Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/qDLE5BHxzgZQ0026cMLMad0jOfo.roa
File:                     qDLE5BHxzgZQ0026cMLMad0jOfo.roa (raw, json)
Hash identifier:          gnmQZ0MoC0KKQasuKpGk7tno2QdAKH117dQdxsifcus=
Subject key identifier:   A8:32:C4:E4:11:F1:CE:06:50:D3:4D:BA:70:C2:CC:69:DD:23:39:FA
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DCA0A8FC413118F4370521901FE188
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/qDLE5BHxzgZQ0026cMLMad0jOfo.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216063
IP address blocks:        88.151.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a0:a8:fc:41:31:18:f4:37:05:21:90:1f:e1:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a832c4e411f1ce0650d34dba70c2cc69dd2339fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:bd:4c:49:66:b4:a9:00:f9:13:72:23:d0:70:
                    69:44:e4:bc:36:b7:c1:ba:9e:5b:69:2c:a1:f7:c0:
                    bd:1a:7d:63:5e:4a:5d:ab:39:21:39:13:c7:61:fe:
                    38:d5:31:b7:7e:1f:e4:d9:88:d3:51:d2:a3:0a:52:
                    df:8d:56:03:50:05:8b:ed:1d:e8:68:3d:70:07:2c:
                    0c:63:b2:63:91:28:03:57:5f:23:a2:87:2d:dd:0f:
                    ab:45:8b:78:82:46:11:6f:3f:73:85:a9:37:76:4f:
                    14:b2:22:20:b9:31:c9:11:b0:08:17:7e:c7:22:c1:
                    3a:39:19:f4:b7:81:8c:2f:31:40:a5:92:28:90:7a:
                    4e:01:15:e7:12:30:9c:0f:5b:75:0a:fc:15:18:df:
                    b3:b3:8c:03:84:c0:54:fd:ee:b2:63:d5:c2:7f:13:
                    93:75:b2:1b:5f:cf:ac:c9:19:6d:3c:1c:b8:62:69:
                    bb:5b:28:0f:d8:fd:e7:95:f5:25:73:07:ee:95:8f:
                    21:75:94:ea:ed:79:82:1c:df:d2:8c:bf:17:60:1d:
                    3a:e5:15:68:f3:e0:89:63:c3:dc:1c:26:77:a1:35:
                    e0:32:ed:46:14:ff:be:d2:e9:dc:91:49:22:4d:2e:
                    cf:24:92:7e:5e:b0:55:a5:13:7c:02:80:09:90:f7:
                    b2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:32:C4:E4:11:F1:CE:06:50:D3:4D:BA:70:C2:CC:69:DD:23:39:FA
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/qDLE5BHxzgZQ0026cMLMad0jOfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:28:31:c5:d0:4f:01:3f:54:f6:d3:25:cc:58:e5:06:3a:72:
         d8:e1:9b:de:99:ee:8d:d0:ef:1e:6a:b8:f9:8f:3f:50:bc:24:
         be:29:c6:03:7a:41:d3:39:2c:9a:63:b2:ff:29:31:5d:48:25:
         91:54:6b:11:5b:22:b6:5c:01:a9:11:17:f7:a9:59:12:c1:1b:
         c8:7f:29:fc:72:3f:3a:47:42:ab:94:20:fd:9f:28:0c:cd:cd:
         71:5a:49:c8:69:36:f8:9a:ed:3a:e3:a5:fa:0c:02:4c:3c:fc:
         3f:db:63:ef:fb:fd:57:4e:94:b7:8d:2b:75:82:58:bd:ae:27:
         59:8f:e9:7d:c0:69:b1:b1:af:00:53:ca:ea:ad:e3:86:1c:5f:
         0a:45:1f:39:77:a2:ee:80:52:98:32:2b:5f:37:b2:64:fc:ca:
         c7:77:36:89:03:2a:ac:81:03:46:72:dd:08:cf:9f:ae:4f:c5:
         b0:3c:68:15:24:0b:42:5c:4e:57:fe:a0:e0:fa:82:89:f8:24:
         88:ed:ec:f1:0a:84:e1:9c:1e:f1:6a:17:55:df:1c:b3:a0:5b:
         ca:43:62:59:83:66:1d:2f:40:f6:82:c8:eb:6a:cc:1b:64:34:
         6c:68:00:84:8b:6c:f7:f2:a6:9b:bb:80:f3:d0:93:12:73:87:
         e3:52:91:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KCo/EExGPQ3BSGQH+GIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODMyYzRlNDExZjFjZTA2NTBkMzRkYmE3MGMyY2M2OWRkMjMzOWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiL1MSWa0qQD5E3Ij0HBpROS8NrfB
up5baSyh98C9Gn1jXkpdqzkhORPHYf441TG3fh/k2YjTUdKjClLfjVYDUAWL7R3o
aD1wBywMY7JjkSgDV18jooct3Q+rRYt4gkYRbz9zhak3dk8UsiIguTHJEbAIF37H
IsE6ORn0t4GMLzFApZIokHpOARXnEjCcD1t1CvwVGN+zs4wDhMBU/e6yY9XCfxOT
dbIbX8+syRltPBy4Ymm7WygP2P3nlfUlcwfulY8hdZTq7XmCHN/SjL8XYB065RVo
8+CJY8PcHCZ3oTXgMu1GFP++0unckUkiTS7PJJJ+XrBVpRN8AoAJkPey7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgyxOQR8c4GUNNNunDCzGndIzn6MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvcURMRTVCSHh6Z1pRMDAyNmNNTE1hZDBqT2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfCMA0G
CSqGSIb3DQEBCwUAA4IBAQBNKDHF0E8BP1T20yXMWOUGOnLY4Zveme6N0O8earj5
jz9QvCS+KcYDekHTOSyaY7L/KTFdSCWRVGsRWyK2XAGpERf3qVkSwRvIfyn8cj86
R0KrlCD9nygMzc1xWknIaTb4mu0646X6DAJMPPw/22Pv+/1XTpS3jSt1gli9ridZ
j+l9wGmxsa8AU8rqreOGHF8KRR85d6LugFKYMitfN7Jk/MrHdzaJAyqsgQNGct0I
z5+uT8WwPGgVJAtCXE5X/qDg+oKJ+CSI7ezxCoThnB7xahdV3xyzoFvKQ2JZg2Yd
L0D2gsjraswbZDRsaACEi2z38qabu4Dz0JMSc4fjUpHL
-----END CERTIFICATE-----