Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FHTjqmNWGxwV5ZLozcLjyyDeTac.roa
File:                     FHTjqmNWGxwV5ZLozcLjyyDeTac.roa (raw, json)
Hash identifier:          w3BNHw/eIVu2wugUPnD/mbhUovXq9STxwTLAsdbOGy8=
Subject key identifier:   14:74:E3:AA:63:56:1B:1C:15:E5:92:E8:CD:C2:E3:CB:20:DE:4D:A7
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018EF6059AA1987FF06152288B96D495BB33
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FHTjqmNWGxwV5ZLozcLjyyDeTac.roa
Signing time:             Fri 19 Apr 2024 11:02:26 +0000
ROA not before:           Fri 19 Apr 2024 11:02:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209296
IP address blocks:        88.220.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:05:9a:a1:98:7f:f0:61:52:28:8b:96:d4:95:bb:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Apr 19 11:02:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1474e3aa63561b1c15e592e8cdc2e3cb20de4da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:87:72:b8:97:5a:55:d3:c2:5c:9f:c2:1b:ed:
                    21:1b:ab:71:7a:2c:32:1e:bf:83:a9:c1:67:4c:ed:
                    bd:1d:a2:27:c9:2c:a5:88:ea:df:6d:76:19:e2:1f:
                    54:f0:48:a1:7d:ef:69:a7:9e:bb:a8:fb:a3:fe:ea:
                    65:ac:db:c9:64:b9:bf:e4:fc:2c:37:45:fe:2e:94:
                    1d:28:49:7f:a6:e1:dc:68:48:b1:e3:0b:aa:da:7c:
                    db:d2:90:95:01:1f:12:2e:5a:62:c3:d1:2b:ce:fb:
                    96:78:3b:8d:6b:c6:a2:e1:4f:44:8d:5a:5c:2a:82:
                    e4:ab:e8:cd:0a:b7:22:ae:ef:79:90:ad:0d:23:9e:
                    3e:cb:d7:6d:76:e9:c7:47:48:3e:c6:8c:c4:d9:3e:
                    bd:c9:0f:37:9a:db:6e:fd:b9:46:a0:4c:ab:34:84:
                    c6:b4:42:48:3b:ac:39:36:92:38:f5:3c:4c:e0:75:
                    ec:f8:5d:74:25:9d:b9:02:f6:84:a4:4b:35:22:72:
                    d9:89:f9:de:63:b0:2f:e8:80:5c:74:be:bb:bd:03:
                    bd:38:f8:72:6d:b3:9d:06:f3:c3:25:e8:42:57:dc:
                    df:37:98:95:d8:76:e2:c4:88:90:4e:07:82:56:80:
                    c2:23:49:59:42:bb:a4:98:73:45:5b:5b:c1:95:31:
                    e5:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:74:E3:AA:63:56:1B:1C:15:E5:92:E8:CD:C2:E3:CB:20:DE:4D:A7
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FHTjqmNWGxwV5ZLozcLjyyDeTac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:b4:a0:da:1d:50:96:f7:f5:37:28:6f:74:50:a3:c0:65:a8:
         03:7a:6e:19:35:f5:be:f3:8a:67:c0:41:cc:b5:0c:f1:e7:82:
         ef:3c:32:c4:51:25:0a:f3:48:7b:be:63:93:7e:80:f0:1a:47:
         e7:ea:bc:95:e5:52:14:01:c5:99:44:90:d9:b3:cf:66:af:8d:
         f9:62:a7:b8:9d:ce:98:f2:d3:19:33:f5:9a:61:d7:b1:b6:2d:
         a8:56:37:45:bc:8c:be:16:40:c9:c8:a7:ed:82:b5:ff:48:cf:
         6d:5c:51:10:7d:6d:71:7a:0f:1b:d1:ac:13:6a:d9:75:eb:5d:
         ce:65:cb:40:2f:d9:70:61:13:4e:22:14:3d:be:9c:d1:33:f6:
         44:b0:e5:ee:0b:6c:41:d2:11:cc:c6:3f:36:cc:01:6a:4f:0d:
         61:12:69:a7:73:66:f9:2c:ac:67:ee:55:d0:6c:1a:67:31:84:
         e2:52:f0:bf:a0:7a:04:2f:3b:a1:90:c2:8d:44:bf:e4:e0:7a:
         d2:12:4f:af:c6:d9:af:d5:d3:96:d2:3f:75:10:39:48:78:70:
         af:92:d9:1e:eb:f4:07:4e:06:68:30:4a:8f:c5:b9:d6:d1:8f:
         d0:ad:24:75:8d:55:5e:78:e8:7b:66:19:70:48:21:89:eb:80:
         0b:c8:76:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY72BZqhmH/wYVIoi5bUlbszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwNDE5MTEwMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDc0ZTNhYTYzNTYxYjFjMTVlNTkyZThjZGMyZTNjYjIwZGU0ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYdyuJdaVdPCXJ/CG+0hG6txeiwy
Hr+DqcFnTO29HaInySyliOrfbXYZ4h9U8Eihfe9pp567qPuj/uplrNvJZLm/5Pws
N0X+LpQdKEl/puHcaEix4wuq2nzb0pCVAR8SLlpiw9ErzvuWeDuNa8ai4U9EjVpc
KoLkq+jNCrciru95kK0NI54+y9dtdunHR0g+xozE2T69yQ83mttu/blGoEyrNITG
tEJIO6w5NpI49TxM4HXs+F10JZ25AvaEpEs1InLZifneY7Av6IBcdL67vQO9OPhy
bbOdBvPDJehCV9zfN5iV2HbixIiQTgeCVoDCI0lZQrukmHNFW1vBlTHlewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR046pjVhscFeWS6M3C48sg3k2nMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvRkhUanFtTldHeHdWNVpMb3pjTGp5eURlVGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNwzMA0G
CSqGSIb3DQEBCwUAA4IBAQCgtKDaHVCW9/U3KG90UKPAZagDem4ZNfW+84pnwEHM
tQzx54LvPDLEUSUK80h7vmOTfoDwGkfn6ryV5VIUAcWZRJDZs89mr435Yqe4nc6Y
8tMZM/WaYdexti2oVjdFvIy+FkDJyKftgrX/SM9tXFEQfW1xeg8b0awTatl1613O
ZctAL9lwYRNOIhQ9vpzRM/ZEsOXuC2xB0hHMxj82zAFqTw1hEmmnc2b5LKxn7lXQ
bBpnMYTiUvC/oHoELzuhkMKNRL/k4HrSEk+vxtmv1dOW0j91EDlIeHCvktke6/QH
TgZoMEqPxbnW0Y/QrSR1jVVeeOh7ZhlwSCGJ64ALyHaR
-----END CERTIFICATE-----