Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/bda9d2-2228-4806-85d0-ee06b6612ce4/1/iZApycXNPz9vxgT5eEvKW98LDqg.roa
File:                     iZApycXNPz9vxgT5eEvKW98LDqg.roa (raw, json)
Hash identifier:          ExUgP2Z7Z9IJtGwzJro9UmsLakOf/TAs087UopR5KzM=
Subject key identifier:   89:90:29:C9:C5:CD:3F:3F:6F:C6:04:F9:78:4B:CA:5B:DF:0B:0E:A8
Certificate issuer:       /CN=3d5460f8567ee98f81c56fa4f8db03ce5cddad9c
Certificate serial:       018CC3B6D332E9A3D64606191E494540868C
Authority key identifier: 3D:54:60:F8:56:7E:E9:8F:81:C5:6F:A4:F8:DB:03:CE:5C:DD:AD:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PVRg-FZ-6Y-BxW-k-NsDzlzdrZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/bda9d2-2228-4806-85d0-ee06b6612ce4/1/iZApycXNPz9vxgT5eEvKW98LDqg.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44554
IP address blocks:        88.151.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/bda9d2-2228-4806-85d0-ee06b6612ce4/1/PVRg-FZ-6Y-BxW-k-NsDzlzdrZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/bda9d2-2228-4806-85d0-ee06b6612ce4/1/PVRg-FZ-6Y-BxW-k-NsDzlzdrZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PVRg-FZ-6Y-BxW-k-NsDzlzdrZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d3:32:e9:a3:d6:46:06:19:1e:49:45:40:86:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d5460f8567ee98f81c56fa4f8db03ce5cddad9c
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=899029c9c5cd3f3f6fc604f9784bca5bdf0b0ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fb:1b:a1:31:cb:fe:a1:1b:5c:be:1e:09:16:
                    bb:f5:f7:fa:cb:34:dc:ce:f5:2c:24:e9:97:90:1f:
                    59:56:ed:e3:72:e9:af:98:ee:2b:10:91:cc:05:c1:
                    ce:0e:f4:c3:1b:75:9b:e6:11:cf:40:c2:91:99:de:
                    4a:59:84:df:2b:4f:a9:1c:68:b7:32:e2:5e:e8:c3:
                    49:42:a7:89:3f:b7:ee:5c:16:25:db:34:e4:61:12:
                    f3:50:20:33:46:e4:23:f2:a8:dc:28:07:36:cf:57:
                    3d:e5:22:54:1c:6e:94:a4:00:f1:f8:22:f3:c5:fd:
                    0f:6f:0b:27:19:6b:a2:0b:0d:0c:75:87:fe:62:62:
                    b6:c5:ab:28:e8:15:a5:3b:0e:de:50:f9:7f:6d:87:
                    47:5e:46:73:03:ac:e6:dd:07:45:50:0f:9f:cd:b3:
                    cc:59:db:39:d5:8d:a7:3f:81:0a:c2:62:bd:c7:ce:
                    6a:1b:24:84:e1:a7:6b:54:c0:04:6b:e9:34:b1:28:
                    a3:71:bc:ad:9a:9a:1e:9d:22:6a:86:06:5b:69:48:
                    29:7d:f4:cd:60:63:b9:39:8f:9f:af:51:fa:56:97:
                    80:1c:29:a2:e4:fa:e9:7d:87:19:3e:e1:b3:4c:f3:
                    8a:a5:e7:23:66:88:41:51:51:2d:75:42:3e:cc:77:
                    ff:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:90:29:C9:C5:CD:3F:3F:6F:C6:04:F9:78:4B:CA:5B:DF:0B:0E:A8
            X509v3 Authority Key Identifier:
