Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/FbXNABn-Yq7ygx0pAxYZoxh35t8.roa
File:                     FbXNABn-Yq7ygx0pAxYZoxh35t8.roa (raw, json)
Hash identifier:          YeRU0XbzrVYuhCikxgBDd+FnXLquRcLMVS2Q/5MUGNI=
Subject key identifier:   15:B5:CD:00:19:FE:62:AE:F2:83:1D:29:03:16:19:A3:18:77:E6:DF
Certificate issuer:       /CN=7a59a5cc61febdb916d4624bbe8c10897353b0c1
Certificate serial:       018CC3B686A18D89AA411919B204FA8E44DF
Authority key identifier: 7A:59:A5:CC:61:FE:BD:B9:16:D4:62:4B:BE:8C:10:89:73:53:B0:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/FbXNABn-Yq7ygx0pAxYZoxh35t8.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35129
IP address blocks:        88.135.0.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/elmlzGH-vbkW1GJLvowQiXNTsME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/elmlzGH-vbkW1GJLvowQiXNTsME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:86:a1:8d:89:aa:41:19:19:b2:04:fa:8e:44:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a59a5cc61febdb916d4624bbe8c10897353b0c1
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15b5cd0019fe62aef2831d29031619a31877e6df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ac:a0:07:f6:15:bd:bc:ba:f3:02:14:6f:79:
                    74:18:ef:00:05:04:07:dd:a0:ab:fb:39:4d:77:c2:
                    2c:eb:a3:9f:91:50:9f:2f:48:d9:d5:70:47:03:ce:
                    33:02:ef:c8:c3:69:91:18:aa:76:4c:28:91:f0:ea:
                    20:bb:93:7d:1f:da:00:ab:42:e8:e9:7c:7c:1e:8f:
                    ce:e1:e1:5b:73:21:62:c3:57:33:bb:61:fc:b5:b5:
                    6f:5f:19:d8:77:f9:91:dd:1a:45:51:9b:a1:15:0a:
                    ab:3a:d3:92:ac:25:32:d7:43:94:cd:0d:55:db:b6:
                    41:4e:db:16:92:ad:8b:bd:3f:b6:fe:93:e2:cc:3a:
                    55:ac:f6:fd:7c:f6:35:f3:4a:f3:c3:65:f1:d2:85:
                    36:16:0b:a7:64:e1:8d:4e:79:95:5c:55:ab:e6:ca:
                    f8:ea:ef:ad:e4:f3:14:89:d7:26:07:6d:24:38:4d:
                    56:18:4f:77:22:1f:4f:0c:6a:f0:48:da:6b:fe:87:
                    f9:83:c8:7c:fe:ae:d3:ab:8e:57:5a:34:5d:0e:00:
                    23:96:70:35:84:ab:9c:9b:2b:9c:7a:1d:0a:21:60:
                    93:61:2f:f6:a6:d3:4d:e5:c5:f5:e5:8e:20:d3:ca:
                    3d:d9:70:98:26:30:cb:ae:ac:c5:2a:7d:be:22:5c:
                    de:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B5:CD:00:19:FE:62:AE:F2:83:1D:29:03:16:19:A3:18:77:E6:DF
            X509v3 Authority Key Identifier:
