Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/eef035-2629-4e3e-bebc-15a0dddd749c/1/00T5vp1-sl5kSuRHfkFqz0FYdjg.roa
File:                     00T5vp1-sl5kSuRHfkFqz0FYdjg.roa (raw, json)
Hash identifier:          b7UpyELbMrzOzqIrkRrp72+86X0ZOeG4tHoNC3PbuwA=
Subject key identifier:   D3:44:F9:BE:9D:7E:B2:5E:64:4A:E4:47:7E:41:6A:CF:41:58:76:38
Certificate issuer:       /CN=88a62cf8100e8c1b475443fd94cd58d8ef2a33ae
Certificate serial:       018CC8DE9421F0E431802B6B7888D47EF350
Authority key identifier: 88:A6:2C:F8:10:0E:8C:1B:47:54:43:FD:94:CD:58:D8:EF:2A:33:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iKYs-BAOjBtHVEP9lM1Y2O8qM64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/eef035-2629-4e3e-bebc-15a0dddd749c/1/00T5vp1-sl5kSuRHfkFqz0FYdjg.roa
Signing time:             Tue 02 Jan 2024 06:31:19 +0000
ROA not before:           Tue 02 Jan 2024 06:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201127
IP address blocks:        77.39.220.0/22 maxlen: 24
                          185.84.88.0/22 maxlen: 24
                          2a05:a3c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/eef035-2629-4e3e-bebc-15a0dddd749c/1/iKYs-BAOjBtHVEP9lM1Y2O8qM64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/eef035-2629-4e3e-bebc-15a0dddd749c/1/iKYs-BAOjBtHVEP9lM1Y2O8qM64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iKYs-BAOjBtHVEP9lM1Y2O8qM64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 12:54:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:94:21:f0:e4:31:80:2b:6b:78:88:d4:7e:f3:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88a62cf8100e8c1b475443fd94cd58d8ef2a33ae
        Validity
            Not Before: Jan  2 06:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d344f9be9d7eb25e644ae4477e416acf41587638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:2d:b6:bd:8f:0a:ff:59:7b:0c:5e:0b:4a:43:
                    37:e1:e3:27:7d:ed:46:e9:3b:7a:4c:a0:67:fc:f7:
                    ba:cb:98:88:ca:aa:df:01:98:fd:94:af:bb:16:cd:
                    83:e1:ed:14:6c:15:fb:c7:eb:2c:24:eb:bc:2d:c0:
                    60:d5:8b:fb:22:a8:8d:98:3d:79:c0:61:0f:e2:23:
                    80:d2:d8:5a:59:5e:fd:30:fa:a0:87:76:a4:2e:31:
                    95:5f:af:44:2a:e1:c5:2b:96:fe:7b:6e:43:de:a4:
                    3e:48:ed:3e:11:b7:e4:65:0c:19:50:6d:01:6b:01:
                    7f:ba:dc:6b:98:35:b3:ea:34:40:6d:90:a8:9f:d2:
                    dc:f7:5f:55:25:6e:bc:f3:c7:c1:09:d4:61:25:be:
                    ed:5f:f0:ab:1a:4a:e2:31:b7:9c:8b:8e:d3:1c:82:
                    b7:35:40:b3:00:b2:18:de:7b:33:c8:35:fc:17:cc:
                    cb:13:69:54:fe:cb:4a:14:b6:ea:fd:69:98:03:38:
                    17:f2:5a:1c:e1:bc:38:f4:51:f5:88:82:4c:f9:5d:
                    83:e3:4f:8d:3b:03:9c:e7:dd:3c:98:15:ed:9a:21:
                    20:d1:9f:46:e4:cc:4c:3c:23:da:c7:8c:ca:4c:86:
                    ba:ba:7a:50:09:8a:47:be:2a:b8:b3:a7:e6:59:74:
                    91:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:44:F9:BE:9D:7E:B2:5E:64:4A:E4:47:7E:41:6A:CF:41:58:76:38
            X509v3 Authority Key Identifier:
