Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/920672-8559-4b08-b94e-14e76d58e08a/1/A7fwAMWgwoeceg3CsN6VIdZpuV0.roa
File:                     A7fwAMWgwoeceg3CsN6VIdZpuV0.roa (raw, json)
Hash identifier:          mOCRVTYri43Ry7xm/Jgyn6dLJuZzXuc2DkKdnKtPowM=
Subject key identifier:   03:B7:F0:00:C5:A0:C2:87:9C:7A:0D:C2:B0:DE:95:21:D6:69:B9:5D
Certificate issuer:       /CN=eb801c6ba450c9cc4fe6ef3f060e0fa360b5d3b0
Certificate serial:       018CC42459E10CD4EEEE5B246CBADF3BEC96
Authority key identifier: EB:80:1C:6B:A4:50:C9:CC:4F:E6:EF:3F:06:0E:0F:A3:60:B5:D3:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/64Aca6RQycxP5u8_Bg4Po2C107A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/920672-8559-4b08-b94e-14e76d58e08a/1/A7fwAMWgwoeceg3CsN6VIdZpuV0.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        88.151.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/920672-8559-4b08-b94e-14e76d58e08a/1/64Aca6RQycxP5u8_Bg4Po2C107A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/920672-8559-4b08-b94e-14e76d58e08a/1/64Aca6RQycxP5u8_Bg4Po2C107A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/64Aca6RQycxP5u8_Bg4Po2C107A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:59:e1:0c:d4:ee:ee:5b:24:6c:ba:df:3b:ec:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb801c6ba450c9cc4fe6ef3f060e0fa360b5d3b0
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03b7f000c5a0c2879c7a0dc2b0de9521d669b95d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1c:ca:21:92:e3:3a:5b:06:8f:7d:3c:ba:ac:
                    51:56:6b:27:ab:6c:ad:cc:f1:3a:f4:72:ed:d3:49:
                    21:88:68:ae:7f:1f:8b:b4:41:2b:ef:8c:ae:26:6e:
                    a6:7f:5a:0d:c8:e2:f8:4d:61:c1:19:8a:41:5b:d9:
                    cf:7f:3e:06:65:ae:5d:c6:2e:31:54:ed:c5:6c:c9:
                    87:f8:67:26:46:48:d7:8a:b2:74:03:2d:57:b8:93:
                    e0:3b:cd:44:be:d8:b2:c2:ee:6b:db:09:ff:4b:e0:
                    3c:fb:6b:10:19:c3:7e:67:ee:f6:1d:8c:ba:9f:fd:
                    ff:db:29:42:47:d1:87:6e:8e:82:b9:85:dd:5c:ae:
                    0a:3d:53:bd:41:bd:0c:24:ff:b3:88:e5:40:22:36:
                    e4:50:3f:71:00:84:49:5e:27:9f:9d:57:e1:cc:2e:
                    45:b0:f5:d8:da:83:74:57:fa:6b:f3:de:04:62:2b:
                    42:89:dc:cb:f6:5a:85:b8:21:89:7c:3d:97:59:01:
                    2b:e1:af:45:be:49:0a:29:81:99:65:b1:8b:a9:2a:
                    bf:c7:fc:48:1e:58:95:c9:09:bc:4b:ec:95:4b:f7:
                    5e:9e:94:56:f7:68:88:39:6e:ff:68:be:f6:ae:7f:
                    91:3a:c5:80:d8:dd:ea:c6:26:17:e1:b7:41:d5:26:
                    b0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B7:F0:00:C5:A0:C2:87:9C:7A:0D:C2:B0:DE:95:21:D6:69:B9:5D
            X509v3 Authority Key Identifier:
