Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iKx5QsSoWdRGsZqTsUBUYdT-How.roa
File:                     iKx5QsSoWdRGsZqTsUBUYdT-How.roa (raw, json)
Hash identifier:          t+ONA88keNFGHJ9Jt27Ktkju5Fd67nZ94/FUzEoRuYE=
Subject key identifier:   88:AC:79:42:C4:A8:59:D4:46:B1:9A:93:B1:40:54:61:D4:FE:1E:8C
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019874BF48482A0DD1701FCCC3BCD6914B2D
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iKx5QsSoWdRGsZqTsUBUYdT-How.roa
Signing time:             Mon 04 Aug 2025 11:02:29 +0000
ROA not before:           Mon 04 Aug 2025 11:02:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212824
IP address blocks:        87.239.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:bf:48:48:2a:0d:d1:70:1f:cc:c3:bc:d6:91:4b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug  4 11:02:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88ac7942c4a859d446b19a93b1405461d4fe1e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:6f:99:aa:02:ba:42:8c:b5:5d:ed:33:b4:af:
                    46:af:d9:01:07:05:7d:0d:b8:f0:2b:1e:ee:41:a8:
                    d8:fc:17:ad:36:ce:2e:f5:a9:f4:c8:94:38:87:86:
                    6d:a8:fb:5b:37:2b:a2:a8:ba:44:7d:b1:5b:64:8e:
                    91:05:23:70:65:13:dd:cc:17:25:b8:0d:2b:9a:a5:
                    7d:11:d5:87:3b:72:f5:3c:a0:06:dc:81:4f:a2:09:
                    70:81:99:60:cc:21:c8:41:9f:6a:6f:6f:3f:d7:91:
                    5d:20:9f:9d:94:83:6a:80:0a:bd:f1:e4:3a:09:0d:
                    b8:6a:42:17:98:67:43:46:ac:0a:f7:e3:91:98:2f:
                    cf:c2:9e:a0:96:d3:f5:cb:6f:0c:a8:f8:90:49:ef:
                    cc:b2:28:17:96:ee:3c:63:d6:1e:56:17:78:35:75:
                    29:ba:5e:f2:92:0b:6e:dd:89:a9:cd:c5:45:a3:54:
                    1c:55:6b:b1:aa:cb:16:8c:d6:89:00:bb:7f:b4:d0:
                    20:c0:83:db:7b:85:be:4a:7d:fa:09:31:be:42:91:
                    b4:ac:73:d1:23:c2:f6:89:b3:c4:40:ba:5b:64:d4:
                    c1:6f:35:7a:61:24:1b:97:cd:2f:0c:8c:72:a8:8c:
                    00:bf:d5:aa:7c:33:2e:67:47:3b:ad:cd:32:8d:5b:
                    ab:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:AC:79:42:C4:A8:59:D4:46:B1:9A:93:B1:40:54:61:D4:FE:1E:8C
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iKx5QsSoWdRGsZqTsUBUYdT-How.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:b4:14:04:79:b7:1d:b2:c8:82:4f:40:03:48:2f:d3:fa:df:
         36:ad:e2:d5:4d:af:8a:eb:dc:ac:de:91:54:30:5a:50:a3:71:
         27:7d:df:50:4f:ff:9a:81:de:2c:f2:1b:7c:ef:a3:e3:ae:4f:
         3c:d3:e1:1f:89:f3:be:8a:ef:4f:76:16:1e:7d:eb:1f:76:25:
         82:1e:3d:55:bf:53:79:c7:da:30:4b:48:25:72:00:79:79:8f:
         42:0e:2f:3e:ea:51:ba:55:f6:06:3e:d7:df:51:a3:12:9d:80:
         b6:a3:36:e6:83:11:dd:0b:ed:f1:9b:22:b5:68:71:ca:26:51:
         2a:77:fe:ca:33:ba:47:ca:f7:94:92:9a:b4:53:b4:c5:c2:06:
         a6:c6:c6:1f:24:63:db:1b:6a:6a:30:97:1c:9f:ad:c0:73:ef:
         2a:76:37:15:88:71:dd:c3:6d:08:35:ee:74:39:31:11:bf:c0:
         3c:11:92:03:dd:e5:8a:7b:7d:08:65:be:55:42:da:c7:19:d6:
         82:ea:b2:80:b8:0c:2c:64:1a:a4:26:17:21:a8:af:ad:ca:5a:
         ff:bf:13:c6:f5:30:70:50:5c:ca:bd:00:47:0c:e1:6c:03:c0:
         75:2b:4b:bc:c0:23:c7:da:7e:57:a6:90:b6:fb:a9:43:10:f4:
         e8:b3:0e:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh0v0hIKg3RcB/Mw7zWkUstMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODA0MTEwMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGFjNzk0MmM0YTg1OWQ0NDZiMTlhOTNiMTQwNTQ2MWQ0ZmUxZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2W+ZqgK6Qoy1Xe0ztK9Gr9kBBwV9
DbjwKx7uQajY/BetNs4u9an0yJQ4h4ZtqPtbNyuiqLpEfbFbZI6RBSNwZRPdzBcl
uA0rmqV9EdWHO3L1PKAG3IFPoglwgZlgzCHIQZ9qb28/15FdIJ+dlINqgAq98eQ6
CQ24akIXmGdDRqwK9+ORmC/Pwp6gltP1y28MqPiQSe/MsigXlu48Y9YeVhd4NXUp
ul7ykgtu3YmpzcVFo1QcVWuxqssWjNaJALt/tNAgwIPbe4W+Sn36CTG+QpG0rHPR
I8L2ibPEQLpbZNTBbzV6YSQbl80vDIxyqIwAv9WqfDMuZ0c7rc0yjVurfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiseULEqFnURrGak7FAVGHU/h6MMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaUt4NVFzU29XZFJHc1pxVHNVQlVZZFQtSG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV++BMA0G
CSqGSIb3DQEBCwUAA4IBAQBUtBQEebcdssiCT0ADSC/T+t82reLVTa+K69ys3pFU
MFpQo3Enfd9QT/+agd4s8ht876Pjrk880+EfifO+iu9PdhYefesfdiWCHj1Vv1N5
x9owS0glcgB5eY9CDi8+6lG6VfYGPtffUaMSnYC2ozbmgxHdC+3xmyK1aHHKJlEq
d/7KM7pHyveUkpq0U7TFwgamxsYfJGPbG2pqMJccn63Ac+8qdjcViHHdw20INe50
OTERv8A8EZID3eWKe30IZb5VQtrHGdaC6rKAuAwsZBqkJhchqK+tylr/vxPG9TBw
UFzKvQBHDOFsA8B1K0u8wCPH2n5XppC2+6lDEPTosw4M
-----END CERTIFICATE-----