Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/TnpJ9eMn0bJKTmGl4NUp9ujZjT8.roa
File:                     TnpJ9eMn0bJKTmGl4NUp9ujZjT8.roa (raw, json)
Hash identifier:          FNaTSGmqZMwfQNG+WMCwK3OH5M7bBdMahZOfUyJV+9s=
Subject key identifier:   4E:7A:49:F5:E3:27:D1:B2:4A:4E:61:A5:E0:D5:29:F6:E8:D9:8D:3F
Certificate issuer:       /CN=63b82772af3d611b99b1ba6e3eb6cbfd16965363
Certificate serial:       018CC6B903E33140B4C7609F9EC9DB86E408
Authority key identifier: 63:B8:27:72:AF:3D:61:1B:99:B1:BA:6E:3E:B6:CB:FD:16:96:53:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y7gncq89YRuZsbpuPrbL_RaWU2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/TnpJ9eMn0bJKTmGl4NUp9ujZjT8.roa
Signing time:             Mon 01 Jan 2024 20:31:03 +0000
ROA not before:           Mon 01 Jan 2024 20:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209716
IP address blocks:        88.218.235.0/25 maxlen: 25
                          2a0c:ad80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/Y7gncq89YRuZsbpuPrbL_RaWU2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/Y7gncq89YRuZsbpuPrbL_RaWU2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y7gncq89YRuZsbpuPrbL_RaWU2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:03:e3:31:40:b4:c7:60:9f:9e:c9:db:86:e4:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63b82772af3d611b99b1ba6e3eb6cbfd16965363
        Validity
            Not Before: Jan  1 20:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e7a49f5e327d1b24a4e61a5e0d529f6e8d98d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9c:46:24:d9:ea:72:ef:84:f1:14:d3:f5:65:
                    a6:4f:04:89:32:0d:21:23:c9:b7:3f:7d:b9:2f:2a:
                    5c:6d:45:1e:8c:28:00:12:49:00:80:48:da:a3:7a:
                    f7:b4:f2:81:b4:0c:e7:86:0c:bc:72:44:bb:72:7a:
                    6f:26:d3:e2:e9:4b:92:58:f5:50:4c:b2:0d:ba:f4:
                    5b:d8:f4:75:65:41:f9:d6:37:dc:1a:59:07:8d:a7:
                    fb:b8:c4:21:49:44:a2:5e:b7:74:06:de:53:21:4b:
                    c5:c6:24:44:28:c3:21:a8:99:7e:e4:a8:34:68:72:
                    ac:bb:86:a3:78:39:58:bb:71:fb:b8:ab:2a:cb:9d:
                    04:3f:e1:0a:e1:23:7c:cb:13:25:0e:94:32:69:fc:
                    8a:90:13:4a:6f:d3:2a:68:75:8a:e9:af:a1:f4:e2:
                    9a:58:43:da:99:23:ad:a0:f0:ff:16:5b:96:5a:8d:
                    57:70:d9:6a:4f:c4:f6:f1:8c:3e:cc:d3:55:c2:b5:
                    1c:ec:41:ce:71:08:02:14:f0:e2:87:56:66:62:66:
                    34:99:00:1f:3d:ea:a5:4d:97:fb:d4:df:3b:68:9a:
                    96:9f:c7:fc:6e:dd:22:1d:73:53:e9:58:cb:0f:76:
                    5c:ad:0f:4d:87:8b:c9:a5:ce:c6:8d:4b:e1:d5:5e:
                    e4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:7A:49:F5:E3:27:D1:B2:4A:4E:61:A5:E0:D5:29:F6:E8:D9:8D:3F
            X509v3 Authority Key Identifier:
                keyid:63:B8:27:72:AF:3D:61:1B:99:B1:BA:6E:3E:B6:CB:FD:16:96:53:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y7gncq89YRuZsbpuPrbL_RaWU2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/TnpJ9eMn0bJKTmGl4NUp9ujZjT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/Y7gncq89YRuZsbpuPrbL_RaWU2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.235.0/25
                IPv6:
                  2a0c:ad80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:3c:68:b8:95:c1:c9:d8:ff:3d:3e:00:13:12:2c:de:36:ea:
         e9:a9:f6:a8:cf:07:65:bb:c2:fe:ca:99:eb:5b:f3:45:a6:33:
         fb:8e:42:22:71:37:d4:f9:d1:39:3b:2b:3f:88:4b:1d:0e:eb:
         44:98:8e:41:d3:ab:ba:b5:0e:a8:49:22:ce:a6:d9:21:46:75:
         23:79:0a:4d:0e:73:a6:31:12:9b:31:6e:04:a5:6b:a0:39:17:
         83:51:15:f6:4b:6a:f3:3a:de:a9:35:8e:4f:49:34:94:b0:f1:
         e4:cc:29:d5:39:86:46:68:7f:2d:b7:81:1d:43:f3:98:8e:e8:
         9c:cb:ee:fe:44:3e:fe:3c:f7:4d:47:d0:6d:53:72:fb:17:3d:
         26:6e:48:8d:60:0a:97:4b:75:3e:09:ee:01:f4:89:24:e5:cd:
         50:24:13:ad:05:3e:c9:1e:24:ff:a7:41:7c:dd:45:00:41:47:
         30:f5:f6:47:b2:8a:91:f4:36:66:82:df:77:f0:6f:a4:8c:77:
         49:5a:8b:9f:19:ca:7f:63:d9:ea:ac:76:03:74:92:82:08:0f:
         7f:ee:cc:56:27:18:1d:c5:b6:e2:0c:24:3e:be:ca:77:b3:04:
         1c:2a:4e:d9:a7:12:6b:eb:f4:6d:2d:e8:63:73:70:1a:69:ee:
         6d:e6:8b:22
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGuQPjMUC0x2CfnsnbhuQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYjgyNzcyYWYzZDYxMWI5OWIxYmE2ZTNlYjZjYmZkMTY5
NjUzNjMwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTdhNDlmNWUzMjdkMWIyNGE0ZTYxYTVlMGQ1MjlmNmU4ZDk4ZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJxGJNnqcu+E8RTT9WWmTwSJMg0h
I8m3P325LypcbUUejCgAEkkAgEjao3r3tPKBtAznhgy8ckS7cnpvJtPi6UuSWPVQ
TLINuvRb2PR1ZUH51jfcGlkHjaf7uMQhSUSiXrd0Bt5TIUvFxiREKMMhqJl+5Kg0
aHKsu4ajeDlYu3H7uKsqy50EP+EK4SN8yxMlDpQyafyKkBNKb9MqaHWK6a+h9OKa
WEPamSOtoPD/FluWWo1XcNlqT8T28Yw+zNNVwrUc7EHOcQgCFPDih1ZmYmY0mQAf
PeqlTZf71N87aJqWn8f8bt0iHXNT6VjLD3ZcrQ9Nh4vJpc7GjUvh1V7kAQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFE56SfXjJ9GySk5hpeDVKfbo2Y0/MB8GA1UdIwQY
MBaAFGO4J3KvPWEbmbG6bj62y/0WllNjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTdnbmNxODlZUnVac2JwdVByYkxfUmFXVTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9jYjBkOTEtODI3MC00NTUwLThmYWMt
MGNlMjAzOGFhYTdiLzEvVG5wSjllTW4wYkpLVG1HbDROVXA5dWpaalQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9jYjBkOTEtODI3MC00NTUwLThmYWMtMGNlMjAzOGFhYTdi
LzEvWTdnbmNxODlZUnVac2JwdVByYkxfUmFXVTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjANBAIAATAHAwUHWNrrADAN
BAIAAjAHAwUDKgytgDANBgkqhkiG9w0BAQsFAAOCAQEAPTxouJXBydj/PT4AExIs
3jbq6an2qM8HZbvC/sqZ61vzRaYz+45CInE31PnROTsrP4hLHQ7rRJiOQdOrurUO
qEkizqbZIUZ1I3kKTQ5zpjESmzFuBKVroDkXg1EV9ktq8zreqTWOT0k0lLDx5Mwp
1TmGRmh/LbeBHUPzmI7onMvu/kQ+/jz3TUfQbVNy+xc9Jm5IjWAKl0t1PgnuAfSJ
JOXNUCQTrQU+yR4k/6dBfN1FAEFHMPX2R7KKkfQ2ZoLfd/BvpIx3SVqLnxnKf2PZ
6qx2A3SSgggPf+7MVicYHcW24gwkPr7Kd7MEHCpO2acSa+v0bS3oY3NwGmnubeaL
Ig==
-----END CERTIFICATE-----