Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/d097d3-d4ba-4130-8e96-ad95ebfaaae2/1/vwZ3qyY8j7AihfGsWYtA6mwINxQ.roa
File:                     vwZ3qyY8j7AihfGsWYtA6mwINxQ.roa (raw, json)
Hash identifier:          VBbCuPYUO8ASQ+6MrnY57WOdr+3+R3PhClJszE/T/CI=
Subject key identifier:   BF:06:77:AB:26:3C:8F:B0:22:85:F1:AC:59:8B:40:EA:6C:08:37:14
Certificate issuer:       /CN=d04850f8069df62dc5155c02ed1e62bf51cedbc8
Certificate serial:       019425FDB449CD87D28768DA5EF37B7069DF
Authority key identifier: D0:48:50:F8:06:9D:F6:2D:C5:15:5C:02:ED:1E:62:BF:51:CE:DB:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EhQ-Aad9i3FFVwC7R5iv1HO28g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/d097d3-d4ba-4130-8e96-ad95ebfaaae2/1/vwZ3qyY8j7AihfGsWYtA6mwINxQ.roa
Signing time:             Thu 02 Jan 2025 07:49:31 +0000
ROA not before:           Thu 02 Jan 2025 07:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29056
IP address blocks:        195.88.238.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/d097d3-d4ba-4130-8e96-ad95ebfaaae2/1/0EhQ-Aad9i3FFVwC7R5iv1HO28g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/d097d3-d4ba-4130-8e96-ad95ebfaaae2/1/0EhQ-Aad9i3FFVwC7R5iv1HO28g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EhQ-Aad9i3FFVwC7R5iv1HO28g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:b4:49:cd:87:d2:87:68:da:5e:f3:7b:70:69:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d04850f8069df62dc5155c02ed1e62bf51cedbc8
        Validity
            Not Before: Jan  2 07:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf0677ab263c8fb02285f1ac598b40ea6c083714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:45:2d:13:e8:3f:01:33:df:41:47:41:4e:b3:
                    e2:1d:a7:47:46:20:60:43:56:b3:84:3b:81:a7:80:
                    ac:5a:5a:eb:d7:46:6a:9a:b7:18:63:dd:09:7e:16:
                    42:88:47:2e:2f:61:3e:17:a2:73:50:08:4d:7a:4d:
                    d2:62:41:24:80:04:c2:a3:2b:33:e2:76:97:43:3a:
                    d2:53:24:56:4f:71:26:a7:66:d2:b8:8c:64:c5:64:
                    c3:bd:66:6b:f4:fa:e8:ab:d6:40:be:28:6d:76:ea:
                    f4:02:4b:4e:aa:34:da:dc:35:c8:ca:97:9c:0a:c2:
                    27:f7:05:e3:df:0f:a3:47:28:c1:f5:f5:4a:09:00:
                    97:df:c2:25:6e:1f:cc:5a:d4:2c:7d:9c:68:c3:af:
                    d7:2b:65:2a:4f:23:e4:30:c5:e9:e4:eb:35:7e:6b:
                    7a:fd:f4:d4:c1:e0:d7:f1:9c:f6:c0:5b:c5:a2:62:
                    cc:75:45:a6:78:0d:b1:73:cd:77:33:4f:65:33:bc:
                    e1:37:85:d7:f3:9f:a9:d4:65:67:32:52:19:5a:90:
                    59:0d:7c:f5:44:0c:70:c3:7c:ef:e4:5a:bc:71:fb:
                    ef:e9:87:95:b2:cf:d0:28:2d:e4:54:5b:4d:be:65:
                    f3:5b:80:39:7d:fc:95:14:a7:c6:00:d2:21:fb:7f:
                    b8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:06:77:AB:26:3C:8F:B0:22:85:F1:AC:59:8B:40:EA:6C:08:37:14
            X509v3 Authority Key Identifier:
