Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/g_XitpJ3v5_X7xubJ34PCgR1RSU.roa
File:                     g_XitpJ3v5_X7xubJ34PCgR1RSU.roa (raw, json)
Hash identifier:          1bSnM1oIE3u5LxMBbTp8/+fh0V0SL6FJScZ4tGeRVas=
Subject key identifier:   83:F5:E2:B6:92:77:BF:9F:D7:EF:1B:9B:27:7E:0F:0A:04:75:45:25
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADBFC2639EC6E9D493BBB38300F61
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/g_XitpJ3v5_X7xubJ34PCgR1RSU.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199694
IP address blocks:        88.220.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:db:fc:26:39:ec:6e:9d:49:3b:bb:38:30:0f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83f5e2b69277bf9fd7ef1b9b277e0f0a04754525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:61:ff:01:13:6a:f1:f8:f1:03:3b:1d:a6:96:
                    5f:f2:83:94:e6:a7:64:6b:67:40:be:9e:08:d7:c8:
                    de:19:e0:58:f9:a0:51:79:a7:86:a3:10:f7:4c:bf:
                    8b:3b:c6:8d:fb:7d:94:13:fd:ec:47:58:54:34:62:
                    b1:9d:bd:fe:0b:ee:83:ed:ea:58:3d:f2:84:82:55:
                    95:ee:6c:a8:2a:6a:e2:dd:31:51:37:86:22:0a:1a:
                    39:24:a2:93:aa:bc:62:03:d7:8c:d9:9d:fd:c0:45:
                    78:cd:29:93:1f:26:b2:21:7b:82:41:cf:17:e0:68:
                    b7:e2:3a:e6:ec:5d:75:7b:52:9d:b3:1e:bb:ce:98:
                    b4:06:60:fb:a6:c8:ab:a8:19:05:30:55:89:2f:db:
                    47:5b:e5:66:16:eb:dd:44:c7:a2:2f:12:11:cc:c7:
                    8a:85:be:bc:90:a4:bc:43:3a:b5:cc:82:37:12:ff:
                    6e:0c:1b:d4:ba:47:55:3f:83:99:a2:90:66:e2:2a:
                    48:2d:ec:ad:be:b6:16:97:90:55:5a:ff:20:53:5f:
                    41:92:f5:5f:be:dc:86:22:e2:5a:ea:95:e8:f6:96:
                    c6:a1:37:76:77:c6:d7:b9:65:da:ef:3a:48:75:de:
                    86:0b:67:9d:70:df:72:18:c9:a2:10:7a:c0:52:eb:
                    3e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F5:E2:B6:92:77:BF:9F:D7:EF:1B:9B:27:7E:0F:0A:04:75:45:25
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/g_XitpJ3v5_X7xubJ34PCgR1RSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:0c:81:5c:dc:b2:a7:59:cf:a3:fd:30:be:a3:69:8b:90:cd:
         10:14:d3:8d:50:3e:28:89:9d:3b:4b:7e:a9:8d:84:54:18:d4:
         09:7e:78:75:03:9d:37:c9:73:96:78:70:2d:c4:1b:f2:95:28:
         60:73:c3:f2:ee:ca:ee:a9:04:8a:60:a0:23:f7:87:81:a0:4a:
         f7:76:41:72:7f:01:d5:32:45:f7:b5:14:38:d4:b2:38:4e:90:
         63:eb:9d:a5:ca:c0:b4:2f:a3:4f:6c:85:a7:19:89:0b:4b:35:
         eb:78:7f:f1:ad:c5:a1:2d:bf:5d:09:c7:2d:c3:9d:62:77:85:
         a6:16:4e:b1:44:b6:6b:f5:03:07:77:7e:b0:40:93:a4:c0:d3:
         e1:d3:59:b9:a5:e7:07:2e:65:88:8b:8d:58:77:c8:3e:f6:9c:
         0b:88:4e:4b:44:d4:c5:53:10:d2:98:0d:10:4b:0e:89:9d:04:
         2e:56:ed:17:08:ac:e0:d8:43:e6:c8:58:98:ce:82:d3:41:7f:
         d4:a2:c9:3a:af:a6:87:50:74:ac:5e:76:79:bc:d1:d3:f3:a0:
         0c:08:7c:88:57:70:66:51:22:ad:ec:da:4c:54:59:18:a3:f9:
         e7:2a:7f:b4:88:a4:f7:58:3f:7c:d1:e7:04:f9:66:5e:cb:6d:
         43:69:52:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tv8Jjnsbp1JO7s4MA9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Y1ZTJiNjkyNzdiZjlmZDdlZjFiOWIyNzdlMGYwYTA0NzU0NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWH/ARNq8fjxAzsdppZf8oOU5qdk
a2dAvp4I18jeGeBY+aBReaeGoxD3TL+LO8aN+32UE/3sR1hUNGKxnb3+C+6D7epY
PfKEglWV7myoKmri3TFRN4YiCho5JKKTqrxiA9eM2Z39wEV4zSmTHyayIXuCQc8X
4Gi34jrm7F11e1Kdsx67zpi0BmD7psirqBkFMFWJL9tHW+VmFuvdRMeiLxIRzMeK
hb68kKS8Qzq1zII3Ev9uDBvUukdVP4OZopBm4ipILeytvrYWl5BVWv8gU19BkvVf
vtyGIuJa6pXo9pbGoTd2d8bXuWXa7zpIdd6GC2edcN9yGMmiEHrAUus+yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIP14raSd7+f1+8bmyd+DwoEdUUlMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvZ19YaXRwSjN2NV9YN3h1YkozNFBDZ1IxUlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNxHMA0G
CSqGSIb3DQEBCwUAA4IBAQCZDIFc3LKnWc+j/TC+o2mLkM0QFNONUD4oiZ07S36p
jYRUGNQJfnh1A503yXOWeHAtxBvylShgc8Py7sruqQSKYKAj94eBoEr3dkFyfwHV
MkX3tRQ41LI4TpBj652lysC0L6NPbIWnGYkLSzXreH/xrcWhLb9dCcctw51id4Wm
Fk6xRLZr9QMHd36wQJOkwNPh01m5pecHLmWIi41Yd8g+9pwLiE5LRNTFUxDSmA0Q
Sw6JnQQuVu0XCKzg2EPmyFiYzoLTQX/Uosk6r6aHUHSsXnZ5vNHT86AMCHyIV3Bm
USKt7NpMVFkYo/nnKn+0iKT3WD980ecE+WZey21DaVLe
-----END CERTIFICATE-----