Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/MOJEU5OiSmgt_dqOtEzktEJbSMA.roa
File:                     MOJEU5OiSmgt_dqOtEzktEJbSMA.roa (raw, json)
Hash identifier:          rMGIQ3RFsr4DEYaqV6jp3wNTqUtoguOSEfloYNNvmi4=
Subject key identifier:   30:E2:44:53:93:A2:4A:68:2D:FD:DA:8E:B4:4C:E4:B4:42:5B:48:C0
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019654A87E05DA754FAD9379A8474892430E
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/MOJEU5OiSmgt_dqOtEzktEJbSMA.roa
Signing time:             Sun 20 Apr 2025 19:24:10 +0000
ROA not before:           Sun 20 Apr 2025 19:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        88.209.211.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 18:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:54:a8:7e:05:da:75:4f:ad:93:79:a8:47:48:92:43:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Apr 20 19:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30e2445393a24a682dfdda8eb44ce4b4425b48c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b0:fe:37:dc:ed:53:40:63:d3:85:62:c5:a5:
                    c4:bd:46:a2:d3:98:cd:2c:69:c3:eb:ce:f7:80:ee:
                    cd:ef:d2:9f:e9:c6:88:88:02:75:25:56:45:13:f7:
                    7e:a7:aa:9a:65:05:00:8e:14:9a:bf:55:82:f0:fc:
                    b1:c3:eb:fa:cf:1e:85:62:12:cb:3a:f1:75:4b:5b:
                    c1:1c:56:ce:4e:9f:01:f4:f6:3a:20:d7:74:61:e5:
                    f1:f2:7e:6d:ad:b5:2f:c9:e3:f7:e9:37:56:62:99:
                    6c:14:51:d5:9b:e8:31:12:88:d3:f5:7a:d1:9f:ba:
                    29:39:4b:d2:80:3c:19:d2:16:db:5a:0c:fc:8e:33:
                    73:45:5f:34:df:08:05:c9:ad:32:b5:bc:82:06:c1:
                    45:25:11:44:15:ff:9c:eb:c9:fc:4a:4d:b5:86:52:
                    49:ca:d2:80:66:03:01:80:3c:41:dd:70:ac:87:57:
                    2e:0b:7d:07:40:0f:c1:34:f1:9c:07:25:be:50:ad:
                    47:72:e9:00:40:fe:1d:7f:eb:33:d8:f3:fb:50:da:
                    fa:3b:cc:3d:2d:44:8c:26:fb:0a:97:07:74:f9:d1:
                    78:53:4a:e7:ef:6c:24:df:52:fa:43:23:83:8e:dc:
                    6b:56:7f:c2:20:0b:8f:02:68:9e:4c:7d:7a:14:ee:
                    c3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E2:44:53:93:A2:4A:68:2D:FD:DA:8E:B4:4C:E4:B4:42:5B:48:C0
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/MOJEU5OiSmgt_dqOtEzktEJbSMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.211.0/24
                  88.209.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:2d:06:74:45:c2:97:2b:3b:e0:2b:1b:31:f0:2f:61:7c:b2:
         18:91:d7:2a:e1:64:56:ca:d5:2c:fb:58:b9:3c:95:27:6a:d3:
         34:f3:c5:0b:ed:8a:62:2f:73:ce:00:cc:76:49:cc:59:25:3f:
         5e:54:bb:77:35:01:b8:cc:f2:60:f6:42:9c:2c:e8:1d:e7:bb:
         fe:16:f8:df:c4:15:c8:33:6f:b9:18:dc:83:24:4e:70:f3:92:
         1f:63:70:47:d1:de:cf:61:79:7a:ae:d0:32:ef:16:83:0f:f7:
         df:58:57:7b:7d:07:cf:8d:1f:a9:02:34:eb:14:e0:a0:ea:5f:
         b5:fa:30:72:c1:dc:8e:44:60:01:3b:75:f3:b1:07:61:90:2a:
         66:ea:65:f6:0b:a0:7d:b2:15:1a:45:69:11:22:f1:40:75:1a:
         2c:02:ea:dc:29:91:c4:33:af:54:35:4d:06:dd:0f:f5:7b:82:
         25:3b:37:ea:ae:83:e4:dd:17:34:15:da:66:f1:46:0c:2c:a5:
         49:51:a7:3e:44:97:76:cd:8c:14:9d:c3:60:32:5e:be:8b:1b:
         03:b3:97:4d:20:08:f1:87:32:58:e0:c8:e0:d2:43:b4:94:bc:
         34:98:ca:0a:0e:1c:c7:c3:ad:b8:56:17:19:65:e2:ad:7c:bd:
         a8:23:12:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZUqH4F2nVPrZN5qEdIkkMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNDIwMTkyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGUyNDQ1MzkzYTI0YTY4MmRmZGRhOGViNDRjZTRiNDQyNWI0OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7D+N9ztU0Bj04VixaXEvUai05jN
LGnD6873gO7N79Kf6caIiAJ1JVZFE/d+p6qaZQUAjhSav1WC8Pyxw+v6zx6FYhLL
OvF1S1vBHFbOTp8B9PY6INd0YeXx8n5trbUvyeP36TdWYplsFFHVm+gxEojT9XrR
n7opOUvSgDwZ0hbbWgz8jjNzRV803wgFya0ytbyCBsFFJRFEFf+c68n8Sk21hlJJ
ytKAZgMBgDxB3XCsh1cuC30HQA/BNPGcByW+UK1HcukAQP4df+sz2PP7UNr6O8w9
LUSMJvsKlwd0+dF4U0rn72wk31L6QyODjtxrVn/CIAuPAmieTH16FO7DLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDDiRFOTokpoLf3ajrRM5LRCW0jAMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTU9KRVU1T2lTbWd0X2RxT3RFemt0RUpiU01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNHTAwQB
WNHgMA0GCSqGSIb3DQEBCwUAA4IBAQA7LQZ0RcKXKzvgKxsx8C9hfLIYkdcq4WRW
ytUs+1i5PJUnatM088UL7YpiL3POAMx2ScxZJT9eVLt3NQG4zPJg9kKcLOgd57v+
FvjfxBXIM2+5GNyDJE5w85IfY3BH0d7PYXl6rtAy7xaDD/ffWFd7fQfPjR+pAjTr
FOCg6l+1+jBywdyORGABO3XzsQdhkCpm6mX2C6B9shUaRWkRIvFAdRosAurcKZHE
M69UNU0G3Q/1e4IlOzfqroPk3Rc0Fdpm8UYMLKVJUac+RJd2zYwUncNgMl6+ixsD
s5dNIAjxhzJY4Mjg0kO0lLw0mMoKDhzHw624VhcZZeKtfL2oIxJm
-----END CERTIFICATE-----