Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xl-1hP-n78ExY2ZA_cegY4By1Z4.roa
File:                     xl-1hP-n78ExY2ZA_cegY4By1Z4.roa (raw, json)
Hash identifier:          01Uoeict8rXjOW7t+TzVWJzziemMEzsj9nu3c1ZGzCw=
Subject key identifier:   C6:5F:B5:84:FF:A7:EF:C1:31:63:66:40:FD:C7:A0:63:80:72:D5:9E
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC501377613617BF4F93FB8DBB0258D78
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xl-1hP-n78ExY2ZA_cegY4By1Z4.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        88.216.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:37:76:13:61:7b:f4:f9:3f:b8:db:b0:25:8d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c65fb584ffa7efc131636640fdc7a0638072d59e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:eb:8a:4a:73:94:46:0c:41:e3:55:d0:6e:c7:
                    ce:23:1c:8f:b2:f4:8e:d1:bb:31:d6:83:df:c8:db:
                    b3:7d:04:64:92:95:14:82:62:76:b6:92:dd:47:ea:
                    f6:8e:27:9f:16:81:95:77:53:9b:aa:62:b2:08:78:
                    4c:2b:c4:49:77:fb:be:26:82:41:29:8f:9d:14:d2:
                    6c:cc:c6:67:db:ce:64:2e:79:43:e7:50:d0:55:e7:
                    ca:08:9d:90:09:6c:6b:c6:22:5a:83:96:03:ed:a8:
                    11:26:e4:b1:c4:22:21:12:e4:05:24:c6:26:b0:40:
                    5b:11:3d:4d:89:c5:5e:25:58:ec:df:cc:0a:3c:c6:
                    1a:1c:4d:5b:f5:62:7f:e9:69:5f:c5:09:0d:68:b6:
                    21:ff:94:49:9f:54:ad:35:78:ac:48:1c:a0:7b:b3:
                    6b:09:4f:81:a3:23:ef:71:7f:f5:53:7f:b1:2a:76:
                    43:06:aa:99:86:c8:8a:f6:ad:79:ac:0d:28:c0:2a:
                    1d:9f:65:a0:5b:58:8b:0a:b8:09:1e:41:85:39:4c:
                    d6:06:f6:e6:33:c0:43:1d:76:cf:0a:05:fc:e8:d5:
                    a4:3d:fc:84:62:00:ae:01:a3:86:04:b4:bf:ff:04:
                    cf:a1:14:cf:bc:2f:51:9e:e1:b1:6e:00:1b:56:8a:
                    66:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:5F:B5:84:FF:A7:EF:C1:31:63:66:40:FD:C7:A0:63:80:72:D5:9E
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xl-1hP-n78ExY2ZA_cegY4By1Z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:5d:92:72:15:84:62:a6:01:2d:88:29:86:f8:12:f5:7f:8a:
         7c:dc:63:47:e1:e9:00:23:7e:f8:46:5c:9c:f8:c0:88:4e:ea:
         c1:d9:7e:5c:6c:cc:96:61:67:53:11:ca:28:b8:7b:7a:cc:a7:
         af:a1:1f:29:aa:84:1e:3f:9a:b1:07:de:42:10:17:a8:32:df:
         5a:78:6f:e1:8e:99:2f:4d:87:79:f0:1b:f7:d0:60:5e:1d:b4:
         45:79:23:77:43:71:a6:a0:45:68:ac:7b:10:dd:74:68:7a:f3:
         af:01:ea:2a:ec:22:44:4f:31:98:46:f4:df:d5:0b:a9:ff:cf:
         11:33:6c:7f:aa:4d:42:f1:e0:ba:e7:8f:aa:f8:b8:d9:4d:40:
         32:a9:4e:01:36:fa:a7:cc:45:84:92:80:2c:03:cf:4c:5f:53:
         30:89:bd:55:1e:a0:0c:af:be:19:2b:7b:7a:02:c3:f8:cb:3d:
         3b:52:f9:03:93:1f:43:b4:9d:02:bd:4d:93:0b:94:c8:b8:5d:
         06:8d:f5:cd:60:01:4e:c9:61:c8:13:16:fb:e7:55:b8:2c:21:
         d7:52:93:a2:64:60:1f:46:54:ea:a9:50:be:0e:98:2c:24:7a:
         8f:ad:28:12:b4:22:83:60:5a:9a:7b:f7:31:ff:a3:ce:e3:dd:
         b0:89:ee:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATd2E2F79Pk/uNuwJY14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjVmYjU4NGZmYTdlZmMxMzE2MzY2NDBmZGM3YTA2MzgwNzJkNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+uKSnOURgxB41XQbsfOIxyPsvSO
0bsx1oPfyNuzfQRkkpUUgmJ2tpLdR+r2jiefFoGVd1ObqmKyCHhMK8RJd/u+JoJB
KY+dFNJszMZn285kLnlD51DQVefKCJ2QCWxrxiJag5YD7agRJuSxxCIhEuQFJMYm
sEBbET1NicVeJVjs38wKPMYaHE1b9WJ/6WlfxQkNaLYh/5RJn1StNXisSByge7Nr
CU+BoyPvcX/1U3+xKnZDBqqZhsiK9q15rA0owCodn2WgW1iLCrgJHkGFOUzWBvbm
M8BDHXbPCgX86NWkPfyEYgCuAaOGBLS//wTPoRTPvC9RnuGxbgAbVopmKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZftYT/p+/BMWNmQP3HoGOActWeMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEveGwtMWhQLW43OEV4WTJaQV9jZWdZNEJ5MVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNiBMA0G
CSqGSIb3DQEBCwUAA4IBAQBwXZJyFYRipgEtiCmG+BL1f4p83GNH4ekAI374Rlyc
+MCITurB2X5cbMyWYWdTEcoouHt6zKevoR8pqoQeP5qxB95CEBeoMt9aeG/hjpkv
TYd58Bv30GBeHbRFeSN3Q3GmoEVorHsQ3XRoevOvAeoq7CJETzGYRvTf1Qup/88R
M2x/qk1C8eC654+q+LjZTUAyqU4BNvqnzEWEkoAsA89MX1Mwib1VHqAMr74ZK3t6
AsP4yz07UvkDkx9DtJ0CvU2TC5TIuF0GjfXNYAFOyWHIExb751W4LCHXUpOiZGAf
RlTqqVC+DpgsJHqPrSgStCKDYFqae/cx/6PO492wie58
-----END CERTIFICATE-----