                keyid:EB:80:1C:6B:A4:50:C9:CC:4F:E6:EF:3F:06:0E:0F:A3:60:B5:D3:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/64Aca6RQycxP5u8_Bg4Po2C107A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/920672-8559-4b08-b94e-14e76d58e08a/1/A7fwAMWgwoeceg3CsN6VIdZpuV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/920672-8559-4b08-b94e-14e76d58e08a/1/64Aca6RQycxP5u8_Bg4Po2C107A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:9f:e5:01:10:8c:cb:d9:d7:6f:fc:23:79:fe:58:01:85:88:
         31:81:98:98:88:4e:86:7f:75:1b:a9:10:ca:8d:bc:1e:a2:9b:
         50:f9:39:9d:c7:9f:b2:b4:5f:47:af:fa:f4:58:6e:77:43:a0:
         1c:19:67:6e:fa:ab:e1:e3:c1:33:83:31:bc:fb:15:a3:6c:48:
         7b:21:88:9f:9c:e2:6a:23:33:9e:4e:46:26:81:e3:12:dc:3f:
         5b:2a:d0:be:d9:27:b4:b8:f7:5f:31:81:d7:85:b8:3d:3e:82:
         18:de:99:c0:32:e5:7d:ae:4d:53:17:11:4d:6c:9d:2e:58:77:
         6b:ff:8a:2f:62:e9:4b:30:8f:c5:ae:0d:63:6e:e0:d8:89:92:
         f6:ba:ea:c7:1c:a0:3c:69:b4:32:cf:1f:5b:cc:16:2d:3f:49:
         02:e1:2d:b4:3f:49:96:8e:b5:07:39:d1:d3:1c:f7:c4:18:19:
         01:e1:b1:d1:90:1e:db:2f:09:e5:1a:cc:a1:74:cd:c0:7f:0c:
         f2:b5:fe:f2:11:16:5d:93:f7:99:57:9c:38:d8:f0:2c:d0:aa:
         3e:5b:72:53:34:a5:45:7b:6d:a1:ff:8b:52:5b:f8:7e:25:1c:
         62:08:a7:81:ae:31:34:01:be:53:6f:2e:c7:95:cc:86:7f:fc:
         1c:cc:bd:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFnhDNTu7lskbLrfO+yWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViODAxYzZiYTQ1MGM5Y2M0ZmU2ZWYzZjA2MGUwZmEzNjBi
NWQzYjAwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I3ZjAwMGM1YTBjMjg3OWM3YTBkYzJiMGRlOTUyMWQ2NjliOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhzKIZLjOlsGj308uqxRVmsnq2yt
zPE69HLt00khiGiufx+LtEEr74yuJm6mf1oNyOL4TWHBGYpBW9nPfz4GZa5dxi4x
VO3FbMmH+GcmRkjXirJ0Ay1XuJPgO81Evtiywu5r2wn/S+A8+2sQGcN+Z+72HYy6
n/3/2ylCR9GHbo6CuYXdXK4KPVO9Qb0MJP+ziOVAIjbkUD9xAIRJXiefnVfhzC5F
sPXY2oN0V/pr894EYitCidzL9lqFuCGJfD2XWQEr4a9FvkkKKYGZZbGLqSq/x/xI
HliVyQm8S+yVS/denpRW92iIOW7/aL72rn+ROsWA2N3qxiYX4bdB1SawSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAO38ADFoMKHnHoNwrDelSHWabldMB8GA1UdIwQY
MBaAFOuAHGukUMnMT+bvPwYOD6NgtdOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjRBY2E2UlF5Y3hQNXU4X0JnNFBvMkMxMDdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS85MjA2NzItODU1OS00YjA4LWI5NGUt
MTRlNzZkNThlMDhhLzEvQTdmd0FNV2d3b2VjZWczQ3NONlZJZFpwdVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS85MjA2NzItODU1OS00YjA4LWI5NGUtMTRlNzZkNThlMDhh
LzEvNjRBY2E2UlF5Y3hQNXU4X0JnNFBvMkMxMDdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJdwMA0G
CSqGSIb3DQEBCwUAA4IBAQBGn+UBEIzL2ddv/CN5/lgBhYgxgZiYiE6Gf3UbqRDK
jbweoptQ+Tmdx5+ytF9Hr/r0WG53Q6AcGWdu+qvh48EzgzG8+xWjbEh7IYifnOJq
IzOeTkYmgeMS3D9bKtC+2Se0uPdfMYHXhbg9PoIY3pnAMuV9rk1TFxFNbJ0uWHdr
/4ovYulLMI/Frg1jbuDYiZL2uurHHKA8abQyzx9bzBYtP0kC4S20P0mWjrUHOdHT
HPfEGBkB4bHRkB7bLwnlGsyhdM3Afwzytf7yERZdk/eZV5w42PAs0Ko+W3JTNKVF
e22h/4tSW/h+JRxiCKeBrjE0Ab5Tby7HlcyGf/wczL20
-----END CERTIFICATE-----