Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/7358bd-c72f-4d9b-bb0d-0b4f717aa363/1/1-x6JFOqPD1yP68X7TdFk25jnuIg.roa
File:                     1-x6JFOqPD1yP68X7TdFk25jnuIg.roa (raw, json)
Hash identifier:          RolhIxqGNUhd2tMG1odSNh7dGwbXjAgACemQ99vYmt8=
Subject key identifier:   FB:1E:89:14:EA:8F:0F:5C:8F:EB:C5:FB:4D:D1:64:DB:98:E7:B8:88
Certificate issuer:       /CN=4d583b6f56cf092728de593ad952aea19ce31886
Certificate serial:       018CC6B7D924B8D7CEA730B7FC61063120BD
Authority key identifier: 4D:58:3B:6F:56:CF:09:27:28:DE:59:3A:D9:52:AE:A1:9C:E3:18:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVg7b1bPCSco3lk62VKuoZzjGIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/7358bd-c72f-4d9b-bb0d-0b4f717aa363/1/1-x6JFOqPD1yP68X7TdFk25jnuIg.roa
Signing time:             Mon 01 Jan 2024 20:29:46 +0000
ROA not before:           Mon 01 Jan 2024 20:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210298
IP address blocks:        88.214.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/7358bd-c72f-4d9b-bb0d-0b4f717aa363/1/TVg7b1bPCSco3lk62VKuoZzjGIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/7358bd-c72f-4d9b-bb0d-0b4f717aa363/1/TVg7b1bPCSco3lk62VKuoZzjGIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVg7b1bPCSco3lk62VKuoZzjGIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d9:24:b8:d7:ce:a7:30:b7:fc:61:06:31:20:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d583b6f56cf092728de593ad952aea19ce31886
        Validity
            Not Before: Jan  1 20:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb1e8914ea8f0f5c8febc5fb4dd164db98e7b888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:08:bf:dd:08:41:e7:ba:1d:16:16:e8:d8:be:
                    da:40:86:57:89:e9:29:36:2a:ab:76:4f:82:ce:55:
                    39:da:85:11:87:51:55:20:a2:4f:97:c8:aa:ff:4d:
                    5f:da:55:a8:76:43:4b:89:fe:f9:a1:85:13:df:d8:
                    82:b0:18:44:7c:bf:13:e1:71:0b:25:43:50:3d:99:
                    9a:92:6f:91:b9:53:1f:c6:d5:db:8e:2e:ef:5b:54:
                    e7:72:a3:9b:8e:fd:cf:3c:2a:d8:63:17:ed:6c:0d:
                    9d:52:3b:49:0f:11:6b:f9:dc:66:35:13:bd:1f:b7:
                    22:08:f8:6e:dd:f2:38:63:46:a0:08:ef:68:f4:2a:
                    cc:65:f0:a8:bc:25:dd:86:25:4a:5f:c2:8b:5e:87:
                    01:63:7b:65:e3:23:11:55:81:19:f9:e3:89:e8:76:
                    89:80:6a:51:6b:b9:9f:c6:8c:b8:ee:de:89:f7:09:
                    e3:f5:96:31:1b:1f:18:28:c5:34:a2:bc:4f:0c:f4:
                    5f:80:13:e7:69:5c:fa:7e:29:09:96:a4:e4:04:ca:
                    58:59:ea:05:d7:fc:9a:09:ba:45:4d:43:59:db:66:
                    35:1a:ff:72:d8:3c:9b:16:04:86:80:7d:19:23:4c:
                    29:8d:25:92:83:6b:1b:7c:5f:e1:3c:3f:78:5f:8b:
                    2d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:1E:89:14:EA:8F:0F:5C:8F:EB:C5:FB:4D:D1:64:DB:98:E7:B8:88
            X509v3 Authority Key Identifier:
