Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/aqd6E3npsvP_2D8RuTYpzO-h2hM.roa
File:                     aqd6E3npsvP_2D8RuTYpzO-h2hM.roa (raw, json)
Hash identifier:          ba6De9RsoAyc8VsVoXnKTONKaN8N4OktKWZD0UzGhtk=
Subject key identifier:   6A:A7:7A:13:79:E9:B2:F3:FF:D8:3F:11:B9:36:29:CC:EF:A1:DA:13
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DB523FA6B0FED0E1F41263D1FBE9B
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/aqd6E3npsvP_2D8RuTYpzO-h2hM.roa
Signing time:             Tue 02 Jan 2024 08:32:42 +0000
ROA not before:           Tue 02 Jan 2024 08:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203068
IP address blocks:        88.148.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b5:23:fa:6b:0f:ed:0e:1f:41:26:3d:1f:be:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aa77a1379e9b2f3ffd83f11b93629ccefa1da13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1f:7f:2e:3f:84:93:0a:38:49:e4:7c:82:6a:
                    80:90:32:d7:3e:9b:53:30:b7:8e:fa:84:8d:f6:05:
                    13:d6:3e:48:49:04:ab:f1:7f:fc:58:a8:54:e3:94:
                    4d:55:28:5b:d7:c5:3f:41:a3:c6:ae:ee:34:1e:f9:
                    ba:37:bb:54:32:3f:2a:9a:e0:83:af:1d:be:65:9f:
                    2a:b9:f6:26:02:5a:36:7d:26:c3:c5:c3:7f:94:3e:
                    1b:e7:5d:e7:87:40:68:be:c7:73:00:b4:4f:76:6e:
                    cb:7c:e3:a3:b2:41:41:ac:41:4a:30:08:ee:fd:d4:
                    98:b8:d2:64:e3:b7:6d:92:13:00:a6:a3:93:24:02:
                    63:1e:ce:41:79:13:15:6a:48:bb:de:17:9d:a9:b4:
                    dd:70:9b:26:af:55:c7:be:d3:11:6a:7a:f0:61:ae:
                    64:ad:d9:dd:ab:21:75:8d:49:69:d6:bc:86:9d:27:
                    d8:cb:4e:6d:d8:ad:fb:39:56:75:73:d8:c5:9b:c0:
                    38:d2:85:3d:49:27:99:21:0c:06:d6:33:64:d2:6c:
                    56:b4:a7:4e:9f:21:14:68:57:e1:4e:f9:c3:23:ee:
                    54:46:95:e0:15:6d:c3:e2:cf:eb:72:c8:9f:f0:46:
                    87:18:c3:db:11:7c:87:61:90:5f:80:61:a6:50:07:
                    2b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A7:7A:13:79:E9:B2:F3:FF:D8:3F:11:B9:36:29:CC:EF:A1:DA:13
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/aqd6E3npsvP_2D8RuTYpzO-h2hM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.148.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:d8:4a:a7:73:d9:4a:f0:57:02:fc:9a:ce:28:6e:67:01:8e:
         c9:04:a3:33:04:4e:3c:45:28:e7:8e:9a:14:c3:7d:f9:43:69:
         4e:ec:b1:78:06:a8:4d:d4:4a:d2:9b:a7:08:bc:a6:13:f4:4e:
         0c:17:f8:b7:0d:67:bd:17:0d:2c:09:28:c2:87:c1:e9:8f:66:
         b7:84:5a:cc:15:96:6d:5f:32:ab:a6:a0:bc:5e:bc:18:1d:21:
         6d:eb:8f:91:b6:bd:18:b1:fa:d0:40:42:db:d9:b2:78:76:91:
         b2:df:52:b7:b7:40:b1:43:6b:ce:1a:08:d7:57:51:09:92:76:
         54:5d:d0:c7:0a:63:48:79:9c:9b:e1:4f:95:cc:78:66:e3:44:
         ca:6d:fd:98:cd:d3:ff:06:70:f0:e7:ef:0c:28:0f:4a:54:fd:
         1f:4a:d3:7e:80:a2:3f:82:36:86:6b:9f:dc:64:4f:46:e1:62:
         21:b9:36:b3:d2:e6:21:08:74:ae:ac:e2:85:80:df:51:ad:62:
         32:7f:74:12:1f:65:36:9a:cc:2c:6c:d3:91:a0:04:1a:8c:f9:
         8d:58:69:72:0e:88:f3:0b:0c:e0:d8:8a:1e:8a:5f:08:15:0b:
         cc:c5:71:46:91:94:4e:28:8d:8c:bf:b0:83:ad:72:85:55:e0:
         04:9e:46:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbUj+msP7Q4fQSY9H76bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE3N2ExMzc5ZTliMmYzZmZkODNmMTFiOTM2MjljY2VmYTFkYTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR9/Lj+Ekwo4SeR8gmqAkDLXPptT
MLeO+oSN9gUT1j5ISQSr8X/8WKhU45RNVShb18U/QaPGru40Hvm6N7tUMj8qmuCD
rx2+ZZ8qufYmAlo2fSbDxcN/lD4b513nh0BovsdzALRPdm7LfOOjskFBrEFKMAju
/dSYuNJk47dtkhMApqOTJAJjHs5BeRMVaki73hedqbTdcJsmr1XHvtMRanrwYa5k
rdndqyF1jUlp1ryGnSfYy05t2K37OVZ1c9jFm8A40oU9SSeZIQwG1jNk0mxWtKdO
nyEUaFfhTvnDI+5URpXgFW3D4s/rcsif8EaHGMPbEXyHYZBfgGGmUAcr3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqnehN56bLz/9g/Ebk2KczvodoTMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvYXFkNkUzbnBzdlBfMkQ4UnVUWXB6Ty1oMmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJRYMA0G
CSqGSIb3DQEBCwUAA4IBAQDK2Eqnc9lK8FcC/JrOKG5nAY7JBKMzBE48RSjnjpoU
w335Q2lO7LF4BqhN1ErSm6cIvKYT9E4MF/i3DWe9Fw0sCSjCh8Hpj2a3hFrMFZZt
XzKrpqC8XrwYHSFt64+Rtr0YsfrQQELb2bJ4dpGy31K3t0CxQ2vOGgjXV1EJknZU
XdDHCmNIeZyb4U+VzHhm40TKbf2YzdP/BnDw5+8MKA9KVP0fStN+gKI/gjaGa5/c
ZE9G4WIhuTaz0uYhCHSurOKFgN9RrWIyf3QSH2U2mswsbNORoAQajPmNWGlyDojz
Cwzg2Ioeil8IFQvMxXFGkZROKI2Mv7CDrXKFVeAEnkYO
-----END CERTIFICATE-----