Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/0FhsPuCjLVv5W8-ZAtM-U6DTz2Q.roa
File:                     0FhsPuCjLVv5W8-ZAtM-U6DTz2Q.roa (raw, json)
Hash identifier:          es9JFy4tRXGpYAaG6J+JkDD/XZ6ehU0vaZuD8CPzPTM=
Subject key identifier:   D0:58:6C:3E:E0:A3:2D:5B:F9:5B:CF:99:02:D3:3E:53:A0:D3:CF:64
Certificate issuer:       /CN=9944f812a0e002c38e84e47628bdba038598090b
Certificate serial:       018CC26D77CB16F786BFE1648D72513F868E
Authority key identifier: 99:44:F8:12:A0:E0:02:C3:8E:84:E4:76:28:BD:BA:03:85:98:09:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mUT4EqDgAsOOhOR2KL26A4WYCQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/0FhsPuCjLVv5W8-ZAtM-U6DTz2Q.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35448
IP address blocks:        88.213.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/mUT4EqDgAsOOhOR2KL26A4WYCQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/mUT4EqDgAsOOhOR2KL26A4WYCQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mUT4EqDgAsOOhOR2KL26A4WYCQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:77:cb:16:f7:86:bf:e1:64:8d:72:51:3f:86:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9944f812a0e002c38e84e47628bdba038598090b
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0586c3ee0a32d5bf95bcf9902d33e53a0d3cf64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c1:37:e4:32:30:24:da:c3:38:29:fb:11:64:
                    b0:5f:38:26:61:f9:d7:11:73:03:44:14:0b:af:9a:
                    c0:21:7b:34:85:2c:65:cd:e9:02:07:22:07:2c:ad:
                    a9:2c:88:a6:c4:dd:e4:3d:a5:61:71:66:b5:53:5d:
                    8b:31:cd:ff:3d:78:5b:35:65:db:0d:6e:a0:72:e2:
                    4f:34:76:70:9d:f5:6a:88:aa:d8:dd:c8:b1:ea:55:
                    2d:a8:a1:a7:9f:f5:6f:0a:38:a2:23:29:72:0c:f6:
                    ea:5f:71:01:7d:42:09:23:a3:34:42:df:82:f4:40:
                    9c:fd:ef:28:28:69:38:07:37:48:60:e5:de:73:2e:
                    9e:1d:c5:a2:ba:90:eb:27:50:a5:8b:a4:dc:98:5e:
                    9f:5c:fd:93:20:ad:5e:d9:32:a4:0e:c8:02:7e:15:
                    69:44:b4:af:39:d4:3f:c2:a6:1c:29:9c:5c:37:16:
                    30:4f:4b:59:72:0a:0e:47:0f:04:2a:62:eb:31:bc:
                    6f:cd:52:64:77:5b:f4:d0:8a:16:bd:61:1b:28:a8:
                    c2:a8:af:8b:5d:0b:b6:0a:cc:00:7d:44:cc:50:fe:
                    81:a5:fd:0c:70:20:f3:9a:ea:51:03:9d:3e:5a:74:
                    76:fc:5a:9d:4e:b2:e2:22:4d:2a:34:aa:84:95:c6:
                    3d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:58:6C:3E:E0:A3:2D:5B:F9:5B:CF:99:02:D3:3E:53:A0:D3:CF:64
            X509v3 Authority Key Identifier:
