Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/fWAfX3KpvP6KHVwuJR6oEj4CXnQ.roa
File:                     fWAfX3KpvP6KHVwuJR6oEj4CXnQ.roa (raw, json)
Hash identifier:          7Asl2MelB+M4yfnzUpkkQrmPhCU/0GL0ifTu9RCxXRU=
Subject key identifier:   7D:60:1F:5F:72:A9:BC:FE:8A:1D:5C:2E:25:1E:A8:12:3E:02:5E:74
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0196FBC8AE2F7DA9403910754094E8F211A7
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/fWAfX3KpvP6KHVwuJR6oEj4CXnQ.roa
Signing time:             Fri 23 May 2025 06:15:54 +0000
ROA not before:           Fri 23 May 2025 06:15:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        88.151.62.0/24 maxlen: 24
                          88.209.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 15:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fb:c8:ae:2f:7d:a9:40:39:10:75:40:94:e8:f2:11:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 23 06:15:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d601f5f72a9bcfe8a1d5c2e251ea8123e025e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ed:d2:0e:92:ba:08:29:6c:0f:bc:15:a4:f7:
                    86:0e:41:e9:ba:a1:24:c3:84:4c:ce:27:1b:6e:34:
                    ff:a3:6b:f0:aa:8e:b0:57:33:75:4e:cc:55:72:9f:
                    f8:27:7f:b7:37:cf:a1:9b:44:75:12:7e:e4:17:c7:
                    b4:78:8c:b1:ec:cf:77:72:97:ec:f8:31:2b:79:ba:
                    84:fd:da:5f:92:08:da:fc:fe:fa:a5:58:bf:03:df:
                    fa:ff:c3:04:e7:d3:6a:13:71:30:76:1b:04:06:4a:
                    89:c9:ce:69:e4:dd:48:0b:86:84:75:cb:83:3a:62:
                    28:8e:e2:37:cb:bf:43:07:43:af:00:a3:8e:11:5a:
                    2e:12:5e:64:9e:69:78:94:76:a8:3a:6d:ec:a1:d2:
                    20:1c:98:f1:32:87:cb:45:9a:5d:e7:ef:91:99:0a:
                    9e:6a:e7:fe:c8:10:1c:a9:66:d6:b9:42:fb:61:7d:
                    16:72:7b:04:8f:5d:7c:6e:70:b7:a8:4f:00:32:78:
                    00:97:63:e9:cb:7c:dd:37:44:6c:0b:13:22:17:0d:
                    58:95:0f:b1:a5:7b:a7:a8:ba:0f:1d:90:3f:67:b2:
                    00:f8:27:97:b4:40:37:5b:4a:4f:af:50:67:2d:63:
                    28:25:69:62:d5:30:98:c6:94:4b:11:01:a8:c5:1c:
                    81:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:60:1F:5F:72:A9:BC:FE:8A:1D:5C:2E:25:1E:A8:12:3E:02:5E:74
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/fWAfX3KpvP6KHVwuJR6oEj4CXnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.62.0/24
                  88.209.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:94:e2:1d:ae:b2:49:d3:45:24:49:c8:76:32:6d:0a:b2:af:
         06:6a:5a:1a:86:a2:e2:7e:3a:2f:42:e0:35:3a:7a:91:a4:07:
         d3:f9:93:df:7d:6f:a3:71:88:aa:29:c9:45:9d:49:ad:e0:f1:
         45:13:94:a4:8b:9e:70:f6:eb:28:5d:ac:7e:10:c9:e9:a2:81:
         d1:eb:45:6f:95:1e:fc:76:4c:a2:eb:d3:7b:c7:a4:b1:cb:e1:
         50:ac:69:79:51:47:0a:47:73:2f:55:5d:c7:cf:5d:32:9b:67:
         f7:c2:63:b6:70:82:2c:80:c2:f4:0e:25:b4:2d:de:14:33:46:
         a9:70:a7:99:fd:b3:b5:7c:08:73:af:8c:2d:a8:34:83:af:27:
         f6:4e:16:2b:20:c2:5a:1d:59:71:2c:48:14:f4:54:32:44:48:
         c9:96:a4:58:b4:54:87:d1:03:e6:43:7e:ce:26:46:aa:79:25:
         ea:2c:fb:df:b1:1e:16:24:85:03:15:bc:25:76:0c:5a:07:a2:
         8f:b8:ba:a5:c4:88:5d:90:39:a1:0d:29:d9:a4:e8:79:2b:ad:
         e0:9d:52:8a:74:18:0f:60:ba:bb:eb:2a:a9:e1:a9:03:45:36:
         f8:61:0b:1d:77:14:76:c1:71:54:9c:68:41:de:a1:af:c9:07:
         94:56:a5:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb7yK4vfalAORB1QJTo8hGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNTIzMDYxNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDYwMWY1ZjcyYTliY2ZlOGExZDVjMmUyNTFlYTgxMjNlMDI1ZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO3SDpK6CClsD7wVpPeGDkHpuqEk
w4RMzicbbjT/o2vwqo6wVzN1TsxVcp/4J3+3N8+hm0R1En7kF8e0eIyx7M93cpfs
+DErebqE/dpfkgja/P76pVi/A9/6/8ME59NqE3EwdhsEBkqJyc5p5N1IC4aEdcuD
OmIojuI3y79DB0OvAKOOEVouEl5knml4lHaoOm3sodIgHJjxMofLRZpd5++RmQqe
auf+yBAcqWbWuUL7YX0WcnsEj118bnC3qE8AMngAl2Ppy3zdN0RsCxMiFw1YlQ+x
pXunqLoPHZA/Z7IA+CeXtEA3W0pPr1BnLWMoJWli1TCYxpRLEQGoxRyBdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH1gH19yqbz+ih1cLiUeqBI+Al50MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZldBZlgzS3B2UDZLSFZ3dUpSNm9FajRDWG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWJc+AwQA
WNHHMA0GCSqGSIb3DQEBCwUAA4IBAQBclOIdrrJJ00UkSch2Mm0Ksq8GaloahqLi
fjovQuA1OnqRpAfT+ZPffW+jcYiqKclFnUmt4PFFE5Ski55w9usoXax+EMnpooHR
60VvlR78dkyi69N7x6Sxy+FQrGl5UUcKR3MvVV3Hz10ym2f3wmO2cIIsgML0DiW0
Ld4UM0apcKeZ/bO1fAhzr4wtqDSDryf2ThYrIMJaHVlxLEgU9FQyREjJlqRYtFSH
0QPmQ37OJkaqeSXqLPvfsR4WJIUDFbwldgxaB6KPuLqlxIhdkDmhDSnZpOh5K63g
nVKKdBgPYLq76yqp4akDRTb4YQsddxR2wXFUnGhB3qGvyQeUVqWx
-----END CERTIFICATE-----