Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mRwtHbz3NMmiGDVFBxVg-oi_-L0.roa
File:                     mRwtHbz3NMmiGDVFBxVg-oi_-L0.roa (raw, json)
Hash identifier:          YuUkJIYGLNLb3VYFXvXc+7DHy4lIIrFV9RpNMf/5E9g=
Subject key identifier:   99:1C:2D:1D:BC:F7:34:C9:A2:18:35:45:07:15:60:FA:88:BF:F8:BD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014A389AA71267FA2D9CDBC25FB3D4
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mRwtHbz3NMmiGDVFBxVg-oi_-L0.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200088
IP address blocks:        88.216.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4a:38:9a:a7:12:67:fa:2d:9c:db:c2:5f:b3:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=991c2d1dbcf734c9a2183545071560fa88bff8bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e6:a9:d3:e6:a9:7a:90:04:92:85:8a:bf:03:
                    80:3f:c5:7f:09:07:a9:d1:67:6a:e2:66:12:9b:1a:
                    f5:e7:a0:f5:aa:67:92:48:75:a3:d4:40:37:02:b8:
                    89:6c:fb:e9:81:8a:a2:fb:7d:c0:1b:49:f7:bf:8d:
                    47:b1:ba:c2:a1:0b:e3:06:2b:b5:01:26:81:b1:03:
                    aa:0e:eb:6e:de:d0:2c:82:6f:ab:c4:f5:de:96:63:
                    5a:16:1e:ae:7f:04:af:e2:43:9f:bd:94:38:86:f4:
                    d1:b2:10:b9:62:7b:76:73:28:3b:e1:a0:2a:c9:18:
                    2f:af:a9:78:04:b2:13:22:cb:91:2b:02:94:51:a8:
                    c6:86:bc:ee:df:09:4f:9c:a4:e2:85:29:87:20:47:
                    ff:b6:1d:09:9d:bd:84:a9:5b:c0:53:62:aa:a4:d5:
                    aa:5a:54:24:44:f5:a4:1d:d5:4d:6b:05:46:75:21:
                    e1:59:f2:06:73:70:f9:6c:b9:ad:9d:16:9b:00:b7:
                    5c:99:32:51:68:76:0e:a5:4b:67:ab:40:dc:11:f0:
                    ea:da:9f:1a:cf:4c:e4:f6:e7:37:f5:16:4a:ed:bc:
                    58:9b:bc:c5:63:2e:9d:87:5b:b4:47:8c:32:76:a4:
                    1f:3e:ee:22:75:ca:6c:4f:a2:86:b5:06:e2:42:30:
                    61:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:1C:2D:1D:BC:F7:34:C9:A2:18:35:45:07:15:60:FA:88:BF:F8:BD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mRwtHbz3NMmiGDVFBxVg-oi_-L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a0:c9:fd:ab:80:c9:fd:20:5a:de:c9:06:9f:a5:74:11:42:
         60:39:a4:63:7f:b1:dc:7e:fb:c0:0c:13:a9:a3:d6:89:d4:44:
         02:e0:cc:68:89:4a:fe:7a:ee:d3:b4:dd:ac:c5:dd:03:0c:28:
         cc:4f:43:db:b8:fc:4f:0b:b5:de:f2:2a:25:ef:44:e8:ee:37:
         98:63:90:b9:43:da:fd:73:3c:d9:2d:25:ad:3f:c6:6e:bb:4a:
         95:ad:f5:7e:84:6b:c6:0f:20:65:b2:78:af:62:fc:3b:55:7c:
         b9:ae:91:d9:6c:2d:90:f3:91:da:ce:46:c7:96:2c:34:04:80:
         93:c7:07:81:c5:8b:18:4e:94:68:20:d8:b4:49:6b:b4:bb:b5:
         fa:e0:72:32:82:ee:04:70:b6:56:e2:2c:d9:46:31:95:d4:82:
         ff:31:db:56:0d:dd:b5:bb:68:e4:a7:ea:94:47:3b:59:82:37:
         d4:0e:8a:a9:67:13:d8:a9:8d:de:2a:45:0f:c8:fc:f4:fb:cb:
         bd:37:6a:c3:77:29:0b:5b:d6:1e:e9:a4:39:57:ff:62:b2:97:
         96:47:65:28:18:d0:8b:a3:b2:8b:39:f7:23:10:f2:e2:57:ed:
         1a:89:54:df:ed:b4:2f:1c:e1:e5:cf:37:6c:8a:c5:ba:a6:52:
         a0:e1:13:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUo4mqcSZ/otnNvCX7PUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTFjMmQxZGJjZjczNGM5YTIxODM1NDUwNzE1NjBmYTg4YmZmOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheap0+apepAEkoWKvwOAP8V/CQep
0Wdq4mYSmxr156D1qmeSSHWj1EA3AriJbPvpgYqi+33AG0n3v41HsbrCoQvjBiu1
ASaBsQOqDutu3tAsgm+rxPXelmNaFh6ufwSv4kOfvZQ4hvTRshC5Ynt2cyg74aAq
yRgvr6l4BLITIsuRKwKUUajGhrzu3wlPnKTihSmHIEf/th0Jnb2EqVvAU2KqpNWq
WlQkRPWkHdVNawVGdSHhWfIGc3D5bLmtnRabALdcmTJRaHYOpUtnq0DcEfDq2p8a
z0zk9uc39RZK7bxYm7zFYy6dh1u0R4wydqQfPu4idcpsT6KGtQbiQjBhoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkcLR289zTJohg1RQcVYPqIv/i9MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbVJ3dEhiejNOTW1pR0RWRkJ4Vmctb2lfLUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNgTMA0G
CSqGSIb3DQEBCwUAA4IBAQCcoMn9q4DJ/SBa3skGn6V0EUJgOaRjf7HcfvvADBOp
o9aJ1EQC4MxoiUr+eu7TtN2sxd0DDCjMT0PbuPxPC7Xe8iol70To7jeYY5C5Q9r9
czzZLSWtP8Zuu0qVrfV+hGvGDyBlsnivYvw7VXy5rpHZbC2Q85HazkbHliw0BICT
xweBxYsYTpRoINi0SWu0u7X64HIygu4EcLZW4izZRjGV1IL/MdtWDd21u2jkp+qU
RztZgjfUDoqpZxPYqY3eKkUPyPz0+8u9N2rDdykLW9Ye6aQ5V/9ispeWR2UoGNCL
o7KLOfcjEPLiV+0aiVTf7bQvHOHlzzdsisW6plKg4RPL
-----END CERTIFICATE-----