Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/N8fPK32aRod7gly8ddMO7evKo0Y.roa
File:                     N8fPK32aRod7gly8ddMO7evKo0Y.roa (raw, json)
Hash identifier:          iTz9Kj4hrA4nF+xyq9JmwyHfuiHS36cWF8OrHPth0JE=
Subject key identifier:   37:C7:CF:2B:7D:9A:46:87:7B:82:5C:BC:75:D3:0E:ED:EB:CA:A3:46
Certificate issuer:       /CN=34418e26b2aeb6eaa8143fd71830f9b354ae7bbc
Certificate serial:       018CC4931F912B39ACF0F40D765CE7522483
Authority key identifier: 34:41:8E:26:B2:AE:B6:EA:A8:14:3F:D7:18:30:F9:B3:54:AE:7B:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEGOJrKutuqoFD_XGDD5s1Sue7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/N8fPK32aRod7gly8ddMO7evKo0Y.roa
Signing time:             Mon 01 Jan 2024 10:30:25 +0000
ROA not before:           Mon 01 Jan 2024 10:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211572
IP address blocks:        188.95.88.0/24 maxlen: 24
                          2a10:c140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/NEGOJrKutuqoFD_XGDD5s1Sue7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/NEGOJrKutuqoFD_XGDD5s1Sue7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEGOJrKutuqoFD_XGDD5s1Sue7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1f:91:2b:39:ac:f0:f4:0d:76:5c:e7:52:24:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34418e26b2aeb6eaa8143fd71830f9b354ae7bbc
        Validity
            Not Before: Jan  1 10:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37c7cf2b7d9a46877b825cbc75d30eedebcaa346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:36:92:be:4e:41:62:72:6b:b4:7c:5c:46:2a:
                    d6:5e:81:c6:f1:06:04:b3:ab:dc:41:db:fd:fe:25:
                    91:c2:d8:d1:77:0d:fe:85:ee:82:38:9c:a3:b3:c9:
                    e7:f0:d3:3a:55:59:a8:a9:2f:ae:37:eb:df:b4:20:
                    e8:40:31:74:92:d7:47:ce:e9:8e:33:5f:a4:19:ea:
                    11:16:7d:8a:78:b2:28:86:30:bd:86:18:15:cf:06:
                    bd:4a:0d:85:cb:3f:8b:cc:f0:37:31:48:fc:d2:ec:
                    60:14:c6:2d:7b:e4:2a:d8:c5:fa:d0:10:5e:57:6d:
                    67:67:b5:ac:02:c3:22:a6:c2:b4:bd:7e:6f:26:91:
                    fe:4a:5a:f9:47:88:b7:b2:e8:02:b2:e2:ba:49:d0:
                    ad:38:13:2b:9d:f3:1a:6d:42:16:bb:0a:cc:4d:7d:
                    f8:47:e7:9b:ff:91:7b:98:ab:4f:a7:eb:7e:30:fb:
                    8d:cf:c9:72:28:a4:12:55:d7:89:04:ca:3e:a4:5b:
                    75:38:ad:ff:d9:ba:93:04:02:9f:91:fa:32:63:65:
                    ef:c2:96:fa:0e:7b:af:1e:94:52:61:e6:45:0c:61:
                    1f:51:31:4e:8c:5c:b5:06:26:f7:04:b4:2b:2d:96:
                    57:18:66:ac:bd:55:b3:11:aa:a6:51:bd:2f:4d:2f:
                    48:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C7:CF:2B:7D:9A:46:87:7B:82:5C:BC:75:D3:0E:ED:EB:CA:A3:46
            X509v3 Authority Key Identifier:
                keyid:34:41:8E:26:B2:AE:B6:EA:A8:14:3F:D7:18:30:F9:B3:54:AE:7B:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEGOJrKutuqoFD_XGDD5s1Sue7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/N8fPK32aRod7gly8ddMO7evKo0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/NEGOJrKutuqoFD_XGDD5s1Sue7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.88.0/24
                IPv6:
                  2a10:c140::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:94:06:a6:a4:07:d2:ef:e4:56:ad:d0:83:4d:81:64:43:0f:
         f4:0d:a1:cf:91:21:4a:e1:4f:52:1d:20:89:15:cb:11:79:08:
         c8:5c:f4:3e:17:fa:84:18:fb:ce:18:13:7d:6f:a3:93:5d:f3:
         0b:58:fa:40:97:6d:0d:6d:66:32:40:f0:33:39:85:6b:2e:92:
         b4:c4:15:b8:f5:7b:f4:08:4c:7b:69:67:77:6d:7a:2d:b0:29:
         48:fe:c7:7a:a4:bf:96:9b:b8:fb:91:5c:72:84:19:e7:5c:58:
         3f:f8:f7:0b:98:25:e2:7c:e7:00:63:1f:b9:d8:03:a3:6c:a0:
         86:9d:41:ce:25:d8:ff:c1:41:56:39:b8:cd:3c:a9:5a:65:ea:
         7b:13:e2:2c:42:b3:a2:46:c5:dd:db:07:41:a8:37:17:78:c9:
         47:cc:cb:83:21:1d:85:c0:f1:1c:1a:e3:b6:79:5c:66:35:5f:
         43:ed:3c:e4:44:f5:ea:75:81:dc:4a:1f:91:d5:97:2f:9b:ef:
         24:f4:92:01:72:10:c8:be:03:4a:b3:49:8f:61:cb:e5:bc:a4:
         74:80:9b:74:70:10:1e:dc:c2:9f:fe:2b:62:83:ab:30:72:ea:
         e0:b1:29:d2:4e:08:91:a1:ea:1e:db:c7:9f:90:95:f1:5c:e8:
         35:4a:47:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkx+RKzms8PQNdlznUiSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NDE4ZTI2YjJhZWI2ZWFhODE0M2ZkNzE4MzBmOWIzNTRh
ZTdiYmMwHhcNMjQwMTAxMTAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2M3Y2YyYjdkOWE0Njg3N2I4MjVjYmM3NWQzMGVlZGViY2FhMzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjaSvk5BYnJrtHxcRirWXoHG8QYE
s6vcQdv9/iWRwtjRdw3+he6COJyjs8nn8NM6VVmoqS+uN+vftCDoQDF0ktdHzumO
M1+kGeoRFn2KeLIohjC9hhgVzwa9Sg2Fyz+LzPA3MUj80uxgFMYte+Qq2MX60BBe
V21nZ7WsAsMipsK0vX5vJpH+Slr5R4i3sugCsuK6SdCtOBMrnfMabUIWuwrMTX34
R+eb/5F7mKtPp+t+MPuNz8lyKKQSVdeJBMo+pFt1OK3/2bqTBAKfkfoyY2Xvwpb6
DnuvHpRSYeZFDGEfUTFOjFy1Bib3BLQrLZZXGGasvVWzEaqmUb0vTS9IkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDfHzyt9mkaHe4JcvHXTDu3ryqNGMB8GA1UdIwQY
MBaAFDRBjiayrrbqqBQ/1xgw+bNUrnu8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVHT0pyS3V0dXFvRkRfWEdERDVzMVN1ZTd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xZDRmMzYtYjk3ZC00ZDk4LWJiMmMt
YjhhMjc0NzJhODk2LzEvTjhmUEszMmFSb2Q3Z2x5OGRkTU83ZXZLbzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xZDRmMzYtYjk3ZC00ZDk4LWJiMmMtYjhhMjc0NzJhODk2
LzEvTkVHT0pyS3V0dXFvRkRfWEdERDVzMVN1ZTd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvF9YMA0E
AgACMAcDBQMqEMFAMA0GCSqGSIb3DQEBCwUAA4IBAQBPlAampAfS7+RWrdCDTYFk
Qw/0DaHPkSFK4U9SHSCJFcsReQjIXPQ+F/qEGPvOGBN9b6OTXfMLWPpAl20NbWYy
QPAzOYVrLpK0xBW49Xv0CEx7aWd3bXotsClI/sd6pL+Wm7j7kVxyhBnnXFg/+PcL
mCXifOcAYx+52AOjbKCGnUHOJdj/wUFWObjNPKlaZep7E+IsQrOiRsXd2wdBqDcX
eMlHzMuDIR2FwPEcGuO2eVxmNV9D7TzkRPXqdYHcSh+R1Zcvm+8k9JIBchDIvgNK
s0mPYcvlvKR0gJt0cBAe3MKf/itig6swcurgsSnSTgiRoeoe28efkJXxXOg1Skdv
-----END CERTIFICATE-----