Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lSZJZZOfefK_PmG0qDaAbQr1uYQ.roa
File:                     lSZJZZOfefK_PmG0qDaAbQr1uYQ.roa (raw, json)
Hash identifier:          xFzgUPtnc3TcF3Th8jA7Iy3nZBDcHDA+2lSBM75oAvo=
Subject key identifier:   95:26:49:65:93:9F:79:F2:BF:3E:61:B4:A8:36:80:6D:0A:F5:B9:84
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC50143F71F5F2E6955E09750243D516D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lSZJZZOfefK_PmG0qDaAbQr1uYQ.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56322
IP address blocks:        88.216.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:43:f7:1f:5f:2e:69:55:e0:97:50:24:3d:51:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95264965939f79f2bf3e61b4a836806d0af5b984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:59:f3:45:cf:03:bb:28:90:b9:02:5a:7a:17:
                    19:0c:1c:88:be:bd:05:41:52:8a:c9:0a:19:0c:fa:
                    6c:9c:f4:83:1c:2b:6e:57:3a:cf:85:f5:6e:07:96:
                    90:a0:60:e1:c2:bc:3b:33:11:42:90:6b:80:e6:68:
                    b2:58:6e:aa:72:3d:13:a9:58:2a:09:81:7b:1e:4d:
                    81:af:1a:89:6a:0c:54:62:cb:e1:79:4c:c5:7d:06:
                    14:ad:73:d0:74:70:fd:91:91:9b:51:d7:75:a3:b9:
                    2d:a3:28:12:71:fa:51:73:d3:8e:cc:90:bc:c0:90:
                    ad:62:b7:86:36:0d:26:6b:aa:2a:ba:04:08:c0:53:
                    b6:7d:e4:11:e4:a3:37:6d:aa:82:61:d2:87:68:09:
                    f0:95:2b:80:b9:69:20:27:a0:1b:2e:e7:97:da:dc:
                    de:9a:9e:23:f2:a2:44:ce:27:8e:b1:04:04:bc:0f:
                    5b:1f:4f:70:68:f3:63:7c:aa:ce:61:d5:ca:03:a5:
                    a7:94:44:40:9b:d3:2e:70:02:b9:96:bf:e1:bb:2b:
                    42:57:7a:8c:17:b5:e6:35:de:ab:43:40:33:dd:8e:
                    55:40:80:b1:14:60:5c:e7:58:be:6b:5e:a1:ca:f3:
                    a5:ef:ba:7b:11:ed:66:30:a1:ff:79:59:e9:83:c0:
                    ab:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:26:49:65:93:9F:79:F2:BF:3E:61:B4:A8:36:80:6D:0A:F5:B9:84
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lSZJZZOfefK_PmG0qDaAbQr1uYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:9a:6a:e4:c1:14:12:83:82:bf:f4:cd:1e:c8:54:cb:3e:e5:
         ea:7e:bf:72:6c:d9:45:6f:eb:2e:95:a2:02:6f:6b:be:06:5b:
         92:2d:62:81:e1:59:ee:df:c6:92:19:f6:25:77:78:07:e7:dc:
         be:c7:40:1c:3d:31:70:26:e6:4b:37:9a:32:c1:04:e6:94:0c:
         f9:b4:c5:eb:7c:02:c2:9e:5a:e8:f8:f1:d8:92:f8:1c:3d:83:
         3e:39:61:ee:5d:c9:07:e9:5d:74:30:71:d7:55:2e:db:a7:01:
         43:8f:e7:64:a2:30:f4:de:de:ab:3f:20:0d:1f:62:ea:73:d0:
         f0:d8:62:78:33:19:49:2d:87:84:a1:47:09:92:c7:05:e0:4c:
         a1:cb:22:98:7c:64:a3:53:25:db:40:83:28:3c:66:f6:29:b8:
         6f:a2:7f:f0:59:a4:bf:33:3b:71:a1:a8:cc:fe:6d:80:18:76:
         e7:89:04:1f:d1:b1:32:49:36:66:20:2c:2a:fd:9d:f4:d4:da:
         53:6a:d6:6e:b7:3e:73:20:96:14:d0:e8:c2:af:3c:dc:40:72:
         c8:02:b3:e0:66:92:c1:53:a3:30:e8:c5:d8:6c:43:4a:9a:a4:
         4d:e2:fc:79:12:0c:4c:b1:f4:73:fc:39:e6:be:f5:c7:68:35:
         bd:7c:b3:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUP3H18uaVXgl1AkPVFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTI2NDk2NTkzOWY3OWYyYmYzZTYxYjRhODM2ODA2ZDBhZjViOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1nzRc8DuyiQuQJaehcZDByIvr0F
QVKKyQoZDPpsnPSDHCtuVzrPhfVuB5aQoGDhwrw7MxFCkGuA5miyWG6qcj0TqVgq
CYF7Hk2BrxqJagxUYsvheUzFfQYUrXPQdHD9kZGbUdd1o7ktoygScfpRc9OOzJC8
wJCtYreGNg0ma6oqugQIwFO2feQR5KM3baqCYdKHaAnwlSuAuWkgJ6AbLueX2tze
mp4j8qJEzieOsQQEvA9bH09waPNjfKrOYdXKA6WnlERAm9MucAK5lr/huytCV3qM
F7XmNd6rQ0Az3Y5VQICxFGBc51i+a16hyvOl77p7Ee1mMKH/eVnpg8CrcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUmSWWTn3nyvz5htKg2gG0K9bmEMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbFNaSlpaT2ZlZktfUG1HMHFEYUFiUXIxdVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNgnMA0G
CSqGSIb3DQEBCwUAA4IBAQAemmrkwRQSg4K/9M0eyFTLPuXqfr9ybNlFb+sulaIC
b2u+BluSLWKB4Vnu38aSGfYld3gH59y+x0AcPTFwJuZLN5oywQTmlAz5tMXrfALC
nlro+PHYkvgcPYM+OWHuXckH6V10MHHXVS7bpwFDj+dkojD03t6rPyANH2Lqc9Dw
2GJ4MxlJLYeEoUcJkscF4EyhyyKYfGSjUyXbQIMoPGb2Kbhvon/wWaS/MztxoajM
/m2AGHbniQQf0bEySTZmICwq/Z301NpTatZutz5zIJYU0OjCrzzcQHLIArPgZpLB
U6Mw6MXYbENKmqRN4vx5EgxMsfRz/DnmvvXHaDW9fLOj
-----END CERTIFICATE-----