Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/OcBWVVCBko1z9btCF6D7WARYzY0.roa
File:                     OcBWVVCBko1z9btCF6D7WARYzY0.roa (raw, json)
Hash identifier:          M1+gWPU29WI/jqr/r1CDxz8jj6f75jYfDiBzmur6QHQ=
Subject key identifier:   39:C0:56:55:50:81:92:8D:73:F5:BB:42:17:A0:FB:58:04:58:CD:8D
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       018CC9BC237E8349339EE557C7F93662B0FC
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/OcBWVVCBko1z9btCF6D7WARYzY0.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21371
IP address blocks:        88.84.128.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:23:7e:83:49:33:9e:e5:57:c7:f9:36:62:b0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c056555081928d73f5bb4217a0fb580458cd8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:50:f2:fd:c0:53:67:df:c6:9e:25:f8:d5:87:
                    ec:26:63:b4:bd:8a:3d:50:17:c9:5e:57:04:c9:20:
                    10:e3:21:da:a3:d5:48:01:89:ab:1b:96:83:9b:41:
                    9a:df:ea:57:70:44:d3:22:fd:5e:33:ad:a3:44:34:
                    b9:43:24:c9:5d:23:4e:33:3d:43:0a:9e:3b:f2:93:
                    50:c6:b3:f3:f7:f2:a5:91:b6:d3:e0:3b:58:91:15:
                    f3:0f:18:90:fc:7a:9e:15:f0:d5:9f:f0:56:be:0f:
                    87:12:f8:14:12:0d:74:b8:a7:dc:6f:da:5e:8a:93:
                    6f:48:c2:1c:af:d3:1a:cc:c6:c0:7b:2e:01:6a:fb:
                    c6:4f:b9:00:a7:81:1f:46:fb:52:12:22:b1:ad:1d:
                    36:0b:24:bb:7a:44:d4:e9:62:a6:3d:a7:56:d3:31:
                    ed:7b:a8:fa:08:d1:f3:79:03:8a:87:a1:05:8a:c0:
                    4b:0e:0e:a8:f5:50:62:17:68:b5:26:67:93:76:f6:
                    7f:f2:20:96:75:a6:85:95:2d:f8:6a:84:d8:d5:fd:
                    21:4f:7d:ba:fa:47:79:39:b1:b1:65:52:37:5d:e8:
                    c2:3d:46:26:b6:6d:e0:05:9d:c0:04:b5:6f:37:05:
                    e0:7d:0b:58:05:56:76:68:68:d7:a3:ec:66:aa:72:
                    9f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C0:56:55:50:81:92:8D:73:F5:BB:42:17:A0:FB:58:04:58:CD:8D
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/OcBWVVCBko1z9btCF6D7WARYzY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         55:a4:11:b0:7a:85:79:45:4f:ff:4f:24:8d:66:c2:72:21:27:
         b5:69:f4:f3:81:c1:ec:a6:ea:6b:0b:cb:07:c6:0e:1a:e7:38:
         de:19:ef:38:7a:c4:f4:1e:3f:0c:1c:33:7b:d7:1d:a0:b9:f7:
         a7:24:26:bc:56:76:de:dc:e6:95:09:05:ea:98:19:a1:62:53:
         21:89:8c:a3:e7:4e:1a:7e:e3:54:e6:9f:7d:23:10:5b:ef:d9:
         b7:42:3e:29:71:c7:18:c0:41:69:8d:df:53:9d:a8:38:30:0a:
         47:09:2d:85:33:d4:3b:26:cc:39:55:fe:6e:ed:32:e6:3b:89:
         18:9b:fd:8b:7c:68:0e:83:d2:36:85:53:e2:fa:86:ac:cf:e8:
         88:20:75:c4:1f:6f:2a:90:cb:b4:bc:8f:2e:74:d6:4c:02:89:
         e0:07:b3:fa:9b:ce:23:53:0d:ee:e2:2b:38:e0:b0:7b:9b:7a:
         85:26:6e:1a:cf:8e:30:b1:11:99:db:58:05:99:ba:bb:89:73:
         76:4a:28:92:03:81:69:83:f4:bc:c5:9f:25:7c:f6:59:d2:11:
         8b:b4:39:92:6d:c3:1c:74:cf:11:52:8e:08:b2:24:00:90:1d:
         42:63:66:c1:a0:44:0d:78:a2:b9:e9:b5:2b:e6:91:85:4c:b2:
         66:06:98:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCN+g0kznuVXx/k2YrD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWMwNTY1NTUwODE5MjhkNzNmNWJiNDIxN2EwZmI1ODA0NThjZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFDy/cBTZ9/GniX41YfsJmO0vYo9
UBfJXlcEySAQ4yHao9VIAYmrG5aDm0Ga3+pXcETTIv1eM62jRDS5QyTJXSNOMz1D
Cp478pNQxrPz9/KlkbbT4DtYkRXzDxiQ/HqeFfDVn/BWvg+HEvgUEg10uKfcb9pe
ipNvSMIcr9MazMbAey4BavvGT7kAp4EfRvtSEiKxrR02CyS7ekTU6WKmPadW0zHt
e6j6CNHzeQOKh6EFisBLDg6o9VBiF2i1JmeTdvZ/8iCWdaaFlS34aoTY1f0hT326
+kd5ObGxZVI3XejCPUYmtm3gBZ3ABLVvNwXgfQtYBVZ2aGjXo+xmqnKf0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnAVlVQgZKNc/W7Qheg+1gEWM2NMB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEvT2NCV1ZWQ0JrbzF6OWJ0Q0Y2RDdXQVJZelkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWFSAMA0G
CSqGSIb3DQEBCwUAA4IBAQBVpBGweoV5RU//TySNZsJyISe1afTzgcHspuprC8sH
xg4a5zjeGe84esT0Hj8MHDN71x2gufenJCa8Vnbe3OaVCQXqmBmhYlMhiYyj504a
fuNU5p99IxBb79m3Qj4pcccYwEFpjd9Tnag4MApHCS2FM9Q7Jsw5Vf5u7TLmO4kY
m/2LfGgOg9I2hVPi+oasz+iIIHXEH28qkMu0vI8udNZMAongB7P6m84jUw3u4is4
4LB7m3qFJm4az44wsRGZ21gFmbq7iXN2SiiSA4Fpg/S8xZ8lfPZZ0hGLtDmSbcMc
dM8RUo4IsiQAkB1CY2bBoEQNeKK56bUr5pGFTLJmBph0
-----END CERTIFICATE-----