Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/B_X4250QTzFknU2T6114xYTtKVE.roa
File:                     B_X4250QTzFknU2T6114xYTtKVE.roa (raw, json)
Hash identifier:          rx7NnSYHswopvf2uZ9CJ558iuB7Dh+JHRpDYJVifras=
Subject key identifier:   07:F5:F8:DB:9D:10:4F:31:64:9D:4D:93:EB:5D:78:C5:84:ED:29:51
Certificate issuer:       /CN=88d7592f411900c067b5e7a219a345abfdbaa40f
Certificate serial:       018CC7261740DA17A570323B7D70A33E497D
Authority key identifier: 88:D7:59:2F:41:19:00:C0:67:B5:E7:A2:19:A3:45:AB:FD:BA:A4:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iNdZL0EZAMBnteeiGaNFq_26pA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/B_X4250QTzFknU2T6114xYTtKVE.roa
Signing time:             Mon 01 Jan 2024 22:30:11 +0000
ROA not before:           Mon 01 Jan 2024 22:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62214
IP address blocks:        185.112.156.0/22 maxlen: 22
                          2a02:6080::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/iNdZL0EZAMBnteeiGaNFq_26pA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/iNdZL0EZAMBnteeiGaNFq_26pA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iNdZL0EZAMBnteeiGaNFq_26pA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:17:40:da:17:a5:70:32:3b:7d:70:a3:3e:49:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d7592f411900c067b5e7a219a345abfdbaa40f
        Validity
            Not Before: Jan  1 22:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07f5f8db9d104f31649d4d93eb5d78c584ed2951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ab:84:c6:53:ce:02:75:44:0a:81:4a:8b:f6:
                    b0:30:58:87:e8:fd:60:16:05:fb:14:92:fe:da:a9:
                    fd:ac:67:b8:8c:47:f1:ce:9c:5a:b7:40:38:39:36:
                    7c:ed:1f:06:4f:3c:ec:06:6d:eb:f3:b2:e0:92:bf:
                    c1:9c:d0:8d:3a:a4:66:5a:4e:7a:92:09:38:87:dd:
                    82:36:35:59:9e:8a:a2:24:c1:5f:04:02:27:57:3d:
                    a8:d7:b3:ad:fc:c9:be:0b:92:0e:fd:c1:61:98:1c:
                    81:7a:d4:ad:c0:74:ab:7f:53:9a:88:35:22:53:a3:
                    34:8e:b0:99:c0:0d:b0:5d:91:fa:d5:4a:79:01:ba:
                    93:30:31:e3:dc:02:86:c1:a2:59:d2:96:43:06:c8:
                    33:9c:8b:7c:87:fe:76:c5:84:c9:60:96:a7:50:b0:
                    04:b9:05:d5:e1:47:15:d4:58:03:e4:a4:14:4c:98:
                    e7:0d:dc:a6:19:14:ed:83:f8:9f:e4:4d:b6:fe:0b:
                    e5:66:b7:e2:0a:eb:53:3b:64:c0:41:38:df:eb:5e:
                    c6:a7:b0:ed:e5:47:00:dd:29:8d:38:5d:a5:b6:66:
                    93:67:95:04:05:b3:dc:4b:c5:cf:d6:9a:f4:2e:f1:
                    f4:4d:eb:b0:13:28:ac:de:53:6f:27:3f:82:ef:d5:
                    ee:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F5:F8:DB:9D:10:4F:31:64:9D:4D:93:EB:5D:78:C5:84:ED:29:51
            X509v3 Authority Key Identifier:
                keyid:88:D7:59:2F:41:19:00:C0:67:B5:E7:A2:19:A3:45:AB:FD:BA:A4:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iNdZL0EZAMBnteeiGaNFq_26pA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/B_X4250QTzFknU2T6114xYTtKVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/iNdZL0EZAMBnteeiGaNFq_26pA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.156.0/22
                IPv6:
                  2a02:6080::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:d5:43:f6:2f:4c:5b:99:16:f9:c1:c4:f7:27:0b:c3:fd:bf:
         23:2a:1f:66:c7:54:9a:2c:7f:17:57:7c:ea:0d:ae:73:1f:c5:
         f7:12:e2:8d:e3:81:49:83:4e:14:5d:e9:0d:cc:04:a5:b8:8c:
         74:0e:97:aa:5e:23:43:b0:ae:86:c5:32:2e:a5:9d:9f:df:a8:
         a5:7d:12:08:2c:5e:0b:4f:45:d1:99:5c:91:44:4e:bb:22:b0:
         c1:78:3b:5e:5a:a1:9e:48:3a:ee:47:98:d8:5a:fb:f2:d7:dc:
         7b:5b:1b:60:e5:90:fe:71:b2:aa:44:4e:cf:55:98:07:08:0e:
         7d:93:ff:14:fd:cb:c9:dc:ad:f2:2e:98:cc:82:be:1d:be:35:
         b5:c6:27:12:ac:00:78:90:1e:82:a2:7e:06:e3:b7:91:07:83:
         e2:fe:5a:bc:89:e2:3b:0b:b0:92:94:57:a3:08:4d:c4:bb:b4:
         b1:a8:aa:7e:db:f4:42:c9:46:22:24:1f:33:7a:e6:c2:20:53:
         9d:33:96:24:a9:dd:dc:a0:68:e4:c2:59:a1:e2:31:68:e6:ed:
         69:d4:6a:7d:a6:f1:83:3d:0a:4c:41:20:25:10:80:82:c1:fd:
         90:8c:04:ff:a5:c4:29:80:12:d9:9a:0e:ed:81:89:72:6e:90:
         d7:f5:d1:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJhdA2helcDI7fXCjPkl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZDc1OTJmNDExOTAwYzA2N2I1ZTdhMjE5YTM0NWFiZmRi
YWE0MGYwHhcNMjQwMTAxMjIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Y1ZjhkYjlkMTA0ZjMxNjQ5ZDRkOTNlYjVkNzhjNTg0ZWQyOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgquExlPOAnVECoFKi/awMFiH6P1g
FgX7FJL+2qn9rGe4jEfxzpxat0A4OTZ87R8GTzzsBm3r87Lgkr/BnNCNOqRmWk56
kgk4h92CNjVZnoqiJMFfBAInVz2o17Ot/Mm+C5IO/cFhmByBetStwHSrf1OaiDUi
U6M0jrCZwA2wXZH61Up5AbqTMDHj3AKGwaJZ0pZDBsgznIt8h/52xYTJYJanULAE
uQXV4UcV1FgD5KQUTJjnDdymGRTtg/if5E22/gvlZrfiCutTO2TAQTjf617Gp7Dt
5UcA3SmNOF2ltmaTZ5UEBbPcS8XP1pr0LvH0TeuwEyis3lNvJz+C79XuYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAf1+NudEE8xZJ1Nk+tdeMWE7SlRMB8GA1UdIwQY
MBaAFIjXWS9BGQDAZ7XnohmjRav9uqQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU5kWkwwRVpBTUJudGVlaUdhTkZxXzI2cEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi84OGI1YzMtMzQxYy00ZWE5LWE5NDgt
NmU4ZTlkNTJkZDQ4LzEvQl9YNDI1MFFUekZrblUyVDYxMTR4WVR0S1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi84OGI1YzMtMzQxYy00ZWE5LWE5NDgtNmU4ZTlkNTJkZDQ4
LzEvaU5kWkwwRVpBTUJudGVlaUdhTkZxXzI2cEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXCcMA0E
AgACMAcDBQAqAmCAMA0GCSqGSIb3DQEBCwUAA4IBAQBH1UP2L0xbmRb5wcT3JwvD
/b8jKh9mx1SaLH8XV3zqDa5zH8X3EuKN44FJg04UXekNzASluIx0DpeqXiNDsK6G
xTIupZ2f36ilfRIILF4LT0XRmVyRRE67IrDBeDteWqGeSDruR5jYWvvy19x7Wxtg
5ZD+cbKqRE7PVZgHCA59k/8U/cvJ3K3yLpjMgr4dvjW1xicSrAB4kB6Con4G47eR
B4Pi/lq8ieI7C7CSlFejCE3Eu7SxqKp+2/RCyUYiJB8zeubCIFOdM5Ykqd3coGjk
wlmh4jFo5u1p1Gp9pvGDPQpMQSAlEICCwf2QjAT/pcQpgBLZmg7tgYlybpDX9dG+
-----END CERTIFICATE-----