Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/k-3vUH34vLe1WFsY9O5Sk2db2-M.roa
File:                     k-3vUH34vLe1WFsY9O5Sk2db2-M.roa (raw, json)
Hash identifier:          zYReHdNwuKPDWpAz/tFF6+liS1NvueEVS+1dHnk0/x8=
Subject key identifier:   93:ED:EF:50:7D:F8:BC:B7:B5:58:5B:18:F4:EE:52:93:67:5B:DB:E3
Certificate issuer:       /CN=2f1ac9f094d8318f3088dca68301865f4605e9da
Certificate serial:       018CC870AEF723BDDA598CF94B36A264664D
Authority key identifier: 2F:1A:C9:F0:94:D8:31:8F:30:88:DC:A6:83:01:86:5F:46:05:E9:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/k-3vUH34vLe1WFsY9O5Sk2db2-M.roa
Signing time:             Tue 02 Jan 2024 04:31:17 +0000
ROA not before:           Tue 02 Jan 2024 04:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        88.151.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ae:f7:23:bd:da:59:8c:f9:4b:36:a2:64:66:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f1ac9f094d8318f3088dca68301865f4605e9da
        Validity
            Not Before: Jan  2 04:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93edef507df8bcb7b5585b18f4ee5293675bdbe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:20:9a:52:01:55:5f:2e:e2:19:f1:51:c5:72:
                    17:04:dc:b8:3e:bb:44:44:a2:06:cb:85:ad:25:58:
                    a9:8e:ef:1e:80:2a:10:1e:7e:8d:06:82:fc:53:ff:
                    a2:2a:b3:38:0b:f4:c7:bf:24:4a:a8:62:dd:88:aa:
                    28:e0:41:e1:c1:75:06:3c:03:50:0a:26:e7:d0:df:
                    1b:7e:81:f0:59:d6:a7:be:e4:e5:a3:95:3a:ff:89:
                    e2:01:1b:b3:10:85:96:aa:b7:01:8a:bc:c7:11:9c:
                    51:af:70:87:9d:a0:ae:de:4d:35:cc:3b:32:e0:85:
                    fd:03:a4:dd:a8:60:5d:b1:ad:92:1f:3c:fa:ff:01:
                    7f:db:37:95:c9:e1:e3:d0:90:74:be:cd:4f:fd:3a:
                    ac:2c:0c:c7:28:8b:5e:6b:f7:17:63:33:ee:87:5e:
                    f7:ea:97:eb:fd:62:9c:44:e0:b9:62:ce:6e:cc:93:
                    72:fc:e7:91:44:e5:f8:40:8e:4e:40:53:a1:8f:a2:
                    ed:a6:50:46:74:2e:b6:e6:bf:e3:c9:c5:ab:5f:24:
                    36:9b:d1:70:43:b6:72:e8:68:5f:f6:f1:f6:25:92:
                    ac:56:76:14:fa:14:fb:e0:0b:8e:ed:e6:f1:d5:16:
                    00:c0:83:db:51:dd:d1:ec:da:f8:63:7a:4c:7f:2e:
                    c0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:ED:EF:50:7D:F8:BC:B7:B5:58:5B:18:F4:EE:52:93:67:5B:DB:E3
            X509v3 Authority Key Identifier:
                keyid:2F:1A:C9:F0:94:D8:31:8F:30:88:DC:A6:83:01:86:5F:46:05:E9:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/k-3vUH34vLe1WFsY9O5Sk2db2-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:25:ae:a5:3d:a9:fc:82:e3:47:d2:b8:60:2e:80:a1:89:a7:
