Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Dl3dvaLoBU0sBt2WjgmaLWBH_KA.roa
File:                     Dl3dvaLoBU0sBt2WjgmaLWBH_KA.roa (raw, json)
Hash identifier:          37egjtTJkeoLNKedfofhtjeFPHPEyfRlSYtZcVE3r78=
Subject key identifier:   0E:5D:DD:BD:A2:E8:05:4D:2C:06:DD:96:8E:09:9A:2D:60:47:FC:A0
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014BBFCD5BA28CB6DED90BAE512CBF
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Dl3dvaLoBU0sBt2WjgmaLWBH_KA.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        88.216.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4b:bf:cd:5b:a2:8c:b6:de:d9:0b:ae:51:2c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e5dddbda2e8054d2c06dd968e099a2d6047fca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:13:b4:2a:a1:86:8f:65:71:95:85:b5:2a:86:
                    15:0f:91:61:bc:ce:f3:00:58:01:ab:fe:fd:ee:d1:
                    f7:18:42:a0:30:f2:2b:12:c2:2f:4e:88:58:55:c6:
                    dc:96:6e:e2:a6:c3:55:f1:da:0c:66:30:98:97:80:
                    a6:23:3a:80:2e:ad:e8:de:0a:f8:2c:c4:15:0c:1f:
                    f6:75:32:6f:04:a8:bb:2a:ce:fe:9c:89:98:72:69:
                    e4:52:40:fe:d5:7c:d1:6e:db:c8:d8:fa:a0:08:49:
                    a9:6e:88:1f:e8:0e:fc:cb:6b:ee:66:82:2a:25:23:
                    85:71:10:f0:83:d5:3c:5c:eb:d0:e6:1c:b5:0d:67:
                    e8:8a:bf:09:29:66:f0:46:46:00:36:b0:31:4f:98:
                    88:29:49:67:0c:35:fa:ee:f6:51:a1:e5:2c:f1:b1:
                    62:63:92:6f:5b:ed:86:14:40:0c:c6:ec:77:dc:93:
                    99:68:bd:61:16:6f:e9:7b:ed:20:45:42:db:5e:db:
                    ff:b3:03:4f:85:bb:bb:ed:f2:b4:8d:ed:99:14:42:
                    bd:e0:df:54:b5:13:90:4f:77:af:a5:e8:fb:72:8d:
                    77:d0:47:4b:fe:f4:8c:c2:df:47:f2:7d:19:49:98:
                    1c:c0:c9:6c:62:e2:ad:1c:f7:fc:84:fe:2f:7d:76:
                    74:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:5D:DD:BD:A2:E8:05:4D:2C:06:DD:96:8E:09:9A:2D:60:47:FC:A0
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Dl3dvaLoBU0sBt2WjgmaLWBH_KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:f7:d0:08:01:c1:81:7d:33:5a:c6:6e:82:8f:ac:f6:e5:1b:
         52:84:c9:87:c4:b0:d6:24:b8:2a:de:c4:57:b5:5e:16:ad:28:
         75:26:9c:fa:42:3b:79:f2:fb:11:c2:60:82:f9:73:f8:84:f7:
         07:14:29:68:27:f7:34:6e:2f:ce:03:18:d7:e6:e1:30:bb:5b:
         4c:1e:2d:c0:eb:46:40:eb:16:6a:06:99:1e:5f:6b:07:0f:87:
         0d:35:a1:00:d7:f1:11:8a:b2:ca:44:74:77:23:49:7d:e6:91:
         01:49:cc:af:fb:5c:ba:cf:a2:3e:d4:01:0c:65:98:6d:3a:c4:
         5d:a1:7d:d4:7d:ce:4d:30:ff:35:f7:63:86:0d:21:f8:61:ab:
         f8:3a:48:c0:ed:5a:89:2b:53:a0:67:1e:69:53:1b:f5:7a:53:
         43:c1:57:4b:86:65:d3:74:40:b9:7c:e3:0b:e1:f9:5c:11:74:
         13:e2:a9:bf:3d:59:9d:7c:aa:e4:fa:b4:a8:0c:4d:37:f1:f5:
         c3:98:b4:2e:5c:84:06:b0:69:98:73:4f:23:2a:68:63:9c:b9:
         e4:82:ae:89:f0:3f:18:db:54:7d:76:0a:35:19:3d:32:ce:32:
         63:27:96:bb:5d:fc:02:d9:61:87:af:3e:ac:b2:40:1a:6a:68:
         79:03:a1:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUu/zVuijLbe2QuuUSy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTVkZGRiZGEyZTgwNTRkMmMwNmRkOTY4ZTA5OWEyZDYwNDdmY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxO0KqGGj2VxlYW1KoYVD5FhvM7z
AFgBq/797tH3GEKgMPIrEsIvTohYVcbclm7ipsNV8doMZjCYl4CmIzqALq3o3gr4
LMQVDB/2dTJvBKi7Ks7+nImYcmnkUkD+1XzRbtvI2PqgCEmpbogf6A78y2vuZoIq
JSOFcRDwg9U8XOvQ5hy1DWfoir8JKWbwRkYANrAxT5iIKUlnDDX67vZRoeUs8bFi
Y5JvW+2GFEAMxux33JOZaL1hFm/pe+0gRULbXtv/swNPhbu77fK0je2ZFEK94N9U
tROQT3evpej7co130EdL/vSMwt9H8n0ZSZgcwMlsYuKtHPf8hP4vfXZ0yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5d3b2i6AVNLAbdlo4Jmi1gR/ygMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRGwzZHZhTG9CVTBzQnQyV2pnbWFMV0JIX0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNhgMA0G
CSqGSIb3DQEBCwUAA4IBAQAc99AIAcGBfTNaxm6Cj6z25RtShMmHxLDWJLgq3sRX
tV4WrSh1Jpz6Qjt58vsRwmCC+XP4hPcHFCloJ/c0bi/OAxjX5uEwu1tMHi3A60ZA
6xZqBpkeX2sHD4cNNaEA1/ERirLKRHR3I0l95pEBScyv+1y6z6I+1AEMZZhtOsRd
oX3Ufc5NMP8192OGDSH4Yav4OkjA7VqJK1OgZx5pUxv1elNDwVdLhmXTdEC5fOML
4flcEXQT4qm/PVmdfKrk+rSoDE038fXDmLQuXIQGsGmYc08jKmhjnLnkgq6J8D8Y
21R9dgo1GT0yzjJjJ5a7XfwC2WGHrz6sskAaamh5A6EN
-----END CERTIFICATE-----