Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w9GYubqZZsasK4Dit0vnFLZvJCA.roa
File:                     w9GYubqZZsasK4Dit0vnFLZvJCA.roa (raw, json)
Hash identifier:          KIWEf33s/EVF7Pg+hqcWkeh2sElAaZaiwpcCvxdsikY=
Subject key identifier:   C3:D1:98:B9:BA:99:66:C6:AC:2B:80:E2:B7:4B:E7:14:B6:6F:24:20
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826B600D598F0749630BFC3C4BE1304
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w9GYubqZZsasK4Dit0vnFLZvJCA.roa
Signing time:             Thu 02 Jan 2025 17:53:33 +0000
ROA not before:           Thu 02 Jan 2025 17:53:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56876
IP address blocks:        88.216.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:b6:00:d5:98:f0:74:96:30:bf:c3:c4:be:13:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3d198b9ba9966c6ac2b80e2b74be714b66f2420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1d:d4:ec:58:c0:dd:aa:a7:11:f4:18:f6:5c:
                    49:31:5d:d2:55:24:e2:75:df:bf:ff:e6:e9:89:c3:
                    0b:16:94:78:69:cb:7d:8a:23:25:d1:4e:07:f4:66:
                    0a:bd:ac:de:dc:90:b7:69:fb:13:01:37:4b:0b:63:
                    78:b2:8f:e4:cb:4a:8e:4c:53:b0:83:11:5c:bc:63:
                    49:c5:f7:68:46:d5:47:73:f9:79:3d:0e:15:db:16:
                    52:c5:89:53:d6:ce:9b:31:69:fd:71:87:28:fb:1c:
                    53:40:eb:9c:23:d9:48:e6:3c:6f:0a:5b:97:bb:b2:
                    db:17:fd:37:7c:61:7f:72:5e:47:eb:27:eb:7c:7d:
                    ba:e8:7e:d4:70:1c:c4:3b:c2:e0:b5:a4:ee:de:ff:
                    92:e6:bf:ed:39:bc:ef:62:a6:2f:3a:cd:03:a6:06:
                    5a:79:1a:88:ea:f7:0d:0d:15:a7:0a:f4:66:55:a5:
                    cb:c7:f3:07:ce:a5:58:1a:87:2e:9f:3e:56:6d:96:
                    bf:da:e6:6a:24:01:9d:17:73:e0:f8:9e:8b:02:f6:
                    e0:0c:36:29:d8:21:ba:74:5e:c2:bd:ee:a0:21:c7:
                    d7:81:02:20:16:55:0e:74:6f:d3:a3:75:db:41:03:
                    48:a7:d2:f2:d3:fe:36:ed:91:c6:ee:c1:a5:a1:5a:
                    0b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D1:98:B9:BA:99:66:C6:AC:2B:80:E2:B7:4B:E7:14:B6:6F:24:20
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w9GYubqZZsasK4Dit0vnFLZvJCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:09:26:41:69:f4:17:c8:16:2c:75:eb:b8:d9:fc:3b:fd:82:
         c7:52:69:9f:a7:77:21:e1:9d:68:04:74:bd:63:41:e4:b8:aa:
         12:3f:6a:7d:81:b4:9d:ca:b0:e7:41:7d:27:63:47:f8:23:c5:
         af:5b:8b:7d:c9:5e:86:fc:b5:89:1e:1f:bf:31:6a:4d:ba:dc:
         26:df:a6:9a:79:af:6f:1f:40:de:fe:98:49:05:ca:65:d2:37:
         ed:c4:48:7d:1e:4a:60:fc:2d:9f:d3:a5:12:f1:78:f2:0b:b2:
         1e:7d:fd:46:86:2a:0d:4d:4a:64:01:e6:e7:96:ba:c5:f3:9a:
         02:1d:26:ae:78:0e:3d:1c:71:78:6a:45:c0:2d:86:65:b6:61:
         c7:86:9e:48:4d:90:57:d3:30:1b:94:0f:cc:aa:0e:65:4c:19:
         a6:d9:fe:8a:50:d7:f8:33:c6:de:8c:53:e2:4d:f3:c8:17:20:
         62:01:50:40:9a:ff:a2:16:da:3d:39:37:62:95:93:d2:75:5f:
         1d:c3:1f:fa:ab:ea:0f:66:2c:c0:10:74:13:bf:8a:90:3a:fe:
         9e:4a:89:24:41:40:99:54:71:c2:b1:93:38:f3:96:bb:6f:8d:
         fd:f1:a2:73:47:83:39:71:22:26:69:61:4c:9d:ea:52:eb:ee:
         c7:3f:f7:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJrYA1ZjwdJYwv8PEvhMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2QxOThiOWJhOTk2NmM2YWMyYjgwZTJiNzRiZTcxNGI2NmYyNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1x3U7FjA3aqnEfQY9lxJMV3SVSTi
dd+//+bpicMLFpR4act9iiMl0U4H9GYKvaze3JC3afsTATdLC2N4so/ky0qOTFOw
gxFcvGNJxfdoRtVHc/l5PQ4V2xZSxYlT1s6bMWn9cYco+xxTQOucI9lI5jxvCluX
u7LbF/03fGF/cl5H6yfrfH266H7UcBzEO8LgtaTu3v+S5r/tObzvYqYvOs0DpgZa
eRqI6vcNDRWnCvRmVaXLx/MHzqVYGocunz5WbZa/2uZqJAGdF3Pg+J6LAvbgDDYp
2CG6dF7Cve6gIcfXgQIgFlUOdG/To3XbQQNIp9Ly0/427ZHG7sGloVoLMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPRmLm6mWbGrCuA4rdL5xS2byQgMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvdzlHWXVicVpac2FzSzREaXQwdm5GTFp2SkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNjYMA0G
CSqGSIb3DQEBCwUAA4IBAQAVCSZBafQXyBYsdeu42fw7/YLHUmmfp3ch4Z1oBHS9
Y0HkuKoSP2p9gbSdyrDnQX0nY0f4I8WvW4t9yV6G/LWJHh+/MWpNutwm36aaea9v
H0De/phJBcpl0jftxEh9Hkpg/C2f06US8XjyC7Ieff1GhioNTUpkAebnlrrF85oC
HSaueA49HHF4akXALYZltmHHhp5ITZBX0zAblA/Mqg5lTBmm2f6KUNf4M8bejFPi
TfPIFyBiAVBAmv+iFto9OTdilZPSdV8dwx/6q+oPZizAEHQTv4qQOv6eSokkQUCZ
VHHCsZM485a7b4398aJzR4M5cSImaWFMnepS6+7HP/cl
-----END CERTIFICATE-----