                keyid:3D:54:60:F8:56:7E:E9:8F:81:C5:6F:A4:F8:DB:03:CE:5C:DD:AD:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PVRg-FZ-6Y-BxW-k-NsDzlzdrZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/bda9d2-2228-4806-85d0-ee06b6612ce4/1/iZApycXNPz9vxgT5eEvKW98LDqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/bda9d2-2228-4806-85d0-ee06b6612ce4/1/PVRg-FZ-6Y-BxW-k-NsDzlzdrZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:d9:87:f6:41:a2:60:8e:5c:97:df:cf:20:eb:73:19:7b:65:
         78:c7:5d:cc:f7:ac:c7:71:c7:5b:52:40:a7:e0:51:51:07:2a:
         b5:26:eb:f5:ff:56:79:7d:62:5e:04:16:db:86:36:70:21:e2:
         96:56:47:fe:75:1c:6e:53:12:5e:0e:bb:1e:52:2b:57:a4:d9:
         c8:90:fd:73:b7:08:86:07:db:ab:7d:be:59:bd:06:4c:38:99:
         ae:8b:f2:eb:3f:2c:43:34:4c:9d:50:f5:77:3a:63:a8:fa:95:
         49:de:13:dc:fc:29:72:f5:7e:31:c6:80:15:6b:a0:0c:f1:df:
         59:07:c7:9e:33:df:53:24:98:98:0a:fa:0c:86:d7:a7:8f:1c:
         91:73:32:04:40:73:f9:9c:a9:e3:5f:24:42:84:ee:aa:62:e2:
         ae:0d:d8:ea:d4:80:8a:b1:ac:f0:b8:2c:d1:c3:15:17:8e:a7:
         3a:ea:6c:f2:a1:3b:5d:7f:e8:a8:55:2a:ae:39:3d:ce:7c:df:
         6d:4d:fb:57:dc:75:49:7b:2c:d3:4f:b1:5e:be:ac:42:6d:3b:
         ee:a5:62:b7:f0:72:b3:cd:90:f5:76:16:62:c7:94:ff:64:d2:
         d2:a0:82:cf:34:e5:80:4e:78:2f:48:a1:73:27:2a:56:dd:74:
         22:1c:68:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttMy6aPWRgYZHklFQIaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNTQ2MGY4NTY3ZWU5OGY4MWM1NmZhNGY4ZGIwM2NlNWNk
ZGFkOWMwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkwMjljOWM1Y2QzZjNmNmZjNjA0Zjk3ODRiY2E1YmRmMGIwZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfsboTHL/qEbXL4eCRa79ff6yzTc
zvUsJOmXkB9ZVu3jcumvmO4rEJHMBcHODvTDG3Wb5hHPQMKRmd5KWYTfK0+pHGi3
MuJe6MNJQqeJP7fuXBYl2zTkYRLzUCAzRuQj8qjcKAc2z1c95SJUHG6UpADx+CLz
xf0PbwsnGWuiCw0MdYf+YmK2xaso6BWlOw7eUPl/bYdHXkZzA6zm3QdFUA+fzbPM
Wds51Y2nP4EKwmK9x85qGySE4adrVMAEa+k0sSijcbytmpoenSJqhgZbaUgpffTN
YGO5OY+fr1H6VpeAHCmi5PrpfYcZPuGzTPOKpecjZohBUVEtdUI+zHf/3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImQKcnFzT8/b8YE+XhLylvfCw6oMB8GA1UdIwQY
MBaAFD1UYPhWfumPgcVvpPjbA85c3a2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFZSZy1GWi02WS1CeFctay1Oc0R6bHpkclp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9iZGE5ZDItMjIyOC00ODA2LTg1ZDAt
ZWUwNmI2NjEyY2U0LzEvaVpBcHljWE5Qejl2eGdUNWVFdktXOThMRHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9iZGE5ZDItMjIyOC00ODA2LTg1ZDAtZWUwNmI2NjEyY2U0
LzEvUFZSZy1GWi02WS1CeFctay1Oc0R6bHpkclp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJd3MA0G
CSqGSIb3DQEBCwUAA4IBAQC22Yf2QaJgjlyX388g63MZe2V4x13M96zHccdbUkCn
4FFRByq1Juv1/1Z5fWJeBBbbhjZwIeKWVkf+dRxuUxJeDrseUitXpNnIkP1ztwiG
B9urfb5ZvQZMOJmui/LrPyxDNEydUPV3OmOo+pVJ3hPc/Cly9X4xxoAVa6AM8d9Z
B8eeM99TJJiYCvoMhtenjxyRczIEQHP5nKnjXyRChO6qYuKuDdjq1ICKsazwuCzR
wxUXjqc66mzyoTtdf+ioVSquOT3OfN9tTftX3HVJeyzTT7FevqxCbTvupWK38HKz
zZD1dhZix5T/ZNLSoILPNOWATngvSKFzJypW3XQiHGhr
-----END CERTIFICATE-----