                keyid:88:A6:2C:F8:10:0E:8C:1B:47:54:43:FD:94:CD:58:D8:EF:2A:33:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKYs-BAOjBtHVEP9lM1Y2O8qM64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/eef035-2629-4e3e-bebc-15a0dddd749c/1/00T5vp1-sl5kSuRHfkFqz0FYdjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/eef035-2629-4e3e-bebc-15a0dddd749c/1/iKYs-BAOjBtHVEP9lM1Y2O8qM64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.39.220.0/22
                  185.84.88.0/22
                IPv6:
                  2a05:a3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:e4:1a:3a:37:54:92:b3:01:23:69:20:a8:3c:df:70:e3:a3:
         15:8b:32:28:8c:87:fe:37:85:07:71:29:c3:32:7c:09:67:a9:
         79:62:c7:39:4d:84:1e:2c:a2:8f:03:2a:2d:ef:7a:36:73:2a:
         fc:48:4f:2e:36:c4:83:26:cb:f6:56:4d:29:81:39:9f:10:58:
         a2:fd:96:e0:bb:9a:11:3e:92:34:f0:5b:b5:00:df:7f:77:c6:
         9a:59:25:bc:56:f4:fe:71:df:3b:9a:4a:35:fd:30:ab:74:1c:
         34:da:92:21:10:50:e1:f3:19:f0:81:0f:6a:88:4e:4b:ce:42:
         28:ce:ce:29:60:b7:1e:87:a3:12:6c:88:6e:d1:f4:a1:f1:9b:
         a4:68:e8:c4:70:b6:26:b6:ef:81:25:f3:c4:76:ed:97:49:da:
         cb:3f:9e:e4:a2:47:36:03:cc:26:34:72:f9:ec:7a:ad:9f:8c:
         60:61:41:ce:41:fe:26:97:2a:f6:68:06:0c:69:f5:9c:ba:e5:
         ba:44:4a:67:58:2c:d8:0c:31:63:4c:e3:a6:0f:f9:57:a7:3d:
         34:49:91:8c:a4:e9:ee:6a:03:d2:f5:64:bd:31:70:88:12:e7:
         7f:a5:c9:07:b6:f3:7b:cd:66:25:56:45:6f:30:17:38:d1:0c:
         58:fe:ca:e6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI3pQh8OQxgCtreIjUfvNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YTYyY2Y4MTAwZThjMWI0NzU0NDNmZDk0Y2Q1OGQ4ZWYy
YTMzYWUwHhcNMjQwMTAyMDYzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzQ0ZjliZTlkN2ViMjVlNjQ0YWU0NDc3ZTQxNmFjZjQxNTg3NjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny22vY8K/1l7DF4LSkM34eMnfe1G
6Tt6TKBn/Pe6y5iIyqrfAZj9lK+7Fs2D4e0UbBX7x+ssJOu8LcBg1Yv7IqiNmD15
wGEP4iOA0thaWV79MPqgh3akLjGVX69EKuHFK5b+e25D3qQ+SO0+EbfkZQwZUG0B
awF/utxrmDWz6jRAbZCon9Lc919VJW6888fBCdRhJb7tX/CrGkriMbeci47THIK3
NUCzALIY3nszyDX8F8zLE2lU/stKFLbq/WmYAzgX8loc4bw49FH1iIJM+V2D40+N
OwOc5908mBXtmiEg0Z9G5MxMPCPax4zKTIa6unpQCYpHviq4s6fmWXSRUQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNNE+b6dfrJeZErkR35Bas9BWHY4MB8GA1UdIwQY
MBaAFIimLPgQDowbR1RD/ZTNWNjvKjOuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtZcy1CQU9qQnRIVkVQOWxNMVkyTzhxTTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lZWYwMzUtMjYyOS00ZTNlLWJlYmMt
MTVhMGRkZGQ3NDljLzEvMDBUNXZwMS1zbDVrU3VSSGZrRnF6MEZZZGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lZWYwMzUtMjYyOS00ZTNlLWJlYmMtMTVhMGRkZGQ3NDlj
LzEvaUtZcy1CQU9qQnRIVkVQOWxNMVkyTzhxTTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCTSfcAwQC
uVRYMA0EAgACMAcDBQMqBaPAMA0GCSqGSIb3DQEBCwUAA4IBAQCq5Bo6N1SSswEj
aSCoPN9w46MVizIojIf+N4UHcSnDMnwJZ6l5Ysc5TYQeLKKPAyot73o2cyr8SE8u
NsSDJsv2Vk0pgTmfEFii/Zbgu5oRPpI08Fu1AN9/d8aaWSW8VvT+cd87mko1/TCr
dBw02pIhEFDh8xnwgQ9qiE5LzkIozs4pYLceh6MSbIhu0fSh8ZukaOjEcLYmtu+B
JfPEdu2XSdrLP57kokc2A8wmNHL57Hqtn4xgYUHOQf4mlyr2aAYMafWcuuW6REpn
WCzYDDFjTOOmD/lXpz00SZGMpOnuagPS9WS9MXCIEud/pckHtvN7zWYlVkVvMBc4
0QxY/srm
-----END CERTIFICATE-----