Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/87NxfLp1KaS9HmvyP-TI8LD7xYU.roa
File:                     87NxfLp1KaS9HmvyP-TI8LD7xYU.roa (raw, json)
Hash identifier:          CIpoc2/J2acORpw0ZjDRVdyRlRrSTybW7aExFT9Clc0=
Subject key identifier:   F3:B3:71:7C:BA:75:29:A4:BD:1E:6B:F2:3F:E4:C8:F0:B0:FB:C5:85
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CDEFCA4E2D87666D314B72E246AD67AC7
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/87NxfLp1KaS9HmvyP-TI8LD7xYU.roa
Signing time:             Sat 06 Jan 2024 13:35:48 +0000
ROA not before:           Sat 06 Jan 2024 13:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215802
IP address blocks:        188.95.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:de:fc:a4:e2:d8:76:66:d3:14:b7:2e:24:6a:d6:7a:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  6 13:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3b3717cba7529a4bd1e6bf23fe4c8f0b0fbc585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:92:68:3b:ee:e0:9c:c0:a1:74:cd:48:d2:81:
                    0e:1b:3d:91:e7:2d:03:8e:49:44:8c:d2:99:fd:b5:
                    bc:40:95:82:88:38:ee:31:58:00:49:00:b0:5b:c2:
                    a7:fc:ac:da:91:5e:3a:e2:28:0e:9e:eb:bb:da:a9:
                    a9:c2:70:14:92:15:a9:f2:81:65:e5:04:f8:41:2b:
                    b3:01:40:26:21:e9:67:23:84:2d:8f:4a:50:c3:70:
                    08:71:e6:cb:d2:ed:5f:52:33:45:20:cf:13:e8:a5:
                    80:6b:77:f5:aa:51:a0:54:ce:d9:61:09:14:8a:31:
                    ae:48:ad:2b:37:e7:76:5f:de:cc:28:3c:c4:42:70:
                    b7:7d:2e:9a:5f:67:d4:d8:e2:ff:3f:00:24:65:e9:
                    53:27:f8:de:90:de:74:a6:a2:bd:07:92:bd:ea:ee:
                    85:bc:03:df:f0:56:47:e0:54:c1:1a:cb:56:ae:4a:
                    51:8e:b3:62:ee:93:6c:1f:98:89:60:ba:c4:9a:20:
                    ff:3d:29:0e:87:3f:77:87:ae:c5:c6:ef:24:92:e8:
                    b9:37:33:92:ab:0a:74:57:45:cd:34:f0:ee:05:b5:
                    c4:8f:83:ac:27:f1:3e:29:05:8e:c2:cc:38:e8:c0:
                    9f:6a:13:d2:bb:3f:f6:10:16:ad:3c:c6:36:d6:58:
                    97:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:B3:71:7C:BA:75:29:A4:BD:1E:6B:F2:3F:E4:C8:F0:B0:FB:C5:85
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/87NxfLp1KaS9HmvyP-TI8LD7xYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:66:da:4c:9d:84:11:28:5d:07:aa:18:30:99:fb:b9:4f:6a:
         85:e4:9d:f7:05:e2:83:bd:0a:85:dd:e4:f7:cc:e4:0d:39:06:
         02:0d:bd:87:f7:78:21:ca:0f:4b:9d:a8:06:99:d7:c7:a6:a7:
         a6:2b:03:21:5c:75:f9:79:b0:37:f4:ad:fa:4a:43:8e:68:91:
         4a:2a:16:37:ce:dd:08:dd:56:a0:09:24:22:4d:ac:12:af:74:
         fe:f3:96:b4:8f:d6:1a:55:82:1e:68:52:fa:5d:94:9b:f4:c1:
         6b:0e:bb:68:d3:30:d8:5b:5c:2e:97:ce:4c:44:fd:3f:f1:76:
         01:30:32:e3:82:0d:e8:1e:8f:90:7e:c0:bd:9a:e6:0d:24:78:
         fc:50:9f:6a:7d:19:e6:6d:d7:4a:d0:da:c5:8d:e8:83:64:bf:
         68:71:fe:4c:6f:c3:09:38:37:e9:e6:00:cc:ad:6e:a6:3f:46:
         5f:ef:88:68:0e:a3:fd:4d:41:5b:0c:8d:2c:a3:d7:cc:9e:54:
         59:71:8f:58:62:67:e1:1f:d3:ec:b8:cc:26:e2:b7:33:91:dd:
         65:93:2b:92:20:63:22:01:90:fb:94:c5:d1:a0:45:60:97:1c:
         52:f2:05:4c:51:37:64:7a:b1:d4:39:f3:5a:7d:2a:1b:6a:d7:
         6e:fc:88:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYze/KTi2HZm0xS3LiRq1nrHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTA2MTMzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2IzNzE3Y2JhNzUyOWE0YmQxZTZiZjIzZmU0YzhmMGIwZmJjNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZJoO+7gnMChdM1I0oEOGz2R5y0D
jklEjNKZ/bW8QJWCiDjuMVgASQCwW8Kn/KzakV464igOnuu72qmpwnAUkhWp8oFl
5QT4QSuzAUAmIelnI4Qtj0pQw3AIcebL0u1fUjNFIM8T6KWAa3f1qlGgVM7ZYQkU
ijGuSK0rN+d2X97MKDzEQnC3fS6aX2fU2OL/PwAkZelTJ/jekN50pqK9B5K96u6F
vAPf8FZH4FTBGstWrkpRjrNi7pNsH5iJYLrEmiD/PSkOhz93h67Fxu8kkui5NzOS
qwp0V0XNNPDuBbXEj4OsJ/E+KQWOwsw46MCfahPSuz/2EBatPMY21liX2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOzcXy6dSmkvR5r8j/kyPCw+8WFMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvODdOeGZMcDFLYVM5SG12eVAtVEk4TEQ3eFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9fMA0G
CSqGSIb3DQEBCwUAA4IBAQAOZtpMnYQRKF0Hqhgwmfu5T2qF5J33BeKDvQqF3eT3
zOQNOQYCDb2H93ghyg9LnagGmdfHpqemKwMhXHX5ebA39K36SkOOaJFKKhY3zt0I
3VagCSQiTawSr3T+85a0j9YaVYIeaFL6XZSb9MFrDrto0zDYW1wul85MRP0/8XYB
MDLjgg3oHo+QfsC9muYNJHj8UJ9qfRnmbddK0NrFjeiDZL9ocf5Mb8MJODfp5gDM
rW6mP0Zf74hoDqP9TUFbDI0so9fMnlRZcY9YYmfhH9PsuMwm4rczkd1lkyuSIGMi
AZD7lMXRoEVglxxS8gVMUTdkerHUOfNafSobatdu/IiC
-----END CERTIFICATE-----