Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/kDOH0kSro0RPA2sMVZEhGHMJY9c.roa
File:                     kDOH0kSro0RPA2sMVZEhGHMJY9c.roa (raw, json)
Hash identifier:          82vgiWTBXUy9J9CHhlP7nrQtwbUS2Vozx1XonMZi0xM=
Subject key identifier:   90:33:87:D2:44:AB:A3:44:4F:03:6B:0C:55:91:21:18:73:09:63:D7
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       018CC56EFF5EBD16C8D23DE6EADABE080FF0
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/kDOH0kSro0RPA2sMVZEhGHMJY9c.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210650
IP address blocks:        46.36.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ff:5e:bd:16:c8:d2:3d:e6:ea:da:be:08:0f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=903387d244aba3444f036b0c55912118730963d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c8:28:9f:1f:75:19:fb:ee:85:06:50:17:d3:
                    36:da:23:3f:f2:56:83:3b:2d:cc:88:bf:09:40:ae:
                    b2:e9:67:a1:2c:14:63:6b:ff:93:0c:20:1b:aa:bf:
                    17:5e:81:94:af:19:dd:9e:71:dc:b0:35:d9:8f:63:
                    ad:f2:1d:e3:25:80:f4:13:37:3b:96:03:3f:ed:2e:
                    47:fd:fa:24:8f:a6:87:c7:f5:db:ff:c3:29:e4:c3:
                    b1:b7:f0:83:bc:59:5d:43:23:01:a6:a9:88:47:11:
                    26:4d:fd:61:cb:3a:aa:d0:df:5b:2d:fe:c2:94:b5:
                    39:60:be:b2:8e:11:75:0a:42:cd:59:20:c8:6a:b3:
                    78:67:5d:da:e1:56:1f:22:e5:52:30:8e:93:92:6f:
                    ee:25:dd:e4:e2:f1:8f:8f:72:bd:b1:6a:98:dc:c2:
                    d0:dc:cd:b5:44:d5:cd:02:9d:89:bc:33:ca:be:69:
                    4f:56:be:49:e4:d1:c2:cc:ed:06:c6:dd:08:c8:ae:
                    da:21:1c:01:86:47:70:5b:14:93:69:b9:45:68:a7:
                    38:fc:03:30:41:73:fe:2f:d9:8f:e0:e5:02:52:30:
                    42:7d:65:e5:7d:40:51:ee:ba:b8:7c:f0:d9:14:f0:
                    ff:65:0e:58:01:46:7c:e1:bc:df:6d:36:64:a6:bb:
                    07:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:33:87:D2:44:AB:A3:44:4F:03:6B:0C:55:91:21:18:73:09:63:D7
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/kDOH0kSro0RPA2sMVZEhGHMJY9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:81:43:4d:a6:23:00:5a:84:c2:47:e2:e6:7a:f7:80:b0:cb:
         13:6f:06:18:f9:ef:49:e6:59:a1:52:1a:65:1f:52:50:07:7c:
         ee:01:b6:6f:66:14:4a:10:f7:df:66:70:4b:c3:82:b8:26:cd:
         9a:62:44:a0:5e:a7:e2:b2:0e:a7:04:32:40:38:57:c4:4b:e0:
         d1:59:46:04:d9:df:6e:5e:ee:0b:53:be:7d:7b:2c:f3:0e:53:
         01:5c:dc:3f:ed:54:f2:aa:48:0b:9f:f5:93:70:7c:23:e7:f8:
         a6:09:cb:4b:d1:f8:65:b4:a9:c8:63:25:a4:e8:fc:19:a1:a2:
         4c:fa:d5:2d:68:8f:53:a2:1c:77:ee:f2:87:a4:07:e3:a3:dd:
         ed:c4:ee:cf:12:a9:5e:62:28:f6:e3:96:04:36:cc:b6:aa:79:
         e0:74:00:a6:29:3a:4f:21:22:09:a2:0f:5e:7a:c6:7a:a8:3e:
         74:1d:e7:34:c9:58:3a:e0:8a:2f:10:82:c6:ff:05:88:95:b1:
         b0:37:87:9b:03:51:ee:26:b9:45:ab:c8:d4:2a:ac:48:6b:2d:
         fb:1c:a1:f0:67:c5:bd:cd:39:fb:57:ef:dc:65:72:fd:1e:7a:
         06:bf:1e:64:13:2f:da:0c:72:43:00:70:88:23:67:55:d1:ce:
         74:ed:2f:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbv9evRbI0j3m6tq+CA/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDMzODdkMjQ0YWJhMzQ0NGYwMzZiMGM1NTkxMjExODczMDk2M2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksgonx91GfvuhQZQF9M22iM/8laD
Oy3MiL8JQK6y6WehLBRja/+TDCAbqr8XXoGUrxndnnHcsDXZj2Ot8h3jJYD0Ezc7
lgM/7S5H/fokj6aHx/Xb/8Mp5MOxt/CDvFldQyMBpqmIRxEmTf1hyzqq0N9bLf7C
lLU5YL6yjhF1CkLNWSDIarN4Z13a4VYfIuVSMI6Tkm/uJd3k4vGPj3K9sWqY3MLQ
3M21RNXNAp2JvDPKvmlPVr5J5NHCzO0Gxt0IyK7aIRwBhkdwWxSTablFaKc4/AMw
QXP+L9mP4OUCUjBCfWXlfUBR7rq4fPDZFPD/ZQ5YAUZ84bzfbTZkprsHNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAzh9JEq6NETwNrDFWRIRhzCWPXMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEva0RPSDBrU3JvMFJQQTJzTVZaRWhHSE1KWTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiRvMA0G
CSqGSIb3DQEBCwUAA4IBAQCKgUNNpiMAWoTCR+LmeveAsMsTbwYY+e9J5lmhUhpl
H1JQB3zuAbZvZhRKEPffZnBLw4K4Js2aYkSgXqfisg6nBDJAOFfES+DRWUYE2d9u
Xu4LU759eyzzDlMBXNw/7VTyqkgLn/WTcHwj5/imCctL0fhltKnIYyWk6PwZoaJM
+tUtaI9Tohx37vKHpAfjo93txO7PEqleYij245YENsy2qnngdACmKTpPISIJog9e
esZ6qD50Hec0yVg64IovEILG/wWIlbGwN4ebA1HuJrlFq8jUKqxIay37HKHwZ8W9
zTn7V+/cZXL9HnoGvx5kEy/aDHJDAHCII2dV0c507S+H
-----END CERTIFICATE-----