Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/TAzOpbmQQy-Rs_jFgjzY8vhg0Bs.roa
File:                     TAzOpbmQQy-Rs_jFgjzY8vhg0Bs.roa (raw, json)
Hash identifier:          6Ua7l0UDttIjpN2GinLrtP/qbt08C4U8pGGsMVZWEcM=
Subject key identifier:   4C:0C:CE:A5:B9:90:43:2F:91:B3:F8:C5:82:3C:D8:F2:F8:60:D0:1B
Certificate issuer:       /CN=3b5c2467546f4b078a0224da1ccac5c287e93453
Certificate serial:       018FFCFB70C4C73E9281D4C8D42656E6C051
Authority key identifier: 3B:5C:24:67:54:6F:4B:07:8A:02:24:DA:1C:CA:C5:C2:87:E9:34:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/TAzOpbmQQy-Rs_jFgjzY8vhg0Bs.roa
Signing time:             Sun 09 Jun 2024 12:31:27 +0000
ROA not before:           Sun 09 Jun 2024 12:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215671
IP address blocks:        88.135.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fc:fb:70:c4:c7:3e:92:81:d4:c8:d4:26:56:e6:c0:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b5c2467546f4b078a0224da1ccac5c287e93453
        Validity
            Not Before: Jun  9 12:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c0ccea5b990432f91b3f8c5823cd8f2f860d01b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:af:23:6a:c5:66:de:69:2a:3b:b7:a0:aa:94:
                    5f:e1:54:e0:05:fa:c6:31:aa:8b:07:27:8c:48:90:
                    21:d3:cb:db:8e:79:dc:8e:c5:70:3e:fa:f7:93:4f:
                    73:e5:fd:47:1a:0a:34:78:41:d5:36:6e:a7:ed:ef:
                    1a:a2:0d:9f:b4:c8:76:43:50:9f:6b:d8:ba:ea:94:
                    c6:58:7e:f4:c2:54:d6:b3:62:4b:6a:d4:4f:84:de:
                    a9:47:6e:82:d5:01:a9:dd:3a:ec:1b:fb:1d:dc:35:
                    c0:5b:21:bf:6b:b1:06:18:b7:b8:c2:bd:65:b7:43:
                    7e:fd:a0:4f:8a:01:d4:db:ea:0f:32:3d:63:b2:08:
                    56:9d:2a:79:07:cf:c8:31:fb:09:ba:87:35:75:ef:
                    b4:f5:df:44:2c:08:69:4c:2c:49:03:e0:6c:b8:50:
                    b2:f9:b0:4a:6a:41:9a:5e:29:e7:a9:c0:0f:72:e4:
                    07:97:34:89:8f:e9:5b:7f:83:9f:bb:36:04:c1:5f:
                    01:18:3a:05:1c:e5:58:d5:5e:f5:56:1c:fe:fe:0e:
                    76:3d:38:5c:a8:36:39:e6:f0:41:d7:af:46:d1:4d:
                    32:1b:20:3f:40:3e:1a:34:a1:b5:b3:bc:ac:51:43:
                    e2:be:70:18:10:29:e6:ed:41:de:3f:c8:a0:d7:1f:
                    d3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:0C:CE:A5:B9:90:43:2F:91:B3:F8:C5:82:3C:D8:F2:F8:60:D0:1B
            X509v3 Authority Key Identifier:
                keyid:3B:5C:24:67:54:6F:4B:07:8A:02:24:DA:1C:CA:C5:C2:87:E9:34:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/TAzOpbmQQy-Rs_jFgjzY8vhg0Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:be:67:f1:20:e6:cd:29:bc:31:49:2f:89:59:80:3f:f2:80:
         3e:29:24:64:1e:69:92:3f:16:78:aa:6f:07:a1:ae:6c:2a:a5:
         da:8a:23:32:e2:68:f4:77:90:ff:38:91:33:c3:bc:78:00:a1:
         c8:32:a0:ad:0d:59:a0:45:15:1f:36:85:d9:ed:fd:a7:ab:fd:
         f4:69:8a:25:45:4a:d4:d9:f5:fd:e5:78:31:94:7b:b8:03:3c:
         28:b8:ba:99:dc:c9:33:24:b8:7d:52:45:1d:45:8b:56:b8:f6:
         ce:a0:01:d9:d6:fc:d7:61:7e:5d:93:f4:cd:49:ef:f0:38:a3:
         69:25:bf:5f:db:c5:0a:68:7d:69:d2:f8:af:91:79:bd:2a:41:
         7b:22:78:e7:68:88:1e:05:ec:99:64:12:80:84:f6:7e:9d:39:
         9b:f9:1d:08:3c:93:b8:f2:e9:67:38:4f:bd:d0:85:77:cf:fc:
         83:9d:be:3a:e9:29:fb:1f:70:c8:0b:f4:10:40:5a:5b:db:cd:
         8b:62:3c:59:89:02:87:b5:68:6c:00:18:ab:30:4e:7a:65:4e:
         f0:71:ed:7a:11:10:c1:27:60:9d:4b:e0:b3:05:3a:71:d3:ca:
         bb:d4:ee:62:e6:8c:ce:64:0a:c2:c6:6a:15:ad:4a:d0:dd:ad:
         52:71:73:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/8+3DExz6SgdTI1CZW5sBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNWMyNDY3NTQ2ZjRiMDc4YTAyMjRkYTFjY2FjNWMyODdl
OTM0NTMwHhcNMjQwNjA5MTIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzBjY2VhNWI5OTA0MzJmOTFiM2Y4YzU4MjNjZDhmMmY4NjBkMDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoq8jasVm3mkqO7egqpRf4VTgBfrG
MaqLByeMSJAh08vbjnncjsVwPvr3k09z5f1HGgo0eEHVNm6n7e8aog2ftMh2Q1Cf
a9i66pTGWH70wlTWs2JLatRPhN6pR26C1QGp3TrsG/sd3DXAWyG/a7EGGLe4wr1l
t0N+/aBPigHU2+oPMj1jsghWnSp5B8/IMfsJuoc1de+09d9ELAhpTCxJA+BsuFCy
+bBKakGaXinnqcAPcuQHlzSJj+lbf4OfuzYEwV8BGDoFHOVY1V71Vhz+/g52PThc
qDY55vBB169G0U0yGyA/QD4aNKG1s7ysUUPivnAYECnm7UHeP8ig1x/TRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwMzqW5kEMvkbP4xYI82PL4YNAbMB8GA1UdIwQY
MBaAFDtcJGdUb0sHigIk2hzKxcKH6TRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzF3a1oxUnZTd2VLQWlUYUhNckZ3b2ZwTkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iNThkOTQtYjU2NC00ZDQ5LWE4ZmQt
NWMwOTZhODdiYjA3LzEvVEF6T3BibVFReS1Sc19qRmdqelk4dmhnMEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iNThkOTQtYjU2NC00ZDQ5LWE4ZmQtNWMwOTZhODdiYjA3
LzEvTzF3a1oxUnZTd2VLQWlUYUhNckZ3b2ZwTkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWIciMA0G
CSqGSIb3DQEBCwUAA4IBAQBHvmfxIObNKbwxSS+JWYA/8oA+KSRkHmmSPxZ4qm8H
oa5sKqXaiiMy4mj0d5D/OJEzw7x4AKHIMqCtDVmgRRUfNoXZ7f2nq/30aYolRUrU
2fX95XgxlHu4AzwouLqZ3MkzJLh9UkUdRYtWuPbOoAHZ1vzXYX5dk/TNSe/wOKNp
Jb9f28UKaH1p0vivkXm9KkF7InjnaIgeBeyZZBKAhPZ+nTmb+R0IPJO48ulnOE+9
0IV3z/yDnb466Sn7H3DIC/QQQFpb282LYjxZiQKHtWhsABirME56ZU7wce16ERDB
J2CdS+CzBTpx08q71O5i5ozOZArCxmoVrUrQ3a1ScXMy
-----END CERTIFICATE-----