Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EfMQ0z-NKnIs4AXyLezJVzn-SwQ.roa
File:                     EfMQ0z-NKnIs4AXyLezJVzn-SwQ.roa (raw, json)
Hash identifier:          dOlQqve8m7M3SV5S8NvZLOZVy+JDXan7Dap/V3Xu9tk=
Subject key identifier:   11:F3:10:D3:3F:8D:2A:72:2C:E0:05:F2:2D:EC:C9:57:39:FE:4B:04
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC501509259F13BC6783B3C49CF825610
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EfMQ0z-NKnIs4AXyLezJVzn-SwQ.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        88.216.91.0/24 maxlen: 24
                          88.216.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:50:92:59:f1:3b:c6:78:3b:3c:49:cf:82:56:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11f310d33f8d2a722ce005f22decc95739fe4b04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c4:da:af:c8:d3:10:8b:1b:e7:e6:da:23:6b:
                    c7:c4:9b:34:0e:68:37:c5:96:3d:08:b2:bf:6b:57:
                    c2:c5:eb:88:19:1a:bd:03:ff:3b:41:02:b6:b6:0d:
                    fc:08:34:de:9e:ee:b4:a4:f5:2a:20:fa:a7:66:72:
                    3f:c4:28:d2:1c:ff:6b:17:f7:5e:03:65:c4:b8:24:
                    07:f6:e1:7f:2f:a5:13:0c:62:da:a8:3d:f4:c9:8d:
                    00:fd:8a:97:44:0d:36:bf:62:2c:d9:97:49:e2:0e:
                    9f:c2:53:b9:a5:93:37:ce:d4:68:a6:c3:42:12:46:
                    ad:6c:00:99:98:7f:2c:06:3b:76:c1:c3:5a:3d:62:
                    d2:97:73:80:22:87:22:e7:4e:09:69:81:a3:7b:30:
                    3c:60:04:1d:e2:05:b1:92:93:e6:8d:68:36:b6:d1:
                    98:c1:61:46:44:51:8f:60:5d:5b:69:87:d6:cc:d0:
                    bc:06:e8:af:ab:f8:7e:f4:84:70:af:7a:2b:08:dc:
                    c5:03:d1:de:71:3e:0a:77:31:28:84:dc:c4:1e:23:
                    98:0b:f5:fd:e8:99:8b:a2:35:e3:d2:72:22:41:05:
                    29:1a:34:4d:68:2c:b3:a2:9d:dd:f4:f1:1c:1e:d2:
                    dc:b6:54:dd:10:ca:27:6f:91:3c:20:60:ee:71:e2:
                    d9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F3:10:D3:3F:8D:2A:72:2C:E0:05:F2:2D:EC:C9:57:39:FE:4B:04
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EfMQ0z-NKnIs4AXyLezJVzn-SwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:6d:af:1a:5c:59:5a:9c:a6:f3:fa:80:1c:7a:79:38:c0:33:
         15:9e:3d:c5:b0:48:5c:eb:23:66:11:95:61:fd:50:7f:9b:45:
         65:4b:82:34:9c:a2:39:7a:e7:01:6d:1c:57:71:c9:99:5d:00:
         a7:e6:d3:00:03:06:47:66:54:0a:a0:c1:d8:94:58:c7:b9:48:
         40:4d:90:88:6b:18:43:45:c0:ed:26:df:cb:35:f2:53:49:79:
         8e:6d:05:af:d4:77:fe:33:b1:73:1d:30:b9:02:80:16:26:3b:
         41:0d:85:97:16:a1:0f:74:3f:ec:4f:ca:7b:8e:98:43:b1:4c:
         a0:a4:fa:4e:8f:fe:a3:c1:47:32:dc:fc:4e:94:da:79:ce:29:
         e3:13:da:a4:4b:c7:8f:51:84:ae:c8:4e:e5:e2:27:93:af:db:
         4e:28:63:d8:1f:7c:d2:ab:6b:13:38:2d:3c:98:0f:ee:4d:6f:
         b0:e3:fa:94:23:58:bc:ba:98:4c:6d:08:e1:64:cb:21:48:eb:
         81:c6:98:9b:96:77:7c:f6:c4:60:3c:19:fc:c2:7d:3d:4b:d4:
         99:90:dd:39:e3:9e:f8:8c:9d:97:c2:fe:c1:5f:ed:63:f0:88:
         2b:e4:d3:ae:6a:ae:24:7b:25:c4:a3:f7:07:00:ac:93:17:39:
         ab:fa:25:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVCSWfE7xng7PEnPglYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWYzMTBkMzNmOGQyYTcyMmNlMDA1ZjIyZGVjYzk1NzM5ZmU0YjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsTar8jTEIsb5+baI2vHxJs0Dmg3
xZY9CLK/a1fCxeuIGRq9A/87QQK2tg38CDTenu60pPUqIPqnZnI/xCjSHP9rF/de
A2XEuCQH9uF/L6UTDGLaqD30yY0A/YqXRA02v2Is2ZdJ4g6fwlO5pZM3ztRopsNC
EkatbACZmH8sBjt2wcNaPWLSl3OAIoci504JaYGjezA8YAQd4gWxkpPmjWg2ttGY
wWFGRFGPYF1baYfWzNC8Buivq/h+9IRwr3orCNzFA9HecT4KdzEohNzEHiOYC/X9
6JmLojXj0nIiQQUpGjRNaCyzop3d9PEcHtLctlTdEMonb5E8IGDuceLZvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHzENM/jSpyLOAF8i3syVc5/ksEMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRWZNUTB6LU5LbklzNEFYeUxlekpWem4tU3dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNhaMA0G
CSqGSIb3DQEBCwUAA4IBAQALba8aXFlanKbz+oAcenk4wDMVnj3FsEhc6yNmEZVh
/VB/m0VlS4I0nKI5eucBbRxXccmZXQCn5tMAAwZHZlQKoMHYlFjHuUhATZCIaxhD
RcDtJt/LNfJTSXmObQWv1Hf+M7FzHTC5AoAWJjtBDYWXFqEPdD/sT8p7jphDsUyg
pPpOj/6jwUcy3PxOlNp5zinjE9qkS8ePUYSuyE7l4ieTr9tOKGPYH3zSq2sTOC08
mA/uTW+w4/qUI1i8uphMbQjhZMshSOuBxpiblnd89sRgPBn8wn09S9SZkN054574
jJ2Xwv7BX+1j8Igr5NOuaq4keyXEo/cHAKyTFzmr+iWj
-----END CERTIFICATE-----