Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kNmo79YgGzq-9LmqT_cTFFLaFJo.roa
File:                     kNmo79YgGzq-9LmqT_cTFFLaFJo.roa (raw, json)
Hash identifier:          77q8RRjaV4EH/7Tu2hVbhyBcU4ygCKKg0cIbVms+7qg=
Subject key identifier:   90:D9:A8:EF:D6:20:1B:3A:BE:F4:B9:AA:4F:F7:13:14:52:DA:14:9A
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018D3B7FDDE8A6CF8B37EDD4AA3523A59D3F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kNmo79YgGzq-9LmqT_cTFFLaFJo.roa
Signing time:             Wed 24 Jan 2024 12:44:12 +0000
ROA not before:           Wed 24 Jan 2024 12:44:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400529
IP address blocks:        88.216.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:7f:dd:e8:a6:cf:8b:37:ed:d4:aa:35:23:a5:9d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan 24 12:44:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90d9a8efd6201b3abef4b9aa4ff7131452da149a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:be:51:82:72:59:30:fa:91:5f:bb:88:f2:bd:
                    74:c2:3a:0a:6f:6c:bb:7b:81:3f:fc:26:2b:42:eb:
                    66:ed:f1:54:17:10:bf:eb:44:96:86:74:f4:fd:37:
                    35:9a:e5:91:f3:1d:ae:55:c7:7b:96:6f:f9:0c:b4:
                    e2:be:41:28:df:64:bd:0a:4d:ce:e9:ce:61:c6:ef:
                    45:a4:4d:82:00:d8:c2:65:d2:2a:4c:cd:e9:04:ba:
                    ad:59:3e:77:ff:47:60:b3:d0:ba:61:c0:eb:de:78:
                    57:c7:cd:6e:79:e0:a1:37:75:64:72:7e:04:7e:68:
                    f4:a2:85:5d:8c:a1:63:4b:9b:c1:d7:2d:7c:9d:d3:
                    12:4e:c0:19:72:e8:53:77:6e:9d:63:d9:4b:8a:e4:
                    ba:47:19:84:14:34:03:99:ee:42:df:7b:cf:b1:81:
                    3c:a1:f7:df:11:d2:54:ae:9b:f3:60:32:56:6d:3b:
                    7a:45:72:64:c0:1f:5c:05:67:8b:b2:13:21:80:5e:
                    91:06:39:e8:a2:88:f7:b6:f4:67:2a:59:0c:7a:11:
                    35:74:ff:d4:58:3a:40:89:2d:86:ce:88:78:f4:00:
                    2e:d5:c3:d2:30:c2:e4:7c:a6:02:4f:8c:15:e4:b3:
                    aa:4b:17:c0:67:72:b6:10:ce:6d:05:01:2f:23:5a:
                    87:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D9:A8:EF:D6:20:1B:3A:BE:F4:B9:AA:4F:F7:13:14:52:DA:14:9A
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kNmo79YgGzq-9LmqT_cTFFLaFJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:6b:3c:39:b3:f7:b9:13:d4:3c:de:59:13:26:84:93:0d:80:
         ec:51:cc:6a:f5:a9:5e:3b:f9:e6:de:d4:82:df:3e:26:b0:50:
         1a:a6:e9:bd:03:d9:3d:cf:88:58:60:2f:ef:b2:c7:a0:42:83:
         f3:b7:d9:f3:d3:04:5d:0e:f2:59:cd:67:87:b8:41:db:10:23:
         e4:e1:9b:73:e3:9a:65:17:84:8b:e5:ca:19:2c:95:4d:8b:13:
         98:b2:36:af:b4:d6:82:b4:fc:d6:3f:6f:16:2d:78:32:b5:d6:
         d9:65:58:31:bc:e8:70:4c:9a:5d:6b:cd:13:e1:5f:cf:a2:a2:
         02:9d:ce:6e:be:9c:dd:ff:0b:dc:c5:e6:8a:14:12:6e:db:cf:
         03:d2:90:99:bb:3a:d0:c6:8f:3f:bd:22:9e:bb:b1:ad:2a:67:
         da:10:f3:d1:1f:9a:d9:7f:68:6c:66:e3:01:3c:00:77:1d:54:
         f3:72:a5:f4:07:91:04:fb:63:71:b2:35:d8:19:e3:29:45:f2:
         12:b6:8a:50:db:b1:05:d1:1c:90:5c:a3:5a:10:98:d6:48:c6:
         79:37:f7:34:f8:18:d6:3b:5e:ed:7f:43:73:e5:3d:88:8c:90:
         f6:f8:0f:2a:fe:ae:3e:1d:80:41:bd:fa:82:49:af:b8:17:2f:
         9b:22:7b:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07f93ops+LN+3UqjUjpZ0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTI0MTI0NDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQ5YThlZmQ2MjAxYjNhYmVmNGI5YWE0ZmY3MTMxNDUyZGExNDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr75RgnJZMPqRX7uI8r10wjoKb2y7
e4E//CYrQutm7fFUFxC/60SWhnT0/Tc1muWR8x2uVcd7lm/5DLTivkEo32S9Ck3O
6c5hxu9FpE2CANjCZdIqTM3pBLqtWT53/0dgs9C6YcDr3nhXx81ueeChN3Vkcn4E
fmj0ooVdjKFjS5vB1y18ndMSTsAZcuhTd26dY9lLiuS6RxmEFDQDme5C33vPsYE8
offfEdJUrpvzYDJWbTt6RXJkwB9cBWeLshMhgF6RBjnoooj3tvRnKlkMehE1dP/U
WDpAiS2Gzoh49AAu1cPSMMLkfKYCT4wV5LOqSxfAZ3K2EM5tBQEvI1qH9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDZqO/WIBs6vvS5qk/3ExRS2hSaMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEva05tbzc5WWdHenEtOUxtcVRfY1RGRkxhRkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNjWMA0G
CSqGSIb3DQEBCwUAA4IBAQCWazw5s/e5E9Q83lkTJoSTDYDsUcxq9aleO/nm3tSC
3z4msFAapum9A9k9z4hYYC/vssegQoPzt9nz0wRdDvJZzWeHuEHbECPk4Ztz45pl
F4SL5coZLJVNixOYsjavtNaCtPzWP28WLXgytdbZZVgxvOhwTJpda80T4V/PoqIC
nc5uvpzd/wvcxeaKFBJu288D0pCZuzrQxo8/vSKeu7GtKmfaEPPRH5rZf2hsZuMB
PAB3HVTzcqX0B5EE+2NxsjXYGeMpRfIStopQ27EF0RyQXKNaEJjWSMZ5N/c0+BjW
O17tf0Nz5T2IjJD2+A8q/q4+HYBBvfqCSa+4Fy+bInsk
-----END CERTIFICATE-----