Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/88l_HNUXftaplrPXiJTNNIaVKpk.roa
File:                     88l_HNUXftaplrPXiJTNNIaVKpk.roa (raw, json)
Hash identifier:          UWbgweq3xmxbQRAh51gw5dBgWsZa8KBNu0WOhBaKuPs=
Subject key identifier:   F3:C9:7F:1C:D5:17:7E:D6:A9:96:B3:D7:88:94:CD:34:86:95:2A:99
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7951E3BF723850693FC82DA3167E921
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/88l_HNUXftaplrPXiJTNNIaVKpk.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48939
IP address blocks:        92.63.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1e:3b:f7:23:85:06:93:fc:82:da:31:67:e9:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3c97f1cd5177ed6a996b3d78894cd3486952a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0d:4a:c7:e1:69:d1:6c:57:c5:61:cf:2f:ac:
                    cc:7f:ed:aa:1a:6c:55:08:26:fa:92:9f:72:e5:1d:
                    13:f1:c6:1b:05:e5:fc:21:33:4f:88:be:5c:c2:87:
                    46:d3:30:c0:17:92:44:ea:56:91:f4:1d:a5:84:d0:
                    1a:8d:a0:38:c7:c6:f3:ef:2b:1c:5b:5c:76:e4:eb:
                    e9:1a:21:be:62:c3:51:9c:4e:d4:dc:4d:b7:f4:12:
                    3d:7e:5c:0d:7f:01:dc:7c:37:5b:95:1b:c0:41:88:
                    9b:fd:5a:57:33:65:8a:f4:a3:f6:60:f0:e8:7c:28:
                    90:be:3f:ca:33:8a:bd:f0:dc:3f:2b:7b:6e:d3:b7:
                    3b:85:29:42:ea:85:a7:81:0b:58:6e:52:48:ab:bf:
                    6d:4f:62:7c:a6:f2:0a:8c:c5:2b:89:e7:b7:a0:47:
                    2e:22:80:24:21:55:4a:cb:ed:1c:cf:d2:dc:e8:55:
                    6d:3a:8a:e4:d6:48:1b:01:25:de:f9:91:f9:a5:77:
                    0e:c8:df:9c:aa:eb:7e:7c:85:df:53:5c:9a:86:7a:
                    b8:c8:15:03:12:32:a4:13:2b:a7:c5:91:f5:c1:1c:
                    52:89:39:b2:fd:4e:ba:27:5e:b0:b9:18:27:ce:1c:
                    ce:50:c7:9c:88:8c:3a:35:b6:3e:8a:c4:c0:ee:74:
                    9d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C9:7F:1C:D5:17:7E:D6:A9:96:B3:D7:88:94:CD:34:86:95:2A:99
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/88l_HNUXftaplrPXiJTNNIaVKpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:59:f0:39:62:33:61:e4:54:67:0e:a8:42:de:46:54:b6:65:
         ed:2b:e6:96:02:45:64:7c:41:4d:68:1b:db:e8:eb:85:f8:be:
         f5:0f:31:18:71:3e:2e:0a:85:eb:35:4a:a7:b1:19:52:ac:ed:
         1c:05:f5:e0:90:22:35:9b:11:27:d3:b3:b0:78:19:45:5d:46:
         f0:8c:89:b3:0c:a8:e1:de:4d:2d:20:5e:26:b4:a2:09:58:75:
         75:4e:77:1d:57:d4:de:81:a2:59:4d:0a:43:3c:0e:a5:27:a6:
         3a:c5:d0:f8:d5:07:a0:70:7b:79:b9:5b:1b:b8:74:b5:77:d5:
         46:20:df:8d:8c:03:f4:95:9c:9a:89:9c:59:73:8a:61:b9:27:
         5b:f6:cc:ec:a2:93:40:0f:5f:c7:b1:f9:9d:34:63:15:22:33:
         68:e6:70:0f:74:c6:ef:e9:86:b1:92:6e:e4:26:9b:c1:89:d3:
         3c:5d:90:ed:02:7c:40:23:c2:95:4f:3d:8c:93:57:aa:79:5b:
         4d:cb:a4:d6:07:ee:06:74:b8:d0:6d:fb:e2:1d:3d:8c:69:67:
         56:96:2e:a8:a0:aa:3a:70:ff:54:d8:ab:1e:fa:1e:c4:1b:74:
         ec:e6:b6:8b:e4:d8:e1:32:db:c8:44:7d:a7:40:78:c5:6d:4a:
         1f:37:40:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlR479yOFBpP8gtoxZ+khMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2M5N2YxY2Q1MTc3ZWQ2YTk5NmIzZDc4ODk0Y2QzNDg2OTUyYTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQ1Kx+Fp0WxXxWHPL6zMf+2qGmxV
CCb6kp9y5R0T8cYbBeX8ITNPiL5cwodG0zDAF5JE6laR9B2lhNAajaA4x8bz7ysc
W1x25OvpGiG+YsNRnE7U3E239BI9flwNfwHcfDdblRvAQYib/VpXM2WK9KP2YPDo
fCiQvj/KM4q98Nw/K3tu07c7hSlC6oWngQtYblJIq79tT2J8pvIKjMUriee3oEcu
IoAkIVVKy+0cz9Lc6FVtOork1kgbASXe+ZH5pXcOyN+cqut+fIXfU1yahnq4yBUD
EjKkEyunxZH1wRxSiTmy/U66J16wuRgnzhzOUMeciIw6NbY+isTA7nSdQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPJfxzVF37WqZaz14iUzTSGlSqZMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvODhsX0hOVVhmdGFwbHJQWGlKVE5OSWFWS3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD+/MA0G
CSqGSIb3DQEBCwUAA4IBAQBFWfA5YjNh5FRnDqhC3kZUtmXtK+aWAkVkfEFNaBvb
6OuF+L71DzEYcT4uCoXrNUqnsRlSrO0cBfXgkCI1mxEn07OweBlFXUbwjImzDKjh
3k0tIF4mtKIJWHV1TncdV9TegaJZTQpDPA6lJ6Y6xdD41QegcHt5uVsbuHS1d9VG
IN+NjAP0lZyaiZxZc4phuSdb9szsopNAD1/HsfmdNGMVIjNo5nAPdMbv6Yaxkm7k
JpvBidM8XZDtAnxAI8KVTz2Mk1eqeVtNy6TWB+4GdLjQbfviHT2MaWdWli6ooKo6
cP9U2Kse+h7EG3Ts5raL5NjhMtvIRH2nQHjFbUofN0By
-----END CERTIFICATE-----