Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/flYUnFHtE11OgRObrdls_FgzaqY.roa
File:                     flYUnFHtE11OgRObrdls_FgzaqY.roa (raw, json)
Hash identifier:          iciFNOGdK04xgdVLRFzyUsKLiw72tiOtOd+GQNcT2qc=
Subject key identifier:   7E:56:14:9C:51:ED:13:5D:4E:81:13:9B:AD:D9:6C:FC:58:33:6A:A6
Certificate issuer:       /CN=2f1ac9f094d8318f3088dca68301865f4605e9da
Certificate serial:       018CC870AE844895C8AE0954333CA3D369E9
Authority key identifier: 2F:1A:C9:F0:94:D8:31:8F:30:88:DC:A6:83:01:86:5F:46:05:E9:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/flYUnFHtE11OgRObrdls_FgzaqY.roa
Signing time:             Tue 02 Jan 2024 04:31:17 +0000
ROA not before:           Tue 02 Jan 2024 04:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8839
IP address blocks:        88.151.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ae:84:48:95:c8:ae:09:54:33:3c:a3:d3:69:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f1ac9f094d8318f3088dca68301865f4605e9da
        Validity
            Not Before: Jan  2 04:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e56149c51ed135d4e81139badd96cfc58336aa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:03:92:d7:b0:f7:f8:11:5b:95:72:0f:d1:1a:
                    97:f3:40:98:52:ee:83:8c:28:8b:84:ac:86:ea:15:
                    31:1b:4a:a0:4f:f7:57:b2:49:56:74:eb:ec:2e:14:
                    e7:dc:dd:69:d9:d6:5d:9c:c7:e9:b0:c8:38:df:c2:
                    73:80:91:d9:27:db:51:74:19:4f:be:86:94:47:63:
                    b1:8f:59:ca:4a:31:ea:87:a6:91:9d:de:5e:37:49:
                    ed:f0:78:e1:09:6e:4c:de:f1:93:74:6b:44:d6:01:
                    37:cb:21:86:0d:9b:e9:ab:34:f7:5f:f8:dd:ea:1e:
                    11:ee:98:7a:dd:c4:4a:61:79:69:87:95:ea:16:6c:
                    1d:47:a5:2a:75:09:e8:7a:cf:80:4c:88:28:8e:2e:
                    6e:2c:6c:14:4e:e6:e0:86:65:83:b2:bf:03:20:4d:
                    93:48:cb:28:a7:63:d0:80:7a:39:7d:82:34:3a:1d:
                    9d:21:b2:ca:dc:d7:90:53:6d:3b:76:21:aa:87:22:
                    6d:1e:5b:28:f7:c2:a7:7c:a0:c3:8b:06:e9:4e:85:
                    4e:41:90:b0:22:af:df:c8:b7:70:df:cc:36:9c:a6:
                    12:01:3b:b9:a8:91:78:57:32:fd:53:58:dc:d9:55:
                    ef:25:c0:51:f0:70:a5:0e:ae:8e:18:28:93:20:65:
                    94:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:56:14:9C:51:ED:13:5D:4E:81:13:9B:AD:D9:6C:FC:58:33:6A:A6
            X509v3 Authority Key Identifier:
                keyid:2F:1A:C9:F0:94:D8:31:8F:30:88:DC:A6:83:01:86:5F:46:05:E9:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/flYUnFHtE11OgRObrdls_FgzaqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:1c:72:86:dd:47:f3:1a:d6:45:ec:76:e9:a0:bc:b0:95:30:
