Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/99PhkiITKMk94ycPhi98pxL1IgQ.roa
File:                     99PhkiITKMk94ycPhi98pxL1IgQ.roa (raw, json)
Hash identifier:          ZrmGkBzEAgoOnXzwgbh3L3R4ALEOSD4j6mAfHSrYZqg=
Subject key identifier:   F7:D3:E1:92:22:13:28:C9:3D:E3:27:0F:86:2F:7C:A7:12:F5:22:04
Certificate issuer:       /CN=88e9fa23da4fe97aa9e0f39115620559a29f6b70
Certificate serial:       01914BED78754B7088689DD01447CA6C3C20
Authority key identifier: 88:E9:FA:23:DA:4F:E9:7A:A9:E0:F3:91:15:62:05:59:A2:9F:6B:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iOn6I9pP6Xqp4PORFWIFWaKfa3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/99PhkiITKMk94ycPhi98pxL1IgQ.roa
Signing time:             Tue 13 Aug 2024 13:28:59 +0000
ROA not before:           Tue 13 Aug 2024 13:28:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212288
IP address blocks:        83.242.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/iOn6I9pP6Xqp4PORFWIFWaKfa3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/iOn6I9pP6Xqp4PORFWIFWaKfa3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iOn6I9pP6Xqp4PORFWIFWaKfa3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4b:ed:78:75:4b:70:88:68:9d:d0:14:47:ca:6c:3c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88e9fa23da4fe97aa9e0f39115620559a29f6b70
        Validity
            Not Before: Aug 13 13:28:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7d3e192221328c93de3270f862f7ca712f52204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:39:e0:19:d3:0a:4c:5b:07:f1:be:95:bc:4b:
                    76:b5:cc:3f:ad:16:b9:84:dc:bc:2d:88:78:dd:ca:
                    2d:43:65:33:c1:dc:99:5b:1d:b6:4a:b7:6b:5c:04:
                    1f:34:f0:63:64:d5:61:c7:b1:50:e2:25:58:55:f9:
                    03:5a:da:9d:0d:b9:60:0c:71:23:4a:10:d9:6c:96:
                    ca:ef:bb:6e:8f:60:fc:21:15:a6:59:9f:64:2d:f7:
                    43:a1:fd:32:1a:85:85:c1:df:a1:6c:d9:fb:c1:de:
                    63:6b:e2:b5:e1:e1:d0:3b:81:cf:af:60:c8:54:ef:
                    60:ff:f1:2b:95:be:3f:8e:05:0c:17:9c:ac:a0:49:
                    23:e2:a9:d4:06:75:df:4e:46:39:9c:f8:85:ac:ad:
                    c7:b1:b8:cd:4a:21:13:55:1f:c7:8b:38:28:50:db:
                    0c:77:4d:fb:8e:01:ff:1c:77:c0:1e:46:0d:f7:4f:
                    9c:bd:ff:52:6f:5d:f2:71:ae:14:31:13:bc:18:c9:
                    02:fc:d7:ae:f4:8e:47:8a:e0:d0:56:57:4a:1b:4e:
                    a0:2a:95:fa:54:b1:54:26:a4:2b:e9:e4:c1:a9:66:
                    b6:05:50:92:18:78:2a:86:b4:4c:31:c3:88:db:a3:
                    45:85:49:7a:c9:69:5d:33:c3:24:8a:49:89:51:ba:
                    00:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D3:E1:92:22:13:28:C9:3D:E3:27:0F:86:2F:7C:A7:12:F5:22:04
            X509v3 Authority Key Identifier:
