Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/88dGvcLni92BMlsO542tOgnAhec.roa
File:                     88dGvcLni92BMlsO542tOgnAhec.roa (raw, json)
Hash identifier:          4508UNuLi/KzcnmSsO84tjGfGrDRMS159Gx3VcZK5hY=
Subject key identifier:   F3:C7:46:BD:C2:E7:8B:DD:81:32:5B:0E:E7:8D:AD:3A:09:C0:85:E7
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0190C55D75C97FE841B92040C690C184D26F
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/88dGvcLni92BMlsO542tOgnAhec.roa
Signing time:             Thu 18 Jul 2024 10:22:34 +0000
ROA not before:           Thu 18 Jul 2024 10:22:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216386
IP address blocks:        2a07:2486:ed0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:5d:75:c9:7f:e8:41:b9:20:40:c6:90:c1:84:d2:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Jul 18 10:22:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3c746bdc2e78bdd81325b0ee78dad3a09c085e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9d:c0:c1:22:fd:ec:55:70:15:53:7c:6d:6a:
                    30:b1:8e:29:1e:21:76:8a:6f:8d:26:c9:b3:33:a9:
                    76:dd:0a:b3:ac:3c:0f:bb:40:dc:23:20:33:53:ef:
                    bb:a7:1f:4f:73:4e:31:8b:30:49:40:fc:a8:ed:ba:
                    95:07:30:62:bf:c9:79:b2:1c:14:0b:d8:54:37:73:
                    71:7d:de:62:d3:e9:21:43:c8:db:a1:92:cf:c4:d8:
                    fa:bc:db:83:a9:5a:c9:8e:75:8f:1e:03:5a:c2:46:
                    c2:1a:74:55:b2:59:8a:99:bb:70:3a:0b:e9:1e:a8:
                    51:8a:3f:00:35:f2:82:c8:c5:c9:a6:8f:3f:82:b6:
                    42:78:d6:d4:5f:5a:2c:0e:e2:03:70:1f:78:c3:68:
                    2a:90:7a:cc:4d:e1:ff:cf:e3:b4:54:3f:54:d4:21:
                    06:a4:7e:66:2e:a3:03:3b:32:5c:89:f3:99:24:0c:
                    f3:96:43:c4:b5:db:6d:39:72:ed:b5:91:f1:dd:5b:
                    f3:ff:f5:1e:ff:56:cf:c8:f0:ab:61:61:4d:a7:18:
                    b9:1a:a7:8c:0e:38:92:51:8f:8e:78:06:64:ea:ac:
                    3c:cd:a5:91:ce:dc:70:50:d5:82:67:96:6b:74:14:
                    2d:65:3a:61:a0:b7:2d:e1:64:32:d8:23:68:2a:c0:
                    f7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C7:46:BD:C2:E7:8B:DD:81:32:5B:0E:E7:8D:AD:3A:09:C0:85:E7
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/88dGvcLni92BMlsO542tOgnAhec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:ed0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:70:ff:bf:d5:7e:6e:24:c5:85:e0:b8:5e:29:b9:17:c7:9c:
         25:13:3e:26:ed:16:c9:78:47:8d:14:44:59:d6:b2:b3:16:8c:
         91:00:00:62:7d:bf:69:80:f1:ba:dc:c3:ff:49:96:d2:63:54:
         02:57:8e:81:c1:9a:92:9d:69:95:4d:df:06:75:ad:81:42:3d:
         41:f2:b1:8e:60:1f:15:ea:17:e9:d1:e4:38:1b:fb:2f:a2:c3:
         6f:77:5d:d1:e0:54:c8:89:47:03:1c:7f:81:8f:82:8a:7c:4c:
         b1:c7:24:9e:73:05:55:d7:ca:4f:de:40:e8:7d:6e:f2:b7:04:
         16:24:76:06:11:9b:6f:4c:3c:d7:d0:57:63:b0:41:6a:4e:6d:
         b3:d0:56:68:73:bb:54:eb:97:92:72:de:e3:21:c5:bd:d0:ab:
         45:34:82:f2:43:2a:b1:18:c9:c5:14:2a:29:5e:26:06:e1:c6:
         13:89:bf:f9:f6:38:71:3d:d9:57:33:ef:72:4b:73:a0:1d:3c:
         17:df:17:00:72:f7:34:1b:e4:54:da:a6:c0:f5:c9:35:86:65:
         a3:3f:ff:83:e4:6a:99:3f:5d:de:a2:5f:d2:e2:ae:6d:c3:48:
         9d:5f:d4:f6:34:fb:c0:75:a7:66:7e:76:c9:cf:0c:98:dd:d9:
         0c:b4:12:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDFXXXJf+hBuSBAxpDBhNJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQwNzE4MTAyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2M3NDZiZGMyZTc4YmRkODEzMjViMGVlNzhkYWQzYTA5YzA4NWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy53AwSL97FVwFVN8bWowsY4pHiF2
im+NJsmzM6l23QqzrDwPu0DcIyAzU++7px9Pc04xizBJQPyo7bqVBzBiv8l5shwU
C9hUN3Nxfd5i0+khQ8jboZLPxNj6vNuDqVrJjnWPHgNawkbCGnRVslmKmbtwOgvp
HqhRij8ANfKCyMXJpo8/grZCeNbUX1osDuIDcB94w2gqkHrMTeH/z+O0VD9U1CEG
pH5mLqMDOzJcifOZJAzzlkPEtdttOXLttZHx3Vvz//Ue/1bPyPCrYWFNpxi5GqeM
DjiSUY+OeAZk6qw8zaWRztxwUNWCZ5ZrdBQtZTphoLct4WQy2CNoKsD30QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPPHRr3C54vdgTJbDueNrToJwIXnMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvODhkR3ZjTG5pOTJCTWxzTzU0MnRPZ25BaGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgckhg7Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBdcP+/1X5uJMWF4LheKbkXx5wlEz4m7RbJeEeN
FERZ1rKzFoyRAABifb9pgPG63MP/SZbSY1QCV46BwZqSnWmVTd8Gda2BQj1B8rGO
YB8V6hfp0eQ4G/svosNvd13R4FTIiUcDHH+Bj4KKfEyxxySecwVV18pP3kDofW7y
twQWJHYGEZtvTDzX0FdjsEFqTm2z0FZoc7tU65eSct7jIcW90KtFNILyQyqxGMnF
FCopXiYG4cYTib/59jhxPdlXM+9yS3OgHTwX3xcAcvc0G+RU2qbA9ck1hmWjP/+D
5GqZP13eol/S4q5tw0idX9T2NPvAdadmfnbJzwyY3dkMtBLD
-----END CERTIFICATE-----