Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/amXOXdgRUkEVQbqrslkFmzY42dA.roa
File:                     amXOXdgRUkEVQbqrslkFmzY42dA.roa (raw, json)
Hash identifier:          ajPC3ZSCw17woRoa0Iw+ncEy32xUV5KGTVpQpN4tmAU=
Subject key identifier:   6A:65:CE:5D:D8:11:52:41:15:41:BA:AB:B2:59:05:9B:36:38:D9:D0
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       0197CFE729F70A5E9CF53A4091EA09CCA416
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/amXOXdgRUkEVQbqrslkFmzY42dA.roa
Signing time:             Thu 03 Jul 2025 10:48:42 +0000
ROA not before:           Thu 03 Jul 2025 10:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215652
IP address blocks:        88.220.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:e7:29:f7:0a:5e:9c:f5:3a:40:91:ea:09:cc:a4:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jul  3 10:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a65ce5dd81152411541baabb259059b3638d9d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c5:63:dc:8d:c4:ef:b0:ac:4b:24:1d:23:26:
                    d5:59:76:77:a7:83:50:56:4b:d7:eb:69:3b:92:3e:
                    32:28:d3:e5:c8:38:c7:40:75:64:e1:3d:f2:99:81:
                    73:2b:22:54:65:d5:3a:b4:73:45:36:fb:17:2c:39:
                    f7:d8:fe:2a:7b:53:56:cc:dd:a0:44:9f:8b:79:5d:
                    4c:80:0d:c8:f3:10:10:f7:3c:ea:40:ff:74:b6:35:
                    85:e7:9a:01:38:91:ae:00:aa:a5:0f:aa:b5:92:c1:
                    b1:7f:47:95:35:2f:12:f6:8a:b7:e1:37:73:c5:7c:
                    f7:36:45:05:25:ce:9c:61:cc:ff:6f:8a:e0:a7:51:
                    d3:db:d3:19:4b:27:0d:d8:4f:50:2c:a7:58:1e:c4:
                    21:c7:d8:03:d2:ba:c8:a6:bd:13:cf:95:ed:ed:ce:
                    e5:45:d2:d6:d3:d1:b2:b9:b6:a2:d9:71:34:64:31:
                    8a:e0:ad:c1:8b:03:c7:be:37:d4:49:d2:2a:cf:f4:
                    c9:ef:70:0f:6a:cc:ec:77:96:36:a8:c2:dc:44:d9:
                    61:cd:c8:56:f6:56:83:fe:8a:7f:fe:8d:c4:56:26:
                    7d:90:5b:46:a5:ba:d3:01:e9:1e:47:5b:73:ef:ea:
                    94:18:86:e4:b6:37:85:bb:c1:92:7b:2e:00:63:82:
                    ec:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:65:CE:5D:D8:11:52:41:15:41:BA:AB:B2:59:05:9B:36:38:D9:D0
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/amXOXdgRUkEVQbqrslkFmzY42dA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:11:81:8b:22:ed:1f:85:77:87:c9:7b:4e:39:c8:7e:4a:85:
         fa:62:4d:1c:c9:13:b6:b9:a0:60:38:a7:65:6f:85:fb:62:96:
         ec:c2:ff:f6:d3:ac:d4:52:7d:aa:6a:67:a6:41:f8:d7:eb:68:
         43:86:13:d5:8a:4a:3f:3f:76:52:f0:39:ba:d1:cb:6a:57:2b:
         da:76:cd:5c:93:e3:1b:c1:1d:df:26:1f:ac:68:4a:fa:86:27:
         47:fd:c2:8f:4c:53:4c:05:d3:8d:33:9c:fe:c7:8e:82:12:9d:
         75:11:f4:af:48:db:55:bd:85:75:10:ba:ec:5d:c2:e9:52:c7:
         37:dd:2c:a0:4c:01:a8:4b:16:fd:8e:73:32:ac:92:5a:e0:e7:
         2e:a3:fb:bb:5c:d1:a2:46:35:11:f3:67:61:52:07:04:1d:d8:
         bd:5b:a1:ba:14:64:65:84:c9:18:9f:a4:a4:ac:68:25:7b:c1:
         62:ac:21:e7:0a:e4:a2:af:e5:1f:72:ab:6b:88:7a:1a:ec:a6:
         87:b6:23:e8:65:eb:89:2e:60:a2:86:23:93:d4:b3:a0:84:5b:
         28:bf:46:94:f2:48:91:d9:11:dc:bb:79:0c:83:f6:e1:4c:88:
         cb:77:97:3d:d7:7d:14:65:60:0b:f1:29:52:a7:7e:48:fa:9b:
         50:68:3b:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfP5yn3Cl6c9TpAkeoJzKQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwNzAzMTA0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTY1Y2U1ZGQ4MTE1MjQxMTU0MWJhYWJiMjU5MDU5YjM2MzhkOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsVj3I3E77CsSyQdIybVWXZ3p4NQ
VkvX62k7kj4yKNPlyDjHQHVk4T3ymYFzKyJUZdU6tHNFNvsXLDn32P4qe1NWzN2g
RJ+LeV1MgA3I8xAQ9zzqQP90tjWF55oBOJGuAKqlD6q1ksGxf0eVNS8S9oq34Tdz
xXz3NkUFJc6cYcz/b4rgp1HT29MZSycN2E9QLKdYHsQhx9gD0rrIpr0Tz5Xt7c7l
RdLW09Gyubai2XE0ZDGK4K3BiwPHvjfUSdIqz/TJ73APaszsd5Y2qMLcRNlhzchW
9laD/op//o3EViZ9kFtGpbrTAekeR1tz7+qUGIbktjeFu8GSey4AY4LspwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGplzl3YEVJBFUG6q7JZBZs2ONnQMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvYW1YT1hkZ1JVa0VWUWJxcnNsa0Ztelk0MmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNxYMA0G
CSqGSIb3DQEBCwUAA4IBAQCEEYGLIu0fhXeHyXtOOch+SoX6Yk0cyRO2uaBgOKdl
b4X7Ypbswv/206zUUn2qamemQfjX62hDhhPViko/P3ZS8Dm60ctqVyvads1ck+Mb
wR3fJh+saEr6hidH/cKPTFNMBdONM5z+x46CEp11EfSvSNtVvYV1ELrsXcLpUsc3
3SygTAGoSxb9jnMyrJJa4Ocuo/u7XNGiRjUR82dhUgcEHdi9W6G6FGRlhMkYn6Sk
rGgle8FirCHnCuSir+UfcqtriHoa7KaHtiPoZeuJLmCihiOT1LOghFsov0aU8kiR
2RHcu3kMg/bhTIjLd5c9130UZWAL8SlSp35I+ptQaDvS
-----END CERTIFICATE-----