Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/DYm06eN1cgiv-b67OWDhcoB4Dcw.roa
File:                     DYm06eN1cgiv-b67OWDhcoB4Dcw.roa (raw, json)
Hash identifier:          BCBzxnHvzElNzTrcN/t36KikgZYeD9kCqxoRi/0AUgw=
Subject key identifier:   0D:89:B4:E9:E3:75:72:08:AF:F9:BE:BB:39:60:E1:72:80:78:0D:CC
Certificate issuer:       /CN=7f51228374742df544aa93058c5a3bd3d1642199
Certificate serial:       018CC5DC1AE5323F50DACDB5267715740BFA
Authority key identifier: 7F:51:22:83:74:74:2D:F5:44:AA:93:05:8C:5A:3B:D3:D1:64:21:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1Eig3R0LfVEqpMFjFo709FkIZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/DYm06eN1cgiv-b67OWDhcoB4Dcw.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201014
IP address blocks:        185.88.224.0/22 maxlen: 22
                          2a05:cf00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/f1Eig3R0LfVEqpMFjFo709FkIZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/f1Eig3R0LfVEqpMFjFo709FkIZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1Eig3R0LfVEqpMFjFo709FkIZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1a:e5:32:3f:50:da:cd:b5:26:77:15:74:0b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f51228374742df544aa93058c5a3bd3d1642199
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d89b4e9e3757208aff9bebb3960e17280780dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:dd:1a:5f:8c:db:98:ff:c3:98:11:61:b1:
                    90:b6:ec:7d:b8:6e:89:6a:02:58:f6:53:dd:f4:72:
                    10:bc:2b:e4:e2:b0:ff:03:f4:f7:e5:92:ff:a7:6c:
                    1e:3d:23:77:99:47:3a:83:7d:d9:b9:98:fe:6b:4d:
                    7d:0e:92:d2:83:3d:c5:b6:5f:9c:08:a8:54:af:ba:
                    8e:c2:61:ce:bf:4b:c9:82:4e:77:f6:01:69:25:d6:
                    4e:e4:db:65:6a:9f:8a:5b:aa:a4:89:76:54:a5:29:
                    b9:9c:a3:bf:6e:1d:62:30:a4:7f:2b:e4:d5:2e:40:
                    eb:14:b5:9b:f5:43:f1:28:93:24:7a:8c:3d:ba:f8:
                    53:5b:ca:79:dc:f3:9e:24:8e:29:67:d5:0c:ca:34:
                    4b:49:52:dc:ed:03:4f:c6:72:cb:41:f9:be:80:a6:
                    85:f0:51:6d:9f:4c:1e:cc:43:b8:f0:78:dd:eb:7e:
                    75:e5:0d:c7:c1:4e:5e:3d:90:34:f3:a6:c3:38:8d:
                    8d:f3:fc:02:46:13:e7:61:57:c7:a0:cd:31:a8:79:
                    f3:48:a6:3b:b2:2d:10:82:5d:c7:d3:7c:4d:30:1d:
                    a3:37:be:74:16:9c:82:53:7b:51:61:60:3d:a0:35:
                    35:4c:f4:b5:a3:a4:34:76:5c:7f:bd:f6:10:75:78:
                    5f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:89:B4:E9:E3:75:72:08:AF:F9:BE:BB:39:60:E1:72:80:78:0D:CC
            X509v3 Authority Key Identifier:
