Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aI5GW5CPH55A7yX3BGOcl-97zEA.roa
File:                     aI5GW5CPH55A7yX3BGOcl-97zEA.roa (raw, json)
Hash identifier:          4xbmx+cb2TR/eXdAjmTz0JValmDbEUPRJLTaITS7FnE=
Subject key identifier:   68:8E:46:5B:90:8F:1F:9E:40:EF:25:F7:04:63:9C:97:EF:7B:CC:40
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019865C336846E3AB69D8509AE100A3A2BCF
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aI5GW5CPH55A7yX3BGOcl-97zEA.roa
Signing time:             Fri 01 Aug 2025 13:12:29 +0000
ROA not before:           Fri 01 Aug 2025 13:12:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        88.80.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:65:c3:36:84:6e:3a:b6:9d:85:09:ae:10:0a:3a:2b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Aug  1 13:12:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=688e465b908f1f9e40ef25f704639c97ef7bcc40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7d:df:7a:5a:b8:ef:37:36:ab:5c:ad:62:7a:
                    51:7f:89:09:20:55:bc:3f:f6:8d:21:95:b1:ae:52:
                    30:b5:88:70:22:4b:9f:31:35:26:3c:d2:38:f5:6d:
                    43:e1:d8:3b:19:28:43:da:d8:5a:e9:f2:0b:8a:71:
                    02:7e:67:97:1a:e4:40:6b:1d:0e:95:ab:d1:2c:49:
                    e4:99:33:99:47:b0:2e:81:14:50:e0:fa:f0:1d:f4:
                    d5:17:82:30:46:3f:86:37:38:1c:ab:1e:54:cb:a5:
                    08:ec:2b:2e:b0:87:db:c6:3f:07:aa:c5:52:b4:e0:
                    87:12:26:69:10:8c:57:3e:ac:60:a2:1c:e7:e2:7a:
                    ef:e8:fa:60:c7:7a:d5:51:87:3e:3f:7a:2f:d1:50:
                    0e:17:c5:4f:d5:12:05:78:87:42:a4:4d:cc:bc:f8:
                    d0:e0:d1:59:17:c2:57:0f:3c:bf:64:35:6c:da:64:
                    03:39:63:c6:0c:30:96:96:29:39:66:d5:ae:33:2c:
                    23:3a:06:3e:67:16:87:89:40:e7:38:55:d3:4b:82:
                    1a:0b:96:8b:76:0c:82:b3:ca:ff:ba:90:39:4d:7e:
                    86:f6:e1:4d:d7:e7:d7:76:39:79:ac:19:1d:4b:c2:
                    06:f8:66:5a:74:9b:0a:33:1f:b3:d3:a3:51:c2:3e:
                    f2:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:8E:46:5B:90:8F:1F:9E:40:EF:25:F7:04:63:9C:97:EF:7B:CC:40
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aI5GW5CPH55A7yX3BGOcl-97zEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:b6:00:88:a9:58:63:43:2a:4f:e1:52:c1:57:48:15:7c:57:
         1b:2a:16:14:b8:a2:8e:b7:45:a6:9c:91:d5:e8:66:8f:7f:44:
         d0:26:5a:9f:31:93:6a:81:94:1c:f8:a7:b3:81:2b:eb:1c:4a:
         79:71:17:8a:ef:3b:db:74:26:17:05:b7:ea:31:21:ba:8e:24:
         36:51:08:55:cc:73:ad:97:57:b1:96:b1:af:4a:a6:41:3a:91:
         65:c8:6d:5f:0c:2e:1d:19:c3:8b:e3:0b:de:5a:75:98:a3:fe:
         30:3f:ad:46:52:7e:1a:84:97:4d:35:65:93:ca:7d:ac:57:9b:
         e9:05:84:78:1d:8a:62:67:d6:c2:25:80:f4:6c:79:0e:45:d7:
         53:25:c7:19:31:1b:50:99:8c:10:0f:bd:f6:58:28:67:22:55:
         00:22:c7:a4:a7:f0:96:44:b7:f5:a8:54:b0:9e:6a:cd:aa:aa:
         ff:77:43:28:cc:1f:63:52:75:92:c7:eb:14:8b:11:90:ec:8a:
         d4:22:ec:43:f9:a0:d7:fd:fb:b6:8d:55:58:33:db:3e:db:13:
         0d:14:e7:06:0c:e3:5d:5a:0d:f3:71:27:12:72:1e:a5:fd:f9:
         15:92:a1:e4:49:cc:de:40:73:96:33:e0:d3:c7:89:1d:70:ea:
         58:0f:e7:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhlwzaEbjq2nYUJrhAKOivPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwODAxMTMxMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhlNDY1YjkwOGYxZjllNDBlZjI1ZjcwNDYzOWM5N2VmN2JjYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwX3felq47zc2q1ytYnpRf4kJIFW8
P/aNIZWxrlIwtYhwIkufMTUmPNI49W1D4dg7GShD2tha6fILinECfmeXGuRAax0O
lavRLEnkmTOZR7AugRRQ4PrwHfTVF4IwRj+GNzgcqx5Uy6UI7CsusIfbxj8HqsVS
tOCHEiZpEIxXPqxgohzn4nrv6Ppgx3rVUYc+P3ov0VAOF8VP1RIFeIdCpE3MvPjQ
4NFZF8JXDzy/ZDVs2mQDOWPGDDCWlik5ZtWuMywjOgY+ZxaHiUDnOFXTS4IaC5aL
dgyCs8r/upA5TX6G9uFN1+fXdjl5rBkdS8IG+GZadJsKMx+z06NRwj7ykQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiORluQjx+eQO8l9wRjnJfve8xAMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvYUk1R1c1Q1BINTVBN3lYM0JHT2NsLTk3ekVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCLMA0G
CSqGSIb3DQEBCwUAA4IBAQATtgCIqVhjQypP4VLBV0gVfFcbKhYUuKKOt0WmnJHV
6GaPf0TQJlqfMZNqgZQc+KezgSvrHEp5cReK7zvbdCYXBbfqMSG6jiQ2UQhVzHOt
l1exlrGvSqZBOpFlyG1fDC4dGcOL4wveWnWYo/4wP61GUn4ahJdNNWWTyn2sV5vp
BYR4HYpiZ9bCJYD0bHkORddTJccZMRtQmYwQD732WChnIlUAIsekp/CWRLf1qFSw
nmrNqqr/d0MozB9jUnWSx+sUixGQ7IrUIuxD+aDX/fu2jVVYM9s+2xMNFOcGDONd
Wg3zcScSch6l/fkVkqHkSczeQHOWM+DTx4kdcOpYD+d7
-----END CERTIFICATE-----