Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/l7wxx1zLyo_Vp6Dh5EdYTFcM2nU.roa
File:                     l7wxx1zLyo_Vp6Dh5EdYTFcM2nU.roa (raw, json)
Hash identifier:          CxolEvFopBeQFh0sVq8DG+TsCtldic0vb/t6anZwnLM=
Subject key identifier:   97:BC:31:C7:5C:CB:CA:8F:D5:A7:A0:E1:E4:47:58:4C:57:0C:DA:75
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019682C28E2260D720760759358458659B75
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/l7wxx1zLyo_Vp6Dh5EdYTFcM2nU.roa
Signing time:             Tue 29 Apr 2025 18:15:10 +0000
ROA not before:           Tue 29 Apr 2025 18:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        88.80.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:c2:8e:22:60:d7:20:76:07:59:35:84:58:65:9b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Apr 29 18:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97bc31c75ccbca8fd5a7a0e1e447584c570cda75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4f:f0:c7:b1:2f:dd:2b:69:66:9a:01:d2:67:
                    cb:1e:d0:d0:3f:32:12:72:79:50:71:dd:8c:fe:89:
                    a1:84:45:1a:82:b1:ad:66:a0:8f:39:95:7f:d0:e6:
                    32:fd:e3:c1:0b:4c:0b:9b:f5:59:05:7a:67:d1:1d:
                    91:ae:69:a3:ab:e6:d9:25:f1:3c:0b:46:ae:dd:f6:
                    62:b1:c8:ce:ec:f9:5a:2a:26:30:0f:fa:94:ae:b9:
                    20:86:0a:03:ec:82:9f:51:e1:e9:8d:ad:bb:c7:fe:
                    08:5e:86:e7:d9:bc:91:c4:07:99:b9:b2:dc:bf:21:
                    0d:99:cc:d9:26:8f:f5:ab:93:e7:74:17:69:91:74:
                    01:4f:ea:36:57:e7:23:da:38:eb:80:e3:9d:34:85:
                    e3:54:59:4f:0a:b9:fa:be:a7:26:39:86:a7:29:26:
                    3f:61:75:95:18:30:cb:55:c7:ab:d2:43:e4:78:f8:
                    f5:4e:b9:5b:d8:a9:e4:01:4f:b3:bc:16:39:e5:56:
                    78:6d:53:f1:57:09:30:e7:62:5f:3b:3d:ed:dc:bc:
                    fa:dd:b0:25:4a:85:e0:da:37:e7:77:5a:a9:a4:d5:
                    65:25:fd:9f:87:68:81:b1:21:7c:76:66:03:37:cc:
                    f2:2c:d6:dd:ef:ce:c2:be:7c:32:98:df:a4:9d:da:
                    ca:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:BC:31:C7:5C:CB:CA:8F:D5:A7:A0:E1:E4:47:58:4C:57:0C:DA:75
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/l7wxx1zLyo_Vp6Dh5EdYTFcM2nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:05:6c:de:08:6b:ac:4b:e0:7f:7d:db:98:75:88:9f:91:84:
         28:cd:c0:f1:3f:fc:dc:e5:8a:19:f1:30:eb:6b:f9:f9:11:18:
         72:81:02:69:42:ac:b3:7e:44:79:f5:5e:56:ea:2d:ee:3e:e6:
         32:52:d0:99:8b:9c:ed:58:50:0f:b1:57:45:37:e4:4e:d1:77:
         f0:13:24:e9:93:6a:36:59:8d:62:3e:6e:b3:df:ab:3f:53:d7:
         99:69:20:33:8a:61:97:25:c4:e7:bd:5a:7f:3c:8d:39:53:ce:
         c9:76:3c:be:9f:2b:c0:68:34:16:c1:57:aa:31:d7:54:35:04:
         12:2a:0f:16:14:14:4f:b5:9b:96:41:82:10:88:47:d0:45:78:
         5d:7a:de:6b:98:d6:6c:4c:6a:0d:19:af:bc:d8:9a:a3:00:98:
         5c:fd:3b:8a:df:a9:f6:0d:e1:52:d1:25:0e:d4:44:3b:e1:f8:
         0e:92:e3:6a:cf:52:21:f3:ce:ed:27:d6:6a:1c:5b:b9:30:ce:
         5f:21:2f:65:2e:3d:81:f5:de:d8:fc:7d:12:9d:26:da:e4:66:
         c3:39:0b:4e:20:3d:e1:2f:73:e8:35:74:08:f1:d1:4b:22:de:
         51:1a:c5:69:14:87:b9:94:a5:97:28:f9:ca:5e:dc:20:06:83:
         84:39:9b:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaCwo4iYNcgdgdZNYRYZZt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwNDI5MTgxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2JjMzFjNzVjY2JjYThmZDVhN2EwZTFlNDQ3NTg0YzU3MGNkYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k/wx7Ev3StpZpoB0mfLHtDQPzIS
cnlQcd2M/omhhEUagrGtZqCPOZV/0OYy/ePBC0wLm/VZBXpn0R2Rrmmjq+bZJfE8
C0au3fZiscjO7PlaKiYwD/qUrrkghgoD7IKfUeHpja27x/4IXobn2byRxAeZubLc
vyENmczZJo/1q5PndBdpkXQBT+o2V+cj2jjrgOOdNIXjVFlPCrn6vqcmOYanKSY/
YXWVGDDLVcer0kPkePj1Trlb2KnkAU+zvBY55VZ4bVPxVwkw52JfOz3t3Lz63bAl
SoXg2jfnd1qppNVlJf2fh2iBsSF8dmYDN8zyLNbd787CvnwymN+kndrK+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJe8Mcdcy8qP1aeg4eRHWExXDNp1MB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvbDd3eHgxekx5b19WcDZEaDVFZFlURmNNMm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCJMA0G
CSqGSIb3DQEBCwUAA4IBAQAZBWzeCGusS+B/fduYdYifkYQozcDxP/zc5YoZ8TDr
a/n5ERhygQJpQqyzfkR59V5W6i3uPuYyUtCZi5ztWFAPsVdFN+RO0XfwEyTpk2o2
WY1iPm6z36s/U9eZaSAzimGXJcTnvVp/PI05U87Jdjy+nyvAaDQWwVeqMddUNQQS
Kg8WFBRPtZuWQYIQiEfQRXhdet5rmNZsTGoNGa+82JqjAJhc/TuK36n2DeFS0SUO
1EQ74fgOkuNqz1Ih887tJ9ZqHFu5MM5fIS9lLj2B9d7Y/H0SnSba5GbDOQtOID3h
L3PoNXQI8dFLIt5RGsVpFIe5lKWXKPnKXtwgBoOEOZt+
-----END CERTIFICATE-----