Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/8bf256-d96f-4500-b13c-35e069348eb3/1/X_NZr2F-TMWlg8T-TW-2bbUy59k.roa
File:                     X_NZr2F-TMWlg8T-TW-2bbUy59k.roa (raw, json)
Hash identifier:          81A8YGUJ7EPU4TUitT7eS7l3NoQ0QxyF372hJDZD2/Y=
Subject key identifier:   5F:F3:59:AF:61:7E:4C:C5:A5:83:C4:FE:4D:6F:B6:6D:B5:32:E7:D9
Certificate issuer:       /CN=f4b207ef8024244bbb4a0106af19270150c9f624
Certificate serial:       018E0F56F5B33427A5023EA000E9751CA839
Authority key identifier: F4:B2:07:EF:80:24:24:4B:BB:4A:01:06:AF:19:27:01:50:C9:F6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LIH74AkJEu7SgEGrxknAVDJ9iQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/8bf256-d96f-4500-b13c-35e069348eb3/1/X_NZr2F-TMWlg8T-TW-2bbUy59k.roa
Signing time:             Tue 05 Mar 2024 15:59:01 +0000
ROA not before:           Tue 05 Mar 2024 15:59:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215488
IP address blocks:        188.214.224.0/24 maxlen: 24
                          2a14:4c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/8bf256-d96f-4500-b13c-35e069348eb3/1/9LIH74AkJEu7SgEGrxknAVDJ9iQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/8bf256-d96f-4500-b13c-35e069348eb3/1/9LIH74AkJEu7SgEGrxknAVDJ9iQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LIH74AkJEu7SgEGrxknAVDJ9iQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0f:56:f5:b3:34:27:a5:02:3e:a0:00:e9:75:1c:a8:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b207ef8024244bbb4a0106af19270150c9f624
        Validity
            Not Before: Mar  5 15:59:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ff359af617e4cc5a583c4fe4d6fb66db532e7d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ed:b1:ae:df:fc:a9:5f:52:c9:65:94:ec:03:
                    eb:94:8b:fc:93:f2:73:8d:b2:5b:7e:3d:88:c6:c8:
                    79:cf:3b:5f:de:24:90:83:5b:3a:9c:42:cd:8d:78:
                    90:ff:96:4d:b9:0c:cf:50:ed:a1:f4:2b:52:e3:2f:
                    32:cb:d2:23:cc:47:dd:be:27:d3:56:41:a1:db:be:
                    c3:89:7d:73:10:2e:bd:f3:cc:ec:0b:34:93:4d:cc:
                    9b:43:53:e3:c3:2f:df:00:cd:89:80:9d:9f:28:ac:
                    4e:6b:46:bd:87:9f:c3:4f:e7:0a:5c:4f:e6:8b:0b:
                    26:82:d3:61:22:e3:87:03:d9:3f:08:2d:1c:ef:7b:
                    a7:5a:09:3a:db:43:89:b7:d7:56:bd:0d:e6:20:c1:
                    b0:d2:e0:1e:69:66:1c:42:1f:a6:77:cb:ed:13:d7:
                    5a:4b:7c:56:df:62:f9:a6:38:b3:6a:a9:4e:7a:db:
                    ec:bc:7e:2a:8e:20:6e:d9:88:75:59:72:e0:52:aa:
                    68:f4:33:90:2b:8b:69:de:78:48:11:a1:63:8f:57:
                    ed:9d:bf:c3:b3:79:c6:76:17:73:85:f8:d3:29:97:
                    d5:40:30:c5:ac:37:e8:16:4f:18:32:c4:f3:b6:6f:
                    5e:96:cd:f4:52:43:70:b3:50:e9:7a:2a:42:97:f7:
                    13:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F3:59:AF:61:7E:4C:C5:A5:83:C4:FE:4D:6F:B6:6D:B5:32:E7:D9
            X509v3 Authority Key Identifier:
