Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/NKTfhaynuJikCOogT3iqVZYPPlY.roa
File:                     NKTfhaynuJikCOogT3iqVZYPPlY.roa (raw, json)
Hash identifier:          UbQmJTpXODvPpPEwff/DbF9QubJQYm387FRfIMAqhyo=
Subject key identifier:   34:A4:DF:85:AC:A7:B8:98:A4:08:EA:20:4F:78:AA:55:96:0F:3E:56
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC98305F7BA56107195B87D5F63359
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/NKTfhaynuJikCOogT3iqVZYPPlY.roa
Signing time:             Mon 01 Jan 2024 16:30:17 +0000
ROA not before:           Mon 01 Jan 2024 16:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        88.151.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:98:30:5f:7b:a5:61:07:19:5b:87:d5:f6:33:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34a4df85aca7b898a408ea204f78aa55960f3e56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:81:58:b9:48:0e:95:2a:77:49:79:ed:28:f7:
                    87:4e:ea:66:bd:78:d6:da:08:fd:12:ee:9a:2c:b0:
                    46:4d:43:90:81:5c:11:c5:e5:a2:eb:8d:89:56:04:
                    79:7d:1f:7e:77:86:1b:e7:1d:44:b5:43:2e:9d:2c:
                    9b:d5:8f:28:e7:b9:bc:18:15:03:37:9c:ef:e9:93:
                    84:f1:63:30:df:d9:26:df:28:03:85:e9:c4:80:f3:
                    23:38:ea:e4:29:61:76:b0:5b:08:40:4d:d4:4b:9a:
                    87:d2:f0:c1:77:9f:dd:a9:05:20:f7:fd:5c:12:d6:
                    0e:b8:5f:fa:c7:4e:dc:6f:e0:e0:53:e0:62:74:e7:
                    24:45:66:ef:9b:7e:f6:11:28:c8:6a:08:1c:37:8a:
                    d1:97:83:3e:aa:5d:b8:55:1f:73:8f:e2:33:e7:8e:
                    52:c0:0e:8f:68:ba:c4:8a:c7:22:03:0d:e7:a8:12:
                    9f:ce:42:d4:fc:2e:56:65:dd:af:b7:04:de:c4:b1:
                    79:71:69:91:2c:00:52:54:4e:f2:c8:59:53:89:31:
                    85:a3:c9:ad:a9:8d:5c:1d:62:61:af:e2:f3:8f:8c:
                    f0:55:73:f3:31:53:02:4e:ff:f2:0c:66:2d:3b:ee:
                    48:a5:9d:8c:e4:f8:95:26:28:58:e9:fe:22:aa:c5:
                    3f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A4:DF:85:AC:A7:B8:98:A4:08:EA:20:4F:78:AA:55:96:0F:3E:56
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/NKTfhaynuJikCOogT3iqVZYPPlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:29:74:99:cd:6d:3a:b5:e1:9c:69:75:8c:fa:84:88:a6:05:
         a6:b3:cc:ec:5f:a0:2c:01:3d:df:ce:57:0c:c9:fc:0a:ae:4b:
         3a:28:95:50:76:92:f1:03:62:f9:70:47:92:bf:1b:a2:c4:f0:
         e3:6b:33:a5:d6:e8:8f:b2:84:8d:9f:3b:4d:35:6d:1d:b0:07:
         a3:79:8c:e6:70:ac:a5:96:22:05:bc:60:85:cf:94:ce:fa:cd:
         9b:52:b1:8a:6a:c6:e2:d4:c8:68:c3:ee:e0:4d:93:44:45:a9:
         ac:87:5d:6d:44:23:6c:a9:a4:03:57:87:3b:f7:e0:54:c3:e1:
         6b:17:10:4e:02:d8:25:07:4d:e6:ff:52:21:e3:84:5b:0c:ba:
         fc:55:1f:92:09:63:b4:16:7c:23:39:f1:ef:ff:0b:9e:2a:37:
         3c:cf:b4:d3:ec:0c:ea:0d:ae:58:70:f2:01:24:b0:c0:b1:fa:
         66:88:c6:29:8d:07:0d:1b:6c:5a:33:8f:c4:db:74:cf:12:bd:
         f2:37:c4:cf:02:c8:e5:a6:d4:d0:0d:49:c9:e1:bb:d3:19:de:
         93:8e:28:52:ae:80:a9:b6:df:47:91:ec:da:c9:d3:47:1e:fe:
         dd:94:de:8b:f6:73:4f:de:42:9a:fe:c4:54:25:60:be:99:8e:
         79:f5:83:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JgwX3ulYQcZW4fV9jNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE0ZGY4NWFjYTdiODk4YTQwOGVhMjA0Zjc4YWE1NTk2MGYzZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIFYuUgOlSp3SXntKPeHTupmvXjW
2gj9Eu6aLLBGTUOQgVwRxeWi642JVgR5fR9+d4Yb5x1EtUMunSyb1Y8o57m8GBUD
N5zv6ZOE8WMw39km3ygDhenEgPMjOOrkKWF2sFsIQE3US5qH0vDBd5/dqQUg9/1c
EtYOuF/6x07cb+DgU+BidOckRWbvm372ESjIaggcN4rRl4M+ql24VR9zj+Iz545S
wA6PaLrEisciAw3nqBKfzkLU/C5WZd2vtwTexLF5cWmRLABSVE7yyFlTiTGFo8mt
qY1cHWJhr+Lzj4zwVXPzMVMCTv/yDGYtO+5IpZ2M5PiVJihY6f4iqsU/BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSk34Wsp7iYpAjqIE94qlWWDz5WMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvTktUZmhheW51SmlrQ09vZ1QzaXFWWllQUGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfHMA0G
CSqGSIb3DQEBCwUAA4IBAQC4KXSZzW06teGcaXWM+oSIpgWms8zsX6AsAT3fzlcM
yfwKrks6KJVQdpLxA2L5cEeSvxuixPDjazOl1uiPsoSNnztNNW0dsAejeYzmcKyl
liIFvGCFz5TO+s2bUrGKasbi1Mhow+7gTZNERamsh11tRCNsqaQDV4c79+BUw+Fr
FxBOAtglB03m/1Ih44RbDLr8VR+SCWO0FnwjOfHv/wueKjc8z7TT7AzqDa5YcPIB
JLDAsfpmiMYpjQcNG2xaM4/E23TPEr3yN8TPAsjlptTQDUnJ4bvTGd6TjihSroCp
tt9HkezaydNHHv7dlN6L9nNP3kKa/sRUJWC+mY559YMG
-----END CERTIFICATE-----