Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/kAdBD6bImGsRRtw3CCA9gqbM28I.roa
File:                     kAdBD6bImGsRRtw3CCA9gqbM28I.roa (raw, json)
Hash identifier:          OgkJ7EQ0yl5QtvTXUd45VgwmMYIzi1O1jqBK0JxNPkU=
Subject key identifier:   90:07:41:0F:A6:C8:98:6B:11:46:DC:37:08:20:3D:82:A6:CC:DB:C2
Certificate issuer:       /CN=1d157824c638c718a07b535e0d824cb24afc070c
Certificate serial:       018CC725B23B0D867E26AD13E2485C93F099
Authority key identifier: 1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/kAdBD6bImGsRRtw3CCA9gqbM28I.roa
Signing time:             Mon 01 Jan 2024 22:29:45 +0000
ROA not before:           Mon 01 Jan 2024 22:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209472
IP address blocks:        88.218.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b2:3b:0d:86:7e:26:ad:13:e2:48:5c:93:f0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d157824c638c718a07b535e0d824cb24afc070c
        Validity
            Not Before: Jan  1 22:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9007410fa6c8986b1146dc3708203d82a6ccdbc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0f:ea:27:7c:50:29:f3:3c:df:4e:8e:77:00:
                    5d:dc:b7:22:51:01:d8:50:e6:fd:0b:45:e9:09:ee:
                    78:d6:51:55:34:22:4e:78:42:c3:14:a6:76:e9:42:
                    73:17:69:63:15:16:50:88:c4:aa:05:c4:34:44:20:
                    af:3a:e2:15:9e:57:5d:e3:7e:d5:bc:a2:b4:27:27:
                    a0:1e:f5:8d:25:a6:05:b3:61:f1:55:4c:d6:1c:62:
                    e8:70:65:e0:07:61:d0:3f:2e:08:9f:b9:36:0c:17:
                    fb:42:d6:2e:cc:e2:fd:c3:41:a1:48:31:14:aa:37:
                    17:0b:0f:82:94:79:e9:ae:01:21:5d:df:e7:50:1b:
                    6b:ac:d7:66:fc:51:65:a6:ab:45:e5:ce:34:ed:10:
                    cf:87:41:bd:f3:3c:8b:31:02:de:65:a3:cb:1a:0c:
                    b9:dd:b1:e7:42:16:cc:d1:be:52:8c:5e:be:d9:fa:
                    52:ec:8b:8e:4f:82:14:ea:e2:57:fa:ee:de:17:f1:
                    ed:aa:b2:e5:b9:06:39:dd:37:5f:e1:aa:36:29:01:
                    20:0c:3d:d7:8c:43:31:c3:a6:d7:76:63:1d:ed:51:
                    a1:e5:c8:33:9c:d6:d8:8c:23:54:8f:98:fe:b2:78:
                    6d:76:5c:67:ce:77:c8:36:95:ac:1b:81:a0:e9:97:
                    e7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:07:41:0F:A6:C8:98:6B:11:46:DC:37:08:20:3D:82:A6:CC:DB:C2
            X509v3 Authority Key Identifier:
                keyid:1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/kAdBD6bImGsRRtw3CCA9gqbM28I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:ce:0e:58:6b:83:e9:1f:d8:e2:29:74:e9:3c:e1:88:8a:9a:
         48:64:3e:42:c5:5d:26:20:41:3c:9a:1e:77:d2:ee:67:2a:6f:
         9d:d3:2f:eb:5f:fc:42:69:7a:44:70:81:bf:98:00:ad:9b:85:
         81:7a:78:a8:cc:2a:08:f7:67:9a:ce:28:ef:ef:d7:14:3f:21:
         7e:13:53:f8:bb:de:75:c8:e7:6a:e6:d7:7f:03:96:6a:c3:0d:
         1b:ee:78:d0:dd:01:0d:4b:72:61:c8:d9:2d:a4:8c:01:ce:fb:
         38:35:1c:d6:dc:3a:c0:5b:32:27:6b:04:28:df:a6:b1:a8:29:
         ff:d3:4e:51:02:f1:d3:0c:49:92:63:7c:0e:45:ac:98:8f:d1:
         c9:f4:ba:c3:ad:7f:7c:64:94:af:2e:58:96:13:11:b6:fe:c0:
         85:1d:19:23:9d:d5:1e:26:c7:55:90:4a:4b:ad:c7:88:35:24:
         ca:f4:0d:90:04:51:c5:f6:46:c1:c0:f8:f4:0e:ba:0c:ac:51:
         dd:6a:6b:42:13:2c:a0:9d:d3:4a:66:b9:89:13:6b:60:65:2d:
         e0:da:db:e8:6e:a4:ce:c3:b5:a1:49:fa:f0:8d:89:e3:39:69:
         d5:2c:98:5f:2a:37:57:ff:63:cb:d4:4d:18:49:71:0d:fc:82:
         0e:cd:92:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJbI7DYZ+Jq0T4khck/CZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTU3ODI0YzYzOGM3MThhMDdiNTM1ZTBkODI0Y2IyNGFm
YzA3MGMwHhcNMjQwMTAxMjIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDA3NDEwZmE2Yzg5ODZiMTE0NmRjMzcwODIwM2Q4MmE2Y2NkYmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ/qJ3xQKfM8306OdwBd3LciUQHY
UOb9C0XpCe541lFVNCJOeELDFKZ26UJzF2ljFRZQiMSqBcQ0RCCvOuIVnldd437V
vKK0JyegHvWNJaYFs2HxVUzWHGLocGXgB2HQPy4In7k2DBf7QtYuzOL9w0GhSDEU
qjcXCw+ClHnprgEhXd/nUBtrrNdm/FFlpqtF5c407RDPh0G98zyLMQLeZaPLGgy5
3bHnQhbM0b5SjF6+2fpS7IuOT4IU6uJX+u7eF/HtqrLluQY53Tdf4ao2KQEgDD3X
jEMxw6bXdmMd7VGh5cgznNbYjCNUj5j+snhtdlxnznfINpWsG4Gg6ZfnmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAHQQ+myJhrEUbcNwggPYKmzNvCMB8GA1UdIwQY
MBaAFB0VeCTGOMcYoHtTXg2CTLJK/AcMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJWNEpNWTR4eGlnZTFOZURZSk1za3I4Qnd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lNmFjMDEtOGJmYi00ZWYzLWJmYTct
ZTU3NDQwMjYwYmUwLzEva0FkQkQ2YkltR3NSUnR3M0NDQTlncWJNMjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lNmFjMDEtOGJmYi00ZWYzLWJmYTctZTU3NDQwMjYwYmUw
LzEvSFJWNEpNWTR4eGlnZTFOZURZSk1za3I4Qnd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNrcMA0G
CSqGSIb3DQEBCwUAA4IBAQAYzg5Ya4PpH9jiKXTpPOGIippIZD5CxV0mIEE8mh53
0u5nKm+d0y/rX/xCaXpEcIG/mACtm4WBeniozCoI92eazijv79cUPyF+E1P4u951
yOdq5td/A5Zqww0b7njQ3QENS3JhyNktpIwBzvs4NRzW3DrAWzInawQo36axqCn/
005RAvHTDEmSY3wORayYj9HJ9LrDrX98ZJSvLliWExG2/sCFHRkjndUeJsdVkEpL
rceINSTK9A2QBFHF9kbBwPj0DroMrFHdamtCEyygndNKZrmJE2tgZS3g2tvobqTO
w7WhSfrwjYnjOWnVLJhfKjdX/2PL1E0YSXEN/IIOzZKV
-----END CERTIFICATE-----