Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/dm4w-LiuzuqHo5fR0qbVKbAXlrA.roa
File:                     dm4w-LiuzuqHo5fR0qbVKbAXlrA.roa (raw, json)
Hash identifier:          Mu8wYoQq+wJJ+IwpsVDSHe2MyNSlCfqcBdXdevTkyf4=
Subject key identifier:   76:6E:30:F8:B8:AE:CE:EA:87:A3:97:D1:D2:A6:D5:29:B0:17:96:B0
Certificate issuer:       /CN=7ee053cb9cb4f41c1e4773e7f16e84bb57522033
Certificate serial:       018CC72573CF77CCD43CDC35463D135AAD52
Authority key identifier: 7E:E0:53:CB:9C:B4:F4:1C:1E:47:73:E7:F1:6E:84:BB:57:52:20:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/dm4w-LiuzuqHo5fR0qbVKbAXlrA.roa
Signing time:             Mon 01 Jan 2024 22:29:29 +0000
ROA not before:           Mon 01 Jan 2024 22:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        88.218.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:73:cf:77:cc:d4:3c:dc:35:46:3d:13:5a:ad:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee053cb9cb4f41c1e4773e7f16e84bb57522033
        Validity
            Not Before: Jan  1 22:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=766e30f8b8aeceea87a397d1d2a6d529b01796b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:4e:c7:3c:4f:bd:ae:70:6f:cf:31:b6:61:89:
                    db:f3:af:c7:73:e8:df:c4:38:c3:8e:67:43:91:7e:
                    a9:d6:0b:44:83:2d:de:1e:9c:72:50:24:34:64:e8:
                    b2:f3:02:d4:9b:31:62:11:ee:24:ef:cc:9b:f0:8f:
                    91:25:c0:a7:19:8a:29:95:3d:a9:0d:3c:84:1f:56:
                    33:62:05:51:2a:39:c8:38:1a:d6:85:d2:75:5a:73:
                    bb:e6:01:66:14:a4:31:dc:51:7a:cb:42:3b:83:29:
                    73:13:4c:fd:db:09:98:13:73:85:a3:63:94:5b:68:
                    b4:48:f4:bf:63:7d:69:df:2e:73:93:c7:b2:53:6e:
                    20:54:4e:c7:92:cd:c2:83:3b:14:c6:cd:b1:38:39:
                    a0:a3:f0:82:74:bb:4b:af:5e:35:51:d6:5c:b7:e4:
                    c5:1b:c7:6f:82:5d:98:62:5b:90:8a:e1:cc:6b:9c:
                    f3:77:5b:39:c7:13:1f:f0:54:a6:53:01:da:97:e2:
                    c0:d8:bd:bc:9b:ee:e6:57:38:0f:ce:95:4f:62:35:
                    71:64:cf:84:92:65:4b:cc:d0:0e:4a:3b:df:cf:d6:
                    bb:ec:7d:33:07:02:3a:3d:57:ff:83:f7:8d:44:74:
                    07:3c:86:c1:15:5d:68:8b:83:02:ac:7e:87:5f:79:
                    28:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:6E:30:F8:B8:AE:CE:EA:87:A3:97:D1:D2:A6:D5:29:B0:17:96:B0
            X509v3 Authority Key Identifier:
                keyid:7E:E0:53:CB:9C:B4:F4:1C:1E:47:73:E7:F1:6E:84:BB:57:52:20:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/dm4w-LiuzuqHo5fR0qbVKbAXlrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:8d:e1:95:6a:08:1b:9b:e3:26:62:44:a8:c1:66:eb:32:b1:
