Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_EgLO8ACD62NYFEI43EsVyfaCqs.roa
File:                     _EgLO8ACD62NYFEI43EsVyfaCqs.roa (raw, json)
Hash identifier:          +aH06iWdxBWuZ4zzO86ca5xkcj9yrTFq4jElaKSl96Q=
Subject key identifier:   FC:48:0B:3B:C0:02:0F:AD:8D:60:51:08:E3:71:2C:57:27:DA:0A:AB
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014457A31D4209E00A04CDD1AE38F0
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_EgLO8ACD62NYFEI43EsVyfaCqs.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56876
IP address blocks:        88.216.216.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:44:57:a3:1d:42:09:e0:0a:04:cd:d1:ae:38:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc480b3bc0020fad8d605108e3712c5727da0aab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4f:0e:cc:67:b0:16:c2:21:6b:cc:a1:71:85:
                    43:b5:bc:bc:cc:01:22:f7:f7:f0:b0:00:e0:b3:81:
                    88:44:0c:ac:79:96:fb:d3:6e:eb:a9:9e:fc:c1:eb:
                    b7:d7:39:8c:8b:0d:eb:94:af:60:89:f1:61:5a:49:
                    71:39:ea:8b:03:26:df:e9:45:2d:fb:8c:5f:a2:63:
                    28:cc:00:aa:64:4d:0d:c5:43:33:8e:c9:e5:a5:c7:
                    67:7d:6d:da:28:39:21:c4:a9:9e:d6:54:de:85:fb:
                    33:53:d6:5a:f5:0e:64:ab:4d:31:aa:3e:ea:97:8d:
                    dc:81:e9:ba:6c:d4:34:4d:3b:84:89:fa:08:ae:6a:
                    d1:c9:f2:ad:bc:30:42:8b:18:33:7a:00:25:f4:fe:
                    b7:0e:07:82:b9:af:ab:5f:28:6f:94:6e:c9:73:70:
                    ac:82:80:a2:88:a8:bf:63:97:cb:37:ee:0e:b0:84:
                    a4:cf:60:03:25:43:e0:ff:b6:e1:e7:d7:e7:eb:5d:
                    02:ea:59:44:b9:02:eb:6f:cd:18:01:5f:db:80:96:
                    d0:ce:bf:c4:21:e1:b1:ee:44:77:f2:ec:76:d9:9b:
                    45:8f:d1:0c:7d:01:79:b2:75:e6:a3:71:7a:21:b1:
                    15:0c:ce:f2:cb:6c:63:1b:69:67:71:58:2f:05:6a:
                    bd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:48:0B:3B:C0:02:0F:AD:8D:60:51:08:E3:71:2C:57:27:DA:0A:AB
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_EgLO8ACD62NYFEI43EsVyfaCqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:95:da:4a:85:95:55:19:1f:66:dd:14:6e:10:d0:55:0b:10:
         aa:63:40:17:5f:89:88:8e:ee:f0:d9:70:1a:fb:c4:4d:bc:0c:
         5e:46:e8:32:94:e0:7d:f4:a4:92:f6:b7:00:b0:7a:90:cf:8e:
         c9:6c:5d:a6:7f:40:e2:8d:28:d7:14:64:84:5c:fb:c7:ed:d2:
         5a:7d:89:b8:dc:f0:3a:f9:aa:07:f1:41:45:12:fc:fd:2f:8a:
         ef:de:d4:0e:d2:c0:0c:1c:d7:09:f9:22:18:30:99:e2:70:46:
         d6:11:a6:cf:88:3d:b1:8f:46:aa:10:18:23:c4:27:95:e2:4d:
         a2:f0:53:f7:75:fc:f7:64:07:17:10:3f:bc:b7:b1:8f:2a:94:
         3f:97:61:5f:58:1c:76:72:ce:59:9e:07:5b:0c:a1:f4:17:df:
         bf:db:6f:ba:a8:80:fd:18:f3:34:d9:14:66:90:54:fa:e5:81:
         f2:e5:82:d4:6e:77:f9:42:90:20:f5:e3:9a:60:d8:a5:5b:ca:
         6b:33:c3:c9:ee:0d:fd:7d:b4:3d:2c:0e:d3:77:86:4f:81:26:
         a3:cd:d1:b5:16:b2:42:8a:fb:51:1a:1b:9c:29:a6:4f:28:38:
         54:c8:6f:fd:8d:58:e9:35:44:c9:3e:75:ed:76:9a:02:90:cb:
         56:43:6f:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAURXox1CCeAKBM3RrjjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ4MGIzYmMwMDIwZmFkOGQ2MDUxMDhlMzcxMmM1NzI3ZGEwYWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn08OzGewFsIha8yhcYVDtby8zAEi
9/fwsADgs4GIRAyseZb7027rqZ78weu31zmMiw3rlK9gifFhWklxOeqLAybf6UUt
+4xfomMozACqZE0NxUMzjsnlpcdnfW3aKDkhxKme1lTehfszU9Za9Q5kq00xqj7q
l43cgem6bNQ0TTuEifoIrmrRyfKtvDBCixgzegAl9P63DgeCua+rXyhvlG7Jc3Cs
goCiiKi/Y5fLN+4OsISkz2ADJUPg/7bh59fn610C6llEuQLrb80YAV/bgJbQzr/E
IeGx7kR38ux22ZtFj9EMfQF5snXmo3F6IbEVDM7yy2xjG2lncVgvBWq9KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxICzvAAg+tjWBRCONxLFcn2gqrMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvX0VnTE84QUNENjJOWUZFSTQzRXNWeWZhQ3FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNjYMA0G
CSqGSIb3DQEBCwUAA4IBAQB/ldpKhZVVGR9m3RRuENBVCxCqY0AXX4mIju7w2XAa
+8RNvAxeRugylOB99KSS9rcAsHqQz47JbF2mf0DijSjXFGSEXPvH7dJafYm43PA6
+aoH8UFFEvz9L4rv3tQO0sAMHNcJ+SIYMJnicEbWEabPiD2xj0aqEBgjxCeV4k2i
8FP3dfz3ZAcXED+8t7GPKpQ/l2FfWBx2cs5ZngdbDKH0F9+/22+6qID9GPM02RRm
kFT65YHy5YLUbnf5QpAg9eOaYNilW8prM8PJ7g39fbQ9LA7Td4ZPgSajzdG1FrJC
ivtRGhucKaZPKDhUyG/9jVjpNUTJPnXtdpoCkMtWQ2/P
-----END CERTIFICATE-----