                keyid:4D:58:3B:6F:56:CF:09:27:28:DE:59:3A:D9:52:AE:A1:9C:E3:18:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVg7b1bPCSco3lk62VKuoZzjGIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7358bd-c72f-4d9b-bb0d-0b4f717aa363/1/1-x6JFOqPD1yP68X7TdFk25jnuIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7358bd-c72f-4d9b-bb0d-0b4f717aa363/1/TVg7b1bPCSco3lk62VKuoZzjGIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:d1:a2:86:a6:b5:f3:8c:57:57:23:0b:e7:10:e5:41:e1:6a:
         1d:35:12:c3:ff:b3:14:26:fd:96:d2:4d:d3:24:dc:83:a5:69:
         c9:f4:53:4a:4c:3e:e6:5e:e9:d2:4c:31:f4:4f:50:8a:81:4a:
         bd:5a:8f:96:62:99:e2:5b:a1:9b:23:e9:88:9b:87:21:cf:55:
         d0:c6:b2:dd:1d:f8:7f:8e:fb:9b:ec:92:1d:ab:4a:12:17:cf:
         78:97:ce:85:66:3a:a1:7a:c2:54:a5:5f:f7:a8:d3:73:e3:48:
         77:7a:72:3e:33:2f:70:fa:c3:74:7b:94:5b:ec:ed:ca:fe:e9:
         f7:a8:34:78:12:a3:4d:0d:e9:92:ef:0b:13:40:2a:cc:8c:82:
         5a:de:60:0d:aa:df:62:97:3a:cd:f5:82:5d:3f:1d:d7:1f:1e:
         e5:4d:c2:ea:88:bf:47:a8:f3:6a:ae:3c:17:c2:c5:69:4f:f9:
         46:94:fc:c7:70:3c:61:55:49:c7:b2:06:d9:96:7e:c6:0d:3b:
         7a:bc:b3:69:21:02:9a:6c:d1:73:38:ff:1f:0b:c3:fc:aa:97:
         ba:e0:30:96:a5:69:c5:a4:d9:04:c6:6a:a5:66:4e:5b:7a:3b:
         75:65:39:3c:3f:7a:14:fd:09:20:f6:8b:a2:03:b1:07:d7:d6:
         75:b5:e3:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGt9kkuNfOpzC3/GEGMSC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNTgzYjZmNTZjZjA5MjcyOGRlNTkzYWQ5NTJhZWExOWNl
MzE4ODYwHhcNMjQwMTAxMjAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjFlODkxNGVhOGYwZjVjOGZlYmM1ZmI0ZGQxNjRkYjk4ZTdiODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAi/3QhB57odFhbo2L7aQIZXiekp
Niqrdk+CzlU52oURh1FVIKJPl8iq/01f2lWodkNLif75oYUT39iCsBhEfL8T4XEL
JUNQPZmakm+RuVMfxtXbji7vW1TncqObjv3PPCrYYxftbA2dUjtJDxFr+dxmNRO9
H7ciCPhu3fI4Y0agCO9o9CrMZfCovCXdhiVKX8KLXocBY3tl4yMRVYEZ+eOJ6HaJ
gGpRa7mfxoy47t6J9wnj9ZYxGx8YKMU0orxPDPRfgBPnaVz6fikJlqTkBMpYWeoF
1/yaCbpFTUNZ22Y1Gv9y2DybFgSGgH0ZI0wpjSWSg2sbfF/hPD94X4stpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPseiRTqjw9cj+vF+03RZNuY57iIMB8GA1UdIwQY
MBaAFE1YO29WzwknKN5ZOtlSrqGc4xiGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZnN2IxYlBDU2NvM2xrNjJWS3VvWnpqR0lZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy83MzU4YmQtYzcyZi00ZDliLWJiMGQt
MGI0ZjcxN2FhMzYzLzEvMS14NkpGT3FQRDF5UDY4WDdUZEZrMjVqbnVJZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWMvNzM1OGJkLWM3MmYtNGQ5Yi1iYjBkLTBiNGY3MTdhYTM2
My8xL1RWZzdiMWJQQ1NjbzNsazYyVkt1b1p6akdJWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAljWDDAN
BgkqhkiG9w0BAQsFAAOCAQEAVdGihqa184xXVyML5xDlQeFqHTUSw/+zFCb9ltJN
0yTcg6VpyfRTSkw+5l7p0kwx9E9QioFKvVqPlmKZ4luhmyPpiJuHIc9V0May3R34
f477m+ySHatKEhfPeJfOhWY6oXrCVKVf96jTc+NId3pyPjMvcPrDdHuUW+ztyv7p
96g0eBKjTQ3pku8LE0AqzIyCWt5gDarfYpc6zfWCXT8d1x8e5U3C6oi/R6jzaq48
F8LFaU/5RpT8x3A8YVVJx7IG2ZZ+xg07eryzaSECmmzRczj/HwvD/KqXuuAwlqVp
xaTZBMZqpWZOW3o7dWU5PD96FP0JIPaLogOxB9fWdbXjoA==
-----END CERTIFICATE-----