Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/V1tMmdzah-_uOvzPSHjAfOUHHkg.roa
File:                     V1tMmdzah-_uOvzPSHjAfOUHHkg.roa (raw, json)
Hash identifier:          nT6H6NesBpCv1QrpokozTU99Zdsr6bkxXnSGh/q+DJ0=
Subject key identifier:   57:5B:4C:99:DC:DA:87:EF:EE:3A:FC:CF:48:78:C0:7C:E5:07:1E:48
Certificate issuer:       /CN=88ed0c0901c69e5c5d8f51a675d055982f91d2a7
Certificate serial:       018CCA9992E7BEF7680F94AFA6EE3E073AB2
Authority key identifier: 88:ED:0C:09:01:C6:9E:5C:5D:8F:51:A6:75:D0:55:98:2F:91:D2:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iO0MCQHGnlxdj1GmddBVmC-R0qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/V1tMmdzah-_uOvzPSHjAfOUHHkg.roa
Signing time:             Tue 02 Jan 2024 14:35:11 +0000
ROA not before:           Tue 02 Jan 2024 14:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.151.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/iO0MCQHGnlxdj1GmddBVmC-R0qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/iO0MCQHGnlxdj1GmddBVmC-R0qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iO0MCQHGnlxdj1GmddBVmC-R0qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:92:e7:be:f7:68:0f:94:af:a6:ee:3e:07:3a:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ed0c0901c69e5c5d8f51a675d055982f91d2a7
        Validity
            Not Before: Jan  2 14:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=575b4c99dcda87efee3afccf4878c07ce5071e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:45:e8:9b:48:7a:db:7a:af:89:ba:f4:7b:17:
                    fd:dd:6d:42:e7:a0:c6:1c:34:07:e6:cb:dc:e4:08:
                    a8:e1:9c:98:89:dd:75:d3:ee:d1:e6:2d:6c:19:45:
                    82:ba:c3:9d:4e:8f:48:da:b5:21:f3:d4:8f:fc:5d:
                    f7:73:72:92:96:62:c4:34:99:d4:8c:2d:7a:9a:90:
                    65:c7:7c:b8:b5:43:7d:82:e5:81:b7:ad:b4:60:3f:
                    e7:08:d7:80:56:67:e6:d4:d8:d5:78:a1:f5:88:48:
                    33:3b:35:d1:df:73:ef:4a:21:57:2a:0d:f7:46:c7:
                    ff:49:c8:4f:1a:c1:cd:c0:5b:44:b0:ce:cf:04:b6:
                    63:6e:23:5a:12:2c:50:d3:1a:61:71:b9:77:5f:ca:
                    04:ac:69:3e:f5:43:8b:77:51:ee:ec:47:50:52:b1:
                    44:12:89:a0:62:13:bf:43:93:3b:f1:4d:1f:e2:ac:
                    be:53:9a:31:35:74:a8:0a:a2:4e:a7:cc:25:7f:c0:
                    2f:99:db:37:ce:9d:67:c1:47:45:d4:48:7b:48:ce:
                    9d:dd:31:ca:86:ec:46:e2:64:29:2b:79:b5:29:ee:
                    b3:00:96:68:fd:26:c7:46:d5:06:f7:c5:24:71:0e:
                    09:38:55:02:f6:f1:df:e7:5c:29:a6:28:76:00:59:
                    20:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5B:4C:99:DC:DA:87:EF:EE:3A:FC:CF:48:78:C0:7C:E5:07:1E:48
            X509v3 Authority Key Identifier:
                keyid:88:ED:0C:09:01:C6:9E:5C:5D:8F:51:A6:75:D0:55:98:2F:91:D2:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iO0MCQHGnlxdj1GmddBVmC-R0qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/V1tMmdzah-_uOvzPSHjAfOUHHkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/iO0MCQHGnlxdj1GmddBVmC-R0qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:52:6b:14:7e:8f:48:c8:1a:38:11:b1:95:7d:90:74:c0:07:
         1a:88:cf:71:2a:9d:3d:97:3c:b3:c4:b0:55:90:cf:29:a7:53:
         20:8f:77:bd:9a:ba:2d:d5:17:54:a6:dc:ef:0a:c3:40:b8:39:
         c7:74:85:a3:e0:19:ec:66:fe:2f:4f:c2:86:5a:05:e0:7e:7e:
         4e:1f:6c:dc:5d:55:18:05:33:ab:ac:1b:d6:ed:76:42:4c:58:
         c6:49:03:84:11:06:26:87:4f:e5:0f:fb:c4:00:89:7c:c0:96:
         86:d2:ee:77:71:c0:a3:b1:9b:b4:a6:1c:5c:2f:b1:50:aa:f7:
         2e:86:6c:35:13:cf:16:7f:d2:48:93:e9:87:a7:73:87:e4:20:
         f5:9a:e3:59:e7:13:3a:b0:35:6d:55:66:83:90:e0:69:2d:d2:
         67:13:ff:85:41:8c:5e:d7:71:bd:ef:39:25:d4:f7:ab:ac:c6:
         72:cc:90:42:62:6d:58:25:1f:2c:1c:35:f3:b4:fa:6c:18:9c:
         19:56:0e:e3:56:3a:64:e1:4f:31:17:9e:03:b4:32:a8:d9:e4:
         9d:25:e2:22:7e:c6:67:07:05:c9:6a:44:8d:55:e1:95:1f:44:
         72:f3:3c:d9:47:e0:c7:c0:01:f3:70:1b:f2:ba:61:79:13:59:
         70:0a:f0:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmZLnvvdoD5Svpu4+BzqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZWQwYzA5MDFjNjllNWM1ZDhmNTFhNjc1ZDA1NTk4MmY5
MWQyYTcwHhcNMjQwMTAyMTQzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzViNGM5OWRjZGE4N2VmZWUzYWZjY2Y0ODc4YzA3Y2U1MDcxZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEXom0h623qvibr0exf93W1C56DG
HDQH5svc5Aio4ZyYid110+7R5i1sGUWCusOdTo9I2rUh89SP/F33c3KSlmLENJnU
jC16mpBlx3y4tUN9guWBt620YD/nCNeAVmfm1NjVeKH1iEgzOzXR33PvSiFXKg33
Rsf/SchPGsHNwFtEsM7PBLZjbiNaEixQ0xphcbl3X8oErGk+9UOLd1Hu7EdQUrFE
EomgYhO/Q5M78U0f4qy+U5oxNXSoCqJOp8wlf8Avmds3zp1nwUdF1Eh7SM6d3THK
huxG4mQpK3m1Ke6zAJZo/SbHRtUG98UkcQ4JOFUC9vHf51wppih2AFkg5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdbTJnc2ofv7jr8z0h4wHzlBx5IMB8GA1UdIwQY
MBaAFIjtDAkBxp5cXY9RpnXQVZgvkdKnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU8wTUNRSEdubHhkajFHbWRkQlZtQy1SMHFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8wOTg1ODMtMzZjZS00NjkyLTlkYzMt
OWQ5ODhhNjAwNzU3LzEvVjF0TW1kemFoLV91T3Z6UFNIakFmT1VISGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8wOTg1ODMtMzZjZS00NjkyLTlkYzMtOWQ5ODhhNjAwNzU3
LzEvaU8wTUNRSEdubHhkajFHbWRkQlZtQy1SMHFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZdcMA0G
CSqGSIb3DQEBCwUAA4IBAQAyUmsUfo9IyBo4EbGVfZB0wAcaiM9xKp09lzyzxLBV
kM8pp1Mgj3e9mrot1RdUptzvCsNAuDnHdIWj4BnsZv4vT8KGWgXgfn5OH2zcXVUY
BTOrrBvW7XZCTFjGSQOEEQYmh0/lD/vEAIl8wJaG0u53ccCjsZu0phxcL7FQqvcu
hmw1E88Wf9JIk+mHp3OH5CD1muNZ5xM6sDVtVWaDkOBpLdJnE/+FQYxe13G97zkl
1PerrMZyzJBCYm1YJR8sHDXztPpsGJwZVg7jVjpk4U8xF54DtDKo2eSdJeIifsZn
BwXJakSNVeGVH0Ry8zzZR+DHwAHzcBvyumF5E1lwCvAw
-----END CERTIFICATE-----