Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/f21ee7-4925-4dd6-b202-64278c0d8ebf/1/x_U88OgzG_fcfA4DOcXwhKUTVtU.roa
File:                     x_U88OgzG_fcfA4DOcXwhKUTVtU.roa (raw, json)
Hash identifier:          q/laUfiJ7ttEMbK3X8jZZTctkcHxS9hKJflwSoFSrUE=
Subject key identifier:   C7:F5:3C:F0:E8:33:1B:F7:DC:7C:0E:03:39:C5:F0:84:A5:13:56:D5
Certificate issuer:       /CN=54d6ff134bd656f0ce14d410b02bec551eb69a2c
Certificate serial:       018CC34925134827F7FBC84AFD5C95C9401C
Authority key identifier: 54:D6:FF:13:4B:D6:56:F0:CE:14:D4:10:B0:2B:EC:55:1E:B6:9A:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VNb_E0vWVvDOFNQQsCvsVR62miw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/f21ee7-4925-4dd6-b202-64278c0d8ebf/1/x_U88OgzG_fcfA4DOcXwhKUTVtU.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60267
IP address blocks:        185.87.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/f21ee7-4925-4dd6-b202-64278c0d8ebf/1/VNb_E0vWVvDOFNQQsCvsVR62miw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/f21ee7-4925-4dd6-b202-64278c0d8ebf/1/VNb_E0vWVvDOFNQQsCvsVR62miw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VNb_E0vWVvDOFNQQsCvsVR62miw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:25:13:48:27:f7:fb:c8:4a:fd:5c:95:c9:40:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54d6ff134bd656f0ce14d410b02bec551eb69a2c
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7f53cf0e8331bf7dc7c0e0339c5f084a51356d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:87:de:7f:a9:c5:2a:98:36:4f:db:5a:7f:75:
                    f8:8f:9a:3e:f0:43:31:59:d7:52:60:37:0f:d6:26:
                    2d:48:d1:a3:d5:9e:1f:6a:a3:b8:9d:3b:c5:7c:26:
                    75:a6:31:a5:09:a6:ff:58:5c:6b:99:d5:d1:bb:98:
                    62:a9:8c:55:5d:3e:1a:17:6b:91:fd:7e:ea:34:ea:
                    f1:48:32:2a:3e:1e:0f:34:5d:ea:cf:5e:71:17:8d:
                    44:33:3e:3e:f9:a3:5f:da:27:c8:9c:0d:86:99:4c:
                    60:e1:73:99:6b:aa:fc:b0:91:c7:5d:52:fe:f5:c9:
                    39:e0:48:4e:e1:db:f3:ca:c6:fa:d6:9b:7d:fa:94:
                    a6:94:6f:5a:27:47:16:96:e1:f9:96:76:d4:56:4a:
                    d9:61:e9:2b:2b:e2:af:a3:c5:b2:09:6c:49:d6:87:
                    fa:07:92:57:6a:f5:1d:91:6c:4f:77:80:0b:c3:24:
                    1d:e9:ef:85:51:26:3d:b6:8b:6b:52:46:c8:68:50:
                    d9:ea:d8:da:8a:1a:4f:5e:2c:64:0c:47:d4:83:53:
                    af:2c:27:bd:cd:2f:a8:c5:09:7c:fd:37:63:c7:86:
                    31:2a:98:f9:b2:05:19:a3:c7:b9:bb:8d:96:5a:4a:
                    c6:9e:9a:1f:e7:42:91:d7:58:92:86:e1:10:f8:04:
                    ee:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F5:3C:F0:E8:33:1B:F7:DC:7C:0E:03:39:C5:F0:84:A5:13:56:D5
            X509v3 Authority Key Identifier:
                keyid:54:D6:FF:13:4B:D6:56:F0:CE:14:D4:10:B0:2B:EC:55:1E:B6:9A:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VNb_E0vWVvDOFNQQsCvsVR62miw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f21ee7-4925-4dd6-b202-64278c0d8ebf/1/x_U88OgzG_fcfA4DOcXwhKUTVtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f21ee7-4925-4dd6-b202-64278c0d8ebf/1/VNb_E0vWVvDOFNQQsCvsVR62miw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:a1:ed:ef:63:19:11:09:1a:96:85:0c:d9:7f:e4:33:4f:fd:
         ad:64:95:c8:1e:a7:67:19:46:50:66:20:1d:ac:61:d9:d8:c7:
         aa:aa:26:98:b7:99:f4:b2:f4:2b:c3:f0:8b:16:5a:3b:ba:19:
         63:cf:0f:52:5c:d5:98:54:48:60:7d:6c:c5:1c:1e:4c:3c:1c:
         58:83:ad:9d:87:fb:1e:74:ac:a9:4d:22:c5:ef:24:c6:0b:97:
         53:2c:1a:be:ef:09:6f:54:7e:03:3e:55:ca:15:58:7b:fe:10:
         00:63:15:08:a0:bc:37:25:4a:ef:08:11:e6:47:5f:cc:90:6a:
         fa:f7:5d:b1:d3:b3:f3:86:40:65:6d:da:50:58:9d:65:f4:59:
         84:e5:97:ea:0d:6e:62:cb:87:31:e5:ab:0e:7e:5b:eb:92:f9:
         24:52:1b:11:32:50:d1:c0:9e:fa:79:26:21:23:a1:98:b9:64:
         87:80:da:a9:a7:e0:0c:9e:1b:ee:0f:97:b4:55:73:71:e9:d1:
         da:90:7b:f3:7c:e6:48:91:73:64:40:08:99:33:14:6d:f7:20:
         5c:98:14:17:38:2c:3e:a5:53:c1:fb:77:d9:21:d9:92:c0:8d:
         eb:b4:8f:1e:18:21:cd:ef:c4:5d:33:76:59:03:83:cb:81:65:
         cc:a9:45:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSUTSCf3+8hK/VyVyUAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ZDZmZjEzNGJkNjU2ZjBjZTE0ZDQxMGIwMmJlYzU1MWVi
NjlhMmMwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y1M2NmMGU4MzMxYmY3ZGM3YzBlMDMzOWM1ZjA4NGE1MTM1NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYfef6nFKpg2T9taf3X4j5o+8EMx
WddSYDcP1iYtSNGj1Z4faqO4nTvFfCZ1pjGlCab/WFxrmdXRu5hiqYxVXT4aF2uR
/X7qNOrxSDIqPh4PNF3qz15xF41EMz4++aNf2ifInA2GmUxg4XOZa6r8sJHHXVL+
9ck54EhO4dvzysb61pt9+pSmlG9aJ0cWluH5lnbUVkrZYekrK+Kvo8WyCWxJ1of6
B5JXavUdkWxPd4ALwyQd6e+FUSY9totrUkbIaFDZ6tjaihpPXixkDEfUg1OvLCe9
zS+oxQl8/Tdjx4YxKpj5sgUZo8e5u42WWkrGnpof50KR11iShuEQ+ATuSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf1PPDoMxv33HwOAznF8ISlE1bVMB8GA1UdIwQY
MBaAFFTW/xNL1lbwzhTUELAr7FUetposMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk5iX0UwdldWdkRPRk5RUXNDdnNWUjYybWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mMjFlZTctNDkyNS00ZGQ2LWIyMDIt
NjQyNzhjMGQ4ZWJmLzEveF9VODhPZ3pHX2ZjZkE0RE9jWHdoS1VUVnRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mMjFlZTctNDkyNS00ZGQ2LWIyMDItNjQyNzhjMGQ4ZWJm
LzEvVk5iX0UwdldWdkRPRk5RUXNDdnNWUjYybWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVdgMA0G
CSqGSIb3DQEBCwUAA4IBAQBHoe3vYxkRCRqWhQzZf+QzT/2tZJXIHqdnGUZQZiAd
rGHZ2MeqqiaYt5n0svQrw/CLFlo7uhljzw9SXNWYVEhgfWzFHB5MPBxYg62dh/se
dKypTSLF7yTGC5dTLBq+7wlvVH4DPlXKFVh7/hAAYxUIoLw3JUrvCBHmR1/MkGr6
912x07PzhkBlbdpQWJ1l9FmE5ZfqDW5iy4cx5asOflvrkvkkUhsRMlDRwJ76eSYh
I6GYuWSHgNqpp+AMnhvuD5e0VXNx6dHakHvzfOZIkXNkQAiZMxRt9yBcmBQXOCw+
pVPB+3fZIdmSwI3rtI8eGCHN78RdM3ZZA4PLgWXMqUW5
-----END CERTIFICATE-----