                keyid:88:E9:FA:23:DA:4F:E9:7A:A9:E0:F3:91:15:62:05:59:A2:9F:6B:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iOn6I9pP6Xqp4PORFWIFWaKfa3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/99PhkiITKMk94ycPhi98pxL1IgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/6d15c0-80cc-4edf-8f14-3e2478947e6e/1/iOn6I9pP6Xqp4PORFWIFWaKfa3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.242.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:a3:63:b5:7b:bb:3e:9f:95:94:76:7e:d1:08:02:5c:39:ce:
         cd:fc:71:9a:cd:8c:4f:9e:3b:64:e9:29:7d:80:fc:7b:30:ed:
         8f:03:57:77:6b:81:6e:96:90:64:46:5b:ff:76:2e:01:ba:83:
         9f:36:72:ae:e7:b8:ab:79:a1:e7:9e:6b:e0:36:cc:be:70:75:
         47:51:d0:0e:86:30:b4:ef:e5:c7:5a:b3:2d:6f:cb:6c:80:13:
         61:9c:1c:5a:fd:52:a4:ff:78:89:51:b8:8d:77:da:f0:b7:1e:
         87:ec:51:83:aa:69:34:2d:d5:de:45:e2:55:53:63:2f:5a:1e:
         25:f8:ae:88:be:01:16:76:09:c2:d1:37:52:64:b8:3f:ef:f0:
         85:ae:76:2e:7b:1e:46:1e:07:f8:a7:89:b0:8f:ca:59:e1:8e:
         92:d7:85:74:dd:2b:06:3e:94:54:43:a2:a8:c8:58:2a:c1:a7:
         cc:19:d5:40:40:51:ae:ce:07:33:64:a7:88:64:9c:fe:af:9e:
         13:93:62:c7:47:b2:78:f1:94:3e:fa:4d:1a:99:81:ba:4f:ed:
         8a:2d:5b:03:58:d1:b1:64:98:ba:0f:22:12:fe:88:76:52:56:
         a4:91:e9:2d:c7:99:3f:07:31:39:7e:51:9c:46:37:e1:e6:89:
         5c:d2:46:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFL7Xh1S3CIaJ3QFEfKbDwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZTlmYTIzZGE0ZmU5N2FhOWUwZjM5MTE1NjIwNTU5YTI5
ZjZiNzAwHhcNMjQwODEzMTMyODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2QzZTE5MjIyMTMyOGM5M2RlMzI3MGY4NjJmN2NhNzEyZjUyMjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzngGdMKTFsH8b6VvEt2tcw/rRa5
hNy8LYh43cotQ2UzwdyZWx22SrdrXAQfNPBjZNVhx7FQ4iVYVfkDWtqdDblgDHEj
ShDZbJbK77tuj2D8IRWmWZ9kLfdDof0yGoWFwd+hbNn7wd5ja+K14eHQO4HPr2DI
VO9g//Erlb4/jgUMF5ysoEkj4qnUBnXfTkY5nPiFrK3HsbjNSiETVR/HizgoUNsM
d037jgH/HHfAHkYN90+cvf9Sb13yca4UMRO8GMkC/Neu9I5HiuDQVldKG06gKpX6
VLFUJqQr6eTBqWa2BVCSGHgqhrRMMcOI26NFhUl6yWldM8MkikmJUboAFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfT4ZIiEyjJPeMnD4YvfKcS9SIEMB8GA1UdIwQY
MBaAFIjp+iPaT+l6qeDzkRViBVmin2twMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU9uNkk5cFA2WHFwNFBPUkZXSUZXYUtmYTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS82ZDE1YzAtODBjYy00ZWRmLThmMTQt
M2UyNDc4OTQ3ZTZlLzEvOTlQaGtpSVRLTWs5NHljUGhpOThweEwxSWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS82ZDE1YzAtODBjYy00ZWRmLThmMTQtM2UyNDc4OTQ3ZTZl
LzEvaU9uNkk5cFA2WHFwNFBPUkZXSUZXYUtmYTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU/JsMA0G
CSqGSIb3DQEBCwUAA4IBAQCvo2O1e7s+n5WUdn7RCAJcOc7N/HGazYxPnjtk6Sl9
gPx7MO2PA1d3a4FulpBkRlv/di4BuoOfNnKu57ireaHnnmvgNsy+cHVHUdAOhjC0
7+XHWrMtb8tsgBNhnBxa/VKk/3iJUbiNd9rwtx6H7FGDqmk0LdXeReJVU2MvWh4l
+K6IvgEWdgnC0TdSZLg/7/CFrnYuex5GHgf4p4mwj8pZ4Y6S14V03SsGPpRUQ6Ko
yFgqwafMGdVAQFGuzgczZKeIZJz+r54Tk2LHR7J48ZQ++k0amYG6T+2KLVsDWNGx
ZJi6DyIS/oh2Ulakkektx5k/BzE5flGcRjfh5olc0kY0
-----END CERTIFICATE-----