Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/88RkDfPV4GmLxy2mAorD5wQ4Oco.roa
File:                     88RkDfPV4GmLxy2mAorD5wQ4Oco.roa (raw, json)
Hash identifier:          dAo2qWEkyAQ4zC6n5BobHLJyNlhIpqkDQW1qqzADGVE=
Subject key identifier:   F3:C4:64:0D:F3:D5:E0:69:8B:C7:2D:A6:02:8A:C3:E7:04:38:39:CA
Certificate issuer:       /CN=839e07e5116a5daf5578e5fd6a18c7ef349ef044
Certificate serial:       018F6245B29082B022AC80AC1FCAE88D42D8
Authority key identifier: 83:9E:07:E5:11:6A:5D:AF:55:78:E5:FD:6A:18:C7:EF:34:9E:F0:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g54H5RFqXa9VeOX9ahjH7zSe8EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/88RkDfPV4GmLxy2mAorD5wQ4Oco.roa
Signing time:             Fri 10 May 2024 11:31:25 +0000
ROA not before:           Fri 10 May 2024 11:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42963
IP address blocks:        193.142.113.0/24 maxlen: 24
                          2001:67c:21dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/g54H5RFqXa9VeOX9ahjH7zSe8EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/g54H5RFqXa9VeOX9ahjH7zSe8EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g54H5RFqXa9VeOX9ahjH7zSe8EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:45:b2:90:82:b0:22:ac:80:ac:1f:ca:e8:8d:42:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=839e07e5116a5daf5578e5fd6a18c7ef349ef044
        Validity
            Not Before: May 10 11:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3c4640df3d5e0698bc72da6028ac3e7043839ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:95:1f:49:90:03:a9:0f:d5:12:50:fa:92:16:
                    c0:b3:d1:e4:b6:a3:f8:68:c3:34:6c:2b:c7:ee:3c:
                    6d:2e:0a:70:23:f1:a6:7c:e3:a0:fc:31:b0:23:d1:
                    99:ed:74:18:4d:99:3d:50:e7:7e:84:11:57:66:d3:
                    84:da:74:9d:e9:83:b1:ea:64:21:9b:7d:33:de:e8:
                    44:80:dc:48:a0:09:0f:fe:b9:d8:7e:f4:21:29:5f:
                    22:9f:90:40:1e:63:13:fd:66:d0:8c:28:54:63:51:
                    e3:a6:37:08:2c:26:ac:89:2e:97:35:10:b2:70:cd:
                    6b:fe:d5:1a:10:29:08:4d:d7:89:de:94:e9:fc:0f:
                    b1:4a:bf:f5:e5:c9:c9:4a:12:74:15:a3:48:3c:cf:
                    d1:4f:1f:89:90:2c:2a:e2:0b:58:91:dd:d1:ca:c9:
                    27:ce:f3:55:46:d5:cb:42:5c:ee:8a:cb:11:56:da:
                    f3:a5:db:52:bc:ab:cd:4b:5b:22:f7:f7:59:29:90:
                    04:6e:46:c0:a0:8e:b9:95:77:d1:95:36:a3:c9:20:
                    e6:59:fc:c5:98:61:df:17:2f:62:b3:74:b8:7d:cc:
                    b0:48:8b:c7:62:ae:e7:1d:b9:70:b5:9b:c4:ae:2d:
                    b7:c8:de:25:20:24:8a:84:e1:49:52:41:ee:3f:cd:
                    f1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C4:64:0D:F3:D5:E0:69:8B:C7:2D:A6:02:8A:C3:E7:04:38:39:CA
            X509v3 Authority Key Identifier:
                keyid:83:9E:07:E5:11:6A:5D:AF:55:78:E5:FD:6A:18:C7:EF:34:9E:F0:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g54H5RFqXa9VeOX9ahjH7zSe8EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/88RkDfPV4GmLxy2mAorD5wQ4Oco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/g54H5RFqXa9VeOX9ahjH7zSe8EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.113.0/24
                IPv6:
                  2001:67c:21dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:5f:f1:4a:37:c3:83:31:e2:4b:80:f7:eb:e0:09:7e:28:76:
         8d:75:de:e8:60:5f:d8:10:c2:dc:0b:4d:22:ca:a3:76:b0:17:
         0d:dd:55:6c:95:73:3b:87:c8:88:b4:d6:91:5c:2d:c2:2a:e1:
         77:0e:9b:df:2e:04:55:df:b5:13:be:d5:c1:2f:7a:4f:2f:5d:
         b9:1c:36:82:6e:19:6c:55:48:da:a9:c1:29:1f:f4:7d:09:ae:
         af:19:3f:3f:a5:34:61:ee:df:a7:64:14:10:59:5a:58:e6:89:
         0e:ac:f3:8d:25:8a:5e:85:8f:82:a9:3c:d9:58:e1:64:6d:3e:
         bc:76:83:ee:ce:f4:e1:51:b4:0b:32:86:b3:ee:e5:33:0f:47:
         ea:bf:21:6a:f7:04:66:a6:ea:a1:a3:7b:17:33:eb:3d:a9:7d:
         c7:a9:9d:e1:4c:7f:47:a5:e6:44:8e:04:9b:4f:0e:3f:e7:7d:
         7b:45:f6:c7:4f:e0:9d:e7:c7:53:55:49:57:07:05:28:70:12:
         95:29:0f:38:c9:e5:40:52:17:13:70:5b:b4:d8:74:23:a3:37:
         e0:bc:ea:18:32:92:f7:12:62:07:37:e3:09:5d:43:5c:67:f0:
         de:85:df:50:2c:f7:74:ce:f8:e3:a6:aa:90:39:60:f7:97:57:
         4d:17:8b:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY9iRbKQgrAirICsH8rojULYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOWUwN2U1MTE2YTVkYWY1NTc4ZTVmZDZhMThjN2VmMzQ5
ZWYwNDQwHhcNMjQwNTEwMTEzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2M0NjQwZGYzZDVlMDY5OGJjNzJkYTYwMjhhYzNlNzA0MzgzOWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7pUfSZADqQ/VElD6khbAs9HktqP4
aMM0bCvH7jxtLgpwI/GmfOOg/DGwI9GZ7XQYTZk9UOd+hBFXZtOE2nSd6YOx6mQh
m30z3uhEgNxIoAkP/rnYfvQhKV8in5BAHmMT/WbQjChUY1HjpjcILCasiS6XNRCy
cM1r/tUaECkITdeJ3pTp/A+xSr/15cnJShJ0FaNIPM/RTx+JkCwq4gtYkd3Ryskn
zvNVRtXLQlzuissRVtrzpdtSvKvNS1si9/dZKZAEbkbAoI65lXfRlTajySDmWfzF
mGHfFy9is3S4fcywSIvHYq7nHblwtZvEri23yN4lICSKhOFJUkHuP83x1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPPEZA3z1eBpi8ctpgKKw+cEODnKMB8GA1UdIwQY
MBaAFIOeB+URal2vVXjl/WoYx+80nvBEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzU0SDVSRnFYYTlWZU9YOWFoakg3elNlOEVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80NmU3YTItNjM5YS00MTYyLTlkZGYt
YjYzOTJjNTBmOTVhLzEvODhSa0RmUFY0R21MeHkybUFvckQ1d1E0T2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80NmU3YTItNjM5YS00MTYyLTlkZGYtYjYzOTJjNTBmOTVh
LzEvZzU0SDVSRnFYYTlWZU9YOWFoakg3elNlOEVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwY5xMA8E
AgACMAkDBwAgAQZ8IdwwDQYJKoZIhvcNAQELBQADggEBAJlf8Uo3w4Mx4kuA9+vg
CX4odo113uhgX9gQwtwLTSLKo3awFw3dVWyVczuHyIi01pFcLcIq4XcOm98uBFXf
tRO+1cEvek8vXbkcNoJuGWxVSNqpwSkf9H0Jrq8ZPz+lNGHu36dkFBBZWljmiQ6s
840lil6Fj4KpPNlY4WRtPrx2g+7O9OFRtAsyhrPu5TMPR+q/IWr3BGam6qGjexcz
6z2pfcepneFMf0el5kSOBJtPDj/nfXtF9sdP4J3nx1NVSVcHBShwEpUpDzjJ5UBS
FxNwW7TYdCOjN+C86hgykvcSYgc34wldQ1xn8N6F31As93TO+OOmqpA5YPeXV00X
i34=
-----END CERTIFICATE-----