Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/88hqBD6YLyRKT_0Xd25ipvWCuyc.roa
File:                     88hqBD6YLyRKT_0Xd25ipvWCuyc.roa (raw, json)
Hash identifier:          6k4oZXCffuUGy8Qvvtblh2V2GPgy1/ReNxsB0YmmJ3U=
Subject key identifier:   F3:C8:6A:04:3E:98:2F:24:4A:4F:FD:17:77:6E:62:A6:F5:82:BB:27
Certificate issuer:       /CN=f5cf73b3e45f772fae1b915690b317344c3f442b
Certificate serial:       018E5781264F8CF08B1DDE2E57C6E3512788
Authority key identifier: F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/88hqBD6YLyRKT_0Xd25ipvWCuyc.roa
Signing time:             Tue 19 Mar 2024 16:17:45 +0000
ROA not before:           Tue 19 Mar 2024 16:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396362
IP address blocks:        92.243.84.0/24 maxlen: 24
                          176.223.109.0/24 maxlen: 24
                          2a0f:ea82::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:57:81:26:4f:8c:f0:8b:1d:de:2e:57:c6:e3:51:27:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5cf73b3e45f772fae1b915690b317344c3f442b
        Validity
            Not Before: Mar 19 16:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3c86a043e982f244a4ffd17776e62a6f582bb27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ab:eb:58:1c:8c:dd:fe:62:1c:8f:88:f3:ff:
                    aa:1e:a7:65:89:26:bc:e0:f0:df:b0:cf:51:e5:2c:
                    3d:f6:dd:40:92:52:70:9b:f6:57:83:9e:51:b1:32:
                    22:b7:d4:f5:3f:d4:1c:8e:75:f5:e7:16:61:c9:c7:
                    60:d6:34:31:f3:c6:9b:46:15:e8:81:c1:8d:e5:fe:
                    b0:3d:13:40:72:9e:ae:ad:e2:ef:f5:5c:a3:1f:b1:
                    0c:1b:7b:42:12:d0:fa:74:ee:35:20:73:52:98:b8:
                    93:35:16:e1:2a:e5:cc:d8:a8:e5:e3:21:4f:ba:24:
                    19:52:52:d8:e3:fd:34:1a:ef:61:50:df:ee:47:73:
                    97:86:4c:5c:b2:ae:4b:ae:9f:f2:2e:4b:d1:16:c0:
                    2a:20:75:34:5e:a3:9d:97:40:04:60:f1:8b:76:c1:
                    44:b0:e6:36:b6:d3:db:f6:e4:95:7c:8d:9b:aa:bf:
                    df:88:ce:75:0f:8d:e2:f0:cb:8d:89:cf:06:17:a7:
                    4c:a9:48:15:b9:ed:6f:da:80:c6:5b:ba:36:9f:e7:
                    cd:18:3e:a6:b5:ac:e3:2d:15:51:c9:1c:43:b8:1f:
                    88:15:6f:53:79:6a:8b:54:97:79:07:30:b1:94:0c:
                    05:8f:b5:86:7d:eb:fd:8b:0e:33:b9:b8:b2:63:24:
                    98:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C8:6A:04:3E:98:2F:24:4A:4F:FD:17:77:6E:62:A6:F5:82:BB:27
            X509v3 Authority Key Identifier:
                keyid:F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/88hqBD6YLyRKT_0Xd25ipvWCuyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.243.84.0/24
