Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mRPFZJ4CV4_ZAmL6Uq1FmlqwPSM.roa
File:                     mRPFZJ4CV4_ZAmL6Uq1FmlqwPSM.roa (raw, json)
Hash identifier:          F+48MdN30PrLdw0kiEGq9e1zMFtal0i/uvYmqe75FzA=
Subject key identifier:   99:13:C5:64:9E:02:57:8F:D9:02:62:FA:52:AD:45:9A:5A:B0:3D:23
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826CA976D4280618367EBE1F581867E
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mRPFZJ4CV4_ZAmL6Uq1FmlqwPSM.roa
Signing time:             Thu 02 Jan 2025 17:53:38 +0000
ROA not before:           Thu 02 Jan 2025 17:53:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400175
IP address blocks:        88.216.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 17:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:ca:97:6d:42:80:61:83:67:eb:e1:f5:81:86:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9913c5649e02578fd90262fa52ad459a5ab03d23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5e:3e:40:3d:af:d7:8b:cd:c2:77:2f:2c:77:
                    3e:b8:fd:fb:6b:c6:86:74:88:f8:7a:f5:1f:47:9d:
                    7f:93:68:64:c4:15:6e:bd:85:0e:a9:e8:88:4c:cb:
                    f8:01:bf:93:95:f2:ae:62:32:39:16:b2:74:fc:47:
                    91:19:d6:6f:4a:bc:2d:68:2a:84:36:89:f1:57:7e:
                    b1:d8:e9:94:cf:48:47:d4:e5:8d:85:17:eb:ac:1d:
                    b2:88:92:3e:84:3f:0c:49:6a:68:12:2c:d0:ec:87:
                    e0:3f:0f:bd:c3:0f:95:13:5b:14:45:a8:f7:14:59:
                    55:f9:c2:ab:7b:cf:58:75:db:c8:71:da:80:0c:19:
                    1f:f4:83:be:8a:b7:b8:fb:d8:8b:ff:90:0a:31:ba:
                    e9:ae:4d:75:d8:4e:94:00:5e:d3:5a:74:fe:02:fc:
                    ce:93:27:30:6b:69:b9:0d:68:e9:ae:63:e2:ed:a9:
                    0a:52:18:9e:ea:53:6d:fc:f7:f9:43:91:19:09:88:
                    75:38:56:1d:34:36:49:5a:e4:97:5e:20:a2:61:21:
                    cf:a1:65:17:fd:8d:11:aa:30:65:f1:5a:02:f1:b0:
                    62:b3:7e:7f:2e:94:ff:d6:fe:d1:52:37:a5:5d:c2:
                    38:55:56:15:c7:d7:f0:84:fa:81:3c:30:47:88:f2:
                    d7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:13:C5:64:9E:02:57:8F:D9:02:62:FA:52:AD:45:9A:5A:B0:3D:23
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mRPFZJ4CV4_ZAmL6Uq1FmlqwPSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:53:d3:c5:e7:aa:54:09:34:b9:13:17:af:ad:02:1f:f0:5e:
         24:f9:99:4a:59:1e:6e:1c:ba:b5:b9:e8:ba:c7:d4:82:ca:cb:
         85:3c:86:47:c2:e8:73:d6:7b:fe:71:58:c3:05:9d:9a:9b:ea:
         bf:0f:bc:61:e5:a5:3c:38:a6:05:c6:d6:84:46:57:d9:7a:8b:
         00:4f:ce:25:90:95:13:97:19:ab:0c:ee:bf:35:b2:2d:21:0e:
         5a:ae:e7:39:14:59:f2:27:52:ff:ee:9a:64:a4:ec:74:08:fa:
         f3:5e:ae:05:e3:e5:a3:18:60:91:cb:3d:73:d6:1b:15:65:53:
         8f:51:59:3e:31:59:7b:37:3c:56:fa:1b:65:bc:db:1f:68:16:
         c3:23:75:1f:a1:3e:a2:87:b2:5d:78:d0:85:f9:d9:ae:7e:eb:
         01:ec:01:b0:25:c2:ac:04:f8:f1:9a:5a:8c:dd:6d:51:7b:6b:
         7e:e5:f0:25:b9:a5:63:79:53:75:57:43:45:06:d4:22:4c:c6:
         ae:96:6f:00:61:0a:ff:1f:70:b8:59:1c:0d:b0:60:34:38:06:
         d5:c4:3e:0e:4f:ad:2e:ba:f1:86:27:5f:3a:db:c7:0c:48:17:
         0e:7f:42:1f:48:a0:e0:b2:85:1c:07:6c:74:9d:f4:9c:32:16:
         e0:bc:24:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJsqXbUKAYYNn6+H1gYZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTEzYzU2NDllMDI1NzhmZDkwMjYyZmE1MmFkNDU5YTVhYjAzZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3F4+QD2v14vNwncvLHc+uP37a8aG
dIj4evUfR51/k2hkxBVuvYUOqeiITMv4Ab+TlfKuYjI5FrJ0/EeRGdZvSrwtaCqE
NonxV36x2OmUz0hH1OWNhRfrrB2yiJI+hD8MSWpoEizQ7IfgPw+9ww+VE1sURaj3
FFlV+cKre89YddvIcdqADBkf9IO+ire4+9iL/5AKMbrprk112E6UAF7TWnT+AvzO
kycwa2m5DWjprmPi7akKUhie6lNt/Pf5Q5EZCYh1OFYdNDZJWuSXXiCiYSHPoWUX
/Y0RqjBl8VoC8bBis35/LpT/1v7RUjelXcI4VVYVx9fwhPqBPDBHiPLXgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkTxWSeAleP2QJi+lKtRZpasD0jMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbVJQRlpKNENWNF9aQW1MNlVxMUZtbHF3UFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNgCMA0G
CSqGSIb3DQEBCwUAA4IBAQADU9PF56pUCTS5ExevrQIf8F4k+ZlKWR5uHLq1uei6
x9SCysuFPIZHwuhz1nv+cVjDBZ2am+q/D7xh5aU8OKYFxtaERlfZeosAT84lkJUT
lxmrDO6/NbItIQ5aruc5FFnyJ1L/7ppkpOx0CPrzXq4F4+WjGGCRyz1z1hsVZVOP
UVk+MVl7NzxW+htlvNsfaBbDI3UfoT6ih7JdeNCF+dmufusB7AGwJcKsBPjxmlqM
3W1Re2t+5fAluaVjeVN1V0NFBtQiTMaulm8AYQr/H3C4WRwNsGA0OAbVxD4OT60u
uvGGJ18628cMSBcOf0IfSKDgsoUcB2x0nfScMhbgvCQy
-----END CERTIFICATE-----