                keyid:D0:48:50:F8:06:9D:F6:2D:C5:15:5C:02:ED:1E:62:BF:51:CE:DB:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EhQ-Aad9i3FFVwC7R5iv1HO28g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d097d3-d4ba-4130-8e96-ad95ebfaaae2/1/vwZ3qyY8j7AihfGsWYtA6mwINxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d097d3-d4ba-4130-8e96-ad95ebfaaae2/1/0EhQ-Aad9i3FFVwC7R5iv1HO28g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:3d:e9:7c:c6:09:72:4f:03:40:d7:4f:72:f5:2e:bf:47:3c:
         10:85:47:b0:c6:79:86:21:98:c4:03:2e:98:f6:aa:69:d2:d8:
         5a:07:b8:31:37:33:7d:8b:0d:8c:9f:c4:8b:67:31:d4:e2:ef:
         6d:a5:e5:2f:60:ab:52:35:62:9c:92:70:c2:7d:b5:c2:23:7d:
         b8:69:a2:70:c1:11:ae:a2:88:e2:99:ee:e4:df:90:50:20:6c:
         b6:b7:73:42:28:5a:23:4e:cf:8a:83:35:3a:c1:78:8a:0e:63:
         71:bf:01:30:18:96:2d:c3:60:ab:2b:da:1a:eb:6a:49:f9:8d:
         b4:89:f2:dd:29:86:9b:81:44:0e:9c:c8:ee:4b:2c:7f:c1:68:
         cd:a6:9b:6f:f4:61:8a:bd:ba:01:6e:4a:e9:d1:34:3b:e2:db:
         d9:87:d0:6e:ed:92:44:5e:9c:f0:87:c2:00:2c:8b:e8:38:e6:
         7b:47:b3:44:56:61:c4:fd:c6:d1:ab:93:a7:8b:8b:3e:1f:07:
         61:61:b3:75:70:ee:15:c9:6d:85:f5:13:bb:0c:65:cc:bb:8e:
         a6:2c:83:08:78:b3:a6:7a:e4:93:d5:14:c5:12:a9:ca:2a:3a:
         80:7b:e3:09:a5:7a:f1:54:44:e2:48:51:70:b6:98:b3:db:1f:
         6e:eb:5e:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/bRJzYfSh2jaXvN7cGnfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDg1MGY4MDY5ZGY2MmRjNTE1NWMwMmVkMWU2MmJmNTFj
ZWRiYzgwHhcNMjUwMTAyMDc0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjA2NzdhYjI2M2M4ZmIwMjI4NWYxYWM1OThiNDBlYTZjMDgzNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUUtE+g/ATPfQUdBTrPiHadHRiBg
Q1azhDuBp4CsWlrr10ZqmrcYY90JfhZCiEcuL2E+F6JzUAhNek3SYkEkgATCoysz
4naXQzrSUyRWT3Emp2bSuIxkxWTDvWZr9Proq9ZAvihtdur0AktOqjTa3DXIypec
CsIn9wXj3w+jRyjB9fVKCQCX38Ilbh/MWtQsfZxow6/XK2UqTyPkMMXp5Os1fmt6
/fTUweDX8Zz2wFvFomLMdUWmeA2xc813M09lM7zhN4XX85+p1GVnMlIZWpBZDXz1
RAxww3zv5Fq8cfvv6YeVss/QKC3kVFtNvmXzW4A5ffyVFKfGANIh+3+4uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8Gd6smPI+wIoXxrFmLQOpsCDcUMB8GA1UdIwQY
MBaAFNBIUPgGnfYtxRVcAu0eYr9RztvIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVoUS1BYWQ5aTNGRlZ3QzdSNWl2MUhPMjhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9kMDk3ZDMtZDRiYS00MTMwLThlOTYt
YWQ5NWViZmFhYWUyLzEvdndaM3F5WThqN0FpaGZHc1dZdEE2bXdJTnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9kMDk3ZDMtZDRiYS00MTMwLThlOTYtYWQ5NWViZmFhYWUy
LzEvMEVoUS1BYWQ5aTNGRlZ3QzdSNWl2MUhPMjhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1juMA0G
CSqGSIb3DQEBCwUAA4IBAQBFPel8xglyTwNA109y9S6/RzwQhUewxnmGIZjEAy6Y
9qpp0thaB7gxNzN9iw2Mn8SLZzHU4u9tpeUvYKtSNWKcknDCfbXCI324aaJwwRGu
oojime7k35BQIGy2t3NCKFojTs+KgzU6wXiKDmNxvwEwGJYtw2CrK9oa62pJ+Y20
ifLdKYabgUQOnMjuSyx/wWjNpptv9GGKvboBbkrp0TQ74tvZh9Bu7ZJEXpzwh8IA
LIvoOOZ7R7NEVmHE/cbRq5Oni4s+HwdhYbN1cO4VyW2F9RO7DGXMu46mLIMIeLOm
euST1RTFEqnKKjqAe+MJpXrxVETiSFFwtpiz2x9u617v
-----END CERTIFICATE-----