Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/DIHguFlWP3FYq1KzS8Kh6KFE_dY.roa
File:                     DIHguFlWP3FYq1KzS8Kh6KFE_dY.roa (raw, json)
Hash identifier:          C3IIWHGFy1A64YBlJpfP0CY3WyHpmP8A3MdSlLy8Wu0=
Subject key identifier:   0C:81:E0:B8:59:56:3F:71:58:AB:52:B3:4B:C2:A1:E8:A1:44:FD:D6
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       018CCA2B825DC871DD05651739098928ADDