Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/oxaXklQaF2by89LptskZKH7i5Fg.roa
File:                     oxaXklQaF2by89LptskZKH7i5Fg.roa (raw, json)
Hash identifier:          YXTx9TUNEoPTR57MosdQTeE48yxTiUH7Rt2Ivu3MWlM=
Subject key identifier:   A3:16:97:92:54:1A:17:66:F2:F3:D2:E9:B6:C9:19:28:7E:E2:E4:58
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019058A35929A626EF80B8D392FC6C78F30A
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/oxaXklQaF2by89LptskZKH7i5Fg.roa
Signing time:             Thu 27 Jun 2024 07:40:18 +0000
ROA not before:           Thu 27 Jun 2024 07:40:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8342
IP address blocks:        46.8.4.0/24 maxlen: 24
                          188.130.200.0/22 maxlen: 22
                          188.130.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:58:a3:59:29:a6:26:ef:80:b8:d3:92:fc:6c:78:f3:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jun 27 07:40:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3169792541a1766f2f3d2e9b6c919287ee2e458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c9:84:5a:f0:63:58:7b:e6:b2:40:86:62:85:
                    42:cf:d9:5e:34:ff:a0:15:90:81:95:57:ef:61:b7:
                    32:b2:88:74:8d:49:8e:22:bf:a2:f3:8c:7e:5b:eb:
                    da:91:2a:a4:69:ee:af:43:77:aa:bf:db:d7:f9:a0:
                    0e:e2:b9:33:c5:b3:a5:50:35:c6:27:70:1e:66:bf:
                    b6:12:13:50:fd:4f:30:ee:f2:ae:8f:7a:21:65:b7:
                    fe:8f:e1:5c:9a:bd:e1:62:e9:7e:ca:79:ee:f8:ed:
                    0e:bb:b4:bc:cd:00:af:6b:86:e0:83:62:b9:14:a5:
                    5c:b4:d6:c9:4f:85:7f:34:72:6f:0e:f3:8b:e0:c7:
                    be:fe:27:29:cd:e9:d3:44:b4:fd:2b:5b:4f:98:11:
                    fd:8d:9a:d0:00:f3:ce:db:d9:c4:5d:92:c4:19:47:
                    ff:ce:c1:57:0b:c6:fe:32:b9:e6:12:b7:91:8c:c1:
                    e1:f6:4f:2f:6b:5e:6d:88:bb:c3:8b:fb:87:09:0f:
                    06:f8:97:36:91:cc:74:08:38:c1:c1:28:d1:e7:8d:
                    3f:3b:78:30:0d:ec:37:d7:5b:79:50:85:6a:08:b4:
                    6d:d2:60:c6:cf:66:a0:f4:06:6a:04:64:29:c4:18:
                    8d:a6:37:bf:57:25:de:d4:b8:84:5c:9d:52:ba:76:
                    c9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:16:97:92:54:1A:17:66:F2:F3:D2:E9:B6:C9:19:28:7E:E2:E4:58
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/oxaXklQaF2by89LptskZKH7i5Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.4.0/24
                  188.130.200.0-188.130.204.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:33:0e:39:bc:7b:dc:75:7b:87:fc:37:19:dc:3b:55:d2:95:
         d9:87:8d:86:60:54:34:39:c9:b1:54:30:3e:0c:c3:4d:97:50:
         9e:74:2a:fe:27:ea:01:54:02:cb:77:f3:0b:3b:0f:4f:c7:3e:
         ba:3b:ff:44:bd:ab:8f:6f:32:c6:02:95:75:68:ea:51:28:f2:
         c7:fa:2f:97:39:ec:4d:10:c8:96:8c:62:22:20:29:06:c6:f9:
         5d:8a:10:7b:f3:bb:c7:f1:28:19:b2:40:8d:cc:8c:e4:ea:0b:
         56:30:2a:af:bf:ce:76:a3:71:10:12:0e:03:d1:61:84:b1:90:
         30:2a:0d:8e:4b:84:cf:7d:9d:cd:96:8e:3b:06:cf:36:f6:69:
         77:42:d6:b7:3f:e9:60:5c:6d:dd:b5:4e:53:9f:b7:e2:12:a2:
         20:01:6f:48:2f:9f:6b:8d:24:8d:a2:dd:7a:6b:7d:23:ee:8f:
         ed:e0:d9:4f:86:42:d6:3f:9d:90:1a:48:23:fe:17:17:ec:48:
         31:92:4d:d3:d3:e9:c2:f1:b4:29:e3:3c:da:a2:ad:ff:e9:b1:
         46:d5:28:34:b7:47:0f:f3:2e:0a:d9:a7:59:54:9b:ed:66:a5:
         8d:99:d1:bb:77:38:77:0f:7a:73:81:d6:3b:ec:db:c9:4d:8c:
         db:08:dc:2d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZBYo1kppibvgLjTkvxsePMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwNjI3MDc0MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE2OTc5MjU0MWExNzY2ZjJmM2QyZTliNmM5MTkyODdlZTJlNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8mEWvBjWHvmskCGYoVCz9leNP+g
FZCBlVfvYbcysoh0jUmOIr+i84x+W+vakSqkae6vQ3eqv9vX+aAO4rkzxbOlUDXG
J3AeZr+2EhNQ/U8w7vKuj3ohZbf+j+Fcmr3hYul+ynnu+O0Ou7S8zQCva4bgg2K5
FKVctNbJT4V/NHJvDvOL4Me+/icpzenTRLT9K1tPmBH9jZrQAPPO29nEXZLEGUf/
zsFXC8b+MrnmEreRjMHh9k8va15tiLvDi/uHCQ8G+Jc2kcx0CDjBwSjR540/O3gw
Dew311t5UIVqCLRt0mDGz2ag9AZqBGQpxBiNpje/VyXe1LiEXJ1SunbJfwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKMWl5JUGhdm8vPS6bbJGSh+4uRYMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvb3hhWGtsUWFGMmJ5ODlMcHRza1pLSDdpNUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQALggEMAwD
BAO8gsgDBAC8gswwDQYJKoZIhvcNAQELBQADggEBAH8zDjm8e9x1e4f8NxncO1XS
ldmHjYZgVDQ5ybFUMD4Mw02XUJ50Kv4n6gFUAst38ws7D0/HPro7/0S9q49vMsYC
lXVo6lEo8sf6L5c57E0QyJaMYiIgKQbG+V2KEHvzu8fxKBmyQI3MjOTqC1YwKq+/
znajcRASDgPRYYSxkDAqDY5LhM99nc2WjjsGzzb2aXdC1rc/6WBcbd21TlOft+IS
oiABb0gvn2uNJI2i3XprfSPuj+3g2U+GQtY/nZAaSCP+FxfsSDGSTdPT6cLxtCnj
PNqirf/psUbVKDS3Rw/zLgrZp1lUm+1mpY2Z0bt3OHcPenOB1jvs28lNjNsI3C0=
-----END CERTIFICATE-----