Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FLiIvsPhenTbaikMQssBQkQ-3cg.roa
File:                     FLiIvsPhenTbaikMQssBQkQ-3cg.roa (raw, json)
Hash identifier:          m5rVhdQKqlqvXPuRPsUXRMFLdDwiPQpLGuq6ftV8o14=
Subject key identifier:   14:B8:88:BE:C3:E1:7A:74:DB:6A:29:0C:42:CB:01:42:44:3E:DD:C8
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DACCBA0DBB20BFAFD4E2E61C92778C
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FLiIvsPhenTbaikMQssBQkQ-3cg.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30816
IP address blocks:        88.220.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cc:ba:0d:bb:20:bf:af:d4:e2:e6:1c:92:77:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14b888bec3e17a74db6a290c42cb0142443eddc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:17:d7:a7:83:b8:2b:95:4f:2a:86:62:7a:f7:
                    03:5e:8a:e6:a7:a1:dc:20:1f:09:d7:8e:41:d0:c3:
                    03:24:75:23:a1:f3:ca:e5:cc:86:bc:42:38:cf:33:
                    74:5b:00:22:eb:20:59:10:ab:7e:bb:0a:23:40:c3:
                    74:cb:20:5f:cb:df:c2:a3:27:55:4e:97:b7:2b:6e:
                    9b:53:92:3e:24:88:39:a0:de:f4:c2:68:a0:87:1e:
                    b9:26:f7:82:1d:3c:a5:9c:68:37:7f:d1:01:25:1a:
                    fd:bf:04:66:16:4f:8e:c9:ce:b2:92:41:44:e6:99:
                    7a:69:5a:19:6d:d3:eb:4a:80:65:41:e2:cd:12:83:
                    7e:13:a8:77:e8:80:fb:06:83:db:98:59:5a:08:de:
                    54:24:f6:a1:bb:a6:d3:cf:1f:fb:f9:e7:cb:82:6e:
                    85:b3:32:ff:7b:be:ce:e0:61:5c:ad:31:10:93:10:
                    ab:5c:63:1a:ac:32:07:dc:9d:d3:0a:04:b1:e4:59:
                    67:0d:96:31:7a:2c:89:4d:86:5d:2a:b9:23:f0:0a:
                    23:c3:8d:93:07:15:e9:a2:8f:41:2f:49:83:9c:83:
                    39:46:f4:93:9c:48:5c:a0:77:92:82:a3:f9:a2:73:
                    fe:74:d8:87:f3:8d:02:da:06:e0:7d:ea:ef:40:90:
                    4a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:B8:88:BE:C3:E1:7A:74:DB:6A:29:0C:42:CB:01:42:44:3E:DD:C8
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FLiIvsPhenTbaikMQssBQkQ-3cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ab:7d:5a:09:87:69:25:e8:dd:b1:7f:5f:72:2e:df:77:4b:
         59:a0:6c:74:53:3b:23:f0:7f:1d:43:5f:65:22:5f:46:c9:17:
         83:a6:f5:0b:83:65:07:52:7e:17:7a:17:e8:fd:1b:97:4a:aa:
         40:6a:56:f5:e3:a8:74:1b:ad:4d:70:47:d2:ad:5a:92:4e:51:
         57:e8:54:15:d6:c1:b3:d6:67:8d:07:b0:72:14:00:82:d3:76:
         4b:ce:11:c4:de:78:8f:83:32:ac:60:3e:1b:99:15:af:db:37:
         b7:7e:70:fe:3a:58:81:5d:9c:4f:2f:8b:fe:21:23:c7:4d:61:
         d8:db:78:23:c8:75:2c:d2:aa:cc:3d:37:d1:11:1a:2b:56:8d:
         ee:b5:1b:52:a5:e5:c1:1a:c0:61:a7:f2:18:65:92:54:7c:e5:
         1b:4a:dc:7d:e8:90:22:0a:a5:6d:f9:1e:54:d9:c9:de:19:35:
         e2:0c:36:fb:eb:d6:f3:e6:4f:53:6d:f1:1f:d3:c2:9e:82:8f:
         d6:cf:8e:f6:e4:54:96:b5:e5:9d:ca:f4:14:6f:d0:38:5d:51:
         cd:04:78:67:86:90:70:79:6c:a7:a3:2e:47:8f:dd:78:6b:97:
         bf:c6:27:36:5a:e6:fe:34:73:5b:a7:94:3f:25:e4:3b:5b:98:
         b7:5f:6b:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sy6Dbsgv6/U4uYckneMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGI4ODhiZWMzZTE3YTc0ZGI2YTI5MGM0MmNiMDE0MjQ0M2VkZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhfXp4O4K5VPKoZievcDXormp6Hc
IB8J145B0MMDJHUjofPK5cyGvEI4zzN0WwAi6yBZEKt+uwojQMN0yyBfy9/CoydV
Tpe3K26bU5I+JIg5oN70wmighx65JveCHTylnGg3f9EBJRr9vwRmFk+Oyc6ykkFE
5pl6aVoZbdPrSoBlQeLNEoN+E6h36ID7BoPbmFlaCN5UJPahu6bTzx/7+efLgm6F
szL/e77O4GFcrTEQkxCrXGMarDIH3J3TCgSx5FlnDZYxeiyJTYZdKrkj8Aojw42T
BxXpoo9BL0mDnIM5RvSTnEhcoHeSgqP5onP+dNiH840C2gbgfervQJBKzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBS4iL7D4Xp022opDELLAUJEPt3IMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvRkxpSXZzUGhlblRiYWlrTVFzc0JRa1EtM2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNyLMA0G
CSqGSIb3DQEBCwUAA4IBAQClq31aCYdpJejdsX9fci7fd0tZoGx0Uzsj8H8dQ19l
Il9GyReDpvULg2UHUn4Xehfo/RuXSqpAalb146h0G61NcEfSrVqSTlFX6FQV1sGz
1meNB7ByFACC03ZLzhHE3niPgzKsYD4bmRWv2ze3fnD+OliBXZxPL4v+ISPHTWHY
23gjyHUs0qrMPTfRERorVo3utRtSpeXBGsBhp/IYZZJUfOUbStx96JAiCqVt+R5U
2cneGTXiDDb769bz5k9TbfEf08Kego/Wz4725FSWteWdyvQUb9A4XVHNBHhnhpBw
eWynoy5Hj914a5e/xic2Wub+NHNbp5Q/JeQ7W5i3X2su
-----END CERTIFICATE-----