Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/RKwnXUtyV_J-ELUAzZf1CR-908c.roa
File:                     RKwnXUtyV_J-ELUAzZf1CR-908c.roa (raw, json)
Hash identifier:          Zwzxq5Ivi69JTdDChsr6PALySj4VLJB1VKgHyVEmGsY=
Subject key identifier:   44:AC:27:5D:4B:72:57:F2:7E:10:B5:00:CD:97:F5:09:1F:BD:D3:C7
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       018CC493736F249599C338986FB213C41478
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/RKwnXUtyV_J-ELUAzZf1CR-908c.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12527
IP address blocks:        88.157.231.0/24 maxlen: 24
                          88.157.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:73:6f:24:95:99:c3:38:98:6f:b2:13:c4:14:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44ac275d4b7257f27e10b500cd97f5091fbdd3c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:93:a6:58:e3:41:bf:15:8f:82:6d:0f:a7:89:
                    eb:ff:3f:35:19:71:96:a3:29:d1:e6:d0:5d:81:4d:
                    07:89:d5:9b:6f:0f:85:de:9e:bc:eb:65:5a:53:ad:
                    8f:ce:f6:3f:a8:93:bf:26:0b:12:c2:e7:10:9d:b2:
                    73:d9:36:ee:cf:f5:6c:f7:27:5f:d6:4f:7b:4b:22:
                    0a:57:ca:4c:06:c1:6e:ca:a4:47:a6:ae:55:e8:d2:
                    75:5c:24:f8:cb:da:e5:2a:44:29:ef:24:71:a7:5b:
                    50:c3:38:7c:4a:1f:55:4d:eb:b0:eb:85:42:5a:17:
                    a2:44:e3:a2:7c:a6:ff:7d:0e:93:91:b6:1f:ec:74:
                    c4:9c:58:dc:3e:8b:1e:ef:fd:ff:89:92:d6:80:b6:
                    2a:67:b7:36:13:02:7c:10:58:55:08:6d:20:84:f1:
                    85:a6:f0:5a:be:82:f6:b5:7a:d1:ec:71:5b:95:5e:
                    f6:d8:74:20:ca:cb:bb:da:42:a6:32:d1:06:4f:8a:
                    d9:52:e1:77:46:a1:22:e4:d2:34:2f:cc:41:3f:d5:
                    91:8c:48:cd:b3:4a:f4:9e:f0:22:ec:62:b3:89:63:
                    af:93:0f:ef:af:21:6b:f8:0a:56:24:e1:5b:2b:19:
                    9d:e8:26:c2:93:a2:0d:c8:81:63:11:f4:7a:86:57:
                    da:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AC:27:5D:4B:72:57:F2:7E:10:B5:00:CD:97:F5:09:1F:BD:D3:C7
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/RKwnXUtyV_J-ELUAzZf1CR-908c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.157.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:26:3c:57:aa:ab:45:e7:5d:6d:ab:79:27:5d:95:bc:fe:24:
         74:06:b1:7f:d8:1f:d7:aa:5f:71:4f:20:43:e1:46:d1:70:ae:
         73:31:ae:74:7f:cf:2f:19:85:fb:8e:ab:cb:e2:9c:72:bd:2f:
         cc:c5:7d:21:2a:e6:8e:af:1d:9d:ed:2a:ca:3e:7a:61:90:1a:
         d3:e8:a2:95:db:6e:71:bd:9a:f2:c4:1f:37:fa:54:d5:34:56:
         a2:ad:a6:e7:f3:fc:67:74:36:1d:8f:ea:26:52:4a:f9:f1:d2:
         f9:63:80:d4:78:b0:e3:5b:38:ca:8b:47:48:00:2f:ac:3e:e9:
         2b:be:00:e9:b2:42:13:f6:7d:57:93:4d:97:2c:83:ca:6f:94:
         fa:3b:53:17:43:10:52:39:31:0e:b9:b7:bd:cf:f5:68:1a:58:
         20:cc:f2:85:d6:8d:48:54:c9:46:93:74:dc:dc:2e:c6:23:a3:
         58:62:34:61:9b:8b:32:a1:52:1b:07:39:2b:13:79:90:27:fd:
         68:75:b2:7b:ed:80:d3:65:8f:f6:83:85:d5:90:01:b4:1e:c9:
         ba:f6:69:f0:4b:c4:95:e4:3e:70:e7:7d:f3:58:9a:a7:45:3a:
         c2:e8:cf:2f:5d:51:42:21:73:88:33:6f:e2:82:ce:c0:0b:11:
         a4:11:57:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3NvJJWZwziYb7ITxBR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFjMjc1ZDRiNzI1N2YyN2UxMGI1MDBjZDk3ZjUwOTFmYmRkM2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJOmWONBvxWPgm0Pp4nr/z81GXGW
oynR5tBdgU0HidWbbw+F3p6862VaU62PzvY/qJO/JgsSwucQnbJz2Tbuz/Vs9ydf
1k97SyIKV8pMBsFuyqRHpq5V6NJ1XCT4y9rlKkQp7yRxp1tQwzh8Sh9VTeuw64VC
WheiROOifKb/fQ6TkbYf7HTEnFjcPose7/3/iZLWgLYqZ7c2EwJ8EFhVCG0ghPGF
pvBavoL2tXrR7HFblV722HQgysu72kKmMtEGT4rZUuF3RqEi5NI0L8xBP9WRjEjN
s0r0nvAi7GKziWOvkw/vryFr+ApWJOFbKxmd6CbCk6INyIFjEfR6hlfaRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESsJ11LclfyfhC1AM2X9QkfvdPHMB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvUkt3blhVdHlWX0otRUxVQXpaZjFDUi05MDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWJ3mMA0G
CSqGSIb3DQEBCwUAA4IBAQA/JjxXqqtF511tq3knXZW8/iR0BrF/2B/Xql9xTyBD
4UbRcK5zMa50f88vGYX7jqvL4pxyvS/MxX0hKuaOrx2d7SrKPnphkBrT6KKV225x
vZryxB83+lTVNFairabn8/xndDYdj+omUkr58dL5Y4DUeLDjWzjKi0dIAC+sPukr
vgDpskIT9n1Xk02XLIPKb5T6O1MXQxBSOTEOube9z/VoGlggzPKF1o1IVMlGk3Tc
3C7GI6NYYjRhm4syoVIbBzkrE3mQJ/1odbJ77YDTZY/2g4XVkAG0Hsm69mnwS8SV
5D5w533zWJqnRTrC6M8vXVFCIXOIM2/igs7ACxGkEVcS
-----END CERTIFICATE-----