                keyid:7A:59:A5:CC:61:FE:BD:B9:16:D4:62:4B:BE:8C:10:89:73:53:B0:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/FbXNABn-Yq7ygx0pAxYZoxh35t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/elmlzGH-vbkW1GJLvowQiXNTsME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c5:4a:9b:53:d1:79:e5:f9:22:35:a3:17:df:e2:4b:f8:2b:3c:
         45:44:d1:59:6e:68:56:c3:2f:c8:89:25:2c:db:fa:44:dd:97:
         91:13:5c:fa:ea:2a:40:c4:fa:a3:2c:dc:18:82:40:d6:f6:0f:
         4a:cd:20:79:33:0c:4c:b8:91:99:9d:62:ba:d6:2e:3f:10:98:
         3d:3b:df:a6:49:aa:10:1b:a1:99:43:da:f0:0b:6d:a9:d8:ae:
         f2:b0:cd:24:da:8e:9f:7c:0b:76:a2:73:67:e3:4a:b0:3a:ee:
         d2:04:f3:fa:d1:1e:c9:c2:22:c3:38:fa:9f:03:34:7f:a2:f9:
         47:d7:b8:c0:f0:ab:28:b7:d1:97:59:81:6d:be:64:ae:1b:6c:
         6c:08:25:16:09:de:6e:f4:75:03:de:9b:45:75:74:1f:e7:e3:
         83:ae:24:20:b1:7f:54:5d:b3:67:d1:09:ed:3c:a4:ce:23:c8:
         91:34:ff:d7:e2:fa:bf:f3:45:3d:2e:b7:fc:9c:a6:f9:4d:b0:
         01:fb:40:6c:43:51:84:9b:77:bb:d7:c3:71:33:a5:26:25:59:
         2f:f8:2a:43:8b:54:0a:42:2e:d8:18:07:ad:4b:45:0b:bb:20:
         5a:93:40:21:61:a5:00:5c:12:9a:1f:f9:28:71:d6:31:3f:8c:
         12:b5:6e:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtoahjYmqQRkZsgT6jkTfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNTlhNWNjNjFmZWJkYjkxNmQ0NjI0YmJlOGMxMDg5NzM1
M2IwYzEwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWI1Y2QwMDE5ZmU2MmFlZjI4MzFkMjkwMzE2MTlhMzE4NzdlNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKygB/YVvby68wIUb3l0GO8ABQQH
3aCr+zlNd8Is66OfkVCfL0jZ1XBHA84zAu/Iw2mRGKp2TCiR8Oogu5N9H9oAq0Lo
6Xx8Ho/O4eFbcyFiw1czu2H8tbVvXxnYd/mR3RpFUZuhFQqrOtOSrCUy10OUzQ1V
27ZBTtsWkq2LvT+2/pPizDpVrPb9fPY180rzw2Xx0oU2FgunZOGNTnmVXFWr5sr4
6u+t5PMUidcmB20kOE1WGE93Ih9PDGrwSNpr/of5g8h8/q7Tq45XWjRdDgAjlnA1
hKucmyuceh0KIWCTYS/2ptNN5cX15Y4g08o92XCYJjDLrqzFKn2+IlzeMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBW1zQAZ/mKu8oMdKQMWGaMYd+bfMB8GA1UdIwQY
MBaAFHpZpcxh/r25FtRiS76MEIlzU7DBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWxtbHpHSC12YmtXMUdKTHZvd1FpWE5Uc01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9iMWFiMWItMGU5NS00YzNjLTg3Njgt
OTAzZDA4MzQ5NmU1LzEvRmJYTkFCbi1ZcTd5Z3gwcEF4WVpveGgzNXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9iMWFiMWItMGU5NS00YzNjLTg3NjgtOTAzZDA4MzQ5NmU1
LzEvZWxtbHpHSC12YmtXMUdKTHZvd1FpWE5Uc01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWIcAMA0G
CSqGSIb3DQEBCwUAA4IBAQDFSptT0Xnl+SI1oxff4kv4KzxFRNFZbmhWwy/IiSUs
2/pE3ZeRE1z66ipAxPqjLNwYgkDW9g9KzSB5MwxMuJGZnWK61i4/EJg9O9+mSaoQ
G6GZQ9rwC22p2K7ysM0k2o6ffAt2onNn40qwOu7SBPP60R7JwiLDOPqfAzR/ovlH
17jA8Ksot9GXWYFtvmSuG2xsCCUWCd5u9HUD3ptFdXQf5+ODriQgsX9UXbNn0Qnt
PKTOI8iRNP/X4vq/80U9Lrf8nKb5TbAB+0BsQ1GEm3e718NxM6UmJVkv+CpDi1QK
Qi7YGAetS0ULuyBak0AhYaUAXBKaH/kocdYxP4wStW5M
-----END CERTIFICATE-----