Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/Bi-xbkKZGLYVR7L_8_DFN-ySudw.roa
File:                     Bi-xbkKZGLYVR7L_8_DFN-ySudw.roa (raw, json)
Hash identifier:          E8CQNizRkx38pPxhj+5iIik0zOyBOnMsFwEcUc2955Q=
Subject key identifier:   06:2F:B1:6E:42:99:18:B6:15:47:B2:FF:F3:F0:C5:37:EC:92:B9:DC
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC794A38FC60983A038685194288ADBE4
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/Bi-xbkKZGLYVR7L_8_DFN-ySudw.roa
Signing time:             Tue 02 Jan 2024 00:30:56 +0000
ROA not before:           Tue 02 Jan 2024 00:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206902
IP address blocks:        84.38.140.0/24 maxlen: 24
                          87.99.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a3:8f:c6:09:83:a0:38:68:51:94:28:8a:db:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=062fb16e429918b61547b2fff3f0c537ec92b9dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:86:ba:a0:07:ac:a9:46:77:53:f6:58:ec:07:
                    d3:49:9b:7f:c8:02:6b:98:31:62:09:89:12:10:9d:
                    b7:0c:b4:51:52:c9:e4:52:d4:c8:39:45:0f:88:86:
                    c8:4e:de:74:fa:ba:62:bf:27:51:6a:fa:e6:17:0b:
                    89:7d:da:1e:0c:ec:b5:6a:87:24:26:4f:2c:d3:dd:
                    da:d6:8d:ff:bc:2f:f4:55:4d:fe:8f:b5:7c:69:11:
                    53:52:e5:9e:41:45:f3:30:7a:a9:ba:bd:5a:80:da:
                    a0:35:64:1a:0d:41:64:52:6c:08:63:53:a5:25:89:
                    10:e5:d0:2e:46:ba:0b:57:15:e4:ba:23:6d:e3:7b:
                    ff:dd:73:37:6b:1c:48:97:d3:90:2e:db:d1:2b:c3:
                    f5:22:5a:e7:24:aa:8f:aa:6c:2f:cc:fd:a7:1a:69:
                    f2:8a:58:7d:b1:ab:2f:75:d6:a4:b0:c6:0d:c4:cb:
                    d8:07:b7:9c:eb:30:10:8f:ca:26:14:d8:f6:2c:85:
                    72:16:24:46:63:65:d6:9d:e3:80:77:72:a9:6d:fb:
                    72:8e:cb:32:64:8a:a6:4f:d3:a1:3b:bb:cb:51:4c:
                    6c:87:35:5b:bb:38:84:d0:ba:1b:b1:07:d0:fb:a7:
                    a0:a7:04:3f:fa:9b:78:ad:0a:2e:b4:bd:c2:e1:7d:
                    8a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:2F:B1:6E:42:99:18:B6:15:47:B2:FF:F3:F0:C5:37:EC:92:B9:DC
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/Bi-xbkKZGLYVR7L_8_DFN-ySudw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.140.0/24
                  87.99.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:32:e2:15:88:c8:97:de:c6:2b:85:26:76:ec:c4:88:af:06:
         04:ef:4d:11:24:f4:c5:d2:85:f8:d9:72:09:37:86:e4:2e:95:
         a6:8b:df:89:fc:58:f7:0b:f0:56:7c:29:af:96:e9:09:9d:5d:
         57:a9:8c:30:d6:92:22:b0:24:94:51:39:83:66:5e:58:48:4b:
         91:86:6d:56:16:03:f6:cb:4e:82:83:2b:ea:58:74:62:b2:19:
         e6:d9:19:aa:e3:0a:91:a0:9f:0b:32:72:1c:7f:d4:a2:11:fe:
         ff:96:e7:49:50:69:1a:d4:4b:76:73:95:8f:a1:20:e0:c3:98:
         53:a4:23:fe:ea:36:2f:a5:87:d1:7a:5f:61:2b:45:6d:19:d9:
         81:86:bc:9b:6f:11:1f:43:02:ef:22:1e:cd:fe:8f:b9:95:5d:
         8a:64:87:92:b0:c5:3c:72:48:9f:f4:b9:e7:9b:bd:89:62:5b:
         79:67:18:ab:33:17:75:09:5a:62:40:8a:06:ee:12:bd:dc:fe:
         a5:23:e1:55:cf:72:45:f2:aa:4a:7d:c0:ef:93:b4:6f:93:02:
         dd:eb:3e:ab:77:29:3b:12:01:ce:e6:89:e7:87:18:11:d0:35:
         dc:82:2f:02:73:6c:3e:bf:9d:16:8d:93:ed:50:37:77:d6:31:
         6f:b5:b7:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlKOPxgmDoDhoUZQoitvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjJmYjE2ZTQyOTkxOGI2MTU0N2IyZmZmM2YwYzUzN2VjOTJiOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYa6oAesqUZ3U/ZY7AfTSZt/yAJr
mDFiCYkSEJ23DLRRUsnkUtTIOUUPiIbITt50+rpivydRavrmFwuJfdoeDOy1aock
Jk8s093a1o3/vC/0VU3+j7V8aRFTUuWeQUXzMHqpur1agNqgNWQaDUFkUmwIY1Ol
JYkQ5dAuRroLVxXkuiNt43v/3XM3axxIl9OQLtvRK8P1IlrnJKqPqmwvzP2nGmny
ilh9sasvddaksMYNxMvYB7ec6zAQj8omFNj2LIVyFiRGY2XWneOAd3Kpbftyjssy
ZIqmT9OhO7vLUUxshzVbuziE0LobsQfQ+6egpwQ/+pt4rQoutL3C4X2KiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAYvsW5CmRi2FUey//PwxTfskrncMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvQmkteGJrS1pHTFlWUjdMXzhfREZOLXlTdWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCaMAwQA
V2NJMA0GCSqGSIb3DQEBCwUAA4IBAQBRMuIViMiX3sYrhSZ27MSIrwYE700RJPTF
0oX42XIJN4bkLpWmi9+J/Fj3C/BWfCmvlukJnV1XqYww1pIisCSUUTmDZl5YSEuR
hm1WFgP2y06CgyvqWHRishnm2Rmq4wqRoJ8LMnIcf9SiEf7/ludJUGka1Et2c5WP
oSDgw5hTpCP+6jYvpYfRel9hK0VtGdmBhrybbxEfQwLvIh7N/o+5lV2KZIeSsMU8
ckif9Lnnm72JYlt5ZxirMxd1CVpiQIoG7hK93P6lI+FVz3JF8qpKfcDvk7RvkwLd
6z6rdyk7EgHO5onnhxgR0DXcgi8Cc2w+v50WjZPtUDd31jFvtbfV
-----END CERTIFICATE-----