         4d:a3:92:f0:07:0a:73:aa:ae:de:c0:10:3d:67:1c:42:e9:6b:
         41:70:d7:92:47:b2:62:cc:19:23:d0:79:71:3a:dd:8e:98:b3:
         49:9f:60:a9:ca:73:4c:fc:bf:58:c6:a0:2f:19:48:60:89:68:
         68:7d:a9:2e:4c:91:e6:64:44:c7:13:56:c6:18:c7:6b:7e:d1:
         6f:97:79:2a:67:d7:eb:1e:06:06:08:a8:ad:c9:05:73:05:6f:
         07:fe:3f:02:f2:7e:97:74:b1:2d:a3:94:ba:ea:b5:08:be:83:
         b8:ec:d1:35:76:69:20:41:d4:08:0e:a5:74:9f:ef:12:c4:39:
         44:35:23:f5:cc:45:e4:5d:67:8c:d6:69:74:bd:97:02:7a:ef:
         4c:3e:67:ca:79:e4:07:9e:12:bb:c7:54:49:99:88:88:1b:28:
         6c:be:ea:47:70:9c:87:50:34:b2:55:2e:3f:ac:de:2a:44:09:
         cc:fd:95:91:d2:6d:49:e7:52:e8:c4:49:8e:c5:2c:f4:9e:7f:
         d9:2b:6a:f1:ff:95:ed:c1:70:1a:6d:2b:51:b1:ca:64:58:4c:
         08:13:2b:32:eb:ef:2a:e1:7e:3a:a3:d8:23:1d:47:da:72:cf:
         c7:51:81:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcK73I73aWYz5SzaiZGZNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMWFjOWYwOTRkODMxOGYzMDg4ZGNhNjgzMDE4NjVmNDYw
NWU5ZGEwHhcNMjQwMTAyMDQzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2VkZWY1MDdkZjhiY2I3YjU1ODViMThmNGVlNTI5MzY3NWJkYmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCCaUgFVXy7iGfFRxXIXBNy4PrtE
RKIGy4WtJVipju8egCoQHn6NBoL8U/+iKrM4C/THvyRKqGLdiKoo4EHhwXUGPANQ
Cibn0N8bfoHwWdanvuTlo5U6/4niARuzEIWWqrcBirzHEZxRr3CHnaCu3k01zDsy
4IX9A6TdqGBdsa2SHzz6/wF/2zeVyeHj0JB0vs1P/TqsLAzHKItea/cXYzPuh173
6pfr/WKcROC5Ys5uzJNy/OeRROX4QI5OQFOhj6LtplBGdC625r/jycWrXyQ2m9Fw
Q7Zy6Ghf9vH2JZKsVnYU+hT74AuO7ebx1RYAwIPbUd3R7Nr4Y3pMfy7AbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPt71B9+Ly3tVhbGPTuUpNnW9vjMB8GA1UdIwQY
MBaAFC8ayfCU2DGPMIjcpoMBhl9GBenaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHhySjhKVFlNWTh3aU55bWd3R0dYMFlGNmRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wNDE5NjgtMTVlYi00Mzg4LTk4NWEt
YzIzYzgyOWRiOTM3LzEvay0zdlVIMzR2TGUxV0ZzWTlPNVNrMmRiMi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wNDE5NjgtMTVlYi00Mzg4LTk4NWEtYzIzYzgyOWRiOTM3
LzEvTHhySjhKVFlNWTh3aU55bWd3R0dYMFlGNmRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJcOMA0G
CSqGSIb3DQEBCwUAA4IBAQARJa6lPan8guNH0rhgLoChiadNo5LwBwpzqq7ewBA9
ZxxC6WtBcNeSR7JizBkj0HlxOt2OmLNJn2CpynNM/L9YxqAvGUhgiWhofakuTJHm
ZETHE1bGGMdrftFvl3kqZ9frHgYGCKityQVzBW8H/j8C8n6XdLEto5S66rUIvoO4
7NE1dmkgQdQIDqV0n+8SxDlENSP1zEXkXWeM1ml0vZcCeu9MPmfKeeQHnhK7x1RJ
mYiIGyhsvupHcJyHUDSyVS4/rN4qRAnM/ZWR0m1J51LoxEmOxSz0nn/ZK2rx/5Xt
wXAabStRscpkWEwIEysy6+8q4X46o9gjHUfacs/HUYG/
-----END CERTIFICATE-----