Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/7JYEH2LUdqQWSKQsummow14r5TY.roa
File:                     7JYEH2LUdqQWSKQsummow14r5TY.roa (raw, json)
Hash identifier:          bMlz3j7C2lwKY3gaVemvArI/bZtzt/HeOLZAWcbRKDI=
Subject key identifier:   EC:96:04:1F:62:D4:76:A4:16:48:A4:2C:BA:69:A8:C3:5E:2B:E5:36
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018DAC4CAA3D5097CFD9AD3353F188052B39
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/7JYEH2LUdqQWSKQsummow14r5TY.roa
Signing time:             Thu 15 Feb 2024 10:25:21 +0000
ROA not before:           Thu 15 Feb 2024 10:25:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        88.218.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:4c:aa:3d:50:97:cf:d9:ad:33:53:f1:88:05:2b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Feb 15 10:25:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec96041f62d476a41648a42cba69a8c35e2be536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6c:77:48:17:f7:39:78:47:40:36:47:c7:36:
                    48:21:33:35:72:ef:54:11:e5:01:27:56:1f:c8:8c:
                    8f:17:a8:eb:8f:9d:8d:3b:5d:e4:21:2b:ff:75:14:
                    38:83:c8:da:5c:ba:fb:cf:f5:5e:f5:4a:c6:46:f7:
                    b0:cf:68:b8:5c:34:56:51:dc:46:77:1d:71:23:f9:
                    26:9b:1f:39:b2:d1:22:51:51:06:f6:4a:f0:bb:29:
                    a2:64:e7:8d:bc:aa:92:9f:a5:9c:7c:21:40:57:5c:
                    f6:a3:06:d4:1d:72:b7:4f:15:1e:30:e1:4e:d3:56:
                    df:45:d6:76:03:ff:15:6d:a7:73:f1:fa:89:bb:d3:
                    e4:a7:06:aa:d7:43:0d:bd:86:53:51:1a:fd:2a:50:
                    e2:29:c0:9a:b5:e3:04:7c:97:27:24:ea:bf:77:57:
                    7e:be:5d:88:95:04:92:1f:b4:c3:ff:84:14:ed:b2:
                    44:ee:4b:e9:95:d8:cc:e7:b2:26:de:9f:1e:e8:fb:
                    61:d7:e4:ef:bb:ab:55:d0:46:fc:cc:89:07:63:1f:
                    26:d7:46:aa:28:56:83:6f:0a:5c:e6:87:34:bd:a1:
                    9f:2a:c7:6a:5f:18:a6:6f:17:4e:cb:89:12:fc:b3:
                    88:94:a7:59:a3:05:fd:8e:d5:fc:eb:f8:61:15:3a:
                    38:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:96:04:1F:62:D4:76:A4:16:48:A4:2C:BA:69:A8:C3:5E:2B:E5:36
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/7JYEH2LUdqQWSKQsummow14r5TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:37:07:b3:c0:d1:47:4b:61:d8:a0:61:38:54:a0:f2:46:ae:
         94:67:6b:16:1b:d7:74:a0:f5:f8:0f:66:50:75:ad:f6:df:61:
         67:8d:08:ce:04:a3:ea:d9:f8:8d:f2:57:77:a6:23:5b:6b:1f:
         34:22:60:db:2c:2e:b4:01:ce:5f:d8:d3:d0:79:a3:40:46:65:
         15:2a:7f:cf:2b:8e:34:18:0a:66:6c:39:a4:46:3b:45:89:9b:
         5f:ff:12:f0:8b:24:66:69:2c:d8:d0:be:9d:3a:ed:85:1f:a9:
         7d:f3:42:4e:b4:c8:c2:d4:fa:7b:cd:3a:d1:cd:f2:c4:70:f1:
         ce:24:a3:d3:c7:d4:0b:fe:04:63:4e:93:fb:9b:c5:9d:04:3d:
         10:e9:4b:ff:83:3f:ed:cb:8a:3f:1a:b7:da:d4:e0:85:6d:b3:
         11:9b:96:5c:9a:ce:a7:f0:7f:08:f6:d4:65:de:e6:01:df:c3:
         5f:9f:1b:01:f7:60:31:a5:cc:e0:44:c0:dc:81:72:35:8d:0f:
         a3:34:20:a6:48:d7:d3:7c:3d:6b:ec:93:bb:a8:5b:ea:77:75:
         c0:ba:e3:f4:8a:09:92:56:21:cd:a3:f3:ea:70:a5:52:82:16:
         1b:dd:d3:26:27:55:61:1c:46:2d:65:44:1d:38:1f:0f:87:5f:
         b1:5f:19:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sTKo9UJfP2a0zU/GIBSs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMjE1MTAyNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzk2MDQxZjYyZDQ3NmE0MTY0OGE0MmNiYTY5YThjMzVlMmJlNTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWx3SBf3OXhHQDZHxzZIITM1cu9U
EeUBJ1YfyIyPF6jrj52NO13kISv/dRQ4g8jaXLr7z/Ve9UrGRvewz2i4XDRWUdxG
dx1xI/kmmx85stEiUVEG9krwuymiZOeNvKqSn6WcfCFAV1z2owbUHXK3TxUeMOFO
01bfRdZ2A/8Vbadz8fqJu9Pkpwaq10MNvYZTURr9KlDiKcCateMEfJcnJOq/d1d+
vl2IlQSSH7TD/4QU7bJE7kvpldjM57Im3p8e6Pth1+Tvu6tV0Eb8zIkHYx8m10aq
KFaDbwpc5oc0vaGfKsdqXximbxdOy4kS/LOIlKdZowX9jtX86/hhFTo4gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyWBB9i1HakFkikLLppqMNeK+U2MB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvN0pZRUgyTFVkcVFXU0tRc3VtbW93MTRyNVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNooMA0G
CSqGSIb3DQEBCwUAA4IBAQCrNwezwNFHS2HYoGE4VKDyRq6UZ2sWG9d0oPX4D2ZQ
da3232FnjQjOBKPq2fiN8ld3piNbax80ImDbLC60Ac5f2NPQeaNARmUVKn/PK440
GApmbDmkRjtFiZtf/xLwiyRmaSzY0L6dOu2FH6l980JOtMjC1Pp7zTrRzfLEcPHO
JKPTx9QL/gRjTpP7m8WdBD0Q6Uv/gz/ty4o/Grfa1OCFbbMRm5Zcms6n8H8I9tRl
3uYB38NfnxsB92AxpczgRMDcgXI1jQ+jNCCmSNfTfD1r7JO7qFvqd3XAuuP0igmS
ViHNo/PqcKVSghYb3dMmJ1VhHEYtZUQdOB8Ph1+xXxkF
-----END CERTIFICATE-----