Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TjdNZ4FwdJ-vmUZ-grXR-ESSvww.roa
File:                     TjdNZ4FwdJ-vmUZ-grXR-ESSvww.roa (raw, json)
Hash identifier:          AwSWVlculUYDm9vHl7tJJNV97v8ZBzJfXUTEGIxfSjs=
Subject key identifier:   4E:37:4D:67:81:70:74:9F:AF:99:46:7E:82:B5:D1:F8:44:92:BF:0C
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DB7AB991D4169B7287E4A99F94E28
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TjdNZ4FwdJ-vmUZ-grXR-ESSvww.roa
Signing time:             Tue 02 Jan 2024 08:32:42 +0000
ROA not before:           Tue 02 Jan 2024 08:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209281
IP address blocks:        88.148.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b7:ab:99:1d:41:69:b7:28:7e:4a:99:f9:4e:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e374d678170749faf99467e82b5d1f84492bf0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:84:28:77:f4:85:97:68:54:e8:b5:3f:12:ec:
                    02:81:a1:8e:77:1c:99:4d:32:53:ee:24:6f:9b:ab:
                    90:c7:b7:77:39:59:0e:48:44:58:2e:10:21:e0:8e:
                    cc:6b:1c:44:a3:ea:21:12:59:63:9f:5a:d4:24:f2:
                    2d:41:dc:0e:f9:00:8e:78:d4:bb:24:01:3f:f2:67:
                    41:31:ab:81:50:cb:e3:84:f7:e5:48:17:39:3e:f6:
                    e1:a0:2e:4a:90:dd:6c:0e:59:68:0e:fb:76:03:e5:
                    c6:ac:96:99:67:d1:f5:24:bf:e6:72:71:15:d1:0e:
                    63:52:34:c6:70:dd:6d:ba:6f:64:d2:9a:84:7d:4e:
                    a5:a6:0d:14:cc:ef:a9:09:ad:1f:50:6f:b3:fa:25:
                    76:12:13:f1:94:ef:b1:c4:96:99:b7:83:8c:f3:86:
                    29:2f:00:36:7c:43:78:86:74:f1:9f:4a:be:5c:0d:
                    94:63:56:6c:bf:ac:47:2a:30:7f:9d:97:35:60:37:
                    c1:5f:b9:9c:90:f8:4a:2e:99:38:22:ed:10:03:dd:
                    d5:0f:68:5c:d8:cb:03:f3:c7:4c:bc:5a:21:a3:b2:
                    bf:41:d7:16:d3:fb:30:d9:77:db:72:37:3a:22:1b:
                    0b:2b:2c:83:32:72:71:7b:70:b7:c1:0a:5a:f2:ed:
                    ec:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:37:4D:67:81:70:74:9F:AF:99:46:7E:82:B5:D1:F8:44:92:BF:0C
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TjdNZ4FwdJ-vmUZ-grXR-ESSvww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.148.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:3d:66:c4:2a:1b:c4:9a:90:1e:3f:40:57:9c:e4:be:0d:a6:
         06:5b:9e:e8:e7:bd:ff:aa:1e:03:3a:d4:9a:4b:33:86:3b:fb:
         ba:50:67:18:d7:92:67:c0:4b:c6:ec:f9:16:e7:04:fd:41:8c:
         0e:03:a2:b5:d3:8e:0f:85:88:dd:77:89:6b:bd:12:7f:2a:c6:
         df:ab:2b:bf:8d:0c:f4:63:97:6d:01:6c:68:00:a6:ad:a3:8f:
         fd:85:74:1a:76:77:3e:11:c7:1a:38:3a:1e:5e:a7:70:40:70:
         e7:31:06:c7:eb:aa:7f:23:32:8a:ac:9e:b0:a2:80:10:37:45:
         e4:e0:6f:41:a7:2f:42:bc:f0:e8:e7:47:dd:3f:88:87:27:79:
         11:e9:4c:d9:57:de:75:03:82:79:73:36:60:eb:bf:b2:26:47:
         2f:df:59:e7:61:b4:61:eb:ca:00:dd:dc:7b:b3:b5:36:49:6b:
         13:6e:7b:27:34:19:50:38:9a:c4:a0:f6:1b:d9:02:6c:f2:fe:
         e7:b1:3f:a9:8f:3f:87:04:2e:74:6b:76:51:e6:8c:73:4f:ee:
         e5:fe:26:02:18:8d:f1:cf:33:45:98:4f:41:d1:cd:44:7e:6a:
         ce:6b:fb:0b:d5:69:5e:97:4b:47:e5:4e:ef:ec:ef:c9:75:03:
         5c:cc:c6:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbermR1BabcofkqZ+U4oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTM3NGQ2NzgxNzA3NDlmYWY5OTQ2N2U4MmI1ZDFmODQ0OTJiZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4Qod/SFl2hU6LU/EuwCgaGOdxyZ
TTJT7iRvm6uQx7d3OVkOSERYLhAh4I7MaxxEo+ohElljn1rUJPItQdwO+QCOeNS7
JAE/8mdBMauBUMvjhPflSBc5PvbhoC5KkN1sDlloDvt2A+XGrJaZZ9H1JL/mcnEV
0Q5jUjTGcN1tum9k0pqEfU6lpg0UzO+pCa0fUG+z+iV2EhPxlO+xxJaZt4OM84Yp
LwA2fEN4hnTxn0q+XA2UY1Zsv6xHKjB/nZc1YDfBX7mckPhKLpk4Iu0QA93VD2hc
2MsD88dMvFoho7K/QdcW0/sw2Xfbcjc6IhsLKyyDMnJxe3C3wQpa8u3sWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE43TWeBcHSfr5lGfoK10fhEkr8MMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvVGpkTlo0RndkSi12bVVaLWdyWFItRVNTdnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJQxMA0G
CSqGSIb3DQEBCwUAA4IBAQA8PWbEKhvEmpAeP0BXnOS+DaYGW57o573/qh4DOtSa
SzOGO/u6UGcY15JnwEvG7PkW5wT9QYwOA6K1044PhYjdd4lrvRJ/Ksbfqyu/jQz0
Y5dtAWxoAKato4/9hXQadnc+EccaODoeXqdwQHDnMQbH66p/IzKKrJ6wooAQN0Xk
4G9Bpy9CvPDo50fdP4iHJ3kR6UzZV951A4J5czZg67+yJkcv31nnYbRh68oA3dx7
s7U2SWsTbnsnNBlQOJrEoPYb2QJs8v7nsT+pjz+HBC50a3ZR5oxzT+7l/iYCGI3x
zzNFmE9B0c1EfmrOa/sL1Wlel0tH5U7v7O/JdQNczMZY
-----END CERTIFICATE-----