Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/wdWAV6bbhHJ_nsPqROCChLfZtho.roa
File:                     wdWAV6bbhHJ_nsPqROCChLfZtho.roa (raw, json)
Hash identifier:          cRptelAZTYqhkfJ/LowFdznE3/mUxnJADKTqx+TNzQg=
Subject key identifier:   C1:D5:80:57:A6:DB:84:72:7F:9E:C3:EA:44:E0:82:84:B7:D9:B6:1A
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC7949F9306CDA95F58DE463A68C489AA
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/wdWAV6bbhHJ_nsPqROCChLfZtho.roa
Signing time:             Tue 02 Jan 2024 00:30:55 +0000
ROA not before:           Tue 02 Jan 2024 00:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43877
IP address blocks:        87.99.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:9f:93:06:cd:a9:5f:58:de:46:3a:68:c4:89:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1d58057a6db84727f9ec3ea44e08284b7d9b61a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:74:8d:8d:81:5b:52:3a:e7:e8:6a:86:46:5b:
                    1b:53:6d:73:d5:36:2c:aa:f3:c0:3a:35:d2:5b:02:
                    65:13:42:83:ba:30:07:ae:fc:03:8c:b1:18:9b:65:
                    6b:cd:39:66:6e:92:ee:2e:0c:54:ae:87:70:e4:bf:
                    14:d3:07:61:78:11:1e:dc:8d:7b:e0:25:ac:d3:52:
                    50:19:41:b5:22:fc:51:99:26:13:4b:b6:d6:8c:10:
                    e7:12:be:5f:f4:48:fb:cb:a0:5d:30:c0:a8:1e:bd:
                    16:35:1f:52:4c:b9:d3:5a:2a:39:4c:43:63:36:5a:
                    7a:c1:73:ad:a2:5c:92:d0:42:85:39:91:e2:16:d1:
                    ec:ac:98:18:00:69:8c:c1:79:52:c3:36:84:dd:6f:
                    f5:a4:d8:da:e3:92:0b:0e:29:91:ec:8b:7f:88:e8:
                    5b:d3:74:46:6e:9b:ee:dd:16:26:c0:44:f7:0b:27:
                    0e:94:27:11:ba:40:02:56:65:8a:f2:54:b5:b6:96:
                    6e:ca:ba:8a:2e:ef:50:2b:ae:3c:ef:46:cd:8a:75:
                    03:b2:92:ac:b1:ce:ac:66:ef:7f:92:79:08:a1:ca:
                    fc:73:bb:4c:42:ac:e7:7a:50:5b:ef:b7:b0:13:8d:
                    a1:3a:6a:35:4d:a7:bc:b8:9d:6f:c6:5c:e0:88:f3:
                    15:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D5:80:57:A6:DB:84:72:7F:9E:C3:EA:44:E0:82:84:B7:D9:B6:1A
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/wdWAV6bbhHJ_nsPqROCChLfZtho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.99.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:24:f0:f0:29:7c:dc:ed:89:1c:dd:30:ec:54:8e:f7:80:10:
         70:a5:4c:49:ca:84:ef:b0:6c:e1:ed:7c:b8:49:3a:68:c2:f0:
         4a:a9:55:45:0e:e3:6d:d1:5d:8e:8b:f2:dd:e0:be:ce:ca:5b:
         09:af:9e:1b:c3:2f:37:a0:1c:db:b2:80:b9:b2:4b:b1:79:94:
         9e:50:cf:c7:3b:bc:61:47:61:94:60:65:94:e0:f6:12:50:e1:
         99:74:e9:9b:95:5d:e3:84:74:7c:7d:52:6a:36:a6:c3:78:e0:
         84:50:ea:ca:f6:78:83:94:f3:27:f7:f0:57:b2:7c:f8:93:c7:
         22:4d:6d:03:b1:5d:d4:cc:b0:61:59:e3:2a:c5:d6:f5:36:80:
         92:b7:65:94:e1:d7:c1:ae:93:ef:64:ad:17:2b:6c:a9:d6:cc:
         cc:ea:e5:6a:a0:7a:45:1d:a5:f8:d8:f3:a8:28:2d:0a:1c:f6:
         9e:b1:07:75:50:02:7e:cd:fc:e6:30:e0:70:0d:d6:f7:94:a6:
         52:81:af:60:46:cc:81:35:4b:f7:51:6f:e8:6b:21:a9:cc:78:
         04:29:eb:e7:45:3d:43:8e:52:02:17:ad:47:e5:83:fa:31:4b:
         10:bd:9f:54:30:ee:b4:9c:97:71:46:44:20:ac:1d:b0:a9:20:
         8d:45:3c:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlJ+TBs2pX1jeRjpoxImqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQ1ODA1N2E2ZGI4NDcyN2Y5ZWMzZWE0NGUwODI4NGI3ZDliNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXSNjYFbUjrn6GqGRlsbU21z1TYs
qvPAOjXSWwJlE0KDujAHrvwDjLEYm2VrzTlmbpLuLgxUrodw5L8U0wdheBEe3I17
4CWs01JQGUG1IvxRmSYTS7bWjBDnEr5f9Ej7y6BdMMCoHr0WNR9STLnTWio5TENj
Nlp6wXOtolyS0EKFOZHiFtHsrJgYAGmMwXlSwzaE3W/1pNja45ILDimR7It/iOhb
03RGbpvu3RYmwET3CycOlCcRukACVmWK8lS1tpZuyrqKLu9QK64870bNinUDspKs
sc6sZu9/knkIocr8c7tMQqznelBb77ewE42hOmo1Tae8uJ1vxlzgiPMV0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHVgFem24Ryf57D6kTggoS32bYaMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvd2RXQVY2YmJoSEpfbnNQcVJPQ0NoTGZadGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2NNMA0G
CSqGSIb3DQEBCwUAA4IBAQADJPDwKXzc7Ykc3TDsVI73gBBwpUxJyoTvsGzh7Xy4
STpowvBKqVVFDuNt0V2Oi/Ld4L7OylsJr54bwy83oBzbsoC5skuxeZSeUM/HO7xh
R2GUYGWU4PYSUOGZdOmblV3jhHR8fVJqNqbDeOCEUOrK9niDlPMn9/BXsnz4k8ci
TW0DsV3UzLBhWeMqxdb1NoCSt2WU4dfBrpPvZK0XK2yp1szM6uVqoHpFHaX42POo
KC0KHPaesQd1UAJ+zfzmMOBwDdb3lKZSga9gRsyBNUv3UW/oayGpzHgEKevnRT1D
jlICF61H5YP6MUsQvZ9UMO60nJdxRkQgrB2wqSCNRTz5
-----END CERTIFICATE-----