Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/XjqK4_02jYhxMqSZspbHganDm9k.roa
File:                     XjqK4_02jYhxMqSZspbHganDm9k.roa (raw, json)
Hash identifier:          knHDhY2BcbDjjM9ubaMJL4YC+7D6CmNLRUfMCYou9Mg=
Subject key identifier:   5E:3A:8A:E3:FD:36:8D:88:71:32:A4:99:B2:96:C7:81:A9:C3:9B:D9
Certificate issuer:       /CN=3b5c2467546f4b078a0224da1ccac5c287e93453
Certificate serial:       018CC5DC5770520A593C7F7FD3EEEA146205
Authority key identifier: 3B:5C:24:67:54:6F:4B:07:8A:02:24:DA:1C:CA:C5:C2:87:E9:34:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/XjqK4_02jYhxMqSZspbHganDm9k.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34078
IP address blocks:        88.135.33.0/24 maxlen: 24
                          88.135.35.0/24 maxlen: 24
                          88.135.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:57:70:52:0a:59:3c:7f:7f:d3:ee:ea:14:62:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b5c2467546f4b078a0224da1ccac5c287e93453
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e3a8ae3fd368d887132a499b296c781a9c39bd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9c:6c:b9:00:44:be:c9:0f:0c:d0:73:35:69:
                    8f:d6:bd:05:48:c9:e5:1f:af:8c:21:83:a7:f3:29:
                    35:80:71:ab:56:cb:73:9f:23:f4:e2:fb:e5:ec:19:
                    04:bf:f7:05:2c:d4:77:7f:12:60:29:9b:f7:fe:9c:
                    7c:75:00:7a:f9:dd:22:0a:b8:ed:7c:55:ca:3b:6b:
                    1d:96:a7:4e:3f:7f:a7:51:fa:31:0e:04:9a:64:59:
                    81:13:b6:6e:f4:86:c8:be:c0:a7:57:02:bd:03:0f:
                    c7:fe:a3:ce:a4:4b:5d:77:26:da:ff:a5:0c:e4:1b:
                    59:bd:c8:45:81:0a:58:4b:ac:47:81:a7:7c:90:36:
                    b6:9a:d5:cd:9e:f9:05:4d:8d:51:68:1d:77:98:9a:
                    4e:db:93:e1:30:2d:10:ab:48:fa:55:eb:96:59:47:
                    e2:6a:f8:6d:09:77:c4:e8:d0:dd:e8:32:71:c5:31:
                    db:70:28:fe:f4:46:76:3e:53:51:e7:66:ac:04:13:
                    dc:cd:8c:d3:61:5e:16:bc:e9:ac:78:fb:59:c1:cb:
                    3c:99:0d:1c:61:be:b8:05:a6:12:2e:12:87:6f:12:
                    3b:ed:40:21:da:5c:08:41:83:3d:90:4b:66:d7:a3:
                    7b:dc:00:72:d2:4b:57:fe:ee:df:23:f7:31:91:e1:
                    c3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:3A:8A:E3:FD:36:8D:88:71:32:A4:99:B2:96:C7:81:A9:C3:9B:D9
            X509v3 Authority Key Identifier:
                keyid:3B:5C:24:67:54:6F:4B:07:8A:02:24:DA:1C:CA:C5:C2:87:E9:34:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1wkZ1RvSweKAiTaHMrFwofpNFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/XjqK4_02jYhxMqSZspbHganDm9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b58d94-b564-4d49-a8fd-5c096a87bb07/1/O1wkZ1RvSweKAiTaHMrFwofpNFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.33.0-88.135.35.255

