Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mNTFCOwi4V1dEjcdhpJzgbAiYS8.roa
File:                     mNTFCOwi4V1dEjcdhpJzgbAiYS8.roa (raw, json)
Hash identifier:          /T7r2zxS/JKTKh5Y01Io5K08SjqcczLrzqrVySuA8p0=
Subject key identifier:   98:D4:C5:08:EC:22:E1:5D:5D:12:37:1D:86:92:73:81:B0:22:61:2F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014F07581E58C78B072A166F17BD15
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mNTFCOwi4V1dEjcdhpJzgbAiYS8.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216084
IP address blocks:        88.216.220.0/24 maxlen: 24
                          88.216.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4f:07:58:1e:58:c7:8b:07:2a:16:6f:17:bd:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98d4c508ec22e15d5d12371d86927381b022612f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1b:61:33:64:74:57:49:65:a4:ca:d7:04:60:
                    3b:cf:0b:38:48:5a:a3:77:5f:88:71:13:a5:08:c3:
                    15:8c:73:59:f5:d2:05:cb:ac:45:d6:19:8f:9a:2e:
                    ff:43:8c:44:b1:fd:5e:81:07:00:97:e5:7b:db:25:
                    e6:7f:d6:f8:0a:f4:f5:41:00:36:8f:0e:5d:9c:78:
                    29:3c:6f:87:34:c0:09:04:4b:2d:47:3e:46:21:2a:
                    bf:cc:c4:20:9d:c7:3b:2b:84:09:91:dd:09:3e:77:
                    43:3b:42:7a:5a:49:6a:dc:17:0c:c9:59:94:83:c5:
                    59:0e:25:57:fe:74:44:07:b4:cf:59:0a:98:8e:8a:
                    8d:b9:56:50:f0:8a:e6:fc:20:2b:f6:81:f7:bf:66:
                    c8:be:80:3e:96:d6:cd:0b:71:58:ee:95:6f:9d:79:
                    8f:ad:fc:70:92:72:60:b3:78:42:1b:8a:cc:1d:12:
                    01:70:4b:ac:f9:63:2b:ba:0f:1a:d0:8d:51:39:9e:
                    58:42:87:a6:e6:8d:87:4a:c0:e8:32:fd:d6:19:e4:
                    aa:30:0a:03:d0:08:91:ad:65:df:af:49:ab:e9:ab:
                    1d:42:15:bf:26:c9:e5:2f:f6:cc:ca:82:25:99:53:
                    5b:f4:b2:b2:47:33:90:74:c6:9d:76:89:7e:6d:cb:
                    a0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D4:C5:08:EC:22:E1:5D:5D:12:37:1D:86:92:73:81:B0:22:61:2F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mNTFCOwi4V1dEjcdhpJzgbAiYS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.220.0/24
                  88.216.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:a3:c6:19:94:ae:15:e2:a9:7c:86:1d:66:46:0b:bb:bb:cf:
         77:56:cf:87:2f:e5:99:5f:7c:71:38:92:86:e1:c6:68:32:9c:
         c6:d3:5a:36:f7:ef:d5:39:90:ed:80:ff:2e:8a:35:bd:4f:ad:
         a3:4c:e8:a1:01:5d:a8:ee:db:14:15:a3:a0:f4:53:a2:43:b7:
         ab:87:f5:18:fd:68:14:97:a2:01:e9:66:d3:e6:d1:77:ed:02:
         49:d5:1e:63:4d:72:b5:52:e6:f4:7c:91:52:91:98:0f:d0:ea:
         13:2a:5f:5e:9d:62:63:8f:fc:74:7a:70:46:77:99:e3:59:80:
         bb:5d:fb:f0:02:c1:c8:67:7e:54:d6:79:6a:a1:f3:fe:d8:43:
         79:4c:c6:7b:fe:76:d7:cf:56:c2:cc:d5:88:84:ef:8f:b9:46:
         af:f5:63:d8:d4:14:fc:b1:6f:d5:77:05:ad:1b:78:c3:ed:dd:
         07:dd:8a:b4:1a:4e:1e:33:19:d4:c4:48:78:d4:9c:81:90:27:
         d2:73:68:c9:02:fc:9d:76:56:39:d1:6f:cd:8c:78:2e:74:cb:
         41:df:ec:54:63:5b:34:4e:65:c5:d1:ae:b5:ce:c0:ad:75:a0:
         6f:9c:76:70:c3:f7:92:e2:eb:dd:b3:41:98:c7:b4:bd:82:a4:
         fb:cd:a4:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAU8HWB5Yx4sHKhZvF70VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQ0YzUwOGVjMjJlMTVkNWQxMjM3MWQ4NjkyNzM4MWIwMjI2MTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRthM2R0V0llpMrXBGA7zws4SFqj
d1+IcROlCMMVjHNZ9dIFy6xF1hmPmi7/Q4xEsf1egQcAl+V72yXmf9b4CvT1QQA2
jw5dnHgpPG+HNMAJBEstRz5GISq/zMQgncc7K4QJkd0JPndDO0J6Wklq3BcMyVmU
g8VZDiVX/nREB7TPWQqYjoqNuVZQ8Irm/CAr9oH3v2bIvoA+ltbNC3FY7pVvnXmP
rfxwknJgs3hCG4rMHRIBcEus+WMrug8a0I1ROZ5YQoem5o2HSsDoMv3WGeSqMAoD
0AiRrWXfr0mr6asdQhW/JsnlL/bMyoIlmVNb9LKyRzOQdMaddol+bcugQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJjUxQjsIuFdXRI3HYaSc4GwImEvMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbU5URkNPd2k0VjFkRWpjZGhwSnpnYkFpWVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNjcAwQA
WNjfMA0GCSqGSIb3DQEBCwUAA4IBAQBXo8YZlK4V4ql8hh1mRgu7u893Vs+HL+WZ
X3xxOJKG4cZoMpzG01o29+/VOZDtgP8uijW9T62jTOihAV2o7tsUFaOg9FOiQ7er
h/UY/WgUl6IB6WbT5tF37QJJ1R5jTXK1Uub0fJFSkZgP0OoTKl9enWJjj/x0enBG
d5njWYC7XfvwAsHIZ35U1nlqofP+2EN5TMZ7/nbXz1bCzNWIhO+PuUav9WPY1BT8
sW/VdwWtG3jD7d0H3Yq0Gk4eMxnUxEh41JyBkCfSc2jJAvyddlY50W/NjHgudMtB
3+xUY1s0TmXF0a61zsCtdaBvnHZww/eS4uvds0GYx7S9gqT7zaTs
-----END CERTIFICATE-----