Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/0m4VHgIbkwFiO2Qr_JRRA5EyAIQ.roa
File:                     0m4VHgIbkwFiO2Qr_JRRA5EyAIQ.roa (raw, json)
Hash identifier:          Aw0Hrd04c5VUaM6PEAlbSyUiAspQdPilaT4Btn0QwTs=
Subject key identifier:   D2:6E:15:1E:02:1B:93:01:62:3B:64:2B:FC:94:51:03:91:32:00:84
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E5C5E43C7A60CDA31CB6FA3DE812FAB0E
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/0m4VHgIbkwFiO2Qr_JRRA5EyAIQ.roa
Signing time:             Wed 20 Mar 2024 14:57:45 +0000
ROA not before:           Wed 20 Mar 2024 14:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8657
IP address blocks:        88.221.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:5e:43:c7:a6:0c:da:31:cb:6f:a3:de:81:2f:ab:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 20 14:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d26e151e021b9301623b642bfc94510391320084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:69:49:78:38:ba:8f:1d:0b:dd:c1:0f:ce:
                    40:51:a8:d5:d9:50:b1:57:db:d0:4c:8f:17:33:75:
                    fb:f3:56:cd:31:c8:9f:22:89:03:4c:f9:99:8c:b5:
                    89:01:b2:34:68:cf:89:bd:ac:ac:2c:3a:a5:ea:07:
                    7f:36:e9:e7:bd:14:e5:65:1a:17:8b:78:03:0f:c5:
                    6a:9b:2f:43:34:ba:e6:e3:30:c5:34:03:cf:78:22:
                    4e:2e:04:2a:18:c3:84:10:ce:4b:14:8a:a5:ff:04:
                    ac:8d:a2:f1:7f:d2:a9:bf:cd:1c:a9:87:00:ac:78:
                    d3:a6:4d:7d:51:95:24:22:96:74:6c:fb:08:71:57:
                    6e:d7:79:39:57:28:c6:6f:72:a5:ee:99:c7:2d:c9:
                    9d:7e:2f:17:ad:6b:1b:ea:43:b7:b8:a4:12:35:1b:
                    80:19:b9:48:e0:42:46:16:c4:3d:3f:93:8c:e9:98:
                    27:f8:75:32:60:9b:b6:e9:30:61:b8:42:fb:af:43:
                    ad:ce:8d:96:e6:ea:0a:8c:1f:0a:28:55:00:11:5d:
                    9b:77:79:c2:1e:b7:a5:bd:1b:b4:10:78:61:7e:bd:
                    28:57:e2:7f:e0:fa:84:25:fa:9e:0f:43:22:1a:58:
                    bd:50:f9:01:9e:ae:42:95:34:a1:f2:80:47:5e:a2:
                    3d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6E:15:1E:02:1B:93:01:62:3B:64:2B:FC:94:51:03:91:32:00:84
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/0m4VHgIbkwFiO2Qr_JRRA5EyAIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.221.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:44:2e:a7:5f:b7:8f:85:fe:13:df:f3:49:b8:17:cf:1e:4b:
         a1:fe:35:5f:47:78:96:41:f3:19:ea:9d:7a:2d:2d:93:59:43:
         67:78:2d:ad:d6:c3:4e:ac:e3:37:94:03:64:96:11:21:6c:44:
         ab:2b:09:ed:5c:2a:49:52:9e:54:82:04:37:61:f9:06:a4:05:
         5d:b9:b7:40:bc:c3:e0:dd:4a:32:0f:9d:13:d6:95:b9:8a:7e:
         45:ad:65:05:81:ce:4d:80:0e:98:e5:48:98:5a:86:8b:b0:0a:
         17:c3:4b:7f:b6:bf:a7:dd:94:21:21:dd:7d:2a:a1:35:ba:8a:
         d3:db:8a:a0:ff:92:31:cd:fe:6b:37:d8:ce:a7:d6:0f:37:dc:
         11:ca:28:5f:09:d8:3b:23:8c:9b:03:09:32:e6:64:94:b7:71:
         9b:a8:2a:a2:ae:3f:2f:67:5a:47:5c:fd:33:c9:d3:0e:80:04:
         b6:6a:22:e3:14:26:78:f8:36:a0:f9:e8:29:b6:89:96:43:6f:
         d7:12:5d:f8:bf:f1:a7:a3:1f:f6:21:3f:3f:5e:f2:b0:77:5e:
         bb:c1:11:47:3b:38:b7:38:20:f6:e4:e5:ac:8e:ec:12:cd:20:
         e3:b1:6c:ef:ad:e2:63:95:2e:ff:40:22:0b:b7:b0:3f:6b:ad:
         37:58:9e:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5cXkPHpgzaMctvo96BL6sOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzIwMTQ1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjZlMTUxZTAyMWI5MzAxNjIzYjY0MmJmYzk0NTEwMzkxMzIwMDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnlpSXg4uo8dC93BD85AUajV2VCx
V9vQTI8XM3X781bNMcifIokDTPmZjLWJAbI0aM+JvaysLDql6gd/NunnvRTlZRoX
i3gDD8Vqmy9DNLrm4zDFNAPPeCJOLgQqGMOEEM5LFIql/wSsjaLxf9Kpv80cqYcA
rHjTpk19UZUkIpZ0bPsIcVdu13k5VyjGb3Kl7pnHLcmdfi8XrWsb6kO3uKQSNRuA
GblI4EJGFsQ9P5OM6Zgn+HUyYJu26TBhuEL7r0Otzo2W5uoKjB8KKFUAEV2bd3nC
HrelvRu0EHhhfr0oV+J/4PqEJfqeD0MiGli9UPkBnq5ClTSh8oBHXqI9XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJuFR4CG5MBYjtkK/yUUQORMgCEMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvMG00VkhnSWJrd0ZpTzJRcl9KUlJBNUV5QUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWN1AMA0G
CSqGSIb3DQEBCwUAA4IBAQCdRC6nX7ePhf4T3/NJuBfPHkuh/jVfR3iWQfMZ6p16
LS2TWUNneC2t1sNOrOM3lANklhEhbESrKwntXCpJUp5UggQ3YfkGpAVdubdAvMPg
3UoyD50T1pW5in5FrWUFgc5NgA6Y5UiYWoaLsAoXw0t/tr+n3ZQhId19KqE1uorT
24qg/5Ixzf5rN9jOp9YPN9wRyihfCdg7I4ybAwky5mSUt3GbqCqirj8vZ1pHXP0z
ydMOgAS2aiLjFCZ4+Dag+egptomWQ2/XEl34v/Gnox/2IT8/XvKwd167wRFHOzi3
OCD25OWsjuwSzSDjsWzvreJjlS7/QCILt7A/a603WJ5J
-----END CERTIFICATE-----