Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/rRW9xPQZDkqOlNXa085P5WtR5KM.roa
File:                     rRW9xPQZDkqOlNXa085P5WtR5KM.roa (raw, json)
Hash identifier:          d0qzJqTnvy3Akcll0NnoL5Lj6hvhdYGIroUd8W59W+4=
Subject key identifier:   AD:15:BD:C4:F4:19:0E:4A:8E:94:D5:DA:D3:CE:4F:E5:6B:51:E4:A3
Certificate issuer:       /CN=dbe8cc8f5af1e7362d454f3dd91a82952919db61
Certificate serial:       018CD684AC72434965873BD84E300F5F964B
Authority key identifier: DB:E8:CC:8F:5A:F1:E7:36:2D:45:4F:3D:D9:1A:82:95:29:19:DB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/rRW9xPQZDkqOlNXa085P5WtR5KM.roa
Signing time:             Thu 04 Jan 2024 22:07:48 +0000
ROA not before:           Thu 04 Jan 2024 22:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        88.135.96.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d6:84:ac:72:43:49:65:87:3b:d8:4e:30:0f:5f:96:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe8cc8f5af1e7362d454f3dd91a82952919db61
        Validity
            Not Before: Jan  4 22:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad15bdc4f4190e4a8e94d5dad3ce4fe56b51e4a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8a:7f:a2:28:1b:5a:b9:c6:5d:c5:3d:de:16:
                    22:0d:82:aa:6e:0b:a6:b0:30:08:f3:36:68:c5:56:
                    71:82:42:5f:c2:3f:e7:8e:1c:85:fc:88:c4:99:34:
                    ce:6b:53:ef:48:de:dd:df:39:88:d5:c9:f7:5e:49:
                    05:10:46:84:b3:00:a1:cc:5c:19:e9:2e:6e:d8:fa:
                    7c:21:6a:1a:ae:df:04:9b:5c:29:01:a1:89:11:d7:
                    3a:7c:4a:08:0f:fd:a9:ed:73:42:43:0b:0e:cd:cd:
                    92:46:09:52:9b:12:3a:35:1f:9c:9d:95:04:d7:9c:
                    82:e6:3e:b0:ea:61:7c:bd:fc:9f:16:62:26:70:3a:
                    42:79:f3:53:79:33:bd:db:b6:b4:1b:da:a0:49:25:
                    16:71:b7:cb:9d:4d:58:1b:2b:7f:27:04:a8:a7:d8:
                    c7:fa:90:45:1d:74:b1:b7:dc:00:2f:2a:28:c7:06:
                    5d:04:d1:fe:c3:7e:40:65:af:73:31:b0:c6:a6:e8:
                    60:5e:e8:6b:39:5e:5f:01:99:b2:bd:20:f6:37:2c:
                    5b:8b:87:f4:33:ce:db:53:71:a1:80:fa:6e:b0:3b:
                    dc:0e:23:0b:4e:66:bb:61:ba:a6:f6:f6:e9:3f:ba:
                    cc:e8:2d:d9:88:a5:aa:52:02:f2:b1:85:75:81:11:
                    ef:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:15:BD:C4:F4:19:0E:4A:8E:94:D5:DA:D3:CE:4F:E5:6B:51:E4:A3
            X509v3 Authority Key Identifier:
                keyid:DB:E8:CC:8F:5A:F1:E7:36:2D:45:4F:3D:D9:1A:82:95:29:19:DB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/rRW9xPQZDkqOlNXa085P5WtR5KM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1c:7c:17:7c:69:4d:ad:ec:93:88:71:fc:a0:b6:2b:d2:d2:95:
         06:47:93:a5:5f:80:58:b1:91:a6:04:ca:83:ff:aa:d4:99:05:
         bc:e9:0f:21:55:9f:2e:10:fd:58:d3:33:1a:8a:d2:6d:ed:69:
         bd:d3:5c:9a:83:3b:00:74:28:fc:b0:85:c4:24:64:a1:0b:3f:
         08:b4:6a:36:cd:02:f6:0e:2c:95:ab:56:4f:c4:de:9c:50:44:
         83:d5:fb:02:83:5a:3f:0f:ae:51:d8:4d:d5:b9:78:85:f3:89:
         9b:58:4f:d5:39:4b:71:9d:ee:c3:15:49:96:5c:ef:ff:48:b1:
         40:d8:f5:4b:73:50:58:2a:a8:a2:9f:aa:9e:88:f5:79:88:73:
         29:66:4a:e0:a9:60:0d:38:39:ed:4c:de:3a:ae:f7:1f:86:0e:
         67:81:47:c5:0f:98:8f:15:59:5e:3f:39:4b:10:29:d4:af:85:
         2c:1d:9e:9e:e9:13:3b:f5:73:62:e7:22:cc:da:33:50:ab:d0:
         76:22:83:25:18:df:37:23:e5:08:f2:30:0b:f9:95:e7:38:7a:
         80:60:f7:b7:49:76:ff:a6:d1:92:69:07:d1:23:d3:0c:df:43:
         53:61:2f:53:58:ac:f8:34:9f:fd:78:eb:5e:5e:67:0e:ba:13:
         45:0a:50:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzWhKxyQ0llhzvYTjAPX5ZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZThjYzhmNWFmMWU3MzYyZDQ1NGYzZGQ5MWE4Mjk1Mjkx
OWRiNjEwHhcNMjQwMTA0MjIwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDE1YmRjNGY0MTkwZTRhOGU5NGQ1ZGFkM2NlNGZlNTZiNTFlNGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIp/oigbWrnGXcU93hYiDYKqbgum
sDAI8zZoxVZxgkJfwj/njhyF/IjEmTTOa1PvSN7d3zmI1cn3XkkFEEaEswChzFwZ
6S5u2Pp8IWoart8Em1wpAaGJEdc6fEoID/2p7XNCQwsOzc2SRglSmxI6NR+cnZUE
15yC5j6w6mF8vfyfFmImcDpCefNTeTO927a0G9qgSSUWcbfLnU1YGyt/JwSop9jH
+pBFHXSxt9wALyooxwZdBNH+w35AZa9zMbDGpuhgXuhrOV5fAZmyvSD2Nyxbi4f0
M87bU3GhgPpusDvcDiMLTma7Ybqm9vbpP7rM6C3ZiKWqUgLysYV1gRHvJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0VvcT0GQ5KjpTV2tPOT+VrUeSjMB8GA1UdIwQY
MBaAFNvozI9a8ec2LUVPPdkagpUpGdthMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1qTWoxcng1ell0UlU4OTJScUNsU2taMjJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9hNTczZmUtNmUwZS00YmZmLTk5ZmMt
MjYyMWQ1Yzk5Y2FiLzEvclJXOXhQUVpEa3FPbE5YYTA4NVA1V3RSNUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9hNTczZmUtNmUwZS00YmZmLTk5ZmMtMjYyMWQ1Yzk5Y2Fi
LzEvMi1qTWoxcng1ell0UlU4OTJScUNsU2taMjJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWIdgMA0G
CSqGSIb3DQEBCwUAA4IBAQAcfBd8aU2t7JOIcfygtivS0pUGR5OlX4BYsZGmBMqD
/6rUmQW86Q8hVZ8uEP1Y0zMaitJt7Wm901yagzsAdCj8sIXEJGShCz8ItGo2zQL2
DiyVq1ZPxN6cUESD1fsCg1o/D65R2E3VuXiF84mbWE/VOUtxne7DFUmWXO//SLFA
2PVLc1BYKqiin6qeiPV5iHMpZkrgqWANODntTN46rvcfhg5ngUfFD5iPFVlePzlL
ECnUr4UsHZ6e6RM79XNi5yLM2jNQq9B2IoMlGN83I+UI8jAL+ZXnOHqAYPe3SXb/
ptGSaQfRI9MM30NTYS9TWKz4NJ/9eOteXmcOuhNFClCa
-----END CERTIFICATE-----