Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rdkC52OLN8IVYRwbMfiwzDkXG08.roa
File:                     rdkC52OLN8IVYRwbMfiwzDkXG08.roa (raw, json)
Hash identifier:          8sfqJQm3CizAfyIKlIVdYP71YBwYmKUrZQExaX1DPXo=
Subject key identifier:   AD:D9:02:E7:63:8B:37:C2:15:61:1C:1B:31:F8:B0:CC:39:17:1B:4F
Certificate issuer:       /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial:       018E7C963E80D0EA7046DA48F9FFFCEAF39A
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rdkC52OLN8IVYRwbMfiwzDkXG08.roa
Signing time:             Tue 26 Mar 2024 21:06:44 +0000
ROA not before:           Tue 26 Mar 2024 21:06:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        87.58.64.0/24 maxlen: 24
                          87.58.65.0/24 maxlen: 24
                          194.9.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7c:96:3e:80:d0:ea:70:46:da:48:f9:ff:fc:ea:f3:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
        Validity
            Not Before: Mar 26 21:06:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=add902e7638b37c215611c1b31f8b0cc39171b4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5b:63:b9:25:33:04:2c:7a:9f:8d:5f:83:69:
                    47:19:e6:79:5a:bb:fe:aa:27:53:71:09:d1:03:58:
                    85:5b:12:6d:3e:25:b2:a4:21:bd:a5:16:f9:f9:34:
                    e9:8f:32:47:00:e0:e0:7f:96:ad:2b:1f:e1:66:a5:
                    2f:6d:28:d0:9f:87:f4:bb:8e:95:37:ce:17:24:7c:
                    97:20:31:72:2f:47:66:c9:ff:7e:a2:20:98:11:e6:
                    43:fd:6b:73:d4:0f:f4:e8:ca:8e:e7:6f:4c:6d:b2:
                    5f:93:14:40:d9:9e:24:cc:c9:8c:d5:c5:33:f4:3f:
                    dd:30:8b:5e:f3:ea:2c:b5:9c:55:f7:e2:78:e6:44:
                    ef:50:ab:02:4a:88:c3:50:aa:e5:c9:1a:7a:39:0d:
                    66:f1:4b:e7:18:17:90:24:fe:5d:98:69:48:74:be:
                    4c:c3:9f:9f:0e:0c:9b:ad:0b:21:f9:3c:df:ce:e3:
                    53:c9:cb:e4:03:6a:82:e3:7a:70:c5:74:8b:0d:30:
                    eb:d7:86:c7:15:6a:3e:17:66:e5:25:e0:38:4e:8f:
                    11:66:15:0f:c1:bf:80:88:68:bd:fa:fa:8c:d1:a0:
                    a2:c7:d2:ba:79:41:dc:b7:de:8c:e9:ea:84:0a:9d:
                    d5:ca:44:c9:4f:ce:5b:e5:e4:53:0a:97:e2:f2:a2:
                    64:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D9:02:E7:63:8B:37:C2:15:61:1C:1B:31:F8:B0:CC:39:17:1B:4F
            X509v3 Authority Key Identifier:
                keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rdkC52OLN8IVYRwbMfiwzDkXG08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.58.64.0/23
                  194.9.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:9e:5e:a4:55:ac:16:52:28:b4:25:24:bb:67:aa:0d:4e:a9:
         0d:cf:bd:4b:a8:f4:df:b3:99:e3:c1:72:56:46:60:86:d7:5a:
         bd:f1:b2:12:b6:cd:f5:09:b3:98:2c:ae:26:97:77:67:56:49:
         b4:f6:aa:6b:79:4b:55:82:ef:5c:bc:e8:17:20:22:d6:cd:06:
         5d:0e:ba:54:58:ee:9e:cf:54:f6:ae:c2:1b:58:bc:7f:be:91:
         76:18:e9:31:43:8b:9d:6d:ed:55:94:fb:8d:eb:79:74:ae:8c:
         af:9a:0a:94:49:fa:67:c1:0b:1f:da:6c:16:d9:30:c5:ed:44:
         ee:04:4a:88:ef:6d:1e:e7:c7:62:c3:de:8b:e2:55:a5:15:c3:
         92:09:f1:0a:1e:df:c6:28:a0:d5:2b:2f:37:4e:0c:1d:2c:c2:
         f5:3a:f0:02:af:b6:7c:da:14:a9:88:d7:24:c0:cd:96:77:2b:
         ac:d4:98:aa:1b:7a:5e:94:22:96:ab:7c:96:54:59:0d:41:d0:
         9e:da:50:09:24:a2:c6:cd:da:2f:36:3a:ef:1b:d3:81:61:e3:
         04:f3:25:8c:0c:83:3a:04:e9:31:66:a3:21:20:4b:af:0a:d7:
         66:50:cf:93:fc:62:56:24:b6:cd:03:e1:25:c9:63:4e:60:49:
         ab:1d:b9:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY58lj6A0OpwRtpI+f/86vOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjQwMzI2MjEwNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQ5MDJlNzYzOGIzN2MyMTU2MTFjMWIzMWY4YjBjYzM5MTcxYjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1tjuSUzBCx6n41fg2lHGeZ5Wrv+
qidTcQnRA1iFWxJtPiWypCG9pRb5+TTpjzJHAODgf5atKx/hZqUvbSjQn4f0u46V
N84XJHyXIDFyL0dmyf9+oiCYEeZD/Wtz1A/06MqO529MbbJfkxRA2Z4kzMmM1cUz
9D/dMIte8+ostZxV9+J45kTvUKsCSojDUKrlyRp6OQ1m8UvnGBeQJP5dmGlIdL5M
w5+fDgybrQsh+TzfzuNTycvkA2qC43pwxXSLDTDr14bHFWo+F2blJeA4To8RZhUP
wb+AiGi9+vqM0aCix9K6eUHct96M6eqECp3VykTJT85b5eRTCpfi8qJkpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK3ZAudjizfCFWEcGzH4sMw5FxtPMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvcmRrQzUyT0xOOElWWVJ3Yk1maXd6RGtYRzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVzpAAwQA
wgl0MA0GCSqGSIb3DQEBCwUAA4IBAQAynl6kVawWUii0JSS7Z6oNTqkNz71LqPTf
s5njwXJWRmCG11q98bISts31CbOYLK4ml3dnVkm09qpreUtVgu9cvOgXICLWzQZd
DrpUWO6ez1T2rsIbWLx/vpF2GOkxQ4udbe1VlPuN63l0royvmgqUSfpnwQsf2mwW
2TDF7UTuBEqI720e58diw96L4lWlFcOSCfEKHt/GKKDVKy83TgwdLML1OvACr7Z8
2hSpiNckwM2Wdyus1JiqG3pelCKWq3yWVFkNQdCe2lAJJKLGzdovNjrvG9OBYeME
8yWMDIM6BOkxZqMhIEuvCtdmUM+T/GJWJLbNA+ElyWNOYEmrHblj
-----END CERTIFICATE-----