Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/oq9WwQoDM4mn2rgc9J2iFM1675Q.roa
File:                     oq9WwQoDM4mn2rgc9J2iFM1675Q.roa (raw, json)
Hash identifier:          ocL6Gihhi5XWfwinp2SSm69wUvXXHQtCsSqzsmLm+es=
Subject key identifier:   A2:AF:56:C1:0A:03:33:89:A7:DA:B8:1C:F4:9D:A2:14:CD:7A:EF:94
Certificate issuer:       /CN=2f1ac9f094d8318f3088dca68301865f4605e9da
Certificate serial:       018CC870AECFC3E8E0EFA0C1ADA4765F14C5
Authority key identifier: 2F:1A:C9:F0:94:D8:31:8F:30:88:DC:A6:83:01:86:5F:46:05:E9:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/oq9WwQoDM4mn2rgc9J2iFM1675Q.roa
Signing time:             Tue 02 Jan 2024 04:31:17 +0000
ROA not before:           Tue 02 Jan 2024 04:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        88.151.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ae:cf:c3:e8:e0:ef:a0:c1:ad:a4:76:5f:14:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f1ac9f094d8318f3088dca68301865f4605e9da
        Validity
            Not Before: Jan  2 04:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2af56c10a033389a7dab81cf49da214cd7aef94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:95:e6:f4:bd:87:12:41:87:78:ef:bb:51:0f:
                    79:57:80:f1:8a:2a:19:f6:a9:ca:c5:76:82:09:20:
                    1c:75:58:25:1d:70:e5:04:cf:20:36:33:45:8c:6a:
                    4a:a2:0b:4b:a7:4b:90:60:65:0f:54:90:b8:86:62:
                    3a:7a:1c:ab:73:f3:96:a6:00:0b:73:45:cb:4c:f2:
                    54:90:72:c8:ea:4e:fd:a0:d2:01:83:6d:cb:dd:54:
                    18:8c:5a:25:d0:ca:2e:2c:da:67:6f:67:da:06:25:
                    42:3a:f6:cf:c2:bd:ee:8a:0f:bf:1b:07:6f:fd:9e:
                    c6:9d:c0:94:89:9a:3b:66:97:bd:80:72:75:a7:c3:
                    3a:3a:fe:37:ae:74:6c:b6:88:d2:76:85:0c:e3:9a:
                    5c:91:2e:90:64:fa:d8:3d:ee:e8:a4:55:19:ab:8f:
                    bb:96:76:57:07:2b:8b:b8:f6:d8:bf:6f:fe:de:59:
                    42:ff:88:97:3d:d2:17:48:61:55:2b:c1:cb:76:8b:
                    3c:8c:30:79:d9:f6:a3:c6:71:d9:6a:44:c3:f5:e8:
                    25:d0:76:ed:e6:ad:58:8a:b8:f7:dd:07:a5:63:36:
                    69:4a:48:a7:cc:84:00:00:15:69:80:75:72:78:fb:
                    61:37:31:f9:ea:38:53:d1:58:25:60:0c:54:42:7a:
                    91:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AF:56:C1:0A:03:33:89:A7:DA:B8:1C:F4:9D:A2:14:CD:7A:EF:94
            X509v3 Authority Key Identifier:
                keyid:2F:1A:C9:F0:94:D8:31:8F:30:88:DC:A6:83:01:86:5F:46:05:E9:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LxrJ8JTYMY8wiNymgwGGX0YF6do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/oq9WwQoDM4mn2rgc9J2iFM1675Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/041968-15eb-4388-985a-c23c829db937/1/LxrJ8JTYMY8wiNymgwGGX0YF6do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:06:0e:21:90:ec:f1:39:74:cb:d6:61:8d:ce:7d:a3:79:03:
         15:36:97:e5:ed:b6:0b:e5:dd:e7:c1:c4:da:df:9f:ed:68:84:
         51:10:ed:fc:f4:fa:44:10:60:e8:b3:48:36:6c:56:bb:5f:93:
         bf:93:8e:e9:89:a2:8b:07:a9:08:25:b6:aa:23:0f:e4:e5:03:
         3f:6a:0e:f5:8d:92:3d:1b:ec:1d:bc:42:bd:59:1e:22:dc:f1:
         67:60:5f:e1:94:d9:17:21:6f:d4:61:d3:96:e2:42:1f:86:81:
         e0:6b:81:5a:79:b9:54:2a:d7:58:f1:d2:b1:8b:76:4e:a2:b6:
         cf:97:d3:5f:5a:a5:58:bf:6f:c9:84:ac:3b:08:65:18:2d:b3:
         8f:71:ae:56:14:73:c7:3c:8d:06:ce:14:20:eb:5e:e2:0e:63:
         40:dc:31:75:d2:a5:b6:37:67:24:c5:e1:c8:51:04:9c:d3:b7:
         7e:65:e8:57:d6:73:9c:32:ee:12:5c:89:28:e9:d0:38:e0:74:
         c7:0a:51:e5:12:40:d8:03:34:27:56:7c:b4:cb:a6:71:8d:32:
         a6:ba:16:3f:4f:9f:d3:5a:11:9e:a0:44:6b:f4:c3:96:88:1c:
         b7:a5:2f:9e:2e:00:b1:8c:db:3e:44:dc:a8:63:dc:21:bc:00:
         3f:77:3c:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcK7Pw+jg76DBraR2XxTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMWFjOWYwOTRkODMxOGYzMDg4ZGNhNjgzMDE4NjVmNDYw
NWU5ZGEwHhcNMjQwMTAyMDQzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmFmNTZjMTBhMDMzMzg5YTdkYWI4MWNmNDlkYTIxNGNkN2FlZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJXm9L2HEkGHeO+7UQ95V4DxiioZ
9qnKxXaCCSAcdVglHXDlBM8gNjNFjGpKogtLp0uQYGUPVJC4hmI6ehyrc/OWpgAL
c0XLTPJUkHLI6k79oNIBg23L3VQYjFol0MouLNpnb2faBiVCOvbPwr3uig+/Gwdv
/Z7GncCUiZo7Zpe9gHJ1p8M6Ov43rnRstojSdoUM45pckS6QZPrYPe7opFUZq4+7
lnZXByuLuPbYv2/+3llC/4iXPdIXSGFVK8HLdos8jDB52fajxnHZakTD9egl0Hbt
5q1Yirj33QelYzZpSkinzIQAABVpgHVyePthNzH56jhT0VglYAxUQnqR/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKvVsEKAzOJp9q4HPSdohTNeu+UMB8GA1UdIwQY
MBaAFC8ayfCU2DGPMIjcpoMBhl9GBenaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHhySjhKVFlNWTh3aU55bWd3R0dYMFlGNmRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wNDE5NjgtMTVlYi00Mzg4LTk4NWEt
YzIzYzgyOWRiOTM3LzEvb3E5V3dRb0RNNG1uMnJnYzlKMmlGTTE2NzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wNDE5NjgtMTVlYi00Mzg4LTk4NWEtYzIzYzgyOWRiOTM3
LzEvTHhySjhKVFlNWTh3aU55bWd3R0dYMFlGNmRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJcOMA0G
CSqGSIb3DQEBCwUAA4IBAQBgBg4hkOzxOXTL1mGNzn2jeQMVNpfl7bYL5d3nwcTa
35/taIRREO389PpEEGDos0g2bFa7X5O/k47piaKLB6kIJbaqIw/k5QM/ag71jZI9
G+wdvEK9WR4i3PFnYF/hlNkXIW/UYdOW4kIfhoHga4FaeblUKtdY8dKxi3ZOorbP
l9NfWqVYv2/JhKw7CGUYLbOPca5WFHPHPI0GzhQg617iDmNA3DF10qW2N2ckxeHI
UQSc07d+ZehX1nOcMu4SXIko6dA44HTHClHlEkDYAzQnVny0y6ZxjTKmuhY/T5/T
WhGeoERr9MOWiBy3pS+eLgCxjNs+RNyoY9whvAA/dzz2
-----END CERTIFICATE-----