Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/hLzNLaMrpK77FJpSSD6dl5-8yXo.roa
File:                     hLzNLaMrpK77FJpSSD6dl5-8yXo.roa (raw, json)
Hash identifier:          knU9IbSZm0jP9pfizsZ9i28JukQU2DxOpf6tzDIThno=
Subject key identifier:   84:BC:CD:2D:A3:2B:A4:AE:FB:14:9A:52:48:3E:9D:97:9F:BC:C9:7A
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADC51AB7A31D816D6DD371116582A
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/hLzNLaMrpK77FJpSSD6dl5-8yXo.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199823
IP address blocks:        88.220.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dc:51:ab:7a:31:d8:16:d6:dd:37:11:16:58:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84bccd2da32ba4aefb149a52483e9d979fbcc97a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:71:fa:35:1d:49:d8:27:2a:5a:39:93:b1:55:
                    fd:f3:74:66:c1:e0:59:e0:02:89:9f:b7:7d:a2:af:
                    ac:ee:62:77:77:26:47:f1:de:b4:de:33:f7:11:ff:
                    34:cc:2c:6d:19:1f:81:84:08:e8:e8:87:25:83:7b:
                    11:2f:6a:3c:17:8c:49:45:80:15:fe:07:f3:70:76:
                    9d:8d:93:49:aa:80:77:b2:a0:46:8d:8d:5d:8a:b1:
                    93:c9:6d:65:29:cd:e2:a0:c4:26:77:c7:9a:64:60:
                    7e:94:56:49:45:e8:c4:e0:f3:1e:50:42:a8:1e:1c:
                    7f:a8:2d:84:29:eb:5d:d7:c3:32:f2:c6:a7:ec:0a:
                    37:25:68:87:67:0d:49:ec:4e:26:41:f6:71:2b:53:
                    f0:3b:58:89:a0:0d:c7:2e:87:09:84:a8:e3:8a:b6:
                    71:48:7c:0d:2e:22:ae:58:18:3e:34:7b:b8:7c:29:
                    7d:22:39:d5:e8:81:aa:8c:78:0a:33:58:69:5b:c3:
                    ed:a6:80:02:c1:43:ff:07:d8:b5:6a:62:23:49:b3:
                    61:36:c9:9a:56:07:63:7f:23:49:6a:ef:bb:f0:e9:
                    42:d3:2a:fa:99:31:73:05:42:12:b4:40:76:8c:48:
                    3a:af:2f:0b:25:e5:0e:92:e4:54:9a:f0:eb:ca:ea:
                    20:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:BC:CD:2D:A3:2B:A4:AE:FB:14:9A:52:48:3E:9D:97:9F:BC:C9:7A
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/hLzNLaMrpK77FJpSSD6dl5-8yXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:0b:9e:18:9f:35:13:37:b5:39:a6:53:de:d8:16:a8:e8:87:
         24:85:b8:89:a9:49:62:18:4a:9f:09:34:f5:19:ed:70:04:d3:
         64:97:a0:78:aa:fe:fd:12:62:b0:42:cf:e5:3a:79:ed:56:79:
         92:80:00:d6:93:a0:02:57:a8:92:71:fb:22:45:2d:74:24:a4:
         e5:83:d3:61:90:32:17:25:d4:30:8a:87:9e:0e:a8:cc:cf:9d:
         d0:df:89:1b:85:c7:3c:92:92:23:3d:1c:43:12:9f:46:7f:2b:
         ab:10:77:93:17:c8:cf:ac:c8:94:8e:2a:b3:8f:57:c5:28:cf:
         8a:52:2b:97:ec:8a:3b:9b:91:f7:4c:16:d1:56:2d:f8:bb:67:
         7b:db:f4:69:87:84:86:bb:09:a0:cb:8a:e2:28:59:4f:a0:1f:
         07:2f:bd:57:b0:b7:9b:94:48:fe:d0:f2:35:0d:18:93:05:8c:
         79:50:1c:2b:07:95:84:7e:95:ad:af:57:49:8f:62:a1:11:7b:
         d3:3f:5f:a3:f4:d3:25:07:75:68:7b:9c:a9:38:da:8d:af:8e:
         d6:b6:e8:75:91:f4:9d:69:a9:a9:50:69:67:9a:03:fd:d2:a6:
         41:27:18:f2:aa:93:95:12:24:14:de:ac:24:f0:d3:ed:1b:81:
         45:48:0f:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2txRq3ox2BbW3TcRFlgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGJjY2QyZGEzMmJhNGFlZmIxNDlhNTI0ODNlOWQ5NzlmYmNjOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHH6NR1J2CcqWjmTsVX983RmweBZ
4AKJn7d9oq+s7mJ3dyZH8d603jP3Ef80zCxtGR+BhAjo6Iclg3sRL2o8F4xJRYAV
/gfzcHadjZNJqoB3sqBGjY1dirGTyW1lKc3ioMQmd8eaZGB+lFZJRejE4PMeUEKo
Hhx/qC2EKetd18My8san7Ao3JWiHZw1J7E4mQfZxK1PwO1iJoA3HLocJhKjjirZx
SHwNLiKuWBg+NHu4fCl9IjnV6IGqjHgKM1hpW8PtpoACwUP/B9i1amIjSbNhNsma
VgdjfyNJau+78OlC0yr6mTFzBUIStEB2jEg6ry8LJeUOkuRUmvDryuogRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIS8zS2jK6Su+xSaUkg+nZefvMl6MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvaEx6TkxhTXJwSzc3RkpwU1NENmRsNS04eVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNxIMA0G
CSqGSIb3DQEBCwUAA4IBAQBOC54YnzUTN7U5plPe2Bao6IckhbiJqUliGEqfCTT1
Ge1wBNNkl6B4qv79EmKwQs/lOnntVnmSgADWk6ACV6iScfsiRS10JKTlg9NhkDIX
JdQwioeeDqjMz53Q34kbhcc8kpIjPRxDEp9GfyurEHeTF8jPrMiUjiqzj1fFKM+K
UiuX7Io7m5H3TBbRVi34u2d72/Rph4SGuwmgy4riKFlPoB8HL71XsLeblEj+0PI1
DRiTBYx5UBwrB5WEfpWtr1dJj2KhEXvTP1+j9NMlB3Voe5ypONqNr47Wtuh1kfSd
aampUGlnmgP90qZBJxjyqpOVEiQU3qwk8NPtG4FFSA/e
-----END CERTIFICATE-----