Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/PMCrve8pkVbUoQ9zmJ6QiD0YpXA.roa
File:                     PMCrve8pkVbUoQ9zmJ6QiD0YpXA.roa (raw, json)
Hash identifier:          D9M5LqsOnyGFswrkiuLJlzFTEuroa3n4juQQHJL0gjc=
Subject key identifier:   3C:C0:AB:BD:EF:29:91:56:D4:A1:0F:73:98:9E:90:88:3D:18:A5:70
Certificate issuer:       /CN=04aaff87f6dc0d3699bc2937a34dc717f94f007e
Certificate serial:       01928ED366F1E3BCED97B5959AF27BA7C046
Authority key identifier: 04:AA:FF:87:F6:DC:0D:36:99:BC:29:37:A3:4D:C7:17:F9:4F:00:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKr_h_bcDTaZvCk3o03HF_lPAH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/PMCrve8pkVbUoQ9zmJ6QiD0YpXA.roa
Signing time:             Tue 15 Oct 2024 06:17:51 +0000
ROA not before:           Tue 15 Oct 2024 06:17:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8968
IP address blocks:        151.88.35.0/24 maxlen: 24
                          151.88.111.0/24 maxlen: 24
                          151.88.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/BKr_h_bcDTaZvCk3o03HF_lPAH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/BKr_h_bcDTaZvCk3o03HF_lPAH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKr_h_bcDTaZvCk3o03HF_lPAH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8e:d3:66:f1:e3:bc:ed:97:b5:95:9a:f2:7b:a7:c0:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04aaff87f6dc0d3699bc2937a34dc717f94f007e
        Validity
            Not Before: Oct 15 06:17:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cc0abbdef299156d4a10f73989e90883d18a570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:14:d3:76:18:e1:98:f3:cb:d2:d4:0e:e4:7c:
                    fe:18:ff:32:93:55:88:4f:85:23:58:24:c6:17:6b:
                    43:64:e8:06:87:8b:0f:29:dc:34:85:3c:e9:ea:2c:
                    62:d5:93:5e:fb:10:6f:28:75:3d:14:4f:52:82:36:
                    87:b7:69:dc:90:af:27:56:a0:67:2c:69:1f:98:88:
                    8a:37:e3:96:d9:28:58:36:e0:0d:28:e5:58:14:ec:
                    5e:5c:02:e6:7b:b3:7c:69:34:4a:c2:6c:03:0f:3d:
                    53:44:59:85:a6:3b:6c:3f:13:42:1b:3e:10:9f:94:
                    a8:db:f5:c1:3f:85:82:5a:1e:00:a4:f5:79:92:93:
                    36:26:be:33:cc:b1:93:da:c8:d3:c4:77:18:2e:e0:
                    f5:13:6d:91:77:41:78:a1:50:df:cf:a3:4d:96:eb:
                    e9:27:ac:30:52:44:b9:cb:bf:19:4d:11:08:29:3e:
                    ee:9e:59:aa:37:1a:0c:29:01:3f:55:f8:23:e4:8e:
                    e9:14:c3:66:df:3e:2f:fa:b6:30:08:00:d8:15:64:
                    0d:96:b0:94:3a:0d:ff:fc:ee:12:6e:bb:7d:03:00:
                    e8:8e:19:6a:0b:86:7a:a7:d5:2b:48:43:f4:73:96:
                    61:2f:fc:86:21:05:c0:47:6f:e5:fa:23:e7:7c:35:
                    a9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C0:AB:BD:EF:29:91:56:D4:A1:0F:73:98:9E:90:88:3D:18:A5:70
            X509v3 Authority Key Identifier:
                keyid:04:AA:FF:87:F6:DC:0D:36:99:BC:29:37:A3:4D:C7:17:F9:4F:00:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKr_h_bcDTaZvCk3o03HF_lPAH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/PMCrve8pkVbUoQ9zmJ6QiD0YpXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/BKr_h_bcDTaZvCk3o03HF_lPAH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.88.35.0/24
                  151.88.111.0-151.88.112.255

    Signature Algorithm: sha256WithRSAEncryption
         37:ad:ae:99:f0:3c:21:62:fc:e2:4b:66:30:74:46:c2:da:20:
         28:41:80:ee:d8:f3:f5:92:d8:76:e4:33:02:bf:77:a4:49:2e:
         3f:6a:e1:80:a7:fb:21:e3:4c:af:61:ab:dc:b9:6f:69:b6:1e:
         da:ce:b8:ad:59:4c:ea:3b:80:95:f8:ba:a2:22:6f:7e:ef:58:
         d2:6a:74:a8:95:2b:c7:7a:c7:df:9c:a1:b7:77:40:29:f7:78:
         c1:7c:36:0d:b7:8d:4e:31:54:b7:cd:b4:e8:83:e0:a0:ea:da:
         a2:90:9b:f3:af:76:39:b9:e3:fd:05:8a:c8:5e:26:c0:ea:9c:
         77:d8:e2:bf:33:34:4b:d5:bd:a0:41:4b:38:27:0e:0a:d9:41:
         94:ab:ce:39:49:5b:53:80:e1:eb:59:ae:6b:09:aa:3f:7e:8a:
         df:6e:72:4e:e1:da:d9:dc:8b:dc:64:f1:20:ec:2a:ff:92:2a:
         4f:1e:20:22:4f:4a:47:fa:82:2b:a0:8a:f2:9f:31:d3:f7:ea:
         d8:87:b2:8a:4f:0e:e7:be:dc:17:82:8d:6e:c2:35:09:bd:e4:
         03:22:7c:a2:26:11:f0:e7:85:19:b9:b3:23:87:9d:d7:43:7b:
         b1:9c:06:36:a4:f7:65:b7:db:93:da:a9:f0:68:bd:58:b9:5f:
         81:e5:91:53
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZKO02bx47ztl7WVmvJ7p8BGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YWFmZjg3ZjZkYzBkMzY5OWJjMjkzN2EzNGRjNzE3Zjk0
ZjAwN2UwHhcNMjQxMDE1MDYxNzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2MwYWJiZGVmMjk5MTU2ZDRhMTBmNzM5ODllOTA4ODNkMThhNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhTTdhjhmPPL0tQO5Hz+GP8yk1WI
T4UjWCTGF2tDZOgGh4sPKdw0hTzp6ixi1ZNe+xBvKHU9FE9SgjaHt2nckK8nVqBn
LGkfmIiKN+OW2ShYNuANKOVYFOxeXALme7N8aTRKwmwDDz1TRFmFpjtsPxNCGz4Q
n5So2/XBP4WCWh4ApPV5kpM2Jr4zzLGT2sjTxHcYLuD1E22Rd0F4oVDfz6NNluvp
J6wwUkS5y78ZTREIKT7unlmqNxoMKQE/Vfgj5I7pFMNm3z4v+rYwCADYFWQNlrCU
Og3//O4Sbrt9AwDojhlqC4Z6p9UrSEP0c5ZhL/yGIQXAR2/l+iPnfDWpcQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDzAq73vKZFW1KEPc5iekIg9GKVwMB8GA1UdIwQY
MBaAFASq/4f23A02mbwpN6NNxxf5TwB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktyX2hfYmNEVGFadkNrM28wM0hGX2xQQUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS81ZjJlMzEtOWFkNi00MzhlLWFkN2Mt
ZTNlMGMyZGJmMDY3LzEvUE1DcnZlOHBrVmJVb1E5em1KNlFpRDBZcFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS81ZjJlMzEtOWFkNi00MzhlLWFkN2MtZTNlMGMyZGJmMDY3
LzEvQktyX2hfYmNEVGFadkNrM28wM0hGX2xQQUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAl1gjMAwD
BACXWG8DBACXWHAwDQYJKoZIhvcNAQELBQADggEBADetrpnwPCFi/OJLZjB0RsLa
IChBgO7Y8/WS2HbkMwK/d6RJLj9q4YCn+yHjTK9hq9y5b2m2HtrOuK1ZTOo7gJX4
uqIib37vWNJqdKiVK8d6x9+cobd3QCn3eMF8Ng23jU4xVLfNtOiD4KDq2qKQm/Ov
djm54/0FisheJsDqnHfY4r8zNEvVvaBBSzgnDgrZQZSrzjlJW1OA4etZrmsJqj9+
it9uck7h2tnci9xk8SDsKv+SKk8eICJPSkf6giugivKfMdP36tiHsopPDue+3BeC
jW7CNQm95AMifKImEfDnhRm5syOHnddDe7GcBjak92W325PaqfBovVi5X4HlkVM=
-----END CERTIFICATE-----