                keyid:7F:51:22:83:74:74:2D:F5:44:AA:93:05:8C:5A:3B:D3:D1:64:21:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1Eig3R0LfVEqpMFjFo709FkIZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/DYm06eN1cgiv-b67OWDhcoB4Dcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9385aa-1b79-4a02-a092-01eb03684f09/1/f1Eig3R0LfVEqpMFjFo709FkIZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.224.0/22
                IPv6:
                  2a05:cf00::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:54:d7:28:86:3d:c5:7d:65:83:6d:d1:3f:9d:ee:99:e0:79:
         3f:ee:cb:67:69:ab:4e:0c:f6:26:e0:cb:86:cc:d0:4e:2b:33:
         da:4a:85:e8:57:71:85:02:58:9f:0e:bd:ac:06:13:17:3c:5d:
         1e:44:59:bf:ae:52:4a:66:cd:cb:6f:b6:41:9b:1e:aa:39:b3:
         78:0a:2e:37:98:63:9d:9c:48:77:ce:c4:fd:ae:38:2a:80:b6:
         2f:00:9c:92:c3:96:5c:9b:f0:5b:3f:0b:f9:b7:8d:e9:e6:a7:
         7a:b6:f2:6b:d3:bd:55:16:00:f8:00:36:43:35:97:9c:71:a6:
         15:d6:c7:94:75:9d:76:88:b3:52:00:a1:ff:53:a8:fa:97:b7:
         63:a1:56:18:00:00:d9:9c:52:b1:e9:42:38:34:d0:ad:c5:5f:
         8f:35:dd:9e:25:16:2d:2b:27:68:ea:f8:c0:1e:32:5a:56:a6:
         33:8c:0d:a6:8c:f6:c1:7d:78:0a:78:63:b3:f5:f0:ab:af:8f:
         c0:29:3b:ca:db:49:ba:d0:f4:75:f7:71:ab:46:8b:28:6b:0e:
         92:f6:27:c6:51:32:12:9f:60:ae:ab:1a:9d:30:24:8f:2b:76:
         9a:19:8e:12:be:3f:b7:aa:3f:9a:6a:45:b6:40:2e:72:c4:f9:
         ee:7f:8b:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3BrlMj9Q2s21JncVdAv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTEyMjgzNzQ3NDJkZjU0NGFhOTMwNThjNWEzYmQzZDE2
NDIxOTkwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDg5YjRlOWUzNzU3MjA4YWZmOWJlYmIzOTYwZTE3MjgwNzgwZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5PdGl+M25j/w5gRYbGQtux9uG6J
agJY9lPd9HIQvCvk4rD/A/T35ZL/p2wePSN3mUc6g33ZuZj+a019DpLSgz3Ftl+c
CKhUr7qOwmHOv0vJgk539gFpJdZO5Ntlap+KW6qkiXZUpSm5nKO/bh1iMKR/K+TV
LkDrFLWb9UPxKJMkeow9uvhTW8p53POeJI4pZ9UMyjRLSVLc7QNPxnLLQfm+gKaF
8FFtn0wezEO48Hjd63515Q3HwU5ePZA086bDOI2N8/wCRhPnYVfHoM0xqHnzSKY7
si0Qgl3H03xNMB2jN750FpyCU3tRYWA9oDU1TPS1o6Q0dlx/vfYQdXhftQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA2JtOnjdXIIr/m+uzlg4XKAeA3MMB8GA1UdIwQY
MBaAFH9RIoN0dC31RKqTBYxaO9PRZCGZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFFaWczUjBMZlZFcXBNRmpGbzcwOUZrSVprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS85Mzg1YWEtMWI3OS00YTAyLWEwOTIt
MDFlYjAzNjg0ZjA5LzEvRFltMDZlTjFjZ2l2LWI2N09XRGhjb0I0RGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS85Mzg1YWEtMWI3OS00YTAyLWEwOTItMDFlYjAzNjg0ZjA5
LzEvZjFFaWczUjBMZlZFcXBNRmpGbzcwOUZrSVprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVjgMA0E
AgACMAcDBQMqBc8AMA0GCSqGSIb3DQEBCwUAA4IBAQBjVNcohj3FfWWDbdE/ne6Z
4Hk/7stnaatODPYm4MuGzNBOKzPaSoXoV3GFAlifDr2sBhMXPF0eRFm/rlJKZs3L
b7ZBmx6qObN4Ci43mGOdnEh3zsT9rjgqgLYvAJySw5Zcm/BbPwv5t43p5qd6tvJr
071VFgD4ADZDNZeccaYV1seUdZ12iLNSAKH/U6j6l7djoVYYAADZnFKx6UI4NNCt
xV+PNd2eJRYtKydo6vjAHjJaVqYzjA2mjPbBfXgKeGOz9fCrr4/AKTvK20m60PR1
93GrRosoaw6S9ifGUTISn2CuqxqdMCSPK3aaGY4Svj+3qj+aakW2QC5yxPnuf4uI
-----END CERTIFICATE-----