                keyid:F4:B2:07:EF:80:24:24:4B:BB:4A:01:06:AF:19:27:01:50:C9:F6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LIH74AkJEu7SgEGrxknAVDJ9iQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/8bf256-d96f-4500-b13c-35e069348eb3/1/X_NZr2F-TMWlg8T-TW-2bbUy59k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/8bf256-d96f-4500-b13c-35e069348eb3/1/9LIH74AkJEu7SgEGrxknAVDJ9iQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.224.0/24
                IPv6:
                  2a14:4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:f9:ff:12:10:1f:f2:91:a3:fd:1d:c2:2a:ba:1a:c4:36:44:
         73:36:8b:dd:de:49:fb:1b:3b:8a:2c:54:69:2a:62:4b:e6:3a:
         d0:48:86:66:b6:4b:65:cb:c5:1c:6a:02:6d:35:67:0f:1f:6f:
         11:31:7e:30:52:61:f8:a5:29:e8:4e:5f:f8:4a:4a:4d:2e:0f:
         6b:36:9a:8a:9e:f5:b8:9c:f9:7b:0e:a0:fb:02:0c:c7:ba:d5:
         41:12:97:2d:68:69:5e:5b:5e:b1:55:45:f7:76:a5:12:ef:3a:
         f2:a3:5e:ef:73:ef:5b:69:61:48:cd:6b:2f:ac:53:c2:db:d7:
         25:6f:e2:76:d7:94:90:a5:d1:2b:a2:b2:c6:5b:3d:fa:ba:92:
         1a:1f:1b:a4:2e:bd:eb:4d:b4:ae:b6:3e:88:f8:9a:6d:66:92:
         6b:5b:dd:9b:00:b8:74:72:6f:a7:92:5d:ca:4d:b1:66:1c:f0:
         51:63:e6:82:8d:5b:25:a6:f1:c8:20:e6:ae:0e:fe:7b:51:8b:
         8f:e1:01:18:19:0e:1d:eb:37:6a:f7:74:93:ab:3c:cc:a8:8d:
         9a:da:72:78:f0:94:14:c0:25:ee:cd:a7:e3:8e:82:80:2d:f4:
         67:4c:8d:c2:51:8d:70:ce:f0:a0:b6:86:39:ff:31:67:10:2d:
         85:d0:d3:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4PVvWzNCelAj6gAOl1HKg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjIwN2VmODAyNDI0NGJiYjRhMDEwNmFmMTkyNzAxNTBj
OWY2MjQwHhcNMjQwMzA1MTU1OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmYzNTlhZjYxN2U0Y2M1YTU4M2M0ZmU0ZDZmYjY2ZGI1MzJlN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiO2xrt/8qV9SyWWU7APrlIv8k/Jz
jbJbfj2Ixsh5zztf3iSQg1s6nELNjXiQ/5ZNuQzPUO2h9CtS4y8yy9IjzEfdvifT
VkGh277DiX1zEC6988zsCzSTTcybQ1Pjwy/fAM2JgJ2fKKxOa0a9h5/DT+cKXE/m
iwsmgtNhIuOHA9k/CC0c73unWgk620OJt9dWvQ3mIMGw0uAeaWYcQh+md8vtE9da
S3xW32L5pjizaqlOetvsvH4qjiBu2Yh1WXLgUqpo9DOQK4tp3nhIEaFjj1ftnb/D
s3nGdhdzhfjTKZfVQDDFrDfoFk8YMsTztm9els30UkNws1DpeipCl/cT/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF/zWa9hfkzFpYPE/k1vtm21MufZMB8GA1UdIwQY
MBaAFPSyB++AJCRLu0oBBq8ZJwFQyfYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxJSDc0QWtKRXU3U2dFR3J4a25BVkRKOWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS84YmYyNTYtZDk2Zi00NTAwLWIxM2Mt
MzVlMDY5MzQ4ZWIzLzEvWF9OWnIyRi1UTVdsZzhULVRXLTJiYlV5NTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS84YmYyNTYtZDk2Zi00NTAwLWIxM2MtMzVlMDY5MzQ4ZWIz
LzEvOUxJSDc0QWtKRXU3U2dFR3J4a25BVkRKOWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvNbgMA0E
AgACMAcDBQAqFATAMA0GCSqGSIb3DQEBCwUAA4IBAQCj+f8SEB/ykaP9HcIquhrE
NkRzNovd3kn7GzuKLFRpKmJL5jrQSIZmtktly8UcagJtNWcPH28RMX4wUmH4pSno
Tl/4SkpNLg9rNpqKnvW4nPl7DqD7AgzHutVBEpctaGleW16xVUX3dqUS7zryo17v
c+9baWFIzWsvrFPC29clb+J215SQpdErorLGWz36upIaHxukLr3rTbSutj6I+Jpt
ZpJrW92bALh0cm+nkl3KTbFmHPBRY+aCjVslpvHIIOauDv57UYuP4QEYGQ4d6zdq
93STqzzMqI2a2nJ48JQUwCXuzafjjoKALfRnTI3CUY1wzvCgtoY5/zFnEC2F0NNp
-----END CERTIFICATE-----