Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OWJtB9JQ2EVOj7KUKuXg4RpQBJY.roa
File:                     OWJtB9JQ2EVOj7KUKuXg4RpQBJY.roa (raw, json)
Hash identifier:          C3Bm17hqFpUD97ZzylBD5UVAIMUiRUjN3fsX8z8WiAc=
Subject key identifier:   39:62:6D:07:D2:50:D8:45:4E:8F:B2:94:2A:E5:E0:E1:1A:50:04:96
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018DB109BEC1AAA7BF563265A0507CC610A0
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OWJtB9JQ2EVOj7KUKuXg4RpQBJY.roa
Signing time:             Fri 16 Feb 2024 08:30:22 +0000
ROA not before:           Fri 16 Feb 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215539
IP address blocks:        88.216.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b1:09:be:c1:aa:a7:bf:56:32:65:a0:50:7c:c6:10:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb 16 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39626d07d250d8454e8fb2942ae5e0e11a500496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9d:41:8a:1a:c7:55:b5:dd:8b:49:7f:f6:9f:
                    c1:dc:1b:27:37:c1:32:a5:f9:d7:a8:05:37:08:af:
                    5e:69:f9:30:0a:67:88:15:b0:9b:21:52:92:f2:8a:
                    3d:e5:ef:16:91:05:c7:6e:70:5e:b2:66:c2:ea:8e:
                    b8:67:7b:c0:b1:ea:f2:4e:ae:31:1c:63:21:70:c2:
                    e1:a0:bf:24:d9:8c:9d:d8:3c:a2:da:c9:cf:fd:04:
                    96:c9:26:c4:e8:c4:13:41:fa:a6:8c:b4:91:cb:be:
                    e1:fc:e0:df:89:9c:14:47:3c:87:c6:da:26:54:47:
                    0c:d8:4f:ba:fb:03:0c:4b:82:d2:48:b1:a8:91:8c:
                    be:02:c6:cd:44:85:4e:ac:a7:5e:90:5d:5a:ee:f0:
                    df:15:35:8e:20:42:69:ae:79:c2:4e:4f:d8:54:3f:
                    50:d1:47:75:da:4a:56:4f:2a:c4:fb:c5:73:93:2f:
                    93:08:d2:1d:e9:46:42:ef:1a:e4:ee:40:29:47:28:
                    cf:95:5b:05:76:a1:a8:4d:c9:18:87:9f:68:3e:c1:
                    29:3b:b3:65:a4:08:bd:43:2b:f8:43:9b:40:95:0e:
                    cf:dd:4e:90:0c:8b:14:6b:8f:cf:d7:23:a5:af:9a:
                    29:28:e7:b3:c8:f0:eb:8c:10:aa:b7:72:62:25:6f:
                    01:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:62:6D:07:D2:50:D8:45:4E:8F:B2:94:2A:E5:E0:E1:1A:50:04:96
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/OWJtB9JQ2EVOj7KUKuXg4RpQBJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:d0:ff:e7:19:55:92:c3:c0:ec:42:e6:76:42:af:52:a1:f2:
         47:c4:32:4a:54:46:44:e3:5b:59:4f:fb:0d:30:6c:cf:86:c1:
         ca:db:76:2e:ea:1c:52:7f:b8:9d:5f:73:b1:b4:e2:2b:13:11:
         91:88:34:6f:1f:ef:17:c1:b3:08:54:8e:08:16:66:39:4d:74:
         40:2d:4f:0e:8d:ef:b6:ca:15:b0:4a:e7:b3:9a:18:0a:75:95:
         c2:2d:3c:cb:36:a4:35:63:cf:4f:e4:4c:52:59:62:40:d7:98:
         e1:94:2c:c6:d9:85:c0:53:e3:89:52:0f:51:c6:5b:ef:5f:96:
         8c:65:c6:0a:80:47:9c:cc:17:06:a9:ba:e2:12:04:ff:10:72:
         d6:b4:46:8d:f3:bb:88:94:eb:c4:c0:d8:f3:31:c5:54:8e:74:
         53:2d:a2:3d:85:19:a1:87:81:99:90:13:32:30:29:2b:22:bf:
         a4:54:38:f9:6e:a4:e7:59:fc:4b:1b:c2:1d:01:fb:e3:51:f3:
         02:2e:ce:22:03:eb:2c:6a:73:aa:a5:c1:b6:5c:5f:25:ad:27:
         d5:01:46:c7:cc:a7:f0:84:43:8b:88:04:b9:4c:98:8b:1f:68:
         fa:8d:9e:fa:e0:b7:32:db:1e:8c:ea:09:a1:e0:5f:2f:43:f9:
         b9:f8:cb:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2xCb7Bqqe/VjJloFB8xhCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjE2MDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTYyNmQwN2QyNTBkODQ1NGU4ZmIyOTQyYWU1ZTBlMTFhNTAwNDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5J1BihrHVbXdi0l/9p/B3BsnN8Ey
pfnXqAU3CK9eafkwCmeIFbCbIVKS8oo95e8WkQXHbnBesmbC6o64Z3vAseryTq4x
HGMhcMLhoL8k2Yyd2Dyi2snP/QSWySbE6MQTQfqmjLSRy77h/ODfiZwURzyHxtom
VEcM2E+6+wMMS4LSSLGokYy+AsbNRIVOrKdekF1a7vDfFTWOIEJprnnCTk/YVD9Q
0Ud12kpWTyrE+8Vzky+TCNId6UZC7xrk7kApRyjPlVsFdqGoTckYh59oPsEpO7Nl
pAi9Qyv4Q5tAlQ7P3U6QDIsUa4/P1yOlr5opKOezyPDrjBCqt3JiJW8BCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlibQfSUNhFTo+ylCrl4OEaUASWMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvT1dKdEI5SlEyRVZPajdLVUt1WGc0UnBRQkpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNi7MA0G
CSqGSIb3DQEBCwUAA4IBAQBd0P/nGVWSw8DsQuZ2Qq9SofJHxDJKVEZE41tZT/sN
MGzPhsHK23Yu6hxSf7idX3OxtOIrExGRiDRvH+8XwbMIVI4IFmY5TXRALU8Oje+2
yhWwSuezmhgKdZXCLTzLNqQ1Y89P5ExSWWJA15jhlCzG2YXAU+OJUg9RxlvvX5aM
ZcYKgEeczBcGqbriEgT/EHLWtEaN87uIlOvEwNjzMcVUjnRTLaI9hRmhh4GZkBMy
MCkrIr+kVDj5bqTnWfxLG8IdAfvjUfMCLs4iA+ssanOqpcG2XF8lrSfVAUbHzKfw
hEOLiAS5TJiLH2j6jZ764Lcy2x6M6gmh4F8vQ/m5+Mu/
-----END CERTIFICATE-----