Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/88uGaBporzUSyJ98DlMWcm3Pcuw.roa
File:                     88uGaBporzUSyJ98DlMWcm3Pcuw.roa (raw, json)
Hash identifier:          d36SkzV7NYkZ6xVngbGEqr+rmcKb5WDMg4Z73AwOj/o=
Subject key identifier:   F3:CB:86:68:1A:68:AF:35:12:C8:9F:7C:0E:53:16:72:6D:CF:72:EC
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01904EBC7F755D8DE5748075D22D2AEABDDE
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/88uGaBporzUSyJ98DlMWcm3Pcuw.roa
Signing time:             Tue 25 Jun 2024 09:31:34 +0000
ROA not before:           Tue 25 Jun 2024 09:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215287
IP address blocks:        194.79.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:bc:7f:75:5d:8d:e5:74:80:75:d2:2d:2a:ea:bd:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jun 25 09:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3cb86681a68af3512c89f7c0e5316726dcf72ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c2:f0:92:6f:f0:02:0d:a8:28:86:dd:ac:fa:
                    5f:23:60:3a:db:dc:56:51:3b:58:98:dc:4d:e0:eb:
                    ee:fe:f0:46:0d:4c:46:a9:36:49:6b:0d:17:24:66:
                    f5:8b:5b:ff:ba:7c:25:b3:53:4e:ee:72:f7:b2:ab:
                    f2:96:ef:6e:29:5e:8b:f8:55:42:be:ad:a1:47:cd:
                    c1:85:e2:2a:8f:4c:60:91:69:b1:0e:d8:db:22:56:
                    5e:29:8b:f4:ab:27:7b:28:85:d1:d5:8a:91:ac:78:
                    bb:58:bf:3c:5c:d3:29:59:08:99:34:a8:c7:05:2a:
                    9c:09:9e:7b:cf:e0:4f:fd:3e:8b:08:b3:0c:df:2b:
                    2f:f5:45:7a:fc:b9:ee:9a:a1:9d:db:fa:b3:d7:b3:
                    83:c3:ab:a6:24:d8:94:3f:1f:d1:31:e7:35:fa:bd:
                    a2:ed:43:cd:01:52:1d:0f:e4:fb:2f:e1:1a:65:78:
                    a1:6f:1a:fd:27:2e:86:7e:76:c9:14:00:36:9e:3d:
                    cb:e2:93:b8:54:58:d3:d8:03:66:5c:a3:7d:e5:5e:
                    22:53:a6:c9:a1:3b:25:ca:c1:0d:a3:95:e3:ae:ea:
                    01:05:d9:09:93:17:d0:b0:7a:1c:dc:7e:2f:11:68:
                    f1:75:e6:cd:a2:d4:8d:83:a5:a4:b5:1d:ac:9b:df:
                    cd:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CB:86:68:1A:68:AF:35:12:C8:9F:7C:0E:53:16:72:6D:CF:72:EC
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/88uGaBporzUSyJ98DlMWcm3Pcuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.79.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:24:dd:6b:be:db:1e:c1:6f:2b:43:6b:64:58:61:44:b8:31:
         c3:81:86:9e:8c:cf:18:31:08:82:56:21:75:fc:ad:e6:c2:e4:
         c6:4c:40:09:8d:b3:7c:6e:14:9a:ce:b2:90:62:be:a7:38:8e:
         ae:f9:b2:dd:4f:7a:c2:30:8e:d3:e4:0b:c5:86:f5:1a:9d:af:
         4d:8d:af:40:f0:4d:44:e3:9d:11:37:37:60:c6:08:bd:2f:9e:
         a9:da:7f:71:6c:f0:19:cf:16:1c:83:8e:4e:29:ef:9c:24:6e:
         b9:9a:c2:75:ae:f2:c0:fc:dd:5a:5c:9a:90:dc:65:41:06:48:
         f0:e0:8b:83:a1:9e:db:df:b6:9e:de:60:ec:5f:95:55:04:ba:
         42:a1:ce:7d:08:e8:51:9b:e5:4b:66:6f:0e:2b:74:36:14:1b:
         7f:90:47:24:14:8b:73:ef:a9:6e:5c:af:40:4b:f2:16:8c:07:
         cc:93:0c:70:4c:43:3f:f4:31:bb:54:ef:49:12:96:8d:df:f9:
         a5:30:a7:a7:3d:9b:ff:0f:26:07:d7:60:57:0c:7b:b9:dc:7a:
         ce:a2:db:0a:b3:4a:02:0b:7f:ba:ab:be:c0:95:e5:d0:0a:4e:
         1c:a3:fa:02:00:82:18:97:c1:80:51:7d:8d:be:55:ab:d5:68:
         01:41:bc:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBOvH91XY3ldIB10i0q6r3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwNjI1MDkzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2NiODY2ODFhNjhhZjM1MTJjODlmN2MwZTUzMTY3MjZkY2Y3MmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8Lwkm/wAg2oKIbdrPpfI2A629xW
UTtYmNxN4Ovu/vBGDUxGqTZJaw0XJGb1i1v/unwls1NO7nL3sqvylu9uKV6L+FVC
vq2hR83BheIqj0xgkWmxDtjbIlZeKYv0qyd7KIXR1YqRrHi7WL88XNMpWQiZNKjH
BSqcCZ57z+BP/T6LCLMM3ysv9UV6/LnumqGd2/qz17ODw6umJNiUPx/RMec1+r2i
7UPNAVIdD+T7L+EaZXihbxr9Jy6GfnbJFAA2nj3L4pO4VFjT2ANmXKN95V4iU6bJ
oTslysENo5XjruoBBdkJkxfQsHoc3H4vEWjxdebNotSNg6WktR2sm9/NDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPLhmgaaK81EsiffA5TFnJtz3LsMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvODh1R2FCcG9yelVTeUo5OERsTVdjbTNQY3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwk8PMA0G
CSqGSIb3DQEBCwUAA4IBAQABJN1rvtsewW8rQ2tkWGFEuDHDgYaejM8YMQiCViF1
/K3mwuTGTEAJjbN8bhSazrKQYr6nOI6u+bLdT3rCMI7T5AvFhvUana9Nja9A8E1E
450RNzdgxgi9L56p2n9xbPAZzxYcg45OKe+cJG65msJ1rvLA/N1aXJqQ3GVBBkjw
4IuDoZ7b37ae3mDsX5VVBLpCoc59COhRm+VLZm8OK3Q2FBt/kEckFItz76luXK9A
S/IWjAfMkwxwTEM/9DG7VO9JEpaN3/mlMKenPZv/DyYH12BXDHu53HrOotsKs0oC
C3+6q77AleXQCk4co/oCAIIYl8GAUX2NvlWr1WgBQbwY
-----END CERTIFICATE-----