Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/_QWAF4YKL2UUphqXSW3bXNArDiA.roa
File:                     _QWAF4YKL2UUphqXSW3bXNArDiA.roa (raw, json)
Hash identifier:          v0GrkY0j4LkSWmr+4RDsVhQVoA2WPqtMEQxHabJhRlc=
Subject key identifier:   FD:05:80:17:86:0A:2F:65:14:A6:1A:97:49:6D:DB:5C:D0:2B:0E:20
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       018E0912C3018C338F93F1B635848FCB5900
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/_QWAF4YKL2UUphqXSW3bXNArDiA.roa
Signing time:             Mon 04 Mar 2024 10:46:48 +0000
ROA not before:           Mon 04 Mar 2024 10:46:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49190
IP address blocks:        195.88.128.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:12:c3:01:8c:33:8f:93:f1:b6:35:84:8f:cb:59:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Mar  4 10:46:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd058017860a2f6514a61a97496ddb5cd02b0e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:60:36:0e:22:60:14:2b:0b:70:32:e5:4e:dd:
                    3f:72:46:fa:d8:da:31:f4:11:06:59:b1:8c:4b:e3:
                    f9:fd:17:a3:75:5e:14:47:06:11:dd:b5:81:d7:96:
                    28:62:86:cd:2b:a3:fe:92:8d:25:68:03:09:3d:7a:
                    ee:40:56:76:a3:11:3a:5c:a7:fa:9d:b3:0a:9e:7a:
                    10:7a:26:b0:84:6c:f7:9c:bd:5d:66:f3:6d:61:92:
                    81:15:51:d9:c5:3e:10:64:6f:3e:bf:c7:5b:4f:0a:
                    46:bb:b4:cf:15:a8:ba:c9:2b:45:4d:2b:ae:41:f5:
                    e9:dc:43:0c:20:1a:82:07:3c:6c:bd:f6:e9:95:34:
                    22:db:a1:9a:86:9a:70:e8:d7:98:d6:08:00:77:cc:
                    89:09:50:2d:72:8e:4f:ac:1a:1d:78:b1:b8:d5:0f:
                    a5:3e:32:a3:7a:a4:c4:53:b8:5f:2f:20:31:5a:42:
                    b7:69:10:97:2b:f2:bc:d8:5d:61:30:c0:5c:f6:9e:
                    5d:70:3a:ec:6d:2e:de:b0:24:cd:f2:90:2f:b6:fe:
                    1f:86:ed:be:31:ed:25:fc:98:10:24:70:b0:93:70:
                    e6:6d:e6:61:ff:62:65:32:22:94:66:60:1c:93:e2:
                    01:c7:2f:03:97:aa:6f:ef:f3:8d:57:68:0f:0f:8e:
                    e8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:05:80:17:86:0A:2F:65:14:A6:1A:97:49:6D:DB:5C:D0:2B:0E:20
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/_QWAF4YKL2UUphqXSW3bXNArDiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:f1:56:b2:7f:3c:3f:84:63:eb:bb:da:dd:b0:be:55:37:ab:
         64:a2:52:91:91:ec:ef:c8:d9:13:0c:1b:02:d9:dd:b2:36:ba:
         42:8c:f6:05:12:65:9c:01:45:22:ee:88:c0:d4:86:19:be:d8:
         07:34:7b:73:5c:d7:48:6b:e0:79:67:8b:16:db:bc:e2:91:7a:
         1c:99:d0:0a:fc:39:9e:cc:a9:2c:4d:06:12:d2:5a:f6:57:65:
         17:47:43:93:c9:dc:dc:90:11:94:35:f0:d9:da:fa:6d:f6:0a:
         1d:a7:f8:16:a4:36:a7:37:f3:d3:dd:8e:5c:62:cd:7a:4a:0f:
         17:df:9d:d3:72:2a:ca:8b:59:89:51:65:b4:d3:88:b7:c3:8d:
         e5:99:af:8e:4a:69:83:ec:cb:9b:ee:ec:f1:47:03:f9:44:c6:
         60:06:ca:df:49:c9:7c:ef:36:db:71:7c:e9:13:5b:4d:02:39:
         8b:04:e8:8e:fe:34:62:13:5e:a6:22:62:5f:c9:ef:7c:ca:7b:
         5e:48:5b:47:9c:17:f4:04:8e:ae:50:60:23:a1:fb:4e:27:10:
         8a:4d:8e:01:82:49:f6:ae:7d:46:22:75:71:66:cc:43:83:0d:
         e8:ca:5a:ab:af:8f:4f:f8:fe:09:22:76:a5:94:1e:76:36:1b:
         10:12:dd:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4JEsMBjDOPk/G2NYSPy1kAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTZjZDlmNGJlYjdiMGMwNGQzMWZmZTVjNjc0YTg3YTc3
MzlkMjEwHhcNMjQwMzA0MTA0NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDA1ODAxNzg2MGEyZjY1MTRhNjFhOTc0OTZkZGI1Y2QwMmIwZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WA2DiJgFCsLcDLlTt0/ckb62Nox
9BEGWbGMS+P5/RejdV4URwYR3bWB15YoYobNK6P+ko0laAMJPXruQFZ2oxE6XKf6
nbMKnnoQeiawhGz3nL1dZvNtYZKBFVHZxT4QZG8+v8dbTwpGu7TPFai6yStFTSuu
QfXp3EMMIBqCBzxsvfbplTQi26Gahppw6NeY1ggAd8yJCVAtco5PrBodeLG41Q+l
PjKjeqTEU7hfLyAxWkK3aRCXK/K82F1hMMBc9p5dcDrsbS7esCTN8pAvtv4fhu2+
Me0l/JgQJHCwk3DmbeZh/2JlMiKUZmAck+IBxy8Dl6pv7/ONV2gPD47oeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0FgBeGCi9lFKYal0lt21zQKw4gMB8GA1UdIwQY
MBaAFImmzZ9L63sMBNMf/lxnSoenc50hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYt
MWY5MjQ0OTVmY2RkLzEvX1FXQUY0WUtMMlVVcGhxWFNXM2JYTkFyRGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYtMWY5MjQ0OTVmY2Rk
LzEvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1iAMA0G
CSqGSIb3DQEBCwUAA4IBAQBt8Vayfzw/hGPru9rdsL5VN6tkolKRkezvyNkTDBsC
2d2yNrpCjPYFEmWcAUUi7ojA1IYZvtgHNHtzXNdIa+B5Z4sW27zikXocmdAK/Dme
zKksTQYS0lr2V2UXR0OTydzckBGUNfDZ2vpt9godp/gWpDanN/PT3Y5cYs16Sg8X
353TcirKi1mJUWW004i3w43lma+OSmmD7Mub7uzxRwP5RMZgBsrfScl87zbbcXzp
E1tNAjmLBOiO/jRiE16mImJfye98ynteSFtHnBf0BI6uUGAjoftOJxCKTY4Bgkn2
rn1GInVxZsxDgw3oylqrr49P+P4JInallB52NhsQEt2L
-----END CERTIFICATE-----