Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OV-7t0EE0FG81AQCaiZpWm4E4n0.roa
File:                     OV-7t0EE0FG81AQCaiZpWm4E4n0.roa (raw, json)
Hash identifier:          BOJqnK4MHEpwAKxh+ae313oUBNc5iT0VfELQGZ3zfgs=
Subject key identifier:   39:5F:BB:B7:41:04:D0:51:BC:D4:04:02:6A:26:69:5A:6E:04:E2:7D
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0192B88C54A0031A6AC57968873732D059D2
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OV-7t0EE0FG81AQCaiZpWm4E4n0.roa
Signing time:             Wed 23 Oct 2024 08:44:17 +0000
ROA not before:           Wed 23 Oct 2024 08:44:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214159
IP address blocks:        88.216.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:8c:54:a0:03:1a:6a:c5:79:68:87:37:32:d0:59:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct 23 08:44:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=395fbbb74104d051bcd404026a26695a6e04e27d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fe:87:ff:ba:06:95:33:77:bf:2a:66:eb:b1:
                    cf:fd:67:1b:ab:45:c3:d0:2a:fc:48:21:e7:7d:10:
                    89:60:f3:eb:71:3f:76:dd:bc:ec:4e:a0:cb:7e:0f:
                    72:55:08:36:ec:43:42:ae:28:5c:85:fd:ec:5d:a0:
                    ed:d8:ce:9f:35:c4:12:8c:b7:3b:b2:36:43:8d:42:
                    ed:1f:d5:f2:b9:7f:f9:70:16:bf:30:c0:4f:25:8d:
                    00:36:30:5c:d6:39:62:6d:b8:59:ab:f3:d0:5b:de:
                    4a:14:58:cd:54:bf:5d:86:20:b5:0f:c2:a5:2c:37:
                    d9:12:02:bd:fb:53:89:6c:30:dd:f0:5b:7d:75:2a:
                    40:9e:ee:fb:26:2d:91:0d:0e:62:ad:c9:c3:ed:7a:
                    5e:61:81:2c:ec:cb:cf:3b:d5:0e:3f:f3:fe:62:f7:
                    3c:9c:30:2e:61:c2:9a:6d:cb:9d:f8:37:97:ef:fd:
                    42:bb:8a:e9:a1:b1:aa:5d:d5:bd:bd:cc:9f:ad:93:
                    0b:0d:20:99:f3:76:ac:d2:63:e7:25:ec:5b:1b:89:
                    b0:b6:27:45:e2:40:a7:bf:a1:fe:46:a9:be:f7:e2:
                    65:75:f6:50:b8:44:4d:05:79:b9:33:1c:7a:33:18:
                    4d:16:7d:47:8f:d9:e5:4a:d9:16:c3:f1:cc:e2:b3:
                    e6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5F:BB:B7:41:04:D0:51:BC:D4:04:02:6A:26:69:5A:6E:04:E2:7D
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OV-7t0EE0FG81AQCaiZpWm4E4n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d9:85:29:92:6d:1e:2e:1b:2c:d5:e2:03:13:af:6a:44:03:
         7b:9d:79:fe:12:f9:a8:fb:96:aa:12:34:7e:ad:7f:73:d2:12:
         2b:1a:74:52:f6:c7:a5:82:51:b1:da:19:51:3b:88:7f:e4:27:
         38:78:a0:b2:fd:0d:2f:a8:56:db:9d:36:89:58:bb:9e:26:60:
         c8:fc:17:6a:16:86:71:6a:8c:3e:4e:14:42:10:61:7e:40:49:
         15:4c:84:96:ac:db:c1:0f:2c:9e:48:45:fb:a1:61:8b:d9:a1:
         33:31:b5:0f:b6:fc:de:cf:c4:e7:d8:c7:a7:17:36:f7:57:66:
         0f:48:bb:92:22:ff:28:2e:e7:19:5e:55:43:a0:90:ed:bd:b7:
         e2:84:83:21:af:1e:d1:cb:bf:31:14:b0:1d:ca:53:80:a5:2a:
         74:a9:03:7c:bb:d5:85:18:da:79:8d:8c:10:85:3d:40:4b:f0:
         2c:7d:18:d2:05:c6:35:3e:4a:a8:bf:9c:ec:45:22:90:c2:dc:
         60:5a:4b:b4:75:4b:e3:67:48:32:7b:56:9b:11:86:4a:b8:45:
         cc:98:ae:7f:5b:f8:ba:ed:ec:b3:b2:c2:2b:ef:b1:e3:d9:5b:
         44:45:53:ad:69:09:6d:79:89:9b:cb:1e:c3:4f:39:48:5c:99:
         4f:0d:a0:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4jFSgAxpqxXlohzcy0FnSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQxMDIzMDg0NDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTVmYmJiNzQxMDRkMDUxYmNkNDA0MDI2YTI2Njk1YTZlMDRlMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlP6H/7oGlTN3vypm67HP/Wcbq0XD
0Cr8SCHnfRCJYPPrcT923bzsTqDLfg9yVQg27ENCrihchf3sXaDt2M6fNcQSjLc7
sjZDjULtH9XyuX/5cBa/MMBPJY0ANjBc1jlibbhZq/PQW95KFFjNVL9dhiC1D8Kl
LDfZEgK9+1OJbDDd8Ft9dSpAnu77Ji2RDQ5ircnD7XpeYYEs7MvPO9UOP/P+Yvc8
nDAuYcKabcud+DeX7/1Cu4rpobGqXdW9vcyfrZMLDSCZ83as0mPnJexbG4mwtidF
4kCnv6H+Rqm+9+JldfZQuERNBXm5Mxx6MxhNFn1Hj9nlStkWw/HM4rPmtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlfu7dBBNBRvNQEAmomaVpuBOJ9MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvT1YtN3QwRUUwRkc4MUFRQ2FpWnBXbTRFNG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNjWMA0G
CSqGSIb3DQEBCwUAA4IBAQBo2YUpkm0eLhss1eIDE69qRAN7nXn+Evmo+5aqEjR+
rX9z0hIrGnRS9selglGx2hlRO4h/5Cc4eKCy/Q0vqFbbnTaJWLueJmDI/BdqFoZx
aow+ThRCEGF+QEkVTISWrNvBDyyeSEX7oWGL2aEzMbUPtvzez8Tn2MenFzb3V2YP
SLuSIv8oLucZXlVDoJDtvbfihIMhrx7Ry78xFLAdylOApSp0qQN8u9WFGNp5jYwQ
hT1AS/AsfRjSBcY1Pkqov5zsRSKQwtxgWku0dUvjZ0gye1abEYZKuEXMmK5/W/i6
7eyzssIr77Hj2VtERVOtaQlteYmbyx7DTzlIXJlPDaD0
-----END CERTIFICATE-----