Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BBOkcQKUdarRgv6ruropupnSGWI.roa
File:                     BBOkcQKUdarRgv6ruropupnSGWI.roa (raw, json)
Hash identifier:          71jiuOcxiGFGhSTW1ey0MKW4pFVW7sWbwZ3RM2mh4HI=
Subject key identifier:   04:13:A4:71:02:94:75:AA:D1:82:FE:AB:BA:BA:29:BA:99:D2:19:62
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FBA4656E6E7F7AB3AD3319D4B7EC83952
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BBOkcQKUdarRgv6ruropupnSGWI.roa
Signing time:             Mon 27 May 2024 13:38:42 +0000
ROA not before:           Mon 27 May 2024 13:38:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209474
IP address blocks:        212.38.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ba:46:56:e6:e7:f7:ab:3a:d3:31:9d:4b:7e:c8:39:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 27 13:38:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0413a471029475aad182feabbaba29ba99d21962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:04:9f:ea:07:aa:67:a7:07:c0:69:e0:ca:7e:
                    b1:ae:05:c4:48:aa:b9:1c:e4:d9:23:ef:ef:bc:ff:
                    f9:3e:ab:26:50:c2:fb:af:1c:0f:fa:95:36:f0:24:
                    53:1f:d2:f2:2e:69:47:45:fc:4b:3f:d0:64:cc:34:
                    db:db:0e:b4:66:cb:93:da:76:ad:52:90:b9:35:2d:
                    d3:78:53:54:8d:16:fc:91:44:be:53:c6:f8:3d:74:
                    41:2e:d8:3a:c5:1e:e6:58:75:01:18:8e:4d:dc:f1:
                    43:08:3f:4f:d4:d6:ab:93:57:38:c8:8b:f3:e1:ca:
                    7e:43:a9:d8:40:66:0e:7c:3d:e4:4b:8e:ba:18:ca:
                    4b:8a:76:a3:06:96:9b:a3:4a:62:4f:da:df:3d:66:
                    de:22:3f:31:00:a6:fb:fe:38:42:fb:03:07:a4:7e:
                    a1:ab:84:fc:aa:e8:5a:c7:d2:b7:db:82:44:9b:3b:
                    5e:fc:0f:be:cf:b7:8c:a0:97:78:4c:a3:37:48:71:
                    f8:9b:f2:92:02:7c:f7:43:3e:74:7b:2c:9b:21:95:
                    26:4b:62:83:03:ad:dc:a2:c8:1f:a4:20:d5:bf:76:
                    93:41:a3:80:a5:1e:6b:cf:bd:ce:53:e1:97:2a:55:
                    75:d6:06:44:36:86:21:77:5f:ba:7a:09:f7:9f:bd:
                    e9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:13:A4:71:02:94:75:AA:D1:82:FE:AB:BA:BA:29:BA:99:D2:19:62
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BBOkcQKUdarRgv6ruropupnSGWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:13:6a:85:1d:a9:b4:96:43:d3:f1:bc:d1:25:4c:7f:a0:d5:
         a7:e8:87:7f:a7:18:d3:8a:dc:79:17:5c:1d:e1:44:99:41:91:
         3c:5f:15:53:05:9a:05:80:ad:cd:df:3b:35:dd:14:a2:f4:21:
         9e:ec:9f:d2:a1:7e:20:eb:ce:c6:a0:fc:e7:0f:ea:87:4a:ef:
         ad:53:d8:23:8d:59:e7:53:76:43:ee:49:06:5d:06:39:71:c4:
         be:54:00:c2:92:7a:7f:07:08:91:97:fa:5d:ef:e3:51:df:97:
         a9:53:a0:da:8e:c4:ed:ce:cc:96:44:93:fe:31:93:42:52:a0:
         48:83:35:b8:d7:6e:e2:3f:a2:b6:5f:ab:2d:73:9f:1e:7b:0e:
         c5:8e:65:52:60:66:38:01:06:86:0a:1a:f2:7d:d8:c7:c7:55:
         3c:7c:c7:65:39:37:a5:cc:be:3a:98:ff:de:19:26:d2:1b:0d:
         36:e9:81:31:5d:86:49:98:06:02:2f:15:bb:99:a1:39:d5:6c:
         fa:bc:62:df:67:e4:c4:d5:52:c0:14:ac:5d:19:1c:4d:8b:14:
         8e:08:68:bb:de:51:20:dc:ea:be:34:69:e7:9f:64:3f:76:ea:
         74:34:3d:c2:2a:0c:58:48:e5:47:30:0c:5b:8d:55:0c:0f:fc:
         85:4d:a3:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+6Rlbm5/erOtMxnUt+yDlSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI3MTMzODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDEzYTQ3MTAyOTQ3NWFhZDE4MmZlYWJiYWJhMjliYTk5ZDIxOTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxASf6geqZ6cHwGngyn6xrgXESKq5
HOTZI+/vvP/5PqsmUML7rxwP+pU28CRTH9LyLmlHRfxLP9BkzDTb2w60ZsuT2nat
UpC5NS3TeFNUjRb8kUS+U8b4PXRBLtg6xR7mWHUBGI5N3PFDCD9P1Nark1c4yIvz
4cp+Q6nYQGYOfD3kS466GMpLinajBpabo0piT9rfPWbeIj8xAKb7/jhC+wMHpH6h
q4T8quhax9K324JEmzte/A++z7eMoJd4TKM3SHH4m/KSAnz3Qz50eyybIZUmS2KD
A63cosgfpCDVv3aTQaOApR5rz73OU+GXKlV11gZENoYhd1+6egn3n73pRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQTpHEClHWq0YL+q7q6KbqZ0hliMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQkJPa2NRS1VkYXJSZ3Y2cnVyb3B1cG5TR1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CZYMA0G
CSqGSIb3DQEBCwUAA4IBAQAnE2qFHam0lkPT8bzRJUx/oNWn6Id/pxjTitx5F1wd
4USZQZE8XxVTBZoFgK3N3zs13RSi9CGe7J/SoX4g687GoPznD+qHSu+tU9gjjVnn
U3ZD7kkGXQY5ccS+VADCknp/BwiRl/pd7+NR35epU6DajsTtzsyWRJP+MZNCUqBI
gzW4127iP6K2X6stc58eew7FjmVSYGY4AQaGChryfdjHx1U8fMdlOTelzL46mP/e
GSbSGw026YExXYZJmAYCLxW7maE51Wz6vGLfZ+TE1VLAFKxdGRxNixSOCGi73lEg
3Oq+NGnnn2Q/dup0ND3CKgxYSOVHMAxbjVUMD/yFTaMw
-----END CERTIFICATE-----