Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/hebYL6M-z610FLivX7dM3OowSRU.roa
File:                     hebYL6M-z610FLivX7dM3OowSRU.roa (raw, json)
Hash identifier:          IcjCerJ7GmqoXjZHtfS/CxBpCm6nwEU8LVGTcI76v2s=
Subject key identifier:   85:E6:D8:2F:A3:3E:CF:AD:74:14:B8:AF:5F:B7:4C:DC:EA:30:49:15
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       01964393EE5599B9D2C032FA8835D5BFCE2A
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/hebYL6M-z610FLivX7dM3OowSRU.roa
Signing time:             Thu 17 Apr 2025 11:48:10 +0000
ROA not before:           Thu 17 Apr 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212792
IP address blocks:        88.210.60.0/24 maxlen: 24
                          88.210.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:93:ee:55:99:b9:d2:c0:32:fa:88:35:d5:bf:ce:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Apr 17 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85e6d82fa33ecfad7414b8af5fb74cdcea304915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:6e:64:31:f1:56:90:30:bc:45:2d:43:cf:
                    f2:ba:4d:af:02:b0:a8:d9:c9:e3:ca:28:8c:16:52:
                    74:25:18:46:a4:d5:0d:1a:3a:3b:c8:e4:6d:23:86:
                    7b:4a:dd:da:c7:83:e8:4b:7d:41:df:fd:26:15:82:
                    4f:a4:b7:a6:3d:80:6b:cc:43:95:b1:03:d1:4d:8f:
                    47:fb:55:f6:1d:83:32:a0:9e:3f:80:ef:d9:59:98:
                    03:1c:dc:8a:78:f1:9f:a3:fc:61:7e:21:68:e5:dc:
                    69:d6:bb:91:f9:ec:ec:c0:ed:2f:0c:3a:83:e4:ba:
                    3a:33:3f:39:18:a0:2e:79:89:9f:cb:f7:e5:de:e5:
                    39:12:dc:bc:57:c1:7b:a9:b8:58:55:f5:67:62:c2:
                    53:2c:d4:a0:00:5e:b9:e3:e4:91:13:8e:64:2d:9f:
                    88:b0:a7:ba:18:f2:5a:7c:e7:83:6b:cd:8f:7e:01:
                    de:a4:96:6a:1e:6a:97:6a:3d:19:ed:2d:ab:38:31:
                    26:43:a1:48:87:88:b2:5a:da:81:ef:55:3f:ab:80:
                    95:59:1d:1c:78:98:45:a4:01:57:1b:d3:49:fe:07:
                    7f:3c:5e:30:49:71:7d:ed:5a:eb:d4:0c:e0:0b:2b:
                    66:ce:9b:00:ea:e6:9a:1e:eb:4b:a1:57:04:8d:06:
                    9b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E6:D8:2F:A3:3E:CF:AD:74:14:B8:AF:5F:B7:4C:DC:EA:30:49:15
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/hebYL6M-z610FLivX7dM3OowSRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.210.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:65:88:c7:cf:f7:7c:58:e6:cf:d3:60:e4:66:67:7b:e9:88:
         f3:1f:9c:1e:c6:c1:81:59:4e:a0:85:47:9c:4f:9e:3c:0d:05:
         c1:be:82:4a:12:7b:99:75:f3:c3:76:77:be:23:0f:fa:9d:b6:
         bf:63:4c:c5:83:48:d1:79:19:80:37:f8:ba:05:fe:bf:68:22:
         ef:78:2d:42:9f:3e:15:9b:a8:f7:33:79:6b:1a:1e:6d:62:cd:
         14:83:32:ac:82:f8:ee:25:3e:8b:76:58:9d:cb:c0:8f:88:83:
         46:19:92:34:9a:11:dc:17:5f:5b:63:a6:b9:f2:47:be:32:84:
         63:62:00:d8:12:72:9e:fc:b6:5b:af:0f:ce:fe:6b:83:20:91:
         a7:8b:c5:b2:fd:9f:d0:de:ff:5d:f4:1a:32:b6:ab:a3:ad:c1:
         8d:46:66:59:e3:e5:9d:46:c2:b3:f3:f1:97:bd:1e:a9:6b:a4:
         f0:04:d7:16:eb:43:e9:18:3e:93:82:dc:19:88:20:3d:d5:96:
         f0:4d:e3:47:16:98:aa:08:59:18:94:e2:a8:cf:ef:87:f9:56:
         2e:d5:52:67:e5:bf:0f:17:25:ef:31:c6:81:06:56:6c:9a:c7:
         ce:da:1f:11:a5:f6:99:31:31:e1:d1:40:29:dd:5b:a6:7d:fe:
         a9:c5:6f:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZDk+5VmbnSwDL6iDXVv84qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjUwNDE3MTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWU2ZDgyZmEzM2VjZmFkNzQxNGI4YWY1ZmI3NGNkY2VhMzA0OTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncRuZDHxVpAwvEUtQ8/yuk2vArCo
2cnjyiiMFlJ0JRhGpNUNGjo7yORtI4Z7St3ax4PoS31B3/0mFYJPpLemPYBrzEOV
sQPRTY9H+1X2HYMyoJ4/gO/ZWZgDHNyKePGfo/xhfiFo5dxp1ruR+ezswO0vDDqD
5Lo6Mz85GKAueYmfy/fl3uU5Ety8V8F7qbhYVfVnYsJTLNSgAF654+SRE45kLZ+I
sKe6GPJafOeDa82PfgHepJZqHmqXaj0Z7S2rODEmQ6FIh4iyWtqB71U/q4CVWR0c
eJhFpAFXG9NJ/gd/PF4wSXF97Vrr1AzgCytmzpsA6uaaHutLoVcEjQaboQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXm2C+jPs+tdBS4r1+3TNzqMEkVMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvaGViWUw2TS16NjEwRkxpdlg3ZE0zT293U1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNI8MA0G
CSqGSIb3DQEBCwUAA4IBAQCQZYjHz/d8WObP02DkZmd76YjzH5wexsGBWU6ghUec
T548DQXBvoJKEnuZdfPDdne+Iw/6nba/Y0zFg0jReRmAN/i6Bf6/aCLveC1Cnz4V
m6j3M3lrGh5tYs0UgzKsgvjuJT6Ldlidy8CPiINGGZI0mhHcF19bY6a58ke+MoRj
YgDYEnKe/LZbrw/O/muDIJGni8Wy/Z/Q3v9d9BoytqujrcGNRmZZ4+WdRsKz8/GX
vR6pa6TwBNcW60PpGD6TgtwZiCA91ZbwTeNHFpiqCFkYlOKoz++H+VYu1VJn5b8P
FyXvMcaBBlZsmsfO2h8RpfaZMTHh0UAp3Vumff6pxW9h
-----END CERTIFICATE-----