Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/fbe9f3-b98f-4dd3-8c99-4e2e7e874a40/1/PtL7sT8frxpX9j3vQpZwkcddZIQ.roa
File:                     PtL7sT8frxpX9j3vQpZwkcddZIQ.roa (raw, json)
Hash identifier:          adkmusU8Zvzo2kj97AX06c2CLHruHB13j15idpVdC3w=
Subject key identifier:   3E:D2:FB:B1:3F:1F:AF:1A:57:F6:3D:EF:42:96:70:91:C7:5D:64:84
Certificate issuer:       /CN=1f89954dc5aca70f8372cf7a62b5abcb8a17c2b7
Certificate serial:       018CC64A63ED80AA284DDE7206743C10846D
Authority key identifier: 1F:89:95:4D:C5:AC:A7:0F:83:72:CF:7A:62:B5:AB:CB:8A:17:C2:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4mVTcWspw-Dcs96YrWry4oXwrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/fbe9f3-b98f-4dd3-8c99-4e2e7e874a40/1/PtL7sT8frxpX9j3vQpZwkcddZIQ.roa
Signing time:             Mon 01 Jan 2024 18:30:13 +0000
ROA not before:           Mon 01 Jan 2024 18:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39617
IP address blocks:        194.50.88.0/24 maxlen: 24
                          2001:678:5ec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/fbe9f3-b98f-4dd3-8c99-4e2e7e874a40/1/H4mVTcWspw-Dcs96YrWry4oXwrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/fbe9f3-b98f-4dd3-8c99-4e2e7e874a40/1/H4mVTcWspw-Dcs96YrWry4oXwrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4mVTcWspw-Dcs96YrWry4oXwrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:63:ed:80:aa:28:4d:de:72:06:74:3c:10:84:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f89954dc5aca70f8372cf7a62b5abcb8a17c2b7
        Validity
            Not Before: Jan  1 18:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ed2fbb13f1faf1a57f63def42967091c75d6484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d3:cf:3b:ff:1e:ff:4d:8c:55:ac:57:5e:85:
                    af:c5:e0:6a:4e:fb:55:e6:8d:66:56:c8:d0:1b:16:
                    cd:85:ae:d3:eb:bf:1f:95:9b:0c:42:d3:fe:e7:c8:
                    73:56:34:f1:9a:5a:aa:33:dd:9e:ff:02:7d:91:98:
                    e2:6b:bb:e8:32:53:49:67:0c:52:00:30:88:a8:35:
                    e2:26:da:31:d2:17:d2:72:88:79:6f:9f:f1:56:a2:
                    bd:34:f3:8b:50:5f:a4:3d:55:a8:d3:5a:fb:6b:9a:
                    85:eb:d5:10:1a:58:4f:63:9b:6c:78:89:82:ca:33:
                    a8:ed:c2:18:a7:c4:bb:61:78:14:00:b7:16:4e:46:
                    72:f4:ce:31:b8:0d:6f:56:7b:64:6a:bb:08:56:6c:
                    a4:38:c9:5e:82:1a:91:46:9c:3a:7d:4c:21:4d:7d:
                    c0:8b:3d:29:a5:1e:f6:58:66:10:73:cc:a4:f3:8b:
                    e4:93:3b:b8:67:92:33:5d:74:fd:09:23:7a:98:b4:
                    58:0f:f9:22:60:52:d6:f6:49:7e:48:c3:a8:12:64:
                    a9:78:02:4f:7e:db:38:fa:f0:4e:f9:b7:bc:0a:0e:
                    61:b7:2f:6d:f1:a7:9c:86:eb:7b:90:9f:73:8e:0c:
                    ca:7b:56:17:d4:94:c5:37:97:54:66:a3:75:3b:9d:
                    ec:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D2:FB:B1:3F:1F:AF:1A:57:F6:3D:EF:42:96:70:91:C7:5D:64:84
            X509v3 Authority Key Identifier:
