Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mY8WA7HY5DBpA2M4T_GqtGrIZeE.roa
File:                     mY8WA7HY5DBpA2M4T_GqtGrIZeE.roa (raw, json)
Hash identifier:          o8iRCb6KjIuOCI8CVcNUJBofunrJMaJG8Ftq31vlqzU=
Subject key identifier:   99:8F:16:03:B1:D8:E4:30:69:03:63:38:4F:F1:AA:B4:6A:C8:65:E1
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014CA19A38416901F55C65AB45DA84
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mY8WA7HY5DBpA2M4T_GqtGrIZeE.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        88.216.66.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4c:a1:9a:38:41:69:01:f5:5c:65:ab:45:da:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=998f1603b1d8e430690363384ff1aab46ac865e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1e:c0:56:07:48:b0:22:99:3c:42:8a:9b:c6:
                    1c:b4:97:d4:d3:32:58:89:41:c2:38:54:f9:47:7d:
                    e2:f1:b8:f1:4f:a9:87:3c:91:8a:b1:87:c6:08:1e:
                    6c:7c:1c:4d:a0:cb:8a:91:1e:02:68:ab:bb:40:f5:
                    ac:0d:4e:94:3e:ea:93:bd:5a:71:0f:c7:3c:3e:d5:
                    9e:cb:f0:41:f8:93:9a:87:80:e4:3c:ad:c0:1f:51:
                    7c:af:a1:6a:51:6b:ce:23:30:9a:e3:a2:23:9b:4c:
                    03:7f:0b:91:eb:06:42:22:ab:9f:46:1f:e2:9d:b3:
                    95:0e:b8:82:37:a6:67:5c:93:5e:66:d8:74:82:da:
                    24:48:7e:9f:e2:29:17:54:75:56:7e:e7:ca:0c:9f:
                    5a:ea:82:6a:14:63:66:58:4f:5e:f2:d1:08:10:aa:
                    b7:48:b6:e9:1e:ad:cd:50:e3:ab:ca:69:0e:d5:e0:
                    04:88:00:fa:4d:8f:65:d8:56:b5:e0:08:31:b3:f0:
                    2c:cf:dd:41:c8:74:d5:aa:40:ee:e8:b4:df:93:ae:
                    fb:52:8d:8b:9f:40:2c:22:48:7d:08:e0:db:95:7f:
                    08:dc:db:b1:c3:93:86:dc:7a:ce:b6:3d:94:ed:eb:
                    fe:23:d9:66:4b:e6:27:4c:15:48:33:e6:99:f5:68:
                    99:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:8F:16:03:B1:D8:E4:30:69:03:63:38:4F:F1:AA:B4:6A:C8:65:E1
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mY8WA7HY5DBpA2M4T_GqtGrIZeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:f4:80:aa:35:44:b4:f2:e4:3a:13:b6:e2:92:1a:0a:f2:e8:
         7f:64:80:ef:af:46:99:f8:42:27:18:86:d2:32:09:94:de:c6:
         04:15:75:43:72:46:55:6f:0a:2f:eb:53:ed:29:74:3f:f7:11:
         d4:f8:76:74:2b:f0:61:19:bc:39:f7:23:37:34:d7:59:42:27:
         b1:40:92:c9:e3:7e:34:b5:04:89:7b:d7:ed:65:57:6a:0b:d8:
         b3:e8:4d:82:68:a1:bf:3d:da:2d:de:c4:5b:81:e7:27:05:57:
         cb:7a:a7:4c:9f:68:41:84:2a:72:33:6d:df:a7:40:50:6d:31:
         df:44:2f:10:cc:62:f6:dd:56:28:23:54:f5:09:2c:29:8b:87:
         03:e9:f0:da:d2:6a:c2:61:bc:95:61:91:00:2d:3d:11:d9:a8:
         3b:8c:b9:d9:e3:91:bc:bb:bb:df:e9:bf:c5:76:68:6a:13:82:
         a3:27:9d:f7:e2:e6:62:bf:11:e5:78:95:98:af:1e:1c:d6:d3:
         7c:65:97:81:f5:82:24:d8:aa:69:6b:16:ed:5e:e6:de:db:2c:
         d6:19:ec:e8:b5:d6:40:dc:25:10:c1:57:73:4c:8f:37:21:ba:
         59:3b:72:0d:75:ee:d6:a1:cc:c5:af:d4:8c:8b:3b:7e:a1:2e:
         19:c8:02:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUyhmjhBaQH1XGWrRdqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OThmMTYwM2IxZDhlNDMwNjkwMzYzMzg0ZmYxYWFiNDZhYzg2NWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB7AVgdIsCKZPEKKm8YctJfU0zJY
iUHCOFT5R33i8bjxT6mHPJGKsYfGCB5sfBxNoMuKkR4CaKu7QPWsDU6UPuqTvVpx
D8c8PtWey/BB+JOah4DkPK3AH1F8r6FqUWvOIzCa46Ijm0wDfwuR6wZCIqufRh/i
nbOVDriCN6ZnXJNeZth0gtokSH6f4ikXVHVWfufKDJ9a6oJqFGNmWE9e8tEIEKq3
SLbpHq3NUOOrymkO1eAEiAD6TY9l2Fa14Agxs/Asz91ByHTVqkDu6LTfk677Uo2L
n0AsIkh9CODblX8I3Nuxw5OG3HrOtj2U7ev+I9lmS+YnTBVIM+aZ9WiZ+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmPFgOx2OQwaQNjOE/xqrRqyGXhMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbVk4V0E3SFk1REJwQTJNNFRfR3F0R3JJWmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNhCMA0G
CSqGSIb3DQEBCwUAA4IBAQBl9ICqNUS08uQ6E7bikhoK8uh/ZIDvr0aZ+EInGIbS
MgmU3sYEFXVDckZVbwov61PtKXQ/9xHU+HZ0K/BhGbw59yM3NNdZQiexQJLJ4340
tQSJe9ftZVdqC9iz6E2CaKG/Pdot3sRbgecnBVfLeqdMn2hBhCpyM23fp0BQbTHf
RC8QzGL23VYoI1T1CSwpi4cD6fDa0mrCYbyVYZEALT0R2ag7jLnZ45G8u7vf6b/F
dmhqE4KjJ5334uZivxHleJWYrx4c1tN8ZZeB9YIk2KppaxbtXube2yzWGezotdZA
3CUQwVdzTI83IbpZO3INde7WoczFr9SMizt+oS4ZyALz
-----END CERTIFICATE-----