Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/UWnjRB3JOhAErfEmrOz9axfAQRk.roa
File:                     UWnjRB3JOhAErfEmrOz9axfAQRk.roa (raw, json)
Hash identifier:          Dltaigs50tdnLcuRzNb5hrgCkCOA9QLp3pCWrbZjLfs=
Subject key identifier:   51:69:E3:44:1D:C9:3A:10:04:AD:F1:26:AC:EC:FD:6B:17:C0:41:19
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC794A0F62FE372F04CAF0F3D221BD346
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/UWnjRB3JOhAErfEmrOz9axfAQRk.roa
Signing time:             Tue 02 Jan 2024 00:30:55 +0000
ROA not before:           Tue 02 Jan 2024 00:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51249
IP address blocks:        87.99.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a0:f6:2f:e3:72:f0:4c:af:0f:3d:22:1b:d3:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5169e3441dc93a1004adf126acecfd6b17c04119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:74:c7:7a:7b:b2:9c:87:da:fb:71:e8:62:e4:
                    cd:9b:ff:7a:0e:4b:4d:e2:78:b6:92:4b:91:6b:3a:
                    c3:ea:9b:97:ee:e5:63:e1:d8:d7:89:ae:b3:c3:c5:
                    8f:40:1a:ee:33:ea:05:86:dd:9a:af:e7:3d:ad:90:
                    63:1f:a1:9c:cc:b3:88:0e:bd:4d:af:27:dd:50:72:
                    30:cb:c7:8a:e4:18:82:a5:41:1d:a3:9d:ab:f6:83:
                    b8:21:90:ef:57:a8:25:2a:47:ca:ef:af:72:68:5a:
                    a3:a4:30:c0:53:08:c5:02:9f:e1:89:33:b8:f5:e7:
                    1a:50:15:f0:2e:be:42:ab:98:d5:43:d9:7d:1c:dd:
                    7c:0c:2d:81:b2:98:5b:9f:90:dc:9f:bf:b1:69:1f:
                    63:50:cf:c0:a7:73:80:cf:9b:ef:70:58:70:a2:07:
                    48:94:70:bd:7b:51:fa:67:22:4f:c9:c8:f0:76:66:
                    ec:b9:7f:4b:d3:57:1f:b2:ab:62:a6:50:89:25:ee:
                    14:bd:7e:7d:94:6e:7c:c1:01:f2:9a:44:aa:85:e8:
                    5d:a1:51:c5:fc:a0:7d:62:da:06:77:35:e1:f7:ec:
                    8f:a2:18:69:65:0f:aa:a4:22:dd:d5:b6:75:3d:46:
                    2e:c3:3e:86:45:ad:79:44:bc:72:e3:39:a6:43:57:
                    33:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:69:E3:44:1D:C9:3A:10:04:AD:F1:26:AC:EC:FD:6B:17:C0:41:19
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/UWnjRB3JOhAErfEmrOz9axfAQRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.99.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:9e:10:57:9d:4d:24:5e:3c:b7:f4:fa:75:f7:7f:7f:ef:74:
         92:08:34:c8:55:c8:46:c0:b1:cf:af:e2:40:4f:3a:c9:01:e9:
         70:5c:91:df:6d:4d:ea:81:17:a6:47:f0:4d:0e:35:30:a7:bb:
         71:57:63:52:ce:2c:0f:99:a8:ec:80:41:2f:4e:27:c4:3d:32:
         c5:a4:96:0b:e6:eb:7d:f2:2e:1d:ab:a2:e0:2c:28:5b:0a:81:
         e7:82:eb:f9:34:5d:0a:70:3d:bf:9f:1f:f5:81:a2:86:e4:15:
         50:a2:b4:52:9b:a4:96:dc:97:81:c2:15:b6:1d:de:58:ce:a0:
         2d:34:63:bb:75:11:c0:ef:2d:ec:19:c7:58:1a:2e:43:74:5e:
         bb:d5:04:d1:23:4f:24:e5:44:03:e3:62:0b:6c:e4:80:25:31:
         7f:e0:94:c0:fe:e5:7d:e2:dc:2e:73:12:cc:8c:aa:4e:c2:da:
         6d:0b:73:b5:df:bb:11:5a:16:c2:5d:a0:2f:30:17:81:52:62:
         9b:00:ba:8a:f5:77:1c:e2:33:27:c5:d9:64:f2:a7:cf:f8:cf:
         b9:0d:93:d1:29:27:94:7e:ba:e0:65:52:41:b8:f5:48:3b:b7:
         f8:83:95:a9:ca:f0:56:ba:43:dd:72:d9:4a:05:f8:97:e7:6f:
         0d:56:f3:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKD2L+Ny8EyvDz0iG9NGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTY5ZTM0NDFkYzkzYTEwMDRhZGYxMjZhY2VjZmQ2YjE3YzA0MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3THenuynIfa+3HoYuTNm/96DktN
4ni2kkuRazrD6puX7uVj4djXia6zw8WPQBruM+oFht2ar+c9rZBjH6GczLOIDr1N
ryfdUHIwy8eK5BiCpUEdo52r9oO4IZDvV6glKkfK769yaFqjpDDAUwjFAp/hiTO4
9ecaUBXwLr5Cq5jVQ9l9HN18DC2Bsphbn5Dcn7+xaR9jUM/Ap3OAz5vvcFhwogdI
lHC9e1H6ZyJPycjwdmbsuX9L01cfsqtiplCJJe4UvX59lG58wQHymkSqhehdoVHF
/KB9YtoGdzXh9+yPohhpZQ+qpCLd1bZ1PUYuwz6GRa15RLxy4zmmQ1cz1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFp40QdyToQBK3xJqzs/WsXwEEZMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvVVdualJCM0pPaEFFcmZFbXJPejlheGZBUVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2NHMA0G
CSqGSIb3DQEBCwUAA4IBAQAHnhBXnU0kXjy39Pp1939/73SSCDTIVchGwLHPr+JA
TzrJAelwXJHfbU3qgRemR/BNDjUwp7txV2NSziwPmajsgEEvTifEPTLFpJYL5ut9
8i4dq6LgLChbCoHnguv5NF0KcD2/nx/1gaKG5BVQorRSm6SW3JeBwhW2Hd5YzqAt
NGO7dRHA7y3sGcdYGi5DdF671QTRI08k5UQD42ILbOSAJTF/4JTA/uV94twucxLM
jKpOwtptC3O137sRWhbCXaAvMBeBUmKbALqK9Xcc4jMnxdlk8qfP+M+5DZPRKSeU
frrgZVJBuPVIO7f4g5WpyvBWukPdctlKBfiX528NVvPx
-----END CERTIFICATE-----