                keyid:1F:89:95:4D:C5:AC:A7:0F:83:72:CF:7A:62:B5:AB:CB:8A:17:C2:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4mVTcWspw-Dcs96YrWry4oXwrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fbe9f3-b98f-4dd3-8c99-4e2e7e874a40/1/PtL7sT8frxpX9j3vQpZwkcddZIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fbe9f3-b98f-4dd3-8c99-4e2e7e874a40/1/H4mVTcWspw-Dcs96YrWry4oXwrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.88.0/24
                IPv6:
                  2001:678:5ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:78:16:b4:fe:b3:a0:4f:86:3d:3c:b4:8d:b9:20:f2:5b:11:
         9e:2a:50:ab:cb:8a:3d:84:5c:97:b8:05:26:15:15:6f:7a:76:
         20:3a:ea:f0:19:17:8a:88:c8:a9:51:64:07:e6:cd:9a:54:73:
         4f:b3:69:bb:9c:93:88:5d:64:9c:5d:57:0a:b6:29:64:95:7b:
         c8:82:39:9b:53:41:4c:e4:82:86:a7:5e:70:67:df:a4:0d:05:
         06:3a:14:ad:b3:ba:30:9d:a6:09:99:23:60:73:2a:09:d6:f2:
         7f:ed:de:97:ae:0b:b0:a5:50:0d:76:92:55:f9:bb:58:bb:3f:
         84:9e:ba:95:5d:38:b6:f6:ec:a7:f3:c3:c9:c3:b3:b7:05:25:
         d6:cb:bd:37:71:9e:ec:a2:c0:4b:68:ba:b4:d1:c6:54:eb:17:
         2e:6a:da:0b:38:ef:83:85:8e:be:d9:82:c0:54:4e:96:66:65:
         37:11:b3:50:be:90:ad:96:01:ea:22:f7:e7:c7:ab:b0:af:48:
         33:4f:2d:1c:64:f1:93:a3:50:25:47:29:e5:61:40:49:bf:30:
         1f:75:4e:3d:54:c2:37:c9:cb:ae:a8:83:b8:96:a4:e6:36:04:
         bc:7c:f0:69:14:76:ed:56:92:b8:8f:95:4b:0b:9e:2c:df:e2:
         61:5e:e4:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSmPtgKooTd5yBnQ8EIRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmODk5NTRkYzVhY2E3MGY4MzcyY2Y3YTYyYjVhYmNiOGEx
N2MyYjcwHhcNMjQwMTAxMTgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQyZmJiMTNmMWZhZjFhNTdmNjNkZWY0Mjk2NzA5MWM3NWQ2NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtPPO/8e/02MVaxXXoWvxeBqTvtV
5o1mVsjQGxbNha7T678flZsMQtP+58hzVjTxmlqqM92e/wJ9kZjia7voMlNJZwxS
ADCIqDXiJtox0hfScoh5b5/xVqK9NPOLUF+kPVWo01r7a5qF69UQGlhPY5tseImC
yjOo7cIYp8S7YXgUALcWTkZy9M4xuA1vVntkarsIVmykOMleghqRRpw6fUwhTX3A
iz0ppR72WGYQc8yk84vkkzu4Z5IzXXT9CSN6mLRYD/kiYFLW9kl+SMOoEmSpeAJP
fts4+vBO+be8Cg5hty9t8aechut7kJ9zjgzKe1YX1JTFN5dUZqN1O53sGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD7S+7E/H68aV/Y970KWcJHHXWSEMB8GA1UdIwQY
MBaAFB+JlU3FrKcPg3LPemK1q8uKF8K3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDRtVlRjV3Nwdy1EY3M5NllyV3J5NG9Yd3JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9mYmU5ZjMtYjk4Zi00ZGQzLThjOTkt
NGUyZTdlODc0YTQwLzEvUHRMN3NUOGZyeHBYOWozdlFwWndrY2RkWklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9mYmU5ZjMtYjk4Zi00ZGQzLThjOTktNGUyZTdlODc0YTQw
LzEvSDRtVlRjV3Nwdy1EY3M5NllyV3J5NG9Yd3JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjJYMA8E
AgACMAkDBwAgAQZ4BewwDQYJKoZIhvcNAQELBQADggEBAGh4FrT+s6BPhj08tI25
IPJbEZ4qUKvLij2EXJe4BSYVFW96diA66vAZF4qIyKlRZAfmzZpUc0+zabuck4hd
ZJxdVwq2KWSVe8iCOZtTQUzkgoanXnBn36QNBQY6FK2zujCdpgmZI2BzKgnW8n/t
3peuC7ClUA12klX5u1i7P4SeupVdOLb27Kfzw8nDs7cFJdbLvTdxnuyiwEtourTR
xlTrFy5q2gs474OFjr7ZgsBUTpZmZTcRs1C+kK2WAeoi9+fHq7CvSDNPLRxk8ZOj
UCVHKeVhQEm/MB91Tj1UwjfJy66og7iWpOY2BLx88GkUdu1WkriPlUsLnizf4mFe
5FQ=
-----END CERTIFICATE-----