Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/99A4IVtXIE35BjjiP_h5rUS3ws0.roa
File:                     99A4IVtXIE35BjjiP_h5rUS3ws0.roa (raw, json)
Hash identifier:          SCifrn/pmyL7YkH7a1VgF0+SEiaOrC6qaKgWxIHoy/k=
Subject key identifier:   F7:D0:38:21:5B:57:20:4D:F9:06:38:E2:3F:F8:79:AD:44:B7:C2:CD
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0194221F4995F39C2C307D53656E290DF565
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/99A4IVtXIE35BjjiP_h5rUS3ws0.roa
Signing time:             Wed 01 Jan 2025 13:47:43 +0000
ROA not before:           Wed 01 Jan 2025 13:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        45.88.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:49:95:f3:9c:2c:30:7d:53:65:6e:29:0d:f5:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 13:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7d038215b57204df90638e23ff879ad44b7c2cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a5:6a:c4:c5:79:83:6e:c6:c1:55:ae:c6:de:
                    d6:f1:d2:1f:04:27:8f:66:81:a2:3e:8a:db:92:ae:
                    55:98:2e:be:e1:a1:bc:6c:51:cf:96:7a:de:d4:f7:
                    fe:15:b4:95:7a:4f:b9:3b:53:43:35:09:38:09:95:
                    e9:45:95:6f:2f:ee:48:1b:f2:85:80:c9:f1:ae:ed:
                    77:be:29:bf:33:1b:56:37:35:92:ee:58:e5:de:84:
                    f2:ae:35:17:59:b5:56:90:54:8f:6d:b0:55:b4:9a:
                    c1:43:70:cb:6b:6f:43:72:96:ba:fd:c6:55:4d:48:
                    4d:84:44:9f:74:a0:c6:c2:d2:42:10:af:56:d5:b6:
                    eb:66:88:15:bb:a4:40:64:e3:0f:97:df:09:bb:b0:
                    09:e0:ab:e5:99:ec:41:db:2c:4b:b7:36:f1:99:30:
                    7a:f7:53:d3:75:00:69:f9:e5:09:9b:0f:7c:60:12:
                    2e:6d:39:db:c0:5f:ac:62:a3:3e:8a:76:2d:a4:3b:
                    d1:ae:b1:d3:b4:73:91:8b:a8:e7:73:e9:5c:1c:0e:
                    da:32:76:bf:b9:e6:fd:66:12:a6:ae:7c:53:1e:a1:
                    0a:35:59:0c:57:15:c7:d7:4d:fd:b3:89:4d:b4:48:
                    1b:74:ed:ba:64:12:33:02:fb:4d:92:19:0e:58:60:
                    9e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D0:38:21:5B:57:20:4D:F9:06:38:E2:3F:F8:79:AD:44:B7:C2:CD
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/99A4IVtXIE35BjjiP_h5rUS3ws0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:28:c6:b2:f5:db:6b:6e:d1:55:8b:59:e0:d6:cc:86:09:ab:
         85:03:87:0d:ed:4c:7d:59:3a:0f:c6:af:64:b3:41:4b:3d:59:
         5a:b1:08:68:a7:c8:bc:22:b5:b1:83:8e:bb:db:1e:d3:70:52:
         97:5f:df:af:cb:92:a2:12:e7:45:c6:32:80:64:29:ea:ef:88:
         39:56:eb:ad:74:47:98:f9:6e:d5:71:47:75:2d:f9:8b:10:2c:
         0f:59:6e:b0:8e:35:5e:d0:28:c3:67:4d:98:c6:12:44:84:14:
         39:82:f8:d0:49:28:f2:b5:ac:95:f2:56:89:bb:5d:07:b7:1e:
         ea:97:e1:41:6d:2f:41:60:f9:e3:2e:0b:0a:84:60:e9:23:cd:
         ec:53:0d:ba:1d:87:f9:24:7d:d4:fe:3b:c7:26:e7:24:d0:b4:
         c4:bf:39:d1:ca:4f:9c:f1:9b:85:71:24:8e:94:96:55:6a:38:
         67:ce:37:be:39:77:a5:4d:a9:27:cd:f8:52:03:a4:af:35:84:
         e6:a2:c0:ef:f4:c2:b6:a5:2f:e7:44:0d:97:b1:a1:14:21:74:
         01:27:36:b1:f9:e3:28:8e:d0:1d:41:9e:0a:ae:28:fc:b3:c6:
         c4:cd:84:86:6d:37:fd:ba:3e:52:66:5f:ba:c3:0f:f1:00:ef:
         0a:eb:f0:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH0mV85wsMH1TZW4pDfVlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2QwMzgyMTViNTcyMDRkZjkwNjM4ZTIzZmY4NzlhZDQ0YjdjMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqVqxMV5g27GwVWuxt7W8dIfBCeP
ZoGiPorbkq5VmC6+4aG8bFHPlnre1Pf+FbSVek+5O1NDNQk4CZXpRZVvL+5IG/KF
gMnxru13vim/MxtWNzWS7ljl3oTyrjUXWbVWkFSPbbBVtJrBQ3DLa29Dcpa6/cZV
TUhNhESfdKDGwtJCEK9W1bbrZogVu6RAZOMPl98Ju7AJ4KvlmexB2yxLtzbxmTB6
91PTdQBp+eUJmw98YBIubTnbwF+sYqM+inYtpDvRrrHTtHORi6jnc+lcHA7aMna/
ueb9ZhKmrnxTHqEKNVkMVxXH1039s4lNtEgbdO26ZBIzAvtNkhkOWGCeIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfQOCFbVyBN+QY44j/4ea1Et8LNMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvOTlBNElWdFhJRTM1QmpqaVBfaDVyVVMzd3MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVi6MA0G
CSqGSIb3DQEBCwUAA4IBAQB7KMay9dtrbtFVi1ng1syGCauFA4cN7Ux9WToPxq9k
s0FLPVlasQhop8i8IrWxg4672x7TcFKXX9+vy5KiEudFxjKAZCnq74g5VuutdEeY
+W7VcUd1LfmLECwPWW6wjjVe0CjDZ02YxhJEhBQ5gvjQSSjytayV8laJu10Htx7q
l+FBbS9BYPnjLgsKhGDpI83sUw26HYf5JH3U/jvHJuck0LTEvznRyk+c8ZuFcSSO
lJZVajhnzje+OXelTaknzfhSA6SvNYTmosDv9MK2pS/nRA2XsaEUIXQBJzax+eMo
jtAdQZ4Krij8s8bEzYSGbTf9uj5SZl+6ww/xAO8K6/DE
-----END CERTIFICATE-----