                keyid:99:44:F8:12:A0:E0:02:C3:8E:84:E4:76:28:BD:BA:03:85:98:09:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mUT4EqDgAsOOhOR2KL26A4WYCQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/0FhsPuCjLVv5W8-ZAtM-U6DTz2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/mUT4EqDgAsOOhOR2KL26A4WYCQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.213.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:9f:49:f6:74:1f:9b:fa:5b:27:44:c7:e4:9d:d2:1b:8b:55:
         5a:aa:92:51:fb:a2:24:a1:07:a9:d0:5e:1d:b8:f4:9d:58:50:
         34:0c:01:c0:44:cc:b3:cd:6f:fa:ac:8f:fc:8a:39:26:c1:38:
         12:49:a0:c4:44:85:89:98:44:cc:69:af:a5:57:39:86:a1:4e:
         3c:b7:ac:89:ea:80:0c:98:7d:56:34:72:65:b6:24:c0:6a:2e:
         3e:a9:e6:a0:20:13:40:34:84:9b:42:f4:e9:b5:47:40:48:93:
         b7:92:88:04:2d:8c:81:89:d2:ac:6d:af:12:c5:ed:8d:2e:2c:
         fb:12:67:ac:53:55:08:1c:36:1b:1a:f7:ef:77:65:1f:b8:31:
         5e:bc:d7:24:ed:4b:4c:97:c0:2d:84:3e:ad:e5:4d:38:37:27:
         b3:36:66:8b:42:37:8d:65:d4:d8:48:51:bb:ff:50:4d:19:2a:
         93:9c:fa:72:f5:a7:5c:19:e8:f8:fe:12:b0:00:8b:de:95:3e:
         07:12:7c:e1:fa:dc:76:93:ec:0b:7d:5a:d3:a3:76:92:64:e2:
         03:1a:26:13:36:85:2a:65:9d:5e:99:7f:8d:09:4b:82:d7:01:
         b5:3c:be:1f:d4:83:73:6e:81:36:77:c9:7d:e0:d4:28:9c:dc:
         7a:1a:7d:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXfLFveGv+FkjXJRP4aOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NDRmODEyYTBlMDAyYzM4ZTg0ZTQ3NjI4YmRiYTAzODU5
ODA5MGIwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU4NmMzZWUwYTMyZDViZjk1YmNmOTkwMmQzM2U1M2EwZDNjZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnME35DIwJNrDOCn7EWSwXzgmYfnX
EXMDRBQLr5rAIXs0hSxlzekCByIHLK2pLIimxN3kPaVhcWa1U12LMc3/PXhbNWXb
DW6gcuJPNHZwnfVqiKrY3cix6lUtqKGnn/VvCjiiIylyDPbqX3EBfUIJI6M0Qt+C
9ECc/e8oKGk4BzdIYOXecy6eHcWiupDrJ1Cli6TcmF6fXP2TIK1e2TKkDsgCfhVp
RLSvOdQ/wqYcKZxcNxYwT0tZcgoORw8EKmLrMbxvzVJkd1v00IoWvWEbKKjCqK+L
XQu2CswAfUTMUP6Bpf0McCDzmupRA50+WnR2/FqdTrLiIk0qNKqElcY9wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBYbD7goy1b+VvPmQLTPlOg089kMB8GA1UdIwQY
MBaAFJlE+BKg4ALDjoTkdii9ugOFmAkLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVVUNEVxRGdBc09PaE9SMktMMjZBNFdZQ1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zYzZjYjUtYTcyYy00NzAxLWFlNmMt
MzA2YzU2NTEzNDNlLzEvMEZoc1B1Q2pMVnY1VzgtWkF0TS1VNkRUejJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zYzZjYjUtYTcyYy00NzAxLWFlNmMtMzA2YzU2NTEzNDNl
LzEvbVVUNEVxRGdBc09PaE9SMktMMjZBNFdZQ1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNXUMA0G
CSqGSIb3DQEBCwUAA4IBAQB7n0n2dB+b+lsnRMfkndIbi1VaqpJR+6IkoQep0F4d
uPSdWFA0DAHARMyzzW/6rI/8ijkmwTgSSaDERIWJmETMaa+lVzmGoU48t6yJ6oAM
mH1WNHJltiTAai4+qeagIBNANISbQvTptUdASJO3kogELYyBidKsba8Sxe2NLiz7
EmesU1UIHDYbGvfvd2UfuDFevNck7UtMl8AthD6t5U04NyezNmaLQjeNZdTYSFG7
/1BNGSqTnPpy9adcGej4/hKwAIvelT4HEnzh+tx2k+wLfVrTo3aSZOIDGiYTNoUq
ZZ1emX+NCUuC1wG1PL4f1INzboE2d8l94NQonNx6Gn3b
-----END CERTIFICATE-----