Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/_4OJEmy-_xr_kOyO6EpYKRvyk_M.roa
File:                     _4OJEmy-_xr_kOyO6EpYKRvyk_M.roa (raw, json)
Hash identifier:          M6KX3NAag16FtxfM/8U8uJKiWDb1qs68R8f4zbgn6y8=
Subject key identifier:   FF:83:89:12:6C:BE:FF:1A:FF:90:EC:8E:E8:4A:58:29:1B:F2:93:F3
Certificate issuer:       /CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
Certificate serial:       018CC5011E6667E19C51E339638B9E72B9CB
Authority key identifier: 0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/_4OJEmy-_xr_kOyO6EpYKRvyk_M.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199440
IP address blocks:        80.92.228.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1e:66:67:e1:9c:51:e3:39:63:8b:9e:72:b9:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff8389126cbeff1aff90ec8ee84a58291bf293f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a4:6c:c0:16:6e:69:77:97:68:3a:62:ab:2e:
                    c3:66:e5:cf:03:20:ba:e7:4d:6f:af:d2:89:d4:5b:
                    74:c8:18:79:02:aa:86:92:49:65:bc:5f:b7:b8:5f:
                    f6:c4:48:47:f4:4b:7a:74:6c:49:a9:e0:60:78:8d:
                    07:dc:73:2d:fc:ec:e4:d3:3f:db:2d:84:00:12:ae:
                    6c:e9:6a:c5:f3:a7:99:3b:1b:1d:bb:51:b0:ff:53:
                    f9:93:b8:20:8f:2a:a3:ce:61:6e:8e:46:38:a8:aa:
                    a6:ff:79:e4:4b:7d:14:94:39:22:c1:b1:a5:52:94:
                    fe:d8:96:57:95:64:9c:50:35:61:41:01:40:d9:6a:
                    88:6d:62:88:1a:07:ed:e7:a8:7f:6a:24:95:6c:d1:
                    67:4c:0a:3a:b4:95:db:42:2f:8e:9b:2b:4e:53:af:
                    8f:02:61:34:a2:db:f6:a6:21:c1:47:34:7e:3b:f3:
                    a1:87:df:dc:07:1e:41:20:b5:f4:2f:69:0b:2f:70:
                    21:2c:44:4b:ce:af:04:0a:00:27:6d:f7:f6:f1:7e:
                    6d:cb:32:fb:ad:aa:ef:af:68:a4:27:9a:af:22:14:
                    10:89:85:c1:d2:dc:4e:73:dd:0c:3e:76:ef:b6:65:
                    c0:2d:54:82:a4:af:de:a7:34:4f:c1:bd:84:d2:6b:
                    90:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:83:89:12:6C:BE:FF:1A:FF:90:EC:8E:E8:4A:58:29:1B:F2:93:F3
            X509v3 Authority Key Identifier:
                keyid:0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/_4OJEmy-_xr_kOyO6EpYKRvyk_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.92.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:73:e3:49:43:a2:bd:b6:ef:de:16:94:9c:09:fa:e6:e8:00:
         23:da:20:74:04:49:4b:8c:8a:a3:cd:d8:33:9c:0e:56:02:7c:
         be:fc:3f:9a:d6:d3:aa:0e:5a:c3:fa:08:95:68:e6:02:d0:56:
         73:81:40:1c:31:16:00:ac:68:18:a7:1e:d9:ce:d7:3d:11:84:
         0f:9d:c0:31:ff:8f:bd:44:9c:c1:ff:36:43:07:92:93:ba:89:
         68:95:aa:8c:40:82:e2:9c:0e:69:e2:27:d5:7e:74:e9:1d:37:
         5a:3c:ae:53:02:34:e3:5b:9f:5c:48:37:4a:09:fc:7f:6b:18:
         f8:98:f9:7e:63:8c:f3:e4:40:16:6a:06:20:aa:c3:0d:fa:86:
         70:3f:85:12:c6:67:a6:68:4d:88:ae:fc:a5:24:68:df:7a:b2:
         da:3e:ae:81:17:d3:4e:f2:33:87:75:fd:68:05:91:a3:1d:31:
         11:ec:65:65:19:41:26:7d:95:e0:7e:9d:02:50:ef:59:8f:c5:
         9b:cb:ab:ee:61:55:ca:6c:1c:1a:8e:6f:d3:6f:3a:b7:a1:1a:
         42:9e:82:46:9b:f8:cc:b9:fc:ab:ce:06:7c:66:58:a7:44:4b:
         6b:91:d2:29:1c:3b:d6:ee:f5:2d:e7:11:cd:53:c0:76:01:5f:
         30:29:a8:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR5mZ+GcUeM5Y4uecrnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODcxNDJiZGMyYjNmMGQwODQ4YTBkODAwYjY5MzBiMWFi
YjM0YmMwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjgzODkxMjZjYmVmZjFhZmY5MGVjOGVlODRhNTgyOTFiZjI5M2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqRswBZuaXeXaDpiqy7DZuXPAyC6
501vr9KJ1Ft0yBh5AqqGkkllvF+3uF/2xEhH9Et6dGxJqeBgeI0H3HMt/Ozk0z/b
LYQAEq5s6WrF86eZOxsdu1Gw/1P5k7ggjyqjzmFujkY4qKqm/3nkS30UlDkiwbGl
UpT+2JZXlWScUDVhQQFA2WqIbWKIGgft56h/aiSVbNFnTAo6tJXbQi+OmytOU6+P
AmE0otv2piHBRzR+O/Ohh9/cBx5BILX0L2kLL3AhLERLzq8ECgAnbff28X5tyzL7
rarvr2ikJ5qvIhQQiYXB0txOc90MPnbvtmXALVSCpK/epzRPwb2E0muQSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+DiRJsvv8a/5DsjuhKWCkb8pPzMB8GA1UdIwQY
MBaAFA2HFCvcKz8NCEig2AC2kwsauzS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQt
YTMxNzA4ZDQwMzkxLzEvXzRPSkVteS1feHJfa095TzZFcFlLUnZ5a19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQtYTMxNzA4ZDQwMzkx
LzEvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFzkMA0G
CSqGSIb3DQEBCwUAA4IBAQAPc+NJQ6K9tu/eFpScCfrm6AAj2iB0BElLjIqjzdgz
nA5WAny+/D+a1tOqDlrD+giVaOYC0FZzgUAcMRYArGgYpx7Zztc9EYQPncAx/4+9
RJzB/zZDB5KTuololaqMQILinA5p4ifVfnTpHTdaPK5TAjTjW59cSDdKCfx/axj4
mPl+Y4zz5EAWagYgqsMN+oZwP4USxmemaE2IrvylJGjferLaPq6BF9NO8jOHdf1o
BZGjHTER7GVlGUEmfZXgfp0CUO9Zj8Wby6vuYVXKbBwajm/Tbzq3oRpCnoJGm/jM
ufyrzgZ8ZlinREtrkdIpHDvW7vUt5xHNU8B2AV8wKah2
-----END CERTIFICATE-----