Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/fHwCt-TlVf83K-kCRpA3dmWLD34.roa
File:                     fHwCt-TlVf83K-kCRpA3dmWLD34.roa (raw, json)
Hash identifier:          T2mNm5oydcBb0v82fzeOb+58gLjHLeCZZ6gNDvgoWGE=
Subject key identifier:   7C:7C:02:B7:E4:E5:55:FF:37:2B:E9:02:46:90:37:76:65:8B:0F:7E
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F1F3F7D5166161DFCEEBB271AA483
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/fHwCt-TlVf83K-kCRpA3dmWLD34.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8297
IP address blocks:        195.219.88.0/24 maxlen: 24
                          2a01:3e0:ff71::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1f:3f:7d:51:66:16:1d:fc:ee:bb:27:1a:a4:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c7c02b7e4e555ff372be90246903776658b0f7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4f:5c:3b:0d:a8:d9:29:97:8b:dd:46:a8:13:
                    bb:b2:c4:34:15:e0:fa:d4:87:0f:c2:e2:5b:32:ae:
                    21:37:99:bb:7d:f1:dd:59:a5:9b:b1:f2:b0:71:6c:
                    e7:ab:79:07:1f:7b:6e:e5:8c:fb:7a:a6:07:95:20:
                    fd:fa:81:5d:2b:17:63:02:9d:9f:27:56:17:ae:1e:
                    25:77:94:17:94:73:9f:79:3a:06:8e:a6:dd:0c:e1:
                    7a:2a:05:ed:a0:a6:39:9e:f0:c5:81:27:11:db:cf:
                    d7:8b:a9:1a:94:0a:74:e6:be:97:6a:01:ca:14:02:
                    de:f0:e2:5f:dc:81:46:82:d3:68:78:6a:91:35:8c:
                    15:8e:1e:8a:42:84:bf:8a:b2:59:a5:fe:82:12:8a:
                    52:a1:d2:e4:9b:7b:b1:82:92:72:69:9e:fd:77:15:
                    dc:7d:f0:de:f1:3b:79:75:61:3a:86:97:e3:1c:93:
                    1a:88:54:91:8e:32:f4:3c:65:81:9e:30:d2:72:94:
                    11:b0:0e:a4:71:0d:f5:24:86:7f:26:2b:e4:a1:86:
                    87:66:d9:b7:9c:d6:22:89:75:bd:0c:b6:39:f5:7c:
                    a3:7e:a8:e1:d6:a3:24:1e:42:61:59:ce:2d:44:fd:
                    a1:0b:c9:5d:9d:9c:58:8a:d4:57:5e:fc:05:c8:36:
                    aa:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7C:02:B7:E4:E5:55:FF:37:2B:E9:02:46:90:37:76:65:8B:0F:7E
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/fHwCt-TlVf83K-kCRpA3dmWLD34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.219.88.0/24
                IPv6:
                  2a01:3e0:ff71::/48

    Signature Algorithm: sha256WithRSAEncryption
         d9:58:18:3f:a0:93:a6:fc:46:f1:88:a5:94:7b:32:4d:5a:11:
         87:63:bb:53:1e:5e:10:4b:a6:47:34:63:c5:98:e0:d7:4a:42:
         ef:81:e5:93:43:6e:3a:3f:b1:82:ac:3e:04:87:8d:ce:a4:56:
         78:f6:18:9c:63:40:a6:73:9a:81:9c:c6:27:f4:cf:3b:98:81:
         49:9c:53:ac:3e:a5:fb:17:18:37:1d:3e:0c:41:78:53:19:93:
         cd:de:5a:76:6b:39:6f:88:c0:89:27:04:07:e7:7f:82:1f:55:
         11:2e:5b:f9:cd:f2:c9:8a:77:fa:77:44:09:31:00:9d:64:48:
         10:de:32:38:6f:80:91:ce:48:b9:2d:e6:78:11:dd:f1:8a:ca:
         63:8e:fa:8d:c4:9f:e0:01:b5:0a:46:d4:f9:9c:1c:80:1a:c4:
         77:f7:60:79:2a:ca:8e:01:97:d4:37:59:3a:e5:7a:18:02:0a:
         10:1a:31:48:41:90:62:e4:3c:9b:d6:c6:37:e3:f1:61:40:d6:
         31:93:2e:08:24:f5:0f:3e:90:74:1b:97:86:65:59:92:14:e9:
         68:85:48:cf:e0:33:f7:97:36:22:da:33:59:ca:81:3b:6b:d0:
         f6:06:45:4b:b4:0d:de:7f:df:03:e8:48:b1:61:60:ff:95:f8:
         17:d1:8c:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIbx8/fVFmFh387rsnGqSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdjMDJiN2U0ZTU1NWZmMzcyYmU5MDI0NjkwMzc3NjY1OGIwZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAok9cOw2o2SmXi91GqBO7ssQ0FeD6
1IcPwuJbMq4hN5m7ffHdWaWbsfKwcWznq3kHH3tu5Yz7eqYHlSD9+oFdKxdjAp2f
J1YXrh4ld5QXlHOfeToGjqbdDOF6KgXtoKY5nvDFgScR28/Xi6kalAp05r6XagHK
FALe8OJf3IFGgtNoeGqRNYwVjh6KQoS/irJZpf6CEopSodLkm3uxgpJyaZ79dxXc
ffDe8Tt5dWE6hpfjHJMaiFSRjjL0PGWBnjDScpQRsA6kcQ31JIZ/JivkoYaHZtm3
nNYiiXW9DLY59Xyjfqjh1qMkHkJhWc4tRP2hC8ldnZxYitRXXvwFyDaqnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHx8Arfk5VX/NyvpAkaQN3Zliw9+MB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvZkh3Q3QtVGxWZjgzSy1rQ1JwQTNkbVdMRDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw9tYMA8E
AgACMAkDBwAqAQPg/3EwDQYJKoZIhvcNAQELBQADggEBANlYGD+gk6b8RvGIpZR7
Mk1aEYdju1MeXhBLpkc0Y8WY4NdKQu+B5ZNDbjo/sYKsPgSHjc6kVnj2GJxjQKZz
moGcxif0zzuYgUmcU6w+pfsXGDcdPgxBeFMZk83eWnZrOW+IwIknBAfnf4IfVREu
W/nN8smKd/p3RAkxAJ1kSBDeMjhvgJHOSLkt5ngR3fGKymOO+o3En+ABtQpG1Pmc
HIAaxHf3YHkqyo4Bl9Q3WTrlehgCChAaMUhBkGLkPJvWxjfj8WFA1jGTLggk9Q8+
kHQbl4ZlWZIU6WiFSM/gM/eXNiLaM1nKgTtr0PYGRUu0Dd5/3wPoSLFhYP+V+BfR
jGg=
-----END CERTIFICATE-----