Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/7pqmuZp7k4eQBkOtPCSsDmyuq5s.roa
File:                     7pqmuZp7k4eQBkOtPCSsDmyuq5s.roa (raw, json)
Hash identifier:          /2GBUp8XpAqFrzNNkoOuGLzggSnOFfeuYnrugUp54ac=
Subject key identifier:   EE:9A:A6:B9:9A:7B:93:87:90:06:43:AD:3C:24:AC:0E:6C:AE:AB:9B
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018CC8DF93707082A3C20E969E91F13EDE5E
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/7pqmuZp7k4eQBkOtPCSsDmyuq5s.roa
Signing time:             Tue 02 Jan 2024 06:32:24 +0000
ROA not before:           Tue 02 Jan 2024 06:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60168
IP address blocks:        88.80.152.0/22 maxlen: 24
                          88.80.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:93:70:70:82:a3:c2:0e:96:9e:91:f1:3e:de:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jan  2 06:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee9aa6b99a7b9387900643ad3c24ac0e6caeab9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:59:2e:0b:38:c9:e6:e2:a3:ab:e2:ae:d8:6a:
                    c2:07:34:87:66:ed:5c:29:21:f8:9c:ba:2b:29:c2:
                    51:d5:83:47:91:28:e2:11:47:2c:40:0c:4f:14:4b:
                    7d:d0:b9:b5:30:6d:06:4a:62:b2:15:71:22:dc:d8:
                    3a:71:fc:ed:83:53:37:61:20:7a:5a:b7:cd:92:df:
                    53:67:1e:d6:27:5e:27:79:32:5a:47:3c:fe:45:1d:
                    09:1e:4d:e9:98:72:20:51:38:60:0b:8f:b5:f9:24:
                    a0:1e:31:65:3c:18:f6:77:cf:47:62:82:37:69:38:
                    32:df:fd:9c:53:74:22:6d:54:50:29:86:8e:39:f2:
                    ab:07:56:93:b3:eb:87:8b:dd:41:d1:0d:89:99:0e:
                    41:8b:d9:05:fc:e1:52:27:57:a8:d0:79:59:2a:bb:
                    74:d4:08:5b:8b:e5:bf:93:ac:52:85:cb:19:01:ab:
                    66:e7:bd:28:28:97:6c:e3:0a:12:d1:4c:05:bd:1f:
                    1e:bd:56:5d:06:92:dc:e9:1b:bd:8c:dd:45:73:13:
                    e4:02:22:ab:92:29:a3:1b:09:bc:64:f6:c4:63:54:
                    c4:11:26:c7:18:c2:3e:34:89:6b:35:da:14:f1:1b:
                    26:a4:f9:88:58:95:09:db:25:4e:68:8f:7e:38:de:
                    29:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:9A:A6:B9:9A:7B:93:87:90:06:43:AD:3C:24:AC:0E:6C:AE:AB:9B
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/7pqmuZp7k4eQBkOtPCSsDmyuq5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         58:35:e4:b9:30:a1:65:92:cd:0d:91:e9:bb:0f:20:3f:9a:1a:
         bf:e4:26:a5:69:b6:dd:d4:a6:27:0f:29:79:c7:c4:41:32:e5:
         1e:56:81:e7:4f:ce:45:3e:80:66:94:ff:88:02:71:af:f7:4f:
         2a:c9:a4:3e:fa:1f:64:5b:cd:ac:97:39:1a:c2:20:17:fd:99:
         85:75:a2:de:33:b5:d4:66:2e:fc:6d:63:33:50:0b:f1:44:4a:
         ca:da:4e:73:00:75:0d:4a:2c:96:6b:54:83:73:75:4f:6f:87:
         c2:7f:9b:c1:a7:2b:08:b9:ae:6e:78:d6:94:39:75:37:36:33:
         10:b1:ed:0b:b0:9f:6f:e0:0c:b8:f3:a3:8d:c9:64:e0:3f:d9:
         91:b0:ae:ca:ac:4e:6e:06:35:2e:d0:e3:6c:f5:46:a5:f8:a7:
         03:a3:8e:c8:87:17:67:a6:7c:f4:80:c5:e2:ec:2b:62:05:d3:
         a7:d0:80:0c:79:00:0d:9f:b7:b9:6b:df:b1:41:71:26:fc:23:
         9b:5d:74:81:d4:30:e7:68:38:b9:fc:13:f3:87:bc:32:be:db:
         41:79:d1:e6:df:09:01:c7:44:0e:ef:ad:0e:cf:2d:92:f4:4a:
         f7:97:aa:48:52:be:4e:45:18:3d:bf:db:83:ce:b2:29:fb:82:
         21:34:38:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35NwcIKjwg6WnpHxPt5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwMTAyMDYzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTlhYTZiOTlhN2I5Mzg3OTAwNjQzYWQzYzI0YWMwZTZjYWVhYjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFkuCzjJ5uKjq+Ku2GrCBzSHZu1c
KSH4nLorKcJR1YNHkSjiEUcsQAxPFEt90Lm1MG0GSmKyFXEi3Ng6cfztg1M3YSB6
WrfNkt9TZx7WJ14neTJaRzz+RR0JHk3pmHIgUThgC4+1+SSgHjFlPBj2d89HYoI3
aTgy3/2cU3QibVRQKYaOOfKrB1aTs+uHi91B0Q2JmQ5Bi9kF/OFSJ1eo0HlZKrt0
1Ahbi+W/k6xShcsZAatm570oKJds4woS0UwFvR8evVZdBpLc6Ru9jN1FcxPkAiKr
kimjGwm8ZPbEY1TEESbHGMI+NIlrNdoU8RsmpPmIWJUJ2yVOaI9+ON4pZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6aprmae5OHkAZDrTwkrA5srqubMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvN3BxbXVacDdrNGVRQmtPdFBDU3NEbXl1cTVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWFCYMA0G
CSqGSIb3DQEBCwUAA4IBAQBYNeS5MKFlks0Nkem7DyA/mhq/5Calabbd1KYnDyl5
x8RBMuUeVoHnT85FPoBmlP+IAnGv908qyaQ++h9kW82slzkawiAX/ZmFdaLeM7XU
Zi78bWMzUAvxRErK2k5zAHUNSiyWa1SDc3VPb4fCf5vBpysIua5ueNaUOXU3NjMQ
se0LsJ9v4Ay486ONyWTgP9mRsK7KrE5uBjUu0ONs9Ual+KcDo47Ihxdnpnz0gMXi
7CtiBdOn0IAMeQANn7e5a9+xQXEm/CObXXSB1DDnaDi5/BPzh7wyvttBedHm3wkB
x0QO760Ozy2S9Er3l6pIUr5ORRg9v9uDzrIp+4IhNDhm
-----END CERTIFICATE-----