         63:e6:b9:71:d3:24:30:8b:44:ef:83:4b:e1:68:40:89:b4:a4:
         19:15:17:1a:c8:fe:15:44:9d:a0:c5:7d:69:23:a5:db:67:ae:
         0d:11:44:d5:e4:47:da:5d:81:64:1f:2a:8b:55:84:19:b5:e7:
         c6:7d:f6:65:c6:de:c7:4e:87:20:cd:62:da:f1:1e:f0:71:e2:
         92:96:fc:13:7c:4b:46:34:cb:8d:4e:e1:95:ab:4c:49:fe:93:
         6a:9c:2c:23:7c:01:f7:f9:70:81:0c:6f:20:40:d4:02:20:fb:
         25:a3:b9:b9:24:10:ef:11:db:06:1a:37:87:b3:80:d9:40:f3:
         65:23:72:65:82:d7:90:e4:31:10:45:d1:11:e6:0e:01:aa:dc:
         57:fd:42:59:32:a5:b6:72:08:62:b7:21:7e:3d:5c:d0:cd:c0:
         d2:83:8e:c9:d5:51:96:9e:83:d7:f5:9f:df:1b:ed:fc:36:93:
         e1:aa:4b:88:b6:1c:6c:2f:31:b3:03:de:90:01:06:88:1d:e2:
         ac:05:40:b6:56:48:33:81:70:55:5b:03:75:e4:13:a1:47:8a:
         1d:18:ec:81:81:f8:12:fb:f7:c5:7b:0c:7c:2c:e4:ed:e6:49:
         a8:9e:16:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXPPd8zUPNw1Rj0TWq1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTA1M2NiOWNiNGY0MWMxZTQ3NzNlN2YxNmU4NGJiNTc1
MjIwMzMwHhcNMjQwMTAxMjIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjZlMzBmOGI4YWVjZWVhODdhMzk3ZDFkMmE2ZDUyOWIwMTc5NmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjE7HPE+9rnBvzzG2YYnb86/Hc+jf
xDjDjmdDkX6p1gtEgy3eHpxyUCQ0ZOiy8wLUmzFiEe4k78yb8I+RJcCnGYoplT2p
DTyEH1YzYgVRKjnIOBrWhdJ1WnO75gFmFKQx3FF6y0I7gylzE0z92wmYE3OFo2OU
W2i0SPS/Y31p3y5zk8eyU24gVE7Hks3CgzsUxs2xODmgo/CCdLtLr141UdZct+TF
G8dvgl2YYluQiuHMa5zzd1s5xxMf8FSmUwHal+LA2L28m+7mVzgPzpVPYjVxZM+E
kmVLzNAOSjvfz9a77H0zBwI6PVf/g/eNRHQHPIbBFV1oi4MCrH6HX3koaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZuMPi4rs7qh6OX0dKm1SmwF5awMB8GA1UdIwQY
MBaAFH7gU8uctPQcHkdz5/FuhLtXUiAzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVCVHk1eTA5QndlUjNQbjhXNkV1MWRTSURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wNjAwYTQtMTQ2NC00YTdjLWFmNTYt
MThlODZmMGIxZDgxLzEvZG00dy1MaXV6dXFIbzVmUjBxYlZLYkFYbHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wNjAwYTQtMTQ2NC00YTdjLWFmNTYtMThlODZmMGIxZDgx
LzEvZnVCVHk1eTA5QndlUjNQbjhXNkV1MWRTSURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNoRMA0G
CSqGSIb3DQEBCwUAA4IBAQBWjeGVaggbm+MmYkSowWbrMrFj5rlx0yQwi0Tvg0vh
aECJtKQZFRcayP4VRJ2gxX1pI6XbZ64NEUTV5EfaXYFkHyqLVYQZtefGffZlxt7H
TocgzWLa8R7wceKSlvwTfEtGNMuNTuGVq0xJ/pNqnCwjfAH3+XCBDG8gQNQCIPsl
o7m5JBDvEdsGGjeHs4DZQPNlI3JlgteQ5DEQRdER5g4BqtxX/UJZMqW2cghityF+
PVzQzcDSg47J1VGWnoPX9Z/fG+38NpPhqkuIthxsLzGzA96QAQaIHeKsBUC2Vkgz
gXBVWwN15BOhR4odGOyBgfgS+/fFewx8LOTt5kmonhYn
-----END CERTIFICATE-----