Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/GGePPxtulpZdp4lm-Wnx_FrJmIQ.roa
File:                     GGePPxtulpZdp4lm-Wnx_FrJmIQ.roa (raw, json)
Hash identifier:          zewYB1Wo050yjukIKYdUSc5i7P9n3RPBocEmK01W7JE=
Subject key identifier:   18:67:8F:3F:1B:6E:96:96:5D:A7:89:66:F9:69:F1:FC:5A:C9:98:84
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01910DF376C672800202CE37C842AD143F30
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/GGePPxtulpZdp4lm-Wnx_FrJmIQ.roa
Signing time:             Thu 01 Aug 2024 12:39:04 +0000
ROA not before:           Thu 01 Aug 2024 12:39:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        88.216.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0d:f3:76:c6:72:80:02:02:ce:37:c8:42:ad:14:3f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Aug  1 12:39:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18678f3f1b6e96965da78966f969f1fc5ac99884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:dc:fe:be:d9:97:ee:6e:49:aa:2a:f0:3c:39:
                    06:69:9d:1f:ae:90:fe:91:56:a8:de:ea:1d:31:51:
                    ec:5f:0c:89:22:22:79:dd:b5:09:e5:7a:fe:e0:e4:
                    3e:00:48:f8:13:63:c4:1d:b0:fc:a8:9f:6c:d4:40:
                    ed:b6:5d:75:20:9f:06:d3:74:5c:6c:89:1f:ad:9c:
                    76:e1:a7:28:54:93:e2:b8:80:a3:84:01:1e:6b:ce:
                    1f:3a:9d:b8:e5:dc:bd:92:01:46:46:46:f4:81:56:
                    b2:2d:12:f4:aa:bb:08:f1:6f:e4:dc:5e:92:88:d3:
                    12:02:66:85:c2:31:85:3d:5f:41:82:19:b8:9e:8c:
                    8e:c8:67:74:1d:2a:1b:89:b2:a7:6f:4d:17:af:6c:
                    99:3d:de:d9:d1:cd:90:ea:62:8e:84:09:d5:0b:ab:
                    be:f8:d9:41:ee:f7:aa:d3:18:71:57:e6:14:d6:80:
                    90:b5:fd:20:19:b6:73:e9:21:09:cb:db:e2:f9:ac:
                    a0:fd:2f:aa:28:65:e7:d7:ae:7c:a1:70:15:a9:d7:
                    9f:36:e2:df:ec:1d:28:5f:36:f7:15:1d:30:83:6e:
                    ea:63:8f:ba:0e:6f:0e:9b:1a:05:5f:c0:01:ec:f0:
                    54:4d:0e:19:8f:8e:40:e4:52:60:b9:5f:69:2d:86:
                    c5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:67:8F:3F:1B:6E:96:96:5D:A7:89:66:F9:69:F1:FC:5A:C9:98:84
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/GGePPxtulpZdp4lm-Wnx_FrJmIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4b:d0:b0:6f:95:9f:a0:9e:e9:3d:da:19:0e:07:ee:37:e5:
         70:b8:24:68:77:b1:6e:66:84:18:ba:db:65:f4:c2:46:02:86:
         c7:bc:d6:09:0e:98:ea:a6:12:2c:a1:21:34:9f:ae:e4:4a:10:
         b4:09:b1:45:e6:47:f3:af:b0:6a:7d:c0:eb:7e:00:1b:e0:58:
         a4:a2:cc:9d:73:f7:2b:ff:5f:4c:78:0f:49:f6:87:04:6c:03:
         8a:68:bb:c4:4c:ed:f8:25:57:4b:84:c7:0f:36:22:ee:c3:d6:
         b4:8f:61:b9:1e:ed:4f:d7:0a:31:b8:2d:99:fb:87:67:42:2a:
         46:62:8f:09:ab:fe:7d:de:6e:31:b9:68:f2:b3:ea:ef:76:0e:
         9e:74:ed:cd:38:14:a2:5d:f9:14:2c:43:a7:1d:1f:e9:00:21:
         32:90:b1:ac:35:1c:27:7c:5e:b0:51:ed:1d:41:b6:f9:34:96:
         ce:34:46:01:e1:79:41:22:b6:56:82:e8:3c:23:ba:95:f4:47:
         54:4f:c7:20:c9:cf:cc:09:a8:17:99:1a:c4:a4:5c:09:db:66:
         11:eb:34:f6:0c:a8:03:29:2c:f6:d1:c3:3d:74:31:a1:45:30:
         29:86:51:4b:4c:f5:26:6b:3c:a9:f1:71:fd:28:66:05:74:3f:
         c9:b5:77:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEN83bGcoACAs43yEKtFD8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwODAxMTIzOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODY3OGYzZjFiNmU5Njk2NWRhNzg5NjZmOTY5ZjFmYzVhYzk5ODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltz+vtmX7m5JqirwPDkGaZ0frpD+
kVao3uodMVHsXwyJIiJ53bUJ5Xr+4OQ+AEj4E2PEHbD8qJ9s1EDttl11IJ8G03Rc
bIkfrZx24acoVJPiuICjhAEea84fOp245dy9kgFGRkb0gVayLRL0qrsI8W/k3F6S
iNMSAmaFwjGFPV9Bghm4noyOyGd0HSobibKnb00Xr2yZPd7Z0c2Q6mKOhAnVC6u+
+NlB7veq0xhxV+YU1oCQtf0gGbZz6SEJy9vi+ayg/S+qKGXn1658oXAVqdefNuLf
7B0oXzb3FR0wg27qY4+6Dm8OmxoFX8AB7PBUTQ4Zj45A5FJguV9pLYbFTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhnjz8bbpaWXaeJZvlp8fxayZiEMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvR0dlUFB4dHVscFpkcDRsbS1XbnhfRnJKbUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNjdMA0G
CSqGSIb3DQEBCwUAA4IBAQCSS9Cwb5WfoJ7pPdoZDgfuN+VwuCRod7FuZoQYuttl
9MJGAobHvNYJDpjqphIsoSE0n67kShC0CbFF5kfzr7BqfcDrfgAb4Fikosydc/cr
/19MeA9J9ocEbAOKaLvETO34JVdLhMcPNiLuw9a0j2G5Hu1P1woxuC2Z+4dnQipG
Yo8Jq/593m4xuWjys+rvdg6edO3NOBSiXfkULEOnHR/pACEykLGsNRwnfF6wUe0d
Qbb5NJbONEYB4XlBIrZWgug8I7qV9EdUT8cgyc/MCagXmRrEpFwJ22YR6zT2DKgD
KSz20cM9dDGhRTAphlFLTPUmazyp8XH9KGYFdD/JtXdd
-----END CERTIFICATE-----