Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/ABAalErJKGhPd6Er0l5hueIg_8o.roa
File:                     ABAalErJKGhPd6Er0l5hueIg_8o.roa (raw, json)
Hash identifier:          4A6yBuvpp7uECPa0oErBAPxWDhnQtw7QqmjAatGs+JI=
Subject key identifier:   00:10:1A:94:4A:C9:28:68:4F:77:A1:2B:D2:5E:61:B9:E2:20:FF:CA
Certificate issuer:       /CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
Certificate serial:       018CC64B74E0D2BADFEE72E5EFAF2D1A3018
Authority key identifier: 88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/ABAalErJKGhPd6Er0l5hueIg_8o.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12310
IP address blocks:        195.245.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:74:e0:d2:ba:df:ee:72:e5:ef:af:2d:1a:30:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00101a944ac928684f77a12bd25e61b9e220ffca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:a3:a1:93:64:26:25:b7:46:ca:f1:58:2e:
                    65:a7:f0:cf:60:29:8a:16:b1:be:94:83:9f:1a:0f:
                    b3:36:fa:b4:e8:6b:7f:33:e6:31:db:ae:3d:f4:c6:
                    f1:4f:f7:14:ba:76:ea:60:98:d2:f7:87:01:3f:3e:
                    ed:d4:54:c3:56:ef:81:cf:19:0f:99:ab:6c:34:53:
                    01:b6:76:74:a7:c4:28:95:2c:5a:9c:29:1b:ec:ff:
                    db:76:e6:a4:a7:fd:0b:e6:6e:90:7f:19:16:3f:99:
                    9c:a0:5a:6e:5b:c1:41:ea:30:01:4c:88:9a:5f:5c:
                    2a:e7:db:82:fc:4a:9f:ba:a5:bc:db:05:22:84:a0:
                    40:c4:c3:e1:88:77:37:40:ec:aa:d7:ec:da:cc:bc:
                    bc:5d:0a:b6:d2:eb:8d:07:1c:5e:21:9b:95:56:00:
                    3e:af:e0:fb:5b:33:78:0c:c3:e4:45:9c:38:09:96:
                    87:84:f4:52:96:c8:c2:c0:9c:cd:ec:01:66:7c:fb:
                    e2:32:8c:b3:97:6b:e4:25:e7:f3:7b:8c:1c:d0:0a:
                    cc:3e:bf:5f:53:63:ee:e9:47:16:65:7f:01:27:94:
                    70:a0:03:f3:ae:47:a3:8e:23:b7:eb:30:0b:3f:88:
                    ea:d0:88:ad:5e:20:7a:55:24:41:ba:4a:d6:72:14:
                    6a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:10:1A:94:4A:C9:28:68:4F:77:A1:2B:D2:5E:61:B9:E2:20:FF:CA
            X509v3 Authority Key Identifier:
                keyid:88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/ABAalErJKGhPd6Er0l5hueIg_8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:0a:b3:4c:ad:c7:91:8d:ee:5d:d3:ba:e2:7d:d1:a3:25:4a:
         ae:16:67:4f:50:17:2e:e5:2c:2c:ca:41:1c:fb:ec:37:a9:c4:
         d9:04:70:c0:dd:ca:fe:36:3b:97:c9:7d:05:a3:d3:70:a9:93:
         97:6a:24:44:e6:48:1c:9d:fb:16:93:a3:d5:24:08:ed:d2:02:
         82:e4:0d:9f:d6:b3:16:46:da:69:b9:66:42:5e:53:d8:25:8d:
         c2:64:8d:8c:bf:43:c1:57:72:18:cb:29:dc:57:67:81:30:08:
         0d:81:31:1d:9b:43:05:18:06:47:a1:e0:1b:f5:56:4e:9f:13:
         27:6d:e5:26:6c:29:44:99:86:ba:5e:82:d1:76:1a:e1:a7:d5:
         c1:29:7c:a7:1b:9d:3c:0f:92:b2:23:8e:83:1d:d3:10:cd:0e:
         af:26:60:38:f4:f3:6c:eb:c7:89:17:d3:f8:7b:20:35:24:38:
         e5:49:96:d2:79:ad:45:7c:92:40:e8:fd:07:d4:cf:e7:1c:fe:
         c8:ac:81:e1:9d:50:5c:e4:5f:97:5c:ed:61:c8:99:08:c7:3d:
         2b:ce:98:73:e6:75:15:e6:b3:66:43:64:85:1d:d9:26:5d:31:
         d4:89:8d:15:bf:26:3c:80:4f:88:1e:e5:15:02:28:03:60:06:
         5d:e1:4f:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3Tg0rrf7nLl768tGjAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YTVhYjY2OWZhYmU3MmRlYzJlODM3ODQ3NmE3ZTkxNWMy
NGVkY2YwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEwMWE5NDRhYzkyODY4NGY3N2ExMmJkMjVlNjFiOWUyMjBmZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHmjoZNkJiW3RsrxWC5lp/DPYCmK
FrG+lIOfGg+zNvq06Gt/M+Yx26499MbxT/cUunbqYJjS94cBPz7t1FTDVu+BzxkP
matsNFMBtnZ0p8QolSxanCkb7P/bduakp/0L5m6QfxkWP5mcoFpuW8FB6jABTIia
X1wq59uC/EqfuqW82wUihKBAxMPhiHc3QOyq1+zazLy8XQq20uuNBxxeIZuVVgA+
r+D7WzN4DMPkRZw4CZaHhPRSlsjCwJzN7AFmfPviMoyzl2vkJefze4wc0ArMPr9f
U2Pu6UcWZX8BJ5RwoAPzrkejjiO36zALP4jq0IitXiB6VSRBukrWchRqpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAQGpRKyShoT3ehK9JeYbniIP/KMB8GA1UdIwQY
MBaAFIilq2afq+ct7C6DeEdqfpFcJO3PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTkt
MTVhMDIwN2Q0NjA5LzEvQUJBYWxFckpLR2hQZDZFcjBsNWh1ZUlnXzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTktMTVhMDIwN2Q0NjA5
LzEvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XcMA0G
CSqGSIb3DQEBCwUAA4IBAQBxCrNMrceRje5d07rifdGjJUquFmdPUBcu5SwsykEc
++w3qcTZBHDA3cr+NjuXyX0Fo9NwqZOXaiRE5kgcnfsWk6PVJAjt0gKC5A2f1rMW
RtppuWZCXlPYJY3CZI2Mv0PBV3IYyyncV2eBMAgNgTEdm0MFGAZHoeAb9VZOnxMn
beUmbClEmYa6XoLRdhrhp9XBKXynG508D5KyI46DHdMQzQ6vJmA49PNs68eJF9P4
eyA1JDjlSZbSea1FfJJA6P0H1M/nHP7IrIHhnVBc5F+XXO1hyJkIxz0rzphz5nUV
5rNmQ2SFHdkmXTHUiY0VvyY8gE+IHuUVAigDYAZd4U+g
-----END CERTIFICATE-----