         98:78:b9:63:5c:b1:8a:e6:f2:4c:9f:08:42:65:22:3b:d5:16:
         f6:58:ce:d5:7b:1f:ef:1d:91:7f:3c:48:11:5f:2f:91:57:d4:
         14:78:43:e0:dc:91:b0:ab:42:f3:a4:da:10:98:c3:8a:01:91:
         c5:26:a8:80:c8:bc:e5:9c:ba:37:4a:4e:f4:d5:ef:86:b5:fa:
         a3:f7:2f:1d:3d:60:fb:e7:d9:a9:d0:99:72:1c:1b:ee:cb:ee:
         2b:21:ac:72:0b:cd:94:3e:06:b7:ec:6e:2b:96:67:da:71:cc:
         30:a5:ca:0e:05:17:50:d3:a6:2a:89:17:f1:b4:e4:74:8f:59:
         ad:18:10:48:79:dd:83:bc:dc:9a:17:2f:bd:bb:95:b6:39:75:
         85:d6:a6:fe:f3:aa:9c:6e:24:f4:ab:92:4c:67:38:66:54:8d:
         41:88:17:c0:ff:d0:e6:b6:57:2b:3c:4f:5b:51:ec:50:7d:d6:
         03:08:82:92:47:28:a3:e5:30:e1:14:57:51:33:ff:78:ea:75:
         34:16:da:8f:82:90:7e:7a:97:d2:84:a4:4b:ff:47:ba:d9:4f:
         d8:15:0a:a9:62:97:dc:27:98:18:07:1a:25:4c:08:46:54:74:
         f7:2b:4e:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcK6ESJXIrglUMzyj02npMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMWFjOWYwOTRkODMxOGYzMDg4ZGNhNjgzMDE4NjVmNDYw
NWU5ZGEwHhcNMjQwMTAyMDQzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTU2MTQ5YzUxZWQxMzVkNGU4MTEzOWJhZGQ5NmNmYzU4MzM2YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQOS17D3+BFblXIP0RqX80CYUu6D
jCiLhKyG6hUxG0qgT/dXsklWdOvsLhTn3N1p2dZdnMfpsMg438JzgJHZJ9tRdBlP
voaUR2Oxj1nKSjHqh6aRnd5eN0nt8HjhCW5M3vGTdGtE1gE3yyGGDZvpqzT3X/jd
6h4R7ph63cRKYXlph5XqFmwdR6UqdQnoes+ATIgoji5uLGwUTubghmWDsr8DIE2T
SMsop2PQgHo5fYI0Oh2dIbLK3NeQU207diGqhyJtHlso98KnfKDDiwbpToVOQZCw
Iq/fyLdw38w2nKYSATu5qJF4VzL9U1jc2VXvJcBR8HClDq6OGCiTIGWUewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5WFJxR7RNdToETm63ZbPxYM2qmMB8GA1UdIwQY
MBaAFC8ayfCU2DGPMIjcpoMBhl9GBenaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHhySjhKVFlNWTh3aU55bWd3R0dYMFlGNmRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wNDE5NjgtMTVlYi00Mzg4LTk4NWEt
YzIzYzgyOWRiOTM3LzEvZmxZVW5GSHRFMTFPZ1JPYnJkbHNfRmd6YXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wNDE5NjgtMTVlYi00Mzg4LTk4NWEtYzIzYzgyOWRiOTM3
LzEvTHhySjhKVFlNWTh3aU55bWd3R0dYMFlGNmRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJcOMA0G
CSqGSIb3DQEBCwUAA4IBAQAzHHKG3UfzGtZF7HbpoLywlTCYeLljXLGK5vJMnwhC
ZSI71Rb2WM7Vex/vHZF/PEgRXy+RV9QUeEPg3JGwq0LzpNoQmMOKAZHFJqiAyLzl
nLo3Sk701e+Gtfqj9y8dPWD759mp0JlyHBvuy+4rIaxyC82UPga37G4rlmfaccww
pcoOBRdQ06YqiRfxtOR0j1mtGBBIed2DvNyaFy+9u5W2OXWF1qb+86qcbiT0q5JM
ZzhmVI1BiBfA/9DmtlcrPE9bUexQfdYDCIKSRyij5TDhFFdRM/946nU0FtqPgpB+
epfShKRL/0e62U/YFQqpYpfcJ5gYBxolTAhGVHT3K06c
-----END CERTIFICATE-----