Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/3F2EpJwdQvjwarN9Wvw7iBoaU0Q.roa
File:                     3F2EpJwdQvjwarN9Wvw7iBoaU0Q.roa (raw, json)
Hash identifier:          U3aPBDKXmzfBdZJW/a6bF1Nc4RvC7TSHWtjmiG+ctnU=
Subject key identifier:   DC:5D:84:A4:9C:1D:42:F8:F0:6A:B3:7D:5A:FC:3B:88:1A:1A:53:44
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC50150BBD67038EDDEF61CFE58EFC7F3
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/3F2EpJwdQvjwarN9Wvw7iBoaU0Q.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400175
IP address blocks:        88.216.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:50:bb:d6:70:38:ed:de:f6:1c:fe:58:ef:c7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc5d84a49c1d42f8f06ab37d5afc3b881a1a5344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:dd:09:f2:9c:bc:9a:9a:f7:f8:0c:11:b8:59:
                    28:b9:69:c7:c9:b2:fe:ce:0a:e9:fe:12:d8:58:53:
                    98:d4:64:62:d5:d2:44:60:5e:15:02:64:5b:03:c4:
                    7d:3d:ed:73:01:f3:79:1e:6d:2c:f7:a3:11:21:b5:
                    f4:68:95:a3:fa:92:8b:b3:09:02:f1:a6:19:46:a5:
                    ee:67:88:87:ac:64:bd:b0:c8:84:ce:3a:bd:e6:62:
                    d0:57:13:cd:04:78:cd:5c:73:cc:ae:28:33:70:0e:
                    a7:37:98:b1:ce:a8:56:31:bd:be:c1:e0:7f:8d:72:
                    e4:47:e0:c2:0f:61:31:44:e3:36:6e:cd:7b:c7:87:
                    47:0b:17:40:b2:e0:49:29:ca:b2:05:73:fa:91:2a:
                    1c:1a:4b:b1:8a:9d:a5:58:54:84:23:7b:97:03:db:
                    07:24:43:2b:28:d2:cf:e6:44:10:07:b9:f6:fb:b7:
                    fc:ce:2d:77:5b:62:f5:6b:ca:8e:98:39:f2:bf:b6:
                    06:a4:a8:9f:46:52:4e:54:b8:c0:dc:98:6e:d7:99:
                    ab:26:44:72:f1:c3:67:5e:6e:f8:e3:7f:bd:50:62:
                    39:04:6a:6c:e0:85:4d:09:40:86:47:c7:b9:5b:5e:
                    93:bc:f7:4f:30:3c:46:a8:89:0f:81:29:33:6a:b3:
                    62:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:5D:84:A4:9C:1D:42:F8:F0:6A:B3:7D:5A:FC:3B:88:1A:1A:53:44
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/3F2EpJwdQvjwarN9Wvw7iBoaU0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:0a:71:eb:8c:23:37:12:91:c3:27:79:72:1d:30:ff:3a:90:
         fa:71:2c:1a:a6:37:9d:7a:66:c8:b7:0a:75:ff:5e:e2:88:8b:
         b7:06:f7:f1:97:35:50:ca:49:2e:bc:d0:28:fc:78:df:28:66:
         29:10:e9:9e:46:e9:ff:5e:20:b7:a4:24:a9:46:55:75:f3:9b:
         c5:ed:2f:59:7f:a8:1c:33:d8:c0:b8:f0:26:48:7a:a1:46:0a:
         59:5f:42:4f:87:33:03:8a:14:80:ac:31:c4:95:2a:70:9a:47:
         e9:3a:4b:54:09:09:eb:1f:bb:a5:1b:3f:b0:0f:1c:69:bd:56:
         ae:38:fc:a0:5c:1f:25:b7:14:61:09:23:81:86:5e:d9:4f:7a:
         af:ca:0b:43:11:b9:b0:9d:d7:32:e0:13:62:df:ae:87:4a:f7:
         20:7e:3d:38:d0:1c:25:36:fc:b7:dd:76:34:e2:83:18:fc:88:
         43:da:76:46:c6:27:3a:98:ef:87:a6:9d:1a:41:2b:b6:20:8a:
         a6:22:e0:84:34:21:f2:95:32:dd:e0:e3:13:3e:cf:8a:99:b3:
         a0:cd:c8:fe:c7:89:b5:99:7e:fa:1d:5d:cf:29:5a:92:55:c7:
         18:a9:c5:8f:a7:ab:01:21:93:cc:d7:ad:e4:f0:75:69:f9:57:
         d3:c8:d2:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVC71nA47d72HP5Y78fzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzVkODRhNDljMWQ0MmY4ZjA2YWIzN2Q1YWZjM2I4ODFhMWE1MzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd0J8py8mpr3+AwRuFkouWnHybL+
zgrp/hLYWFOY1GRi1dJEYF4VAmRbA8R9Pe1zAfN5Hm0s96MRIbX0aJWj+pKLswkC
8aYZRqXuZ4iHrGS9sMiEzjq95mLQVxPNBHjNXHPMrigzcA6nN5ixzqhWMb2+weB/
jXLkR+DCD2ExROM2bs17x4dHCxdAsuBJKcqyBXP6kSocGkuxip2lWFSEI3uXA9sH
JEMrKNLP5kQQB7n2+7f8zi13W2L1a8qOmDnyv7YGpKifRlJOVLjA3Jhu15mrJkRy
8cNnXm7443+9UGI5BGps4IVNCUCGR8e5W16TvPdPMDxGqIkPgSkzarNi6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxdhKScHUL48GqzfVr8O4gaGlNEMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvM0YyRXBKd2RRdmp3YXJOOVd2dzdpQm9hVTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNgCMA0G
CSqGSIb3DQEBCwUAA4IBAQBqCnHrjCM3EpHDJ3lyHTD/OpD6cSwapjedembItwp1
/17iiIu3BvfxlzVQykkuvNAo/HjfKGYpEOmeRun/XiC3pCSpRlV185vF7S9Zf6gc
M9jAuPAmSHqhRgpZX0JPhzMDihSArDHElSpwmkfpOktUCQnrH7ulGz+wDxxpvVau
OPygXB8ltxRhCSOBhl7ZT3qvygtDEbmwndcy4BNi366HSvcgfj040BwlNvy33XY0
4oMY/IhD2nZGxic6mO+Hpp0aQSu2IIqmIuCENCHylTLd4OMTPs+KmbOgzcj+x4m1
mX76HV3PKVqSVccYqcWPp6sBIZPM163k8HVp+VfTyNJD
-----END CERTIFICATE-----