Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/aHnXUmeF0Ry-uTRDSvMAFDxmI2Q.roa
File:                     aHnXUmeF0Ry-uTRDSvMAFDxmI2Q.roa (raw, json)
Hash identifier:          R992IWcbJAccEjLU9tL0G0fGmgaIU60ZGgeCrwfDFRg=
Subject key identifier:   68:79:D7:52:67:85:D1:1C:BE:B9:34:43:4A:F3:00:14:3C:66:23:64
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC501476B7557BB54CAD5C642F3B054AC
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/aHnXUmeF0Ry-uTRDSvMAFDxmI2Q.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        88.216.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:47:6b:75:57:bb:54:ca:d5:c6:42:f3:b0:54:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6879d7526785d11cbeb934434af300143c662364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d0:83:8e:dd:a6:3b:92:a7:d7:98:a8:69:b0:
                    83:85:75:0b:b0:5c:3f:17:47:99:9c:8a:d7:83:16:
                    18:65:8a:b1:32:7a:38:ac:7f:c3:9d:9b:82:04:81:
                    40:0d:fe:60:bc:4f:c7:4d:2c:bc:eb:f3:5a:67:bc:
                    c4:5d:ac:d8:d2:d0:2e:d8:90:77:37:7f:8e:a0:b0:
                    60:89:d7:7f:58:15:51:8c:78:08:db:b4:e8:9e:26:
                    a6:5b:97:e4:4a:76:f3:9c:ad:3b:63:0f:17:f6:4e:
                    28:3a:e9:70:32:2e:45:5f:b5:2b:50:d9:eb:d7:44:
                    b4:06:fa:6c:ca:79:57:50:b0:bb:76:0a:f7:d8:36:
                    62:6a:72:53:df:ea:3d:e5:70:38:aa:94:22:ce:fc:
                    18:f7:f6:48:16:cb:73:f3:27:44:a1:be:8d:81:80:
                    58:d3:13:95:19:2c:ee:3a:64:d2:e4:c1:2d:d2:62:
                    cd:e3:54:04:b5:91:69:f8:89:c8:4e:6b:91:60:cc:
                    26:7c:d3:15:ec:35:f8:54:67:ee:9a:f4:d9:13:70:
                    db:5a:8e:a6:52:f8:6b:c7:5c:89:4f:d3:74:5e:68:
                    51:4d:b4:b1:20:4b:2d:54:53:8d:53:e5:d7:08:58:
                    a5:d2:35:48:61:8c:f4:ef:2f:b8:36:90:af:e0:05:
                    28:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:79:D7:52:67:85:D1:1C:BE:B9:34:43:4A:F3:00:14:3C:66:23:64
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/aHnXUmeF0Ry-uTRDSvMAFDxmI2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:78:17:ff:5e:3f:1a:df:f6:ff:05:df:ad:5b:c5:12:8f:6b:
         38:16:67:9b:f2:d9:84:99:c6:3b:fc:b9:2e:ef:de:4e:1c:8a:
         d2:09:80:d7:be:9b:51:9c:8e:25:68:45:85:a7:2a:96:c4:75:
         ae:02:bb:d3:7a:60:e4:cd:1a:11:7c:72:95:eb:d1:02:2d:7b:
         ec:8e:7e:ae:92:65:7b:11:ec:6a:01:83:10:33:95:59:c8:47:
         81:b5:8a:8d:d0:99:69:56:66:a8:ce:9b:02:5b:2d:fd:f9:5a:
         b7:29:60:98:50:c2:3a:be:3b:8a:49:e8:bd:ff:df:91:fe:d8:
         18:57:8b:f3:e6:53:30:81:56:c3:e3:68:c9:69:89:4e:c1:68:
         c8:28:7b:43:7d:fe:54:5c:38:d5:40:de:f3:f6:b1:dd:95:8b:
         75:88:d9:ce:04:3e:18:c9:85:7f:d7:8c:5e:b6:cb:5f:0c:73:
         32:b0:28:e0:a7:59:f5:97:dc:eb:6a:f7:08:ce:b9:27:1b:58:
         bc:8e:3e:41:6c:ca:44:9c:cf:6b:be:4e:3d:5e:cb:3e:03:7b:
         4d:4a:12:1b:47:92:37:ad:ca:d5:02:80:1c:f2:ca:9a:20:dd:
         ef:05:94:1e:16:bc:c3:aa:d5:fd:53:ad:0b:e9:54:b9:d9:ee:
         1e:36:1f:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUdrdVe7VMrVxkLzsFSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc5ZDc1MjY3ODVkMTFjYmViOTM0NDM0YWYzMDAxNDNjNjYyMzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdCDjt2mO5Kn15ioabCDhXULsFw/
F0eZnIrXgxYYZYqxMno4rH/DnZuCBIFADf5gvE/HTSy86/NaZ7zEXazY0tAu2JB3
N3+OoLBgidd/WBVRjHgI27ToniamW5fkSnbznK07Yw8X9k4oOulwMi5FX7UrUNnr
10S0BvpsynlXULC7dgr32DZianJT3+o95XA4qpQizvwY9/ZIFstz8ydEob6NgYBY
0xOVGSzuOmTS5MEt0mLN41QEtZFp+InITmuRYMwmfNMV7DX4VGfumvTZE3DbWo6m
Uvhrx1yJT9N0XmhRTbSxIEstVFONU+XXCFil0jVIYYz07y+4NpCv4AUoAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh511JnhdEcvrk0Q0rzABQ8ZiNkMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvYUhuWFVtZUYwUnktdVRSRFN2TUFGRHhtSTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNgRMA0G
CSqGSIb3DQEBCwUAA4IBAQBneBf/Xj8a3/b/Bd+tW8USj2s4Fmeb8tmEmcY7/Lku
795OHIrSCYDXvptRnI4laEWFpyqWxHWuArvTemDkzRoRfHKV69ECLXvsjn6ukmV7
EexqAYMQM5VZyEeBtYqN0JlpVmaozpsCWy39+Vq3KWCYUMI6vjuKSei9/9+R/tgY
V4vz5lMwgVbD42jJaYlOwWjIKHtDff5UXDjVQN7z9rHdlYt1iNnOBD4YyYV/14xe
tstfDHMysCjgp1n1l9zravcIzrknG1i8jj5BbMpEnM9rvk49Xss+A3tNShIbR5I3
rcrVAoAc8sqaIN3vBZQeFrzDqtX9U60L6VS52e4eNh9a
-----END CERTIFICATE-----