Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z66wylTJ4_qtfTVYGS2rTklIBTQ.roa
File:                     z66wylTJ4_qtfTVYGS2rTklIBTQ.roa (raw, json)
Hash identifier:          rD1OxA553oD1eKinQ2gD/nILWoR4+I2aJMld6ne1DMk=
Subject key identifier:   CF:AE:B0:CA:54:C9:E3:FA:AD:7D:35:58:19:2D:AB:4E:49:48:05:34
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018E579AC87C5EA01BD22A705AF07C6F75D4
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z66wylTJ4_qtfTVYGS2rTklIBTQ.roa
Signing time:             Tue 19 Mar 2024 16:45:45 +0000
ROA not before:           Tue 19 Mar 2024 16:45:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        88.216.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:57:9a:c8:7c:5e:a0:1b:d2:2a:70:5a:f0:7c:6f:75:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 19 16:45:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfaeb0ca54c9e3faad7d3558192dab4e49480534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bf:fc:b1:db:f6:00:8e:6a:b5:15:31:dd:a0:
                    ee:34:4f:bc:fb:66:e5:4f:96:06:15:a5:ad:34:a3:
                    e6:0a:f3:ac:c4:f9:57:c0:4b:7f:58:f7:9b:84:bb:
                    bf:a9:f8:40:0c:0b:81:c0:05:76:a9:05:f5:29:fd:
                    07:a7:ab:b4:90:23:dc:09:35:e6:a0:0d:90:2c:c4:
                    ea:c7:a3:db:b6:31:12:dc:85:11:e5:c4:7e:14:98:
                    55:92:7b:6e:87:70:0b:b3:6c:35:a7:7b:2d:b3:2e:
                    6d:fd:9a:aa:da:e2:7a:1c:90:f1:2b:86:ff:1b:cf:
                    18:cc:db:1f:cf:34:9b:d9:af:dd:5d:c1:59:f1:06:
                    23:8d:e1:4c:38:20:62:fd:c9:8e:18:51:b3:b0:01:
                    5a:24:8c:e3:06:cb:3b:e3:88:9c:71:6d:a5:26:c5:
                    4f:30:18:a5:36:50:53:7b:de:59:14:41:b9:b3:3b:
                    b5:e2:b3:6d:01:88:ec:ff:46:f8:b4:43:7f:36:67:
                    53:ce:a2:20:8f:f6:9e:d1:15:36:05:a9:83:3b:f7:
                    ec:81:c1:10:31:e7:17:5c:6b:67:be:bf:7d:9d:0e:
                    ba:0e:61:d4:7a:c1:e4:b7:6e:6d:d2:74:6a:d3:46:
                    00:80:68:e2:5b:c5:de:e9:33:2f:93:ef:9e:f3:b8:
                    4d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:AE:B0:CA:54:C9:E3:FA:AD:7D:35:58:19:2D:AB:4E:49:48:05:34
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z66wylTJ4_qtfTVYGS2rTklIBTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:7d:3b:8e:32:d9:17:04:3b:01:eb:d5:b6:48:a8:78:cc:ed:
         60:98:8f:c3:23:09:74:d1:26:02:e7:38:b3:d5:ce:1d:94:56:
         26:ed:a4:72:2b:ed:75:3d:12:7e:86:64:db:83:a7:ad:d0:07:
         96:8a:aa:c7:4b:dd:15:27:eb:0f:2a:5e:57:6e:da:c0:a4:e4:
         bb:9b:34:56:d9:0f:d9:43:5c:eb:eb:d8:01:e7:8e:a5:9e:a6:
         01:a2:2c:82:83:37:09:b1:f2:04:9a:34:dc:a9:5e:98:97:40:
         5b:16:95:23:f4:1c:4c:5b:9b:9b:74:ca:4a:d4:eb:ba:88:67:
         d8:d0:c5:c0:42:a7:bc:f9:d5:58:07:76:2f:07:d3:a9:12:19:
         14:61:c7:69:63:f2:4d:b4:6d:15:37:14:56:83:a4:09:5c:b1:
         29:e2:ba:89:e4:7d:57:d1:9b:c5:06:8a:19:f4:9f:b3:64:0e:
         58:dc:1a:25:dc:b2:01:8c:7e:8c:94:cf:d1:b4:0a:7b:55:5e:
         3a:b8:63:27:52:32:15:67:73:0c:9f:07:ca:e0:56:db:ec:4f:
         40:1c:bc:e2:31:60:a5:e1:1a:79:b2:3d:a8:0e:bb:a8:e7:28:
         cf:83:23:ae:8f:44:02:93:ed:ba:34:de:96:43:e8:6e:ce:e7:
         ba:37:aa:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Xmsh8XqAb0ipwWvB8b3XUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMzE5MTY0NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmFlYjBjYTU0YzllM2ZhYWQ3ZDM1NTgxOTJkYWI0ZTQ5NDgwNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr/8sdv2AI5qtRUx3aDuNE+8+2bl
T5YGFaWtNKPmCvOsxPlXwEt/WPebhLu/qfhADAuBwAV2qQX1Kf0Hp6u0kCPcCTXm
oA2QLMTqx6PbtjES3IUR5cR+FJhVkntuh3ALs2w1p3stsy5t/Zqq2uJ6HJDxK4b/
G88YzNsfzzSb2a/dXcFZ8QYjjeFMOCBi/cmOGFGzsAFaJIzjBss744iccW2lJsVP
MBilNlBTe95ZFEG5szu14rNtAYjs/0b4tEN/NmdTzqIgj/ae0RU2BamDO/fsgcEQ
MecXXGtnvr99nQ66DmHUesHkt25t0nRq00YAgGjiW8Xe6TMvk++e87hNZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+usMpUyeP6rX01WBktq05JSAU0MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvejY2d3lsVEo0X3F0ZlRWWUdTMnJUa2xJQlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNi0MA0G
CSqGSIb3DQEBCwUAA4IBAQBjfTuOMtkXBDsB69W2SKh4zO1gmI/DIwl00SYC5ziz
1c4dlFYm7aRyK+11PRJ+hmTbg6et0AeWiqrHS90VJ+sPKl5XbtrApOS7mzRW2Q/Z
Q1zr69gB546lnqYBoiyCgzcJsfIEmjTcqV6Yl0BbFpUj9BxMW5ubdMpK1Ou6iGfY
0MXAQqe8+dVYB3YvB9OpEhkUYcdpY/JNtG0VNxRWg6QJXLEp4rqJ5H1X0ZvFBooZ
9J+zZA5Y3Bol3LIBjH6MlM/RtAp7VV46uGMnUjIVZ3MMnwfK4Fbb7E9AHLziMWCl
4Rp5sj2oDruo5yjPgyOuj0QCk+26NN6WQ+huzue6N6pf
-----END CERTIFICATE-----