Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/ARlX_i6VnjVDXfhdFtz1CciS0BM.roa
File:                     ARlX_i6VnjVDXfhdFtz1CciS0BM.roa (raw, json)
Hash identifier:          bLtp68uOJ0G6n6NT2qrr98/X0fn+zCUIRtPOhEZXUsc=
Subject key identifier:   01:19:57:FE:2E:95:9E:35:43:5D:F8:5D:16:DC:F5:09:C8:92:D0:13
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC79426AD7C1343306EC06C075A164C3F
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/ARlX_i6VnjVDXfhdFtz1CciS0BM.roa
Signing time:             Tue 02 Jan 2024 00:30:24 +0000
ROA not before:           Tue 02 Jan 2024 00:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204967
IP address blocks:        88.119.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 21:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:26:ad:7c:13:43:30:6e:c0:6c:07:5a:16:4c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=011957fe2e959e35435df85d16dcf509c892d013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:82:b0:58:fd:95:f9:36:a5:34:80:c7:ab:76:
                    5c:ca:b4:68:b6:ba:8e:75:4f:18:db:ad:b7:ba:92:
                    8e:36:be:d0:bf:21:77:b5:a0:e8:72:af:38:a2:d0:
                    06:91:65:7d:ba:60:be:31:bd:45:c0:e4:1b:97:f7:
                    cf:1c:21:10:e8:c4:8c:6a:bd:53:47:7c:83:e0:b5:
                    f2:64:74:4d:2b:2f:d9:dc:a0:ef:49:f7:76:71:f3:
                    5c:3c:8d:79:47:14:97:77:e2:4f:63:4f:88:20:1d:
                    2c:6c:88:38:51:18:45:a3:99:e3:d7:b4:73:f0:ea:
                    96:5f:95:dc:88:c2:45:f2:c7:73:81:40:b3:e7:a1:
                    3c:51:41:8e:bd:d6:e8:c8:a8:94:70:01:62:3d:5a:
                    96:14:15:15:b5:d5:7f:b2:b9:2a:ca:86:13:5c:b8:
                    db:7c:bd:34:31:ea:aa:e2:00:35:d6:d2:c5:da:6c:
                    19:90:7e:b4:c3:26:02:37:1c:d4:c1:65:f2:9d:c2:
                    24:2f:24:16:ed:f8:e1:26:c5:8f:b7:f5:a8:a0:bf:
                    7f:cf:9f:ba:fd:2c:21:ca:2d:b1:8c:bf:a3:87:25:
                    6a:c8:b3:f6:3c:f1:17:38:26:43:b7:e8:7b:46:7f:
                    64:83:5b:80:32:6e:68:fa:97:fc:07:d9:6b:b4:25:
                    59:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:19:57:FE:2E:95:9E:35:43:5D:F8:5D:16:DC:F5:09:C8:92:D0:13
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/ARlX_i6VnjVDXfhdFtz1CciS0BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.119.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:8b:f3:66:d1:91:85:70:54:ed:87:da:5d:06:be:38:06:a1:
         5d:94:f0:6f:3e:5f:e1:15:b4:77:01:50:9b:23:78:cc:b6:a6:
         ba:47:0b:20:0b:2b:ab:47:a0:8d:c4:57:b2:dc:46:97:21:50:
         91:e7:f1:93:4b:ea:01:d0:f9:60:2a:6c:d1:c1:f1:6e:1c:ae:
         87:e3:cc:47:62:bc:b9:09:bc:8c:8d:ee:7a:3e:41:b3:6a:af:
         99:05:f8:51:7d:e3:59:6c:1c:35:d4:3c:47:91:20:29:51:d9:
         d2:a8:b4:cb:c1:96:b7:d7:0b:7f:2f:d9:03:9b:ef:c2:38:38:
         ff:7e:b6:06:22:98:85:0f:af:e5:a4:63:74:b8:9f:40:23:c0:
         37:21:ea:7a:8d:5f:16:87:da:b3:92:ce:10:25:29:86:14:09:
         7b:18:45:e8:4e:f1:67:a9:d0:f1:af:bb:24:7e:6a:56:ac:ab:
         ff:9b:f4:5e:b6:9b:25:57:4a:b5:8f:91:ea:02:7b:61:de:0d:
         4e:71:05:e3:38:7d:fc:f5:02:93:5b:a7:69:3b:40:46:32:4b:
         98:c4:4b:96:95:3d:d2:0e:87:12:ef:9f:38:27:86:f0:01:e6:
         b1:39:ac:8b:a4:3c:3e:9d:f3:31:0c:72:53:8c:79:2f:60:c6:
         37:be:a8:91
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlCatfBNDMG7AbAdaFkw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTE5NTdmZTJlOTU5ZTM1NDM1ZGY4NWQxNmRjZjUwOWM4OTJkMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloKwWP2V+TalNIDHq3ZcyrRotrqO
dU8Y2623upKONr7QvyF3taDocq84otAGkWV9umC+Mb1FwOQbl/fPHCEQ6MSMar1T
R3yD4LXyZHRNKy/Z3KDvSfd2cfNcPI15RxSXd+JPY0+IIB0sbIg4URhFo5nj17Rz
8OqWX5XciMJF8sdzgUCz56E8UUGOvdboyKiUcAFiPVqWFBUVtdV/srkqyoYTXLjb
fL00Meqq4gA11tLF2mwZkH60wyYCNxzUwWXyncIkLyQW7fjhJsWPt/WooL9/z5+6
/Swhyi2xjL+jhyVqyLP2PPEXOCZDt+h7Rn9kg1uAMm5o+pf8B9lrtCVZAQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAEZV/4ulZ41Q134XRbc9QnIktATMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL0FSbFhfaTZWbmpWRFhmaGRGdHoxQ2NpUzBCTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABYd7Yw
DQYJKoZIhvcNAQELBQADggEBABGL82bRkYVwVO2H2l0GvjgGoV2U8G8+X+EVtHcB
UJsjeMy2prpHCyALK6tHoI3EV7LcRpchUJHn8ZNL6gHQ+WAqbNHB8W4crofjzEdi
vLkJvIyN7no+QbNqr5kF+FF941lsHDXUPEeRIClR2dKotMvBlrfXC38v2QOb78I4
OP9+tgYimIUPr+WkY3S4n0AjwDch6nqNXxaH2rOSzhAlKYYUCXsYRehO8Wep0PGv
uyR+alasq/+b9F62myVXSrWPkeoCe2HeDU5xBeM4ffz1ApNbp2k7QEYyS5jES5aV
PdIOhxLvnzgnhvAB5rE5rIukPD6d8zEMclOMeS9gxje+qJE=
-----END CERTIFICATE-----