Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/PpCVg2F7rO-GprK_VNloJwfrRJI.roa
File:                     PpCVg2F7rO-GprK_VNloJwfrRJI.roa (raw, json)
Hash identifier:          pYDJk0oiW8q4FX7KtHPgRfeehRSDC6q3pV4NiQvYf4c=
Subject key identifier:   3E:90:95:83:61:7B:AC:EF:86:A6:B2:BF:54:D9:68:27:07:EB:44:92
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       018F7C4E425D085198D51AD2119F564B3A7F
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/PpCVg2F7rO-GprK_VNloJwfrRJI.roa
Signing time:             Wed 15 May 2024 12:50:54 +0000
ROA not before:           Wed 15 May 2024 12:50:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        88.151.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:4e:42:5d:08:51:98:d5:1a:d2:11:9f:56:4b:3a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: May 15 12:50:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e909583617bacef86a6b2bf54d9682707eb4492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d2:5b:02:79:18:1d:af:0d:af:23:d4:34:64:
                    b2:29:f4:ad:35:4a:6b:0a:af:2a:74:2f:00:87:f8:
                    cf:b0:bc:b2:1c:3f:61:df:4f:0e:96:d6:64:1e:13:
                    54:45:65:db:98:d2:1e:5d:06:db:d0:cc:6e:ae:79:
                    07:61:d7:e2:be:11:b5:23:12:5d:68:85:f3:4f:a9:
                    a8:5d:7e:0f:ca:0a:9b:0f:c2:30:72:b2:98:b4:ef:
                    f4:76:b3:d5:f9:ff:c3:1d:ee:06:04:90:dc:16:a6:
                    75:23:89:df:2b:5e:de:0b:b8:5d:14:b2:8e:e1:11:
                    30:9c:c4:75:71:8b:43:72:02:00:a9:53:4c:32:a8:
                    9b:56:bc:2d:c0:e8:d5:d7:e4:eb:0d:cb:38:2e:9b:
                    e7:c9:4d:6a:e4:1c:2a:22:44:22:57:9c:b5:96:a6:
                    fb:d1:1c:6d:38:63:0e:5c:40:ab:54:fe:8d:b4:8c:
                    b0:c2:90:7b:73:ed:7c:05:ef:ff:81:6d:2c:57:55:
                    96:b3:33:97:ce:15:3f:f3:eb:c5:66:b4:4e:97:e0:
                    49:96:7a:51:2a:45:e5:cb:10:2d:ea:f2:ad:46:20:
                    61:b2:4f:f1:01:03:f4:7f:28:25:4a:19:be:36:bb:
                    f8:8d:c4:f5:63:06:c5:12:ea:7c:d7:b9:68:32:23:
                    b2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:90:95:83:61:7B:AC:EF:86:A6:B2:BF:54:D9:68:27:07:EB:44:92
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/PpCVg2F7rO-GprK_VNloJwfrRJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e9:a7:fd:73:2e:b0:ee:af:b4:3a:6a:f8:c6:ec:76:5e:73:
         4b:db:00:9a:88:36:46:97:b3:2c:4a:26:30:00:75:60:90:08:
         9f:89:ae:d3:14:63:93:3c:f2:dc:82:06:d2:81:5c:27:c6:58:
         b6:ef:7a:9e:c7:06:66:e7:09:37:31:a7:c4:d3:bc:02:5b:b4:
         4c:1f:8d:96:f1:ac:7c:26:e8:53:3d:ab:ca:83:22:ab:a8:d5:
         f8:ed:06:44:0b:56:6c:a0:0d:b2:ef:b2:76:d2:3c:5a:92:26:
         5e:f5:e4:86:90:58:a9:a7:0f:92:6f:d5:c2:84:33:fd:d2:b6:
         8a:7d:00:af:4b:e5:cf:a8:24:f4:ce:d3:c5:27:8e:93:34:66:
         a0:27:94:64:9d:19:2d:8c:56:48:f9:b4:65:a4:68:e7:7e:29:
         bf:a3:14:a7:49:ab:6c:83:72:91:12:30:62:00:2c:0c:e9:d0:
         62:ab:03:15:83:ef:3c:c8:32:44:18:3c:bf:0e:af:83:7e:38:
         30:bf:57:e1:4b:f8:80:8a:3f:07:3f:73:d7:45:f0:e2:21:f2:
         77:36:21:01:82:7d:fd:b4:a7:9a:08:e5:1e:71:de:2d:25:cf:
         4d:2c:7e:69:c5:83:01:f8:63:99:4a:08:75:f4:cb:f6:56:dc:
         60:7b:73:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY98TkJdCFGY1RrSEZ9WSzp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwNTE1MTI1MDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTkwOTU4MzYxN2JhY2VmODZhNmIyYmY1NGQ5NjgyNzA3ZWI0NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9JbAnkYHa8NryPUNGSyKfStNUpr
Cq8qdC8Ah/jPsLyyHD9h308OltZkHhNURWXbmNIeXQbb0MxurnkHYdfivhG1IxJd
aIXzT6moXX4PygqbD8IwcrKYtO/0drPV+f/DHe4GBJDcFqZ1I4nfK17eC7hdFLKO
4REwnMR1cYtDcgIAqVNMMqibVrwtwOjV1+TrDcs4LpvnyU1q5BwqIkQiV5y1lqb7
0RxtOGMOXECrVP6NtIywwpB7c+18Be//gW0sV1WWszOXzhU/8+vFZrROl+BJlnpR
KkXlyxAt6vKtRiBhsk/xAQP0fyglShm+Nrv4jcT1YwbFEup817loMiOyEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6QlYNhe6zvhqayv1TZaCcH60SSMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvUHBDVmcyRjdyTy1HcHJLX1ZObG9Kd2ZyUkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJdwMA0G
CSqGSIb3DQEBCwUAA4IBAQBV6af9cy6w7q+0Omr4xux2XnNL2wCaiDZGl7MsSiYw
AHVgkAifia7TFGOTPPLcggbSgVwnxli273qexwZm5wk3MafE07wCW7RMH42W8ax8
JuhTPavKgyKrqNX47QZEC1ZsoA2y77J20jxakiZe9eSGkFippw+Sb9XChDP90raK
fQCvS+XPqCT0ztPFJ46TNGagJ5RknRktjFZI+bRlpGjnfim/oxSnSatsg3KREjBi
ACwM6dBiqwMVg+88yDJEGDy/Dq+Dfjgwv1fhS/iAij8HP3PXRfDiIfJ3NiEBgn39
tKeaCOUecd4tJc9NLH5pxYMB+GOZSgh19Mv2Vtxge3Nx
-----END CERTIFICATE-----