Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/rH2xTHW8TwY4lE8Ek6Gr-qQswQU.roa
File:                     rH2xTHW8TwY4lE8Ek6Gr-qQswQU.roa (raw, json)
Hash identifier:          Vz1N8xBeDkiZIbCftyQD1MeyJYVco9clIAf3QFtk4sQ=
Subject key identifier:   AC:7D:B1:4C:75:BC:4F:06:38:94:4F:04:93:A1:AB:FA:A4:2C:C1:05
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01964384995EE1BD6D4FF4D8E991B49EB8AD
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/rH2xTHW8TwY4lE8Ek6Gr-qQswQU.roa
Signing time:             Thu 17 Apr 2025 11:31:25 +0000
ROA not before:           Thu 17 Apr 2025 11:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47193
IP address blocks:        109.248.64.0/19 maxlen: 20
                          109.248.112.0/20 maxlen: 21
                          188.130.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:84:99:5e:e1:bd:6d:4f:f4:d8:e9:91:b4:9e:b8:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Apr 17 11:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac7db14c75bc4f0638944f0493a1abfaa42cc105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:df:14:f6:49:f8:c7:a9:cf:50:c6:e3:3c:c0:
                    9f:31:39:f3:2d:42:b1:99:a5:e2:09:ef:77:87:c3:
                    46:32:44:7a:45:7c:7d:17:2b:d0:b6:d1:54:d3:5b:
                    e7:14:97:03:27:65:6c:61:13:1a:c5:b4:10:a7:f3:
                    b2:8a:b2:98:59:1b:76:c8:a8:07:3d:98:a1:7f:30:
                    5a:42:f9:00:92:90:74:0c:c3:ca:ec:9c:66:17:ab:
                    dd:2b:62:6d:d9:35:da:31:05:c9:50:9b:a5:68:73:
                    d6:e2:02:74:ec:ad:fa:af:9c:fe:98:2f:53:0c:15:
                    24:7f:a9:fa:67:1e:a0:18:a9:8a:1a:5e:ff:7f:ab:
                    9a:fc:20:69:cf:fe:87:fe:21:e8:9f:15:f8:9f:b2:
                    ad:35:a4:ac:3e:d4:40:30:71:5f:44:c3:b7:f6:2c:
                    2b:11:98:29:ec:51:5e:3d:77:f5:3b:9b:2f:6c:ac:
                    e6:93:e3:1b:b7:ac:e0:fc:ed:57:7a:a4:cc:0e:e7:
                    40:15:90:e0:35:92:46:a6:0f:46:67:c2:ef:12:99:
                    fb:8f:46:ef:37:f7:13:52:0a:a0:6b:04:10:58:bd:
                    91:b0:f9:5c:5a:18:41:7a:18:2b:10:32:6c:1f:31:
                    52:d9:34:85:c9:ab:e5:55:bc:19:3e:cf:ec:f4:d4:
                    ce:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:7D:B1:4C:75:BC:4F:06:38:94:4F:04:93:A1:AB:FA:A4:2C:C1:05
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/rH2xTHW8TwY4lE8Ek6Gr-qQswQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.64.0/19
                  109.248.112.0/20
                  188.130.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:75:07:24:d5:77:be:5f:dd:4d:3e:43:e7:ea:72:f7:6d:c3:
         4c:6b:0a:28:81:b0:c4:0c:4a:97:6e:57:17:cf:15:a7:1d:31:
         69:b2:00:88:22:23:7b:65:66:1a:11:3d:84:26:92:6e:17:09:
         06:55:a5:b7:6e:29:d6:fc:eb:cb:6a:99:16:78:df:37:bc:94:
         81:a1:38:f8:60:05:6f:f8:ef:af:7a:a3:5f:46:06:ef:94:a8:
         0d:0f:f9:b5:c3:2f:d2:b4:cc:bb:ca:c8:5c:6e:c5:8a:45:c0:
         2c:40:19:fa:75:f2:6c:71:3d:58:91:d3:8d:58:ea:76:7d:6d:
         23:28:47:e9:9c:6f:11:3d:01:70:d2:c2:91:a8:fa:58:53:28:
         3e:4e:4b:38:f9:39:e1:3f:ef:fc:f2:a3:cc:60:0f:af:e4:9c:
         b0:ed:36:80:7b:ee:4f:8f:c9:5e:3c:aa:7a:81:6b:bd:db:af:
         a1:01:f8:7b:5f:11:cf:6a:99:e8:25:63:df:7b:42:8c:47:e9:
         22:ec:85:c5:18:02:f6:53:dc:e9:6b:93:3c:20:84:3f:da:7e:
         b5:9c:0d:a6:66:50:f7:36:c1:c7:89:af:62:fc:9d:6e:54:f7:
         d3:c7:01:b0:94:23:da:ee:6d:24:33:b4:4c:91:dd:5c:f5:f4:
         84:19:f7:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZDhJle4b1tT/TY6ZG0nritMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwNDE3MTEzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzdkYjE0Yzc1YmM0ZjA2Mzg5NDRmMDQ5M2ExYWJmYWE0MmNjMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmN8U9kn4x6nPUMbjPMCfMTnzLUKx
maXiCe93h8NGMkR6RXx9FyvQttFU01vnFJcDJ2VsYRMaxbQQp/OyirKYWRt2yKgH
PZihfzBaQvkAkpB0DMPK7JxmF6vdK2Jt2TXaMQXJUJulaHPW4gJ07K36r5z+mC9T
DBUkf6n6Zx6gGKmKGl7/f6ua/CBpz/6H/iHonxX4n7KtNaSsPtRAMHFfRMO39iwr
EZgp7FFePXf1O5svbKzmk+Mbt6zg/O1XeqTMDudAFZDgNZJGpg9GZ8LvEpn7j0bv
N/cTUgqgawQQWL2RsPlcWhhBehgrEDJsHzFS2TSFyavlVbwZPs/s9NTOTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKx9sUx1vE8GOJRPBJOhq/qkLMEFMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvckgyeFRIVzhUd1k0bEU4RWs2R3ItcVFzd1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFbfhAAwQE
bfhwAwQAvIKTMA0GCSqGSIb3DQEBCwUAA4IBAQAtdQck1Xe+X91NPkPn6nL3bcNM
awoogbDEDEqXblcXzxWnHTFpsgCIIiN7ZWYaET2EJpJuFwkGVaW3binW/OvLapkW
eN83vJSBoTj4YAVv+O+veqNfRgbvlKgND/m1wy/StMy7yshcbsWKRcAsQBn6dfJs
cT1YkdONWOp2fW0jKEfpnG8RPQFw0sKRqPpYUyg+Tks4+TnhP+/88qPMYA+v5Jyw
7TaAe+5Pj8lePKp6gWu926+hAfh7XxHPapnoJWPfe0KMR+ki7IXFGAL2U9zpa5M8
IIQ/2n61nA2mZlD3NsHHia9i/J1uVPfTxwGwlCPa7m0kM7RMkd1c9fSEGfeP
-----END CERTIFICATE-----