                  176.223.109.0/24
                IPv6:
                  2a0f:ea82::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:d9:82:ba:79:c4:f0:d1:40:39:d5:8c:4e:81:13:15:cc:c4:
         23:bf:d7:4c:3a:0b:a4:be:44:95:d4:4c:b5:95:37:50:fa:3d:
         2e:f4:3a:ea:01:98:5f:02:14:6d:25:5b:a7:03:5a:3d:99:a8:
         3b:ef:13:f3:35:0f:27:bb:69:ba:a6:ac:43:13:10:ce:a8:cf:
         40:e2:d9:c8:0b:d4:58:a7:ea:8f:f3:e0:ba:7e:11:0f:44:52:
         25:e6:3f:31:5a:42:17:af:8a:8a:6b:c8:e7:f3:1e:66:97:c9:
         63:83:65:bd:26:ce:c2:f0:85:cd:19:27:20:7c:95:82:52:8e:
         0e:ce:c4:c4:cb:87:2d:f7:4d:54:05:91:59:2c:14:0a:fd:61:
         65:09:c4:b6:96:a3:27:9e:70:40:6b:6a:1d:c8:d9:3c:60:45:
         54:51:8b:a2:6f:16:2a:a8:ef:61:66:70:ef:bb:8b:b3:f7:5f:
         ac:56:71:f6:ba:22:79:d2:82:47:d2:3b:d1:a2:62:62:7e:b0:
         d4:e3:fa:59:c6:b6:83:b4:e0:1e:a1:b4:b6:9f:94:81:eb:26:
         8e:ea:1c:d6:e8:0b:83:20:7c:57:72:b5:ea:fc:1c:e8:7d:5f:
         a4:c5:56:14:18:dc:95:90:af:23:be:ca:a2:80:bd:79:56:9f:
         dc:e2:9e:73
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY5XgSZPjPCLHd4uV8bjUSeIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Y2Y3M2IzZTQ1Zjc3MmZhZTFiOTE1NjkwYjMxNzM0NGMz
ZjQ0MmIwHhcNMjQwMzE5MTYxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2M4NmEwNDNlOTgyZjI0NGE0ZmZkMTc3NzZlNjJhNmY1ODJiYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1avrWByM3f5iHI+I8/+qHqdliSa8
4PDfsM9R5Sw99t1AklJwm/ZXg55RsTIit9T1P9QcjnX15xZhycdg1jQx88abRhXo
gcGN5f6wPRNAcp6ureLv9VyjH7EMG3tCEtD6dO41IHNSmLiTNRbhKuXM2Kjl4yFP
uiQZUlLY4/00Gu9hUN/uR3OXhkxcsq5Lrp/yLkvRFsAqIHU0XqOdl0AEYPGLdsFE
sOY2ttPb9uSVfI2bqr/fiM51D43i8MuNic8GF6dMqUgVue1v2oDGW7o2n+fNGD6m
tazjLRVRyRxDuB+IFW9TeWqLVJd5BzCxlAwFj7WGfev9iw4zubiyYySYNwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPPIagQ+mC8kSk/9F3duYqb1grsnMB8GA1UdIwQY
MBaAFPXPc7PkX3cvrhuRVpCzFzRMP0QrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQt
MWM2NTRlMDJkNzVkLzEvODhocUJENllMeVJLVF8wWGQyNWlwdldDdXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQtMWM2NTRlMDJkNzVk
LzEvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAXPNUAwQA
sN9tMA0EAgACMAcDBQAqD+qCMA0GCSqGSIb3DQEBCwUAA4IBAQBP2YK6ecTw0UA5
1YxOgRMVzMQjv9dMOgukvkSV1Ey1lTdQ+j0u9DrqAZhfAhRtJVunA1o9mag77xPz
NQ8nu2m6pqxDExDOqM9A4tnIC9RYp+qP8+C6fhEPRFIl5j8xWkIXr4qKa8jn8x5m
l8ljg2W9Js7C8IXNGScgfJWCUo4OzsTEy4ct901UBZFZLBQK/WFlCcS2lqMnnnBA
a2odyNk8YEVUUYuibxYqqO9hZnDvu4uz91+sVnH2uiJ50oJH0jvRomJifrDU4/pZ
xraDtOAeobS2n5SB6yaO6hzW6AuDIHxXcrXq/BzofV+kxVYUGNyVkK8jvsqigL15
Vp/c4p5z
-----END CERTIFICATE-----