Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/u6s8IgXDx-mboQrqPbkkElU_aIA.roa
File:                     u6s8IgXDx-mboQrqPbkkElU_aIA.roa (raw, json)
Hash identifier:          WrrDhTYrioak3qnie6Js6fx4wyKhlx9bwt1whTQfX/M=
Subject key identifier:   BB:AB:3C:22:05:C3:C7:E9:9B:A1:0A:EA:3D:B9:24:12:55:3F:68:80
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649DF6AD40355F9FD8806A841B66C53
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/u6s8IgXDx-mboQrqPbkkElU_aIA.roa
Signing time:             Mon 01 Jan 2024 18:29:39 +0000
ROA not before:           Mon 01 Jan 2024 18:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51374
IP address blocks:        88.203.189.0/24 maxlen: 24
                          88.203.187.0/24 maxlen: 24
                          88.203.190.0/24 maxlen: 24
                          88.203.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:df:6a:d4:03:55:f9:fd:88:06:a8:41:b6:6c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbab3c2205c3c7e99ba10aea3db92412553f6880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:4d:bb:09:5e:ee:34:dd:69:bc:71:8d:42:6c:
                    23:aa:12:68:bb:49:7d:99:d4:c2:e3:08:a2:5f:6d:
                    33:24:cd:43:95:78:2b:d2:45:90:ff:67:d6:88:ba:
                    6c:af:fc:e4:f4:02:b9:d1:a2:25:24:59:16:03:46:
                    f1:43:13:57:3e:2c:6a:d2:c5:14:95:86:f6:67:3e:
                    95:f8:6c:a4:dd:e3:f4:f3:57:35:34:07:4e:43:85:
                    8c:cd:8e:92:8d:34:ed:91:a6:42:42:b9:8b:e6:da:
                    37:93:60:dd:03:1d:39:a3:96:24:0f:3d:68:56:2d:
                    91:dd:67:ca:83:81:ee:a2:62:16:b0:3b:4a:19:e1:
                    96:29:e2:65:f7:c7:30:47:54:25:61:46:77:36:e4:
                    8c:97:7b:91:b4:80:12:29:ef:ea:4f:d8:35:15:db:
                    52:2a:f6:74:5c:55:51:20:bc:b5:05:f2:ad:ea:8b:
                    86:1a:ff:f3:2e:09:ee:7c:7e:2c:21:64:d3:2a:8e:
                    57:31:75:07:96:5e:06:e7:66:c1:63:0c:99:3d:a7:
                    31:63:7b:11:ab:bf:48:d4:0b:14:7c:34:c8:63:d7:
                    76:ab:2d:51:f3:bb:7f:4f:9c:c5:cb:9a:3d:e4:67:
                    b7:55:78:5c:e6:90:25:69:2e:1c:b1:f2:21:42:00:
                    17:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AB:3C:22:05:C3:C7:E9:9B:A1:0A:EA:3D:B9:24:12:55:3F:68:80
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/u6s8IgXDx-mboQrqPbkkElU_aIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.203.187.0-88.203.190.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:be:0b:18:97:65:06:ee:a1:1f:a6:a9:11:9b:05:84:70:c0:
         a8:1d:c6:c2:7e:87:34:f7:1b:c1:21:1a:ec:ed:11:f2:30:e1:
         de:dd:4f:ce:f7:2f:ac:78:98:16:16:43:92:dd:51:e2:7c:3a:
         f6:23:a9:d5:6d:26:70:52:aa:9b:1d:1a:c1:f9:ed:b7:88:35:
         cf:a2:7e:02:d4:8d:c0:78:e7:53:8a:34:77:95:89:82:81:82:
         87:35:f4:9e:17:f5:23:95:63:03:fc:50:3d:07:29:b6:c1:80:
         06:ef:65:9e:86:18:f9:2a:a6:fa:ed:e4:ce:98:1c:5e:0d:99:
         9a:1f:f8:0f:ef:76:d8:7c:e9:2f:d9:22:33:cc:ab:40:8a:1d:
         39:01:0b:ee:dc:bb:bd:58:ef:71:0d:0f:ba:d7:8f:57:e2:3a:
         3c:4d:97:a2:7a:c4:8e:d9:70:ca:51:e3:56:db:6f:52:e4:c2:
         b0:d7:b4:86:86:5c:d4:3e:77:30:3d:bd:c9:1f:bd:e1:67:a0:
         b1:92:4d:0b:f6:9f:1f:4e:af:14:69:9e:b5:cf:59:3b:29:81:
         62:2c:38:ce:48:db:73:6a:d6:7d:bc:d2:32:f2:ee:2f:cf:80:
         30:f8:8b:e5:8d:4b:79:3f:5c:ae:5d:e7:07:89:0e:37:84:3a:
         64:7e:22:28
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSd9q1ANV+f2IBqhBtmxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFiM2MyMjA1YzNjN2U5OWJhMTBhZWEzZGI5MjQxMjU1M2Y2ODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1U27CV7uNN1pvHGNQmwjqhJou0l9
mdTC4wiiX20zJM1DlXgr0kWQ/2fWiLpsr/zk9AK50aIlJFkWA0bxQxNXPixq0sUU
lYb2Zz6V+Gyk3eP081c1NAdOQ4WMzY6SjTTtkaZCQrmL5to3k2DdAx05o5YkDz1o
Vi2R3WfKg4HuomIWsDtKGeGWKeJl98cwR1QlYUZ3NuSMl3uRtIASKe/qT9g1FdtS
KvZ0XFVRILy1BfKt6ouGGv/zLgnufH4sIWTTKo5XMXUHll4G52bBYwyZPacxY3sR
q79I1AsUfDTIY9d2qy1R87t/T5zFy5o95Ge3VXhc5pAlaS4csfIhQgAXiQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLurPCIFw8fpm6EK6j25JBJVP2iAMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvdTZzOElnWER4LW1ib1FycVBia2tFbFVfYUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABYy7sD
BABYy74wDQYJKoZIhvcNAQELBQADggEBAIy+CxiXZQbuoR+mqRGbBYRwwKgdxsJ+
hzT3G8EhGuztEfIw4d7dT873L6x4mBYWQ5LdUeJ8OvYjqdVtJnBSqpsdGsH57beI
Nc+ifgLUjcB451OKNHeViYKBgoc19J4X9SOVYwP8UD0HKbbBgAbvZZ6GGPkqpvrt
5M6YHF4NmZof+A/vdth86S/ZIjPMq0CKHTkBC+7cu71Y73END7rXj1fiOjxNl6J6
xI7ZcMpR41bbb1LkwrDXtIaGXNQ+dzA9vckfveFnoLGSTQv2nx9OrxRpnrXPWTsp
gWIsOM5I23Nq1n280jLy7i/PgDD4i+WNS3k/XK5d5weJDjeEOmR+Iig=
-----END CERTIFICATE-----