Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/vFVrQqjwwg7ziUfLFbzoD8y4TZU.roa
File:                     vFVrQqjwwg7ziUfLFbzoD8y4TZU.roa (raw, json)
Hash identifier:          ADYkQ4zgWXi8jSrBxFqCa+LJRwN3FS8i6LyKWABM1Xs=
Subject key identifier:   BC:55:6B:42:A8:F0:C2:0E:F3:89:47:CB:15:BC:E8:0F:CC:B8:4D:95
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018FF2F8E3FD5BD92C7EFA09562311A12AAA
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/vFVrQqjwwg7ziUfLFbzoD8y4TZU.roa
Signing time:             Fri 07 Jun 2024 13:52:28 +0000
ROA not before:           Fri 07 Jun 2024 13:52:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272825
IP address blocks:        88.135.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:f8:e3:fd:5b:d9:2c:7e:fa:09:56:23:11:a1:2a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jun  7 13:52:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc556b42a8f0c20ef38947cb15bce80fccb84d95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:45:e2:a7:8c:42:33:60:16:49:59:c7:f8:74:
                    60:22:0a:d3:88:17:30:fa:f0:44:a0:d3:12:d6:2f:
                    29:c6:c2:ad:65:96:8d:75:49:51:c8:0d:ec:34:86:
                    b8:e8:f8:64:27:b4:57:db:17:87:9d:6f:67:9b:85:
                    a4:24:60:80:4d:0d:88:a4:84:81:77:1b:87:b8:12:
                    68:c6:14:67:ce:62:14:77:e7:c8:1b:e2:09:9d:21:
                    af:2b:c6:c9:55:2f:d7:02:18:86:c2:ab:5e:8c:b7:
                    b5:30:ab:ef:55:1e:44:14:a7:85:8b:c8:c1:f7:1d:
                    5c:c0:c5:2f:fc:6e:3c:f9:30:a0:cd:74:cb:08:27:
                    55:43:5c:24:4e:74:68:f9:ab:29:b5:bc:b9:1c:d0:
                    f4:01:b8:7d:b3:4d:5b:1a:62:51:e3:bf:f2:ca:7f:
                    56:1d:46:fb:41:18:1c:32:b6:38:c9:0a:4f:a8:63:
                    5d:ae:c1:8a:06:ff:a4:16:b1:dd:91:67:df:db:33:
                    3e:bb:a6:b6:98:91:7a:cc:b1:f5:2d:3f:08:05:fa:
                    0e:1a:07:a9:49:11:20:0b:a8:9e:d9:f0:62:19:b5:
                    d0:01:34:f4:8c:cb:c9:b6:18:73:4f:95:f2:77:f5:
                    e2:61:f2:f2:d6:e1:fa:bb:78:31:af:af:77:11:7e:
                    00:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:55:6B:42:A8:F0:C2:0E:F3:89:47:CB:15:BC:E8:0F:CC:B8:4D:95
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/vFVrQqjwwg7ziUfLFbzoD8y4TZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:08:fa:25:2c:b7:fb:5f:76:7b:43:62:c6:ed:89:a1:e4:b5:
         3e:64:7d:52:b0:0a:eb:84:7f:30:38:6f:87:00:46:f7:ad:78:
         87:40:12:34:4c:a7:c9:49:3d:ff:d4:8f:b8:20:33:0f:14:99:
         24:14:c4:e9:0d:cf:89:a0:39:26:d0:a4:a8:b3:ef:e0:2e:69:
         3f:ad:53:0f:f1:43:01:70:69:19:2f:20:bc:2f:14:36:74:7a:
         3b:0c:3c:11:20:a5:af:ad:17:6b:50:c6:4e:6c:1f:c8:2a:82:
         b5:b9:17:c9:90:74:b9:84:b3:43:88:56:d0:ba:c2:64:23:30:
         da:56:d4:0a:21:0a:35:30:04:68:3c:0f:83:0c:c1:58:f8:01:
         5b:19:b9:66:f4:ea:b9:5b:3b:c7:49:ff:db:2f:83:bd:7a:ef:
         26:91:5a:98:69:fd:28:f8:6d:65:0e:8a:33:51:0b:ba:c9:c9:
         d6:2f:fb:f7:3a:2e:af:ee:a4:3e:ed:ed:b8:c6:53:05:9b:ca:
         32:9d:2c:e8:a8:df:0d:81:bb:d9:0f:4c:82:78:42:c9:50:93:
         18:12:f9:8d:c9:40:48:16:4f:c3:57:99:d9:22:da:dc:6b:f4:
         f3:76:39:ba:4b:8f:76:cf:de:2f:f7:69:c3:a8:97:d8:d9:1f:
         f5:3f:1c:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/y+OP9W9ksfvoJViMRoSqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNjA3MTM1MjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzU1NmI0MmE4ZjBjMjBlZjM4OTQ3Y2IxNWJjZTgwZmNjYjg0ZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUXip4xCM2AWSVnH+HRgIgrTiBcw
+vBEoNMS1i8pxsKtZZaNdUlRyA3sNIa46PhkJ7RX2xeHnW9nm4WkJGCATQ2IpISB
dxuHuBJoxhRnzmIUd+fIG+IJnSGvK8bJVS/XAhiGwqtejLe1MKvvVR5EFKeFi8jB
9x1cwMUv/G48+TCgzXTLCCdVQ1wkTnRo+asptby5HND0Abh9s01bGmJR47/yyn9W
HUb7QRgcMrY4yQpPqGNdrsGKBv+kFrHdkWff2zM+u6a2mJF6zLH1LT8IBfoOGgep
SREgC6ie2fBiGbXQATT0jMvJthhzT5Xyd/XiYfLy1uH6u3gxr693EX4AvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxVa0Ko8MIO84lHyxW86A/MuE2VMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvdkZWclFxand3Zzd6aVVmTEZiem9EOHk0VFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWIdFMA0G
CSqGSIb3DQEBCwUAA4IBAQBTCPolLLf7X3Z7Q2LG7Ymh5LU+ZH1SsArrhH8wOG+H
AEb3rXiHQBI0TKfJST3/1I+4IDMPFJkkFMTpDc+JoDkm0KSos+/gLmk/rVMP8UMB
cGkZLyC8LxQ2dHo7DDwRIKWvrRdrUMZObB/IKoK1uRfJkHS5hLNDiFbQusJkIzDa
VtQKIQo1MARoPA+DDMFY+AFbGblm9Oq5WzvHSf/bL4O9eu8mkVqYaf0o+G1lDooz
UQu6ycnWL/v3Oi6v7qQ+7e24xlMFm8oynSzoqN8NgbvZD0yCeELJUJMYEvmNyUBI
Fk/DV5nZItrca/Tzdjm6S492z94v92nDqJfY2R/1Pxzp
-----END CERTIFICATE-----