Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/F88YM7kxk9UHt0Ss9UGG-DB2e1c.roa
File:                     F88YM7kxk9UHt0Ss9UGG-DB2e1c.roa (raw, json)
Hash identifier:          dRKwNP779BbMKBJfKM3cPYjR6NDU4I4avCSE+3a9IyU=
Subject key identifier:   17:CF:18:33:B9:31:93:D5:07:B7:44:AC:F5:41:86:F8:30:76:7B:57
Certificate issuer:       /CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
Certificate serial:       018CC94AB9DC8B8CE0E7592413C85ECC3411
Authority key identifier: 5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/F88YM7kxk9UHt0Ss9UGG-DB2e1c.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57564
IP address blocks:        176.102.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b9:dc:8b:8c:e0:e7:59:24:13:c8:5e:cc:34:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17cf1833b93193d507b744acf54186f830767b57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:74:77:bc:94:f7:59:d7:c2:31:fb:62:00:52:
                    bc:e5:f0:75:3a:31:b4:95:d5:30:cf:77:c7:d6:22:
                    ad:02:e7:e4:f8:92:1d:e0:2a:75:d3:ba:fc:80:14:
                    76:04:97:4a:f8:8f:09:23:6c:b7:cc:8e:09:e9:b2:
                    5d:0c:87:1b:f2:cf:ba:d4:a2:3c:c0:88:2e:34:e0:
                    26:54:08:20:f2:30:14:e3:81:b0:74:6d:d6:8e:88:
                    94:b0:8b:25:ff:d4:31:2f:f0:81:90:7f:a9:7e:ed:
                    b0:64:ce:54:8b:ed:ff:65:49:d2:82:a0:8f:8c:73:
                    a2:85:e5:6c:a8:9f:fc:39:2d:87:69:a5:ea:ae:82:
                    60:c3:b7:50:c2:8e:c2:03:14:37:e4:87:68:7a:68:
                    ef:ba:6a:94:19:68:ff:b3:24:43:03:00:90:db:82:
                    aa:68:8e:9b:9a:fa:ed:82:57:e2:f1:67:53:e9:6f:
                    25:cc:79:f8:d1:9e:2f:e7:ce:07:f5:50:9e:2f:bb:
                    99:e8:dd:aa:d0:b5:96:c6:ad:17:ab:cb:bf:f1:83:
                    02:1a:b1:31:32:cc:f9:75:d8:e4:ed:04:5d:8b:b5:
                    b7:e7:ad:16:2b:15:a9:98:ca:f2:dd:d3:35:dd:1d:
                    9d:c2:3a:4f:ee:e5:78:85:41:50:94:93:db:94:3b:
                    1a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:CF:18:33:B9:31:93:D5:07:B7:44:AC:F5:41:86:F8:30:76:7B:57
            X509v3 Authority Key Identifier:
                keyid:5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/F88YM7kxk9UHt0Ss9UGG-DB2e1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.102.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3d:97:9d:10:9a:71:75:30:46:0b:1d:1b:d3:bb:6a:28:c2:cb:
         8b:42:76:a7:f6:2d:65:69:b2:08:dc:c5:11:41:16:c9:cc:3d:
         04:ba:09:76:d8:e4:c2:f4:6a:32:01:05:ca:7d:1d:68:2a:53:
         67:7f:e1:a1:92:90:90:ed:57:ab:e2:b8:23:f3:73:25:fe:97:
         36:f6:cd:0d:d8:f6:e4:2c:e7:43:fd:4e:1d:f7:5f:c5:90:d6:
         d0:58:44:26:bf:4a:8a:89:85:be:02:08:0c:ad:fb:0e:69:f5:
         f1:83:c3:8e:8e:c3:d8:da:5b:a6:5b:bd:7b:95:69:32:48:ab:
         5f:0f:67:10:3c:4f:60:3a:0b:fb:29:53:53:43:a2:72:75:df:
         45:6d:2b:c2:2e:bc:c7:98:74:fc:72:3a:be:77:22:75:e0:55:
         3d:64:a4:12:26:af:ca:62:6a:70:77:5a:27:8c:ae:36:47:27:
         3e:44:bb:31:d9:69:ab:ec:d3:3e:ac:08:b2:56:43:8f:43:4b:
         dc:fe:df:22:5c:ba:b9:0d:ec:cf:d9:79:0e:5b:f0:ca:7a:19:
         ab:95:9e:5f:a3:11:99:18:7e:25:e6:02:5f:c5:cb:d7:88:e2:
         ea:7e:74:58:68:1a:42:b7:64:42:3d:e1:8a:46:dc:db:e4:83:
         7f:21:ed:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrnci4zg51kkE8hezDQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzlkMTViZDJmY2M4NDc3MWJhNmFhMjlhYTU0NDI4YjIx
Y2VmNjAwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2NmMTgzM2I5MzE5M2Q1MDdiNzQ0YWNmNTQxODZmODMwNzY3YjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnR3vJT3WdfCMftiAFK85fB1OjG0
ldUwz3fH1iKtAufk+JId4Cp107r8gBR2BJdK+I8JI2y3zI4J6bJdDIcb8s+61KI8
wIguNOAmVAgg8jAU44GwdG3WjoiUsIsl/9QxL/CBkH+pfu2wZM5Ui+3/ZUnSgqCP
jHOiheVsqJ/8OS2HaaXqroJgw7dQwo7CAxQ35IdoemjvumqUGWj/syRDAwCQ24Kq
aI6bmvrtglfi8WdT6W8lzHn40Z4v584H9VCeL7uZ6N2q0LWWxq0Xq8u/8YMCGrEx
Msz5ddjk7QRdi7W3560WKxWpmMry3dM13R2dwjpP7uV4hUFQlJPblDsa7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfPGDO5MZPVB7dErPVBhvgwdntXMB8GA1UdIwQY
MBaAFF050VvS/MhHcbpqopqlRCiyHO9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAt
YzI5YjQ0ZGU1M2E4LzEvRjg4WU03a3hrOVVIdDBTczlVR0ctREIyZTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAtYzI5YjQ0ZGU1M2E4
LzEvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsGaAMA0G
CSqGSIb3DQEBCwUAA4IBAQA9l50QmnF1MEYLHRvTu2oowsuLQnan9i1labII3MUR
QRbJzD0Eugl22OTC9GoyAQXKfR1oKlNnf+GhkpCQ7Ver4rgj83Ml/pc29s0N2Pbk
LOdD/U4d91/FkNbQWEQmv0qKiYW+AggMrfsOafXxg8OOjsPY2lumW717lWkySKtf
D2cQPE9gOgv7KVNTQ6Jydd9FbSvCLrzHmHT8cjq+dyJ14FU9ZKQSJq/KYmpwd1on
jK42Ryc+RLsx2Wmr7NM+rAiyVkOPQ0vc/t8iXLq5DezP2XkOW/DKehmrlZ5foxGZ
GH4l5gJfxcvXiOLqfnRYaBpCt2RCPeGKRtzb5IN/Ie2u
-----END CERTIFICATE-----