    Signature Algorithm: sha256WithRSAEncryption
         76:97:6e:e0:c4:4f:ef:ba:31:f7:d5:38:72:57:6f:32:3f:cb:
         5f:9c:5e:4c:9f:0d:da:9f:21:58:6c:10:b0:92:a7:c1:ec:9f:
         fc:db:c8:f9:72:64:08:68:7f:cd:6b:3e:b1:72:e5:2f:d0:14:
         8b:21:4d:e2:10:99:0a:bd:bf:4b:ec:2e:40:85:35:11:9b:ea:
         2e:dd:6b:4f:08:d0:f2:c7:bb:d8:66:92:26:ab:14:11:e1:e2:
         1e:92:23:83:45:25:70:12:0d:65:fa:99:1e:90:52:6a:3b:74:
         5f:8d:51:d0:5e:48:33:d2:38:89:04:14:0c:ad:71:f1:c2:29:
         86:63:41:68:34:ce:23:9b:54:24:dd:47:41:9d:ee:4c:75:1a:
         a6:d7:d6:5e:9b:59:c9:d4:6d:bf:9e:8c:ca:6d:47:07:06:3c:
         13:cf:8b:d4:dd:d6:4c:fe:ad:65:68:44:fd:99:6d:7e:28:7b:
         1f:9b:9f:dd:7a:e4:85:fa:d9:ed:43:32:aa:a3:d4:f8:e9:e1:
         50:4b:e4:67:a4:b3:c3:e3:1b:3a:a8:7c:8b:d8:bb:3f:bb:f2:
         d5:2c:bb:08:82:5d:5d:16:e9:e4:e5:31:30:64:7e:94:a2:b5:
         17:2b:64:f5:ed:94:3e:73:ac:c3:08:43:f3:dd:d4:e0:99:d6:
         9b:7d:f0:29
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF3FdwUgpZPH9/0+7qFGIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNWMyNDY3NTQ2ZjRiMDc4YTAyMjRkYTFjY2FjNWMyODdl
OTM0NTMwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTNhOGFlM2ZkMzY4ZDg4NzEzMmE0OTliMjk2Yzc4MWE5YzM5YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5xsuQBEvskPDNBzNWmP1r0FSMnl
H6+MIYOn8yk1gHGrVstznyP04vvl7BkEv/cFLNR3fxJgKZv3/px8dQB6+d0iCrjt
fFXKO2sdlqdOP3+nUfoxDgSaZFmBE7Zu9IbIvsCnVwK9Aw/H/qPOpEtddyba/6UM
5BtZvchFgQpYS6xHgad8kDa2mtXNnvkFTY1RaB13mJpO25PhMC0Qq0j6VeuWWUfi
avhtCXfE6NDd6DJxxTHbcCj+9EZ2PlNR52asBBPczYzTYV4WvOmsePtZwcs8mQ0c
Yb64BaYSLhKHbxI77UAh2lwIQYM9kEtm16N73ABy0ktX/u7fI/cxkeHDuQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF46iuP9No2IcTKkmbKWx4Gpw5vZMB8GA1UdIwQY
MBaAFDtcJGdUb0sHigIk2hzKxcKH6TRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzF3a1oxUnZTd2VLQWlUYUhNckZ3b2ZwTkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iNThkOTQtYjU2NC00ZDQ5LWE4ZmQt
NWMwOTZhODdiYjA3LzEvWGpxSzRfMDJqWWh4TXFTWnNwYkhnYW5EbTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iNThkOTQtYjU2NC00ZDQ5LWE4ZmQtNWMwOTZhODdiYjA3
LzEvTzF3a1oxUnZTd2VLQWlUYUhNckZ3b2ZwTkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABYhyED
BAJYhyAwDQYJKoZIhvcNAQELBQADggEBAHaXbuDET++6MffVOHJXbzI/y1+cXkyf
DdqfIVhsELCSp8Hsn/zbyPlyZAhof81rPrFy5S/QFIshTeIQmQq9v0vsLkCFNRGb
6i7da08I0PLHu9hmkiarFBHh4h6SI4NFJXASDWX6mR6QUmo7dF+NUdBeSDPSOIkE
FAytcfHCKYZjQWg0ziObVCTdR0Gd7kx1GqbX1l6bWcnUbb+ejMptRwcGPBPPi9Td
1kz+rWVoRP2ZbX4oex+bn9165IX62e1DMqqj1Pjp4VBL5Geks8PjGzqofIvYuz+7
8tUsuwiCXV0W6eTlMTBkfpSitRcrZPXtlD5zrMMIQ/Pd1OCZ1pt98Ck=
-----END CERTIFICATE-----