Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_KZJQ7Tc_pn_3A8ssATfv1qT798.roa
File:                     _KZJQ7Tc_pn_3A8ssATfv1qT798.roa (raw, json)
Hash identifier:          wuF6NAEjKgSaL+kHVuQ0l8yKVcWRCzngAQlpHd3tGLw=
Subject key identifier:   FC:A6:49:43:B4:DC:FE:99:FF:DC:0F:2C:B0:04:DF:BF:5A:93:EF:DF
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955369D35B5B4BB7FA8F0685BD0AD8
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_KZJQ7Tc_pn_3A8ssATfv1qT798.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50322
IP address blocks:        188.210.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:53:69:d3:5b:5b:4b:b7:fa:8f:06:85:bd:0a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fca64943b4dcfe99ffdc0f2cb004dfbf5a93efdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a6:0f:7b:1f:c3:c8:19:13:64:11:90:a7:8e:
                    93:09:ce:0e:2d:f7:75:a3:48:92:68:e1:3f:3e:74:
                    4e:d6:f6:a4:01:57:31:f4:f9:50:67:83:84:47:9d:
                    e0:b6:8a:05:c9:3e:ff:cd:89:a7:f2:e9:7b:a6:02:
                    7b:f5:33:65:73:1a:7c:ff:1d:08:b3:e5:aa:09:6e:
                    51:66:0b:0a:92:df:16:d6:a0:64:cd:93:aa:62:56:
                    52:b8:fa:34:84:7a:ba:03:1c:00:ab:53:e5:c1:8f:
                    ba:8e:d6:03:00:de:a2:5a:a4:de:65:fb:99:52:0f:
                    a8:fe:63:ee:ab:3e:2f:9a:2e:8f:82:6f:de:00:fa:
                    21:b7:47:63:82:60:91:1e:29:a1:be:e3:39:e4:85:
                    a7:51:12:fb:60:cd:0a:b8:93:f1:94:a7:96:ce:8a:
                    d0:5e:1d:82:7e:b1:2f:ea:db:d9:42:69:0e:3e:50:
                    90:db:a3:a1:3d:e5:7d:64:1f:5d:cb:5f:4b:5b:08:
                    8a:3d:53:0e:ec:ed:2e:34:40:f9:7a:d4:73:b8:d6:
                    f4:8e:e0:b0:47:0d:5d:65:dc:b8:21:57:22:76:f9:
                    31:09:a0:18:9c:17:0d:2c:01:e6:cc:86:3b:6e:7b:
                    63:b1:6e:80:97:f9:f2:47:1b:97:4f:4f:da:e7:83:
                    e5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A6:49:43:B4:DC:FE:99:FF:DC:0F:2C:B0:04:DF:BF:5A:93:EF:DF
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_KZJQ7Tc_pn_3A8ssATfv1qT798.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.210.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f2:60:28:d4:aa:ae:28:96:9c:c4:0b:86:f6:bd:61:5f:0e:6a:
         40:eb:6a:14:fa:e0:a8:e3:11:ee:de:21:ae:0e:48:3c:da:cf:
         90:b4:d6:ab:5d:94:42:19:f8:42:cd:65:08:19:1d:bc:43:1c:
         8e:12:84:45:b6:e1:d0:60:b2:b8:c5:e0:dc:77:aa:9b:68:16:
         6b:78:d4:1c:83:8c:70:40:4c:01:f2:56:ca:1b:2e:cb:cf:57:
         f8:14:73:86:72:ba:70:06:e2:c7:fe:d8:4d:d5:93:ea:8f:3b:
         9d:bf:d4:54:1a:3d:1c:6d:1d:d2:ea:33:c0:1e:f0:a6:4a:3e:
         bf:50:d0:a6:8b:bb:bc:4c:c9:4d:19:25:f4:d4:bd:d8:b9:38:
         4f:9c:e8:c1:46:29:91:d3:ec:28:48:5f:4e:52:6f:64:f9:c3:
         5d:bb:70:52:f0:c4:6a:59:7b:e3:d1:94:6d:b8:03:75:3b:5d:
         cb:06:c3:f0:1a:8c:15:b1:ec:ad:6a:16:24:90:30:c0:56:f8:
         54:9d:a6:74:16:c9:55:98:af:59:5c:b0:64:3c:be:2f:8f:fd:
         4c:a6:82:22:59:63:f7:7b:80:de:50:82:25:c1:e8:bd:4b:86:
         ce:0b:90:1d:fd:6c:50:67:44:8b:e0:86:36:7a:c0:bc:15:83:
         c4:0c:8d:67
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVNp01tbS7f6jwaFvQrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E2NDk0M2I0ZGNmZTk5ZmZkYzBmMmNiMDA0ZGZiZjVhOTNlZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aYPex/DyBkTZBGQp46TCc4OLfd1
o0iSaOE/PnRO1vakAVcx9PlQZ4OER53gtooFyT7/zYmn8ul7pgJ79TNlcxp8/x0I
s+WqCW5RZgsKkt8W1qBkzZOqYlZSuPo0hHq6AxwAq1PlwY+6jtYDAN6iWqTeZfuZ
Ug+o/mPuqz4vmi6Pgm/eAPoht0djgmCRHimhvuM55IWnURL7YM0KuJPxlKeWzorQ
Xh2CfrEv6tvZQmkOPlCQ26OhPeV9ZB9dy19LWwiKPVMO7O0uNED5etRzuNb0juCw
Rw1dZdy4IVcidvkxCaAYnBcNLAHmzIY7bntjsW6Al/nyRxuXT0/a54PlZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPymSUO03P6Z/9wPLLAE379ak+/fMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL19LWkpRN1RjX3BuXzNBOHNzQVRmdjFxVDc5OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC80low
DQYJKoZIhvcNAQELBQADggEBAPJgKNSqriiWnMQLhva9YV8OakDrahT64KjjEe7e
Ia4OSDzaz5C01qtdlEIZ+ELNZQgZHbxDHI4ShEW24dBgsrjF4Nx3qptoFmt41ByD
jHBATAHyVsobLsvPV/gUc4ZyunAG4sf+2E3Vk+qPO52/1FQaPRxtHdLqM8Ae8KZK
Pr9Q0KaLu7xMyU0ZJfTUvdi5OE+c6MFGKZHT7ChIX05Sb2T5w127cFLwxGpZe+PR
lG24A3U7XcsGw/AajBWx7K1qFiSQMMBW+FSdpnQWyVWYr1lcsGQ8vi+P/UymgiJZ
Y/d7gN5QgiXB6L1Lhs4LkB39bFBnRIvghjZ6wLwVg8QMjWc=
-----END CERTIFICATE-----