Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/0MiQxU_umqZZyIzU8wHKdMFXp0A.roa
File:                     0MiQxU_umqZZyIzU8wHKdMFXp0A.roa (raw, json)
Hash identifier:          5nt2j6km21NuuCF4w1WM2omoybaeqwuAwd9GKwqLz3E=
Subject key identifier:   D0:C8:90:C5:4F:EE:9A:A6:59:C8:8C:D4:F3:01:CA:74:C1:57:A7:40
Certificate issuer:       /CN=7969c4bd8767780bec161a2ad612a2735dbcabfd
Certificate serial:       018CC9BCF900528CAB152DC1EEEB8C820868
Authority key identifier: 79:69:C4:BD:87:67:78:0B:EC:16:1A:2A:D6:12:A2:73:5D:BC:AB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eWnEvYdneAvsFhoq1hKic128q_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/0MiQxU_umqZZyIzU8wHKdMFXp0A.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212926
IP address blocks:        88.135.70.0/24 maxlen: 24
                          2a07:e8c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/eWnEvYdneAvsFhoq1hKic128q_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/eWnEvYdneAvsFhoq1hKic128q_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eWnEvYdneAvsFhoq1hKic128q_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f9:00:52:8c:ab:15:2d:c1:ee:eb:8c:82:08:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7969c4bd8767780bec161a2ad612a2735dbcabfd
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0c890c54fee9aa659c88cd4f301ca74c157a740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:16:21:c2:99:6d:4b:66:42:c6:cf:60:92:6a:
                    b1:c0:1d:81:a6:1d:78:c1:74:dc:30:f7:c4:c0:f0:
                    69:4a:e4:45:44:a8:36:f5:8f:6d:e3:fe:b8:d6:75:
                    b9:c1:b2:97:26:cb:a2:11:8b:b4:db:69:a4:de:d2:
                    58:d1:f6:63:d0:8d:96:2a:cd:99:c7:66:5b:49:f7:
                    22:b3:29:e5:ee:53:7e:3a:b8:b8:d4:a4:dd:33:d0:
                    cb:2f:3e:cb:4c:40:1d:4f:38:d0:2f:e7:2a:e0:1e:
                    c0:4d:21:6b:c8:fe:0d:11:4a:89:f6:3b:b7:32:85:
                    6f:e5:ff:1c:cf:66:fe:fa:02:62:6c:f1:cf:da:fc:
                    bd:fb:1e:d2:31:2d:ee:3a:a5:39:fe:21:12:22:f8:
                    7d:0d:f2:32:9a:e7:24:69:2d:86:51:40:20:c1:48:
                    7c:f0:5a:be:53:fc:8d:1a:d7:e8:aa:b4:ee:53:52:
                    2e:ef:76:fb:67:3d:d5:0c:41:00:a7:f9:a9:c6:b0:
                    97:47:06:da:6e:23:78:6b:93:20:02:18:0f:98:a1:
                    88:da:3d:56:9f:08:d6:d3:ed:a7:4e:27:c3:62:30:
                    77:44:9d:a7:8e:fb:19:6e:4f:04:57:b3:54:53:b0:
                    99:81:34:86:e2:98:b0:c3:23:c2:60:10:dc:db:e3:
                    a8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C8:90:C5:4F:EE:9A:A6:59:C8:8C:D4:F3:01:CA:74:C1:57:A7:40
            X509v3 Authority Key Identifier:
                keyid:79:69:C4:BD:87:67:78:0B:EC:16:1A:2A:D6:12:A2:73:5D:BC:AB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eWnEvYdneAvsFhoq1hKic128q_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/0MiQxU_umqZZyIzU8wHKdMFXp0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/de388b-9bea-48e9-965f-0e8ddd691f63/1/eWnEvYdneAvsFhoq1hKic128q_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.70.0/24
                IPv6:
                  2a07:e8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:04:35:78:f5:e9:22:f1:10:f1:4a:8a:32:59:f4:7d:cb:40:
         62:4a:34:15:a5:58:67:12:46:63:6e:fd:eb:98:47:4c:ce:52:
         b0:e9:8c:c9:86:4d:37:9e:7d:49:85:f6:a6:6b:99:dd:b9:56:
         49:6b:4f:26:00:f5:92:00:cb:2e:68:7a:43:30:8d:38:44:bd:
         ab:e1:34:88:a5:b7:8d:a3:89:20:56:20:b0:af:ee:94:46:73:
         d0:0d:09:30:9e:6c:de:0c:33:2d:33:42:89:b4:10:b6:b3:63:
         12:74:73:75:10:30:22:1d:b0:07:db:0a:b3:58:8f:99:00:a9:
         ce:c1:eb:c3:1c:6c:f8:40:42:65:f2:c2:da:90:94:20:80:50:
         8f:b9:be:03:7f:39:87:c6:ac:11:66:6a:fe:f3:1b:31:42:14:
         05:c6:74:dc:59:dd:51:e9:d6:42:4c:f5:99:fb:73:20:2a:22:
         ba:9a:f4:7d:a4:7f:bd:af:ff:70:4a:fc:28:04:24:35:08:d9:
         fa:b0:d7:d8:63:33:dd:4d:2e:8a:a7:e6:6f:fb:d7:7e:eb:0e:
         5c:a2:5d:aa:f9:fe:71:44:f8:e2:db:6a:1b:e1:44:b8:ef:c1:
         c7:14:97:4a:ef:1c:55:19:98:70:bf:b7:29:f0:3e:c6:1e:72:
         3c:0c:23:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvPkAUoyrFS3B7uuMgghoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NjljNGJkODc2Nzc4MGJlYzE2MWEyYWQ2MTJhMjczNWRi
Y2FiZmQwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGM4OTBjNTRmZWU5YWE2NTljODhjZDRmMzAxY2E3NGMxNTdhNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxYhwpltS2ZCxs9gkmqxwB2Bph14
wXTcMPfEwPBpSuRFRKg29Y9t4/641nW5wbKXJsuiEYu022mk3tJY0fZj0I2WKs2Z
x2ZbSfcisynl7lN+Ori41KTdM9DLLz7LTEAdTzjQL+cq4B7ATSFryP4NEUqJ9ju3
MoVv5f8cz2b++gJibPHP2vy9+x7SMS3uOqU5/iESIvh9DfIymuckaS2GUUAgwUh8
8Fq+U/yNGtfoqrTuU1Iu73b7Zz3VDEEAp/mpxrCXRwbabiN4a5MgAhgPmKGI2j1W
nwjW0+2nTifDYjB3RJ2njvsZbk8EV7NUU7CZgTSG4piwwyPCYBDc2+OoYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNDIkMVP7pqmWciM1PMBynTBV6dAMB8GA1UdIwQY
MBaAFHlpxL2HZ3gL7BYaKtYSonNdvKv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVduRXZZZG5lQXZzRmhvcTFoS2ljMTI4cV8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZTM4OGItOWJlYS00OGU5LTk2NWYt
MGU4ZGRkNjkxZjYzLzEvME1pUXhVX3VtcVpaeUl6VTh3SEtkTUZYcDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZTM4OGItOWJlYS00OGU5LTk2NWYtMGU4ZGRkNjkxZjYz
LzEvZVduRXZZZG5lQXZzRmhvcTFoS2ljMTI4cV8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWIdGMA0E
AgACMAcDBQAqB+jAMA0GCSqGSIb3DQEBCwUAA4IBAQCkBDV49eki8RDxSooyWfR9
y0BiSjQVpVhnEkZjbv3rmEdMzlKw6YzJhk03nn1Jhfama5nduVZJa08mAPWSAMsu
aHpDMI04RL2r4TSIpbeNo4kgViCwr+6URnPQDQkwnmzeDDMtM0KJtBC2s2MSdHN1
EDAiHbAH2wqzWI+ZAKnOwevDHGz4QEJl8sLakJQggFCPub4DfzmHxqwRZmr+8xsx
QhQFxnTcWd1R6dZCTPWZ+3MgKiK6mvR9pH+9r/9wSvwoBCQ1CNn6sNfYYzPdTS6K
p+Zv+9d+6w5col2q+f5xRPji22ob4US478HHFJdK7xxVGZhwv7cp8D7GHnI8DCOm
-----END CERTIFICATE-----