Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/P88iKTn8Kz5fY3K8dp3YFbu46BY.roa
File:                     P88iKTn8Kz5fY3K8dp3YFbu46BY.roa (raw, json)
Hash identifier:          9yVHU++fC4453v7nKY/Zabzeu1aYc/HO4Wp48rl6X6Y=
Subject key identifier:   3F:CF:22:29:39:FC:2B:3E:5F:63:72:BC:76:9D:D8:15:BB:B8:E8:16
Certificate issuer:       /CN=3a1a0c0016b9b33f93e8a7a393d09190d5e18499
Certificate serial:       018CC6B877D288129906D91E8BFB132ECEA3
Authority key identifier: 3A:1A:0C:00:16:B9:B3:3F:93:E8:A7:A3:93:D0:91:90:D5:E1:84:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhoMABa5sz-T6Kejk9CRkNXhhJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/P88iKTn8Kz5fY3K8dp3YFbu46BY.roa
Signing time:             Mon 01 Jan 2024 20:30:27 +0000
ROA not before:           Mon 01 Jan 2024 20:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        178.250.200.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/OhoMABa5sz-T6Kejk9CRkNXhhJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/OhoMABa5sz-T6Kejk9CRkNXhhJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhoMABa5sz-T6Kejk9CRkNXhhJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:77:d2:88:12:99:06:d9:1e:8b:fb:13:2e:ce:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1a0c0016b9b33f93e8a7a393d09190d5e18499
        Validity
            Not Before: Jan  1 20:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fcf222939fc2b3e5f6372bc769dd815bbb8e816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:09:2f:f7:72:5a:b1:7e:fb:56:b2:de:09:04:
                    e5:46:35:6b:41:5b:5e:06:a1:0f:06:be:0e:13:a0:
                    a2:36:73:92:55:02:7c:b5:6c:0c:5b:dc:18:9d:30:
                    09:80:e0:ef:f4:44:6e:0c:a1:80:c9:a0:00:18:ae:
                    f0:0c:e1:55:09:48:9f:29:bf:11:90:27:83:bd:bc:
                    5e:e8:08:c4:6c:14:94:e1:dd:f1:d6:41:00:52:88:
                    e3:27:bc:19:f5:02:4b:57:13:73:ef:d0:ec:fa:48:
                    57:63:7e:31:2a:f6:61:5d:53:5e:ef:05:4e:53:46:
                    10:fa:43:1f:e8:7a:9a:26:40:29:51:61:63:ed:31:
                    7e:f6:60:cb:76:1e:52:05:5f:7c:0a:62:71:84:4c:
                    7c:85:47:f7:96:13:45:12:5b:46:9b:1d:0c:96:3b:
                    45:4f:d0:96:37:3d:ed:a2:f9:12:ab:60:2d:5d:95:
                    e1:29:97:c6:87:50:9d:db:ef:4f:c9:77:3c:8e:51:
                    85:25:d1:f4:d4:1d:da:4d:ba:14:b7:59:65:2a:c9:
                    0d:71:e5:4d:89:26:4c:0a:12:3e:2d:99:b5:95:ef:
                    8d:8f:f9:97:4c:f7:85:38:f3:2a:29:44:de:6d:fd:
                    91:ec:51:03:eb:01:ac:70:b7:03:e7:ee:63:ca:53:
                    e9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CF:22:29:39:FC:2B:3E:5F:63:72:BC:76:9D:D8:15:BB:B8:E8:16
            X509v3 Authority Key Identifier:
                keyid:3A:1A:0C:00:16:B9:B3:3F:93:E8:A7:A3:93:D0:91:90:D5:E1:84:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhoMABa5sz-T6Kejk9CRkNXhhJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/P88iKTn8Kz5fY3K8dp3YFbu46BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/OhoMABa5sz-T6Kejk9CRkNXhhJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:5f:a7:8c:13:17:5d:85:ce:f5:a5:0b:4d:9b:99:37:b4:06:
         99:7b:a9:a5:c6:65:85:78:29:6d:44:41:04:0b:c3:a5:46:6d:
         fe:a7:c7:69:ae:f1:6c:84:22:38:ed:4f:e2:1e:da:dc:f1:2b:
         2a:6d:83:26:64:10:ea:80:44:4c:28:8e:78:3c:79:69:de:b3:
         3c:74:32:e8:8e:9b:7b:13:0f:35:f4:70:32:0a:fe:20:b4:f7:
         be:e3:31:24:ac:54:3c:b0:06:53:00:d9:02:6f:e3:1e:fc:d1:
         ad:d3:a1:41:1a:b2:dc:b4:a1:a1:8d:d1:fb:de:ed:2c:81:f0:
         66:f1:c0:31:a0:a5:7d:a1:9c:66:78:ec:a1:48:71:73:05:cd:
         de:1f:1e:36:97:05:82:0c:70:85:ac:51:7b:03:fa:05:0c:6e:
         14:11:e0:ad:78:14:27:ad:f6:e3:c5:6f:33:99:1d:eb:70:87:
         3d:29:5f:c7:5e:d6:09:8a:66:bb:79:57:e8:9f:4d:5a:9f:54:
         f2:65:33:a2:de:15:69:4b:8b:0e:a2:86:1a:33:72:34:17:f9:
         57:39:f8:6b:45:a0:d4:b3:7b:2d:6a:13:a9:c7:70:26:67:66:
         f8:37:95:ca:a9:98:5a:5d:81:3b:c6:96:7a:53:b3:63:db:24:
         27:b5:84:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuHfSiBKZBtkei/sTLs6jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWEwYzAwMTZiOWIzM2Y5M2U4YTdhMzkzZDA5MTkwZDVl
MTg0OTkwHhcNMjQwMTAxMjAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmNmMjIyOTM5ZmMyYjNlNWY2MzcyYmM3NjlkZDgxNWJiYjhlODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAkv93JasX77VrLeCQTlRjVrQVte
BqEPBr4OE6CiNnOSVQJ8tWwMW9wYnTAJgODv9ERuDKGAyaAAGK7wDOFVCUifKb8R
kCeDvbxe6AjEbBSU4d3x1kEAUojjJ7wZ9QJLVxNz79Ds+khXY34xKvZhXVNe7wVO
U0YQ+kMf6HqaJkApUWFj7TF+9mDLdh5SBV98CmJxhEx8hUf3lhNFEltGmx0MljtF
T9CWNz3tovkSq2AtXZXhKZfGh1Cd2+9PyXc8jlGFJdH01B3aTboUt1llKskNceVN
iSZMChI+LZm1le+Nj/mXTPeFOPMqKUTebf2R7FED6wGscLcD5+5jylPpAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/PIik5/Cs+X2NyvHad2BW7uOgWMB8GA1UdIwQY
MBaAFDoaDAAWubM/k+ino5PQkZDV4YSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hvTUFCYTVzei1UNktlams5Q1JrTlhoaEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85OTU4ODEtMzljZC00MTA0LTliMjkt
MGI2NDU5Nzc1YjY0LzEvUDg4aUtUbjhLejVmWTNLOGRwM1lGYnU0NkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85OTU4ODEtMzljZC00MTA0LTliMjktMGI2NDU5Nzc1YjY0
LzEvT2hvTUFCYTVzei1UNktlams5Q1JrTlhoaEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsvrIMA0G
CSqGSIb3DQEBCwUAA4IBAQAqX6eMExddhc71pQtNm5k3tAaZe6mlxmWFeCltREEE
C8OlRm3+p8dprvFshCI47U/iHtrc8SsqbYMmZBDqgERMKI54PHlp3rM8dDLojpt7
Ew819HAyCv4gtPe+4zEkrFQ8sAZTANkCb+Me/NGt06FBGrLctKGhjdH73u0sgfBm
8cAxoKV9oZxmeOyhSHFzBc3eHx42lwWCDHCFrFF7A/oFDG4UEeCteBQnrfbjxW8z
mR3rcIc9KV/HXtYJima7eVfon01an1TyZTOi3hVpS4sOooYaM3I0F/lXOfhrRaDU
s3stahOpx3AmZ2b4N5XKqZhaXYE7xpZ6U7Nj2yQntYRM
-----END CERTIFICATE-----