwMzA1MDcyNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzJjMjA1ZTUyNWEwZGEzMTBiOTdhNjJjMThmZDVmZTNmZGJkOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0mtC0Jv2cZ/A7jBmvAoyQHhwzvV
RcD3mL489Kik7RPedsmwosDU++HRcHL7mvzrUYMS+NO4lItinasrw7e8xuvg/8B+
qPzPnq6PqSlu3ISLXJrz9TgiNdPv5zz8zOMNRFrKfYXFqxfaPFhJf+rJ4IBztQOJ
Yb2tuw1yxUVL2nOPHu++i+9voUPuaRwv2OiRuoHOqQ0rATI1Mza2BWxFtEjs1GJ3
ag+D7hUPfc+eGXN4SHHmcQKHXCJt9Es6K034CGC1/UyHFHNNc0j/bJ8tvVyJp/+Y
TCb5aNQ76HoBOxiEXztD4PXsRK/eOJ2e/FDH5UhW1ULm9gnfYTWr5gGDzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwsIF5SWg2jELl6YsGP1f4/29mQMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvN0N3Z1hsSmFEYU1RdVhwaXdZX1Zfal9iMlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXViQMA0G
CSqGSIb3DQEBCwUAA4IBAQAEEeYjf7rFX2fur9fpsyVgVdbSNki8oL43x1i8Vkca
DcqtgpNF5Nnen+rHugKsv971x0ditVFhgIUKCG1WkhrYYM9UjNQzVluWGpPjSYrG
HGJeAagZc3gpz0h3+c+JhRb66rgN2UZQcBnG0sPKZ/qcbxhMjeGfygf1QTTKzTdk
Q47bPf9kzbpKSMOhYVzh+5LMed3bEArUkilGztWhZ0b2Al1EIdx54t0OgsF28gQY
J/+b5qMoCL/wImXaMdBy2bJFMoY0lCD2D4BrPn2ob1/PuV2PzkkcliJ2ZI7FOtUA
2ZHGENe79dfKkzADukz71pvZaWBgPB+wOx3DW022xwOA
-----END CERTIFICATE-----