Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QHBAOZFoKHml1ntkIUMrbigavf0.roa
File:                     QHBAOZFoKHml1ntkIUMrbigavf0.roa (raw, json)
Hash identifier:          RO2uxmiFGU+fykDk52xMWDSqCkPUwWAlBQiWUiChPd0=
Subject key identifier:   40:70:40:39:91:68:28:79:A5:D6:7B:64:21:43:2B:6E:28:1A:BD:FD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0192D7803755A0C9DDA6CD8430D4BB6528A3
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QHBAOZFoKHml1ntkIUMrbigavf0.roa
Signing time:             Tue 29 Oct 2024 08:59:17 +0000
ROA not before:           Tue 29 Oct 2024 08:59:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        88.216.17.0/24 maxlen: 24
                          88.216.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:80:37:55:a0:c9:dd:a6:cd:84:30:d4:bb:65:28:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct 29 08:59:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4070403991682879a5d67b6421432b6e281abdfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e5:43:63:20:a7:f1:29:9e:16:d3:bc:51:79:
                    17:78:c2:76:4a:43:67:f9:d8:21:ac:10:12:d1:e3:
                    92:e1:a6:87:67:7b:9b:f8:ea:66:dc:2c:af:d1:5e:
                    53:bd:bf:70:46:e3:3e:e2:80:0f:90:54:fe:51:75:
                    7c:92:40:c8:17:4b:3b:22:f5:c1:a6:11:46:b7:f0:
                    08:52:00:0e:dd:77:78:a8:6d:74:06:5f:58:02:05:
                    99:8d:71:c8:ba:7a:1b:36:b4:de:2c:9c:cc:1c:9d:
                    64:54:79:0e:d8:6b:3c:b5:42:bc:49:66:65:7a:11:
                    40:c6:53:72:b3:34:e4:8a:28:82:6d:0a:a8:5b:aa:
                    4e:47:7c:d8:4c:93:99:e0:37:48:2b:8c:25:72:cc:
                    b2:bc:fb:9c:78:e6:93:33:b9:e2:41:de:13:81:59:
                    50:7e:1c:c5:b1:4b:72:53:36:81:56:48:6e:b8:22:
                    a7:c7:ec:94:d0:2d:27:1a:a9:5d:bc:93:1f:68:df:
                    80:92:a3:5a:e7:04:e6:a4:bb:f5:fc:bd:be:89:e5:
                    da:55:be:ae:65:87:fe:0a:b7:fc:9e:94:62:13:91:
                    75:43:79:14:82:0c:f2:b2:c0:0e:01:9a:dd:8c:b0:
                    3f:97:5d:5f:ef:71:aa:a0:a6:23:8c:aa:81:93:5d:
                    40:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:70:40:39:91:68:28:79:A5:D6:7B:64:21:43:2B:6E:28:1A:BD:FD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QHBAOZFoKHml1ntkIUMrbigavf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.17.0/24
                  88.216.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:1b:e2:34:ba:0d:a2:2f:90:8e:cd:65:84:52:1d:79:da:87:
         55:a2:67:77:9a:73:74:8c:81:16:6d:5c:13:c9:51:57:dc:16:
         da:3c:39:9f:55:8d:8c:50:10:1b:7b:d0:d0:41:72:fb:52:f2:
         59:90:25:b7:d0:a5:c1:f3:8f:8a:b2:c2:9a:97:56:4b:6d:e1:
         a2:9d:c2:bf:8c:10:d6:18:3c:f8:c1:d0:da:8e:4a:b4:d0:c8:
         2b:0e:e8:8c:e0:11:01:b6:9f:4e:e8:29:f3:0a:0f:5b:a2:33:
         83:a0:43:6b:68:41:46:ec:53:72:ef:7b:65:43:20:53:aa:ac:
         0c:a6:7b:e7:68:73:a3:04:99:b7:f0:6d:34:ea:85:a7:02:1e:
         7f:ba:80:2a:2d:69:4b:40:2f:32:56:c9:19:74:c3:3a:81:4a:
         b0:c5:c6:a8:05:d3:2b:28:12:0a:09:0e:d0:86:0d:1b:a4:32:
         8d:b9:04:54:38:79:5e:c2:32:5d:11:ba:49:43:8b:76:64:fb:
         3e:2c:f6:7e:66:48:13:b0:f4:51:2a:51:82:dd:f5:d9:ed:22:
         75:58:d7:fc:28:29:ce:ce:e1:bc:d0:a6:11:84:2a:90:33:bf:
         18:b9:7b:4c:d6:8e:65:2d:18:1a:7c:b8:87:e1:3b:e7:58:9f:
         36:c3:a7:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLXgDdVoMndps2EMNS7ZSijMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQxMDI5MDg1OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDcwNDAzOTkxNjgyODc5YTVkNjdiNjQyMTQzMmI2ZTI4MWFiZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOVDYyCn8SmeFtO8UXkXeMJ2SkNn
+dghrBAS0eOS4aaHZ3ub+Opm3Cyv0V5Tvb9wRuM+4oAPkFT+UXV8kkDIF0s7IvXB
phFGt/AIUgAO3Xd4qG10Bl9YAgWZjXHIunobNrTeLJzMHJ1kVHkO2Gs8tUK8SWZl
ehFAxlNyszTkiiiCbQqoW6pOR3zYTJOZ4DdIK4wlcsyyvPuceOaTM7niQd4TgVlQ
fhzFsUtyUzaBVkhuuCKnx+yU0C0nGqldvJMfaN+AkqNa5wTmpLv1/L2+ieXaVb6u
ZYf+Crf8npRiE5F1Q3kUggzyssAOAZrdjLA/l11f73GqoKYjjKqBk11AWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBwQDmRaCh5pdZ7ZCFDK24oGr39MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUUhCQU9aRm9LSG1sMW50a0lVTXJiaWdhdmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNgRAwQA
WNjXMA0GCSqGSIb3DQEBCwUAA4IBAQAfG+I0ug2iL5COzWWEUh152odVomd3mnN0
jIEWbVwTyVFX3BbaPDmfVY2MUBAbe9DQQXL7UvJZkCW30KXB84+KssKal1ZLbeGi
ncK/jBDWGDz4wdDajkq00MgrDuiM4BEBtp9O6CnzCg9bojODoENraEFG7FNy73tl
QyBTqqwMpnvnaHOjBJm38G006oWnAh5/uoAqLWlLQC8yVskZdMM6gUqwxcaoBdMr
KBIKCQ7Qhg0bpDKNuQRUOHlewjJdEbpJQ4t2ZPs+LPZ+ZkgTsPRRKlGC3fXZ7SJ1
WNf8KCnOzuG80KYRhCqQM78YuXtM1o5lLRgafLiH4TvnWJ82w6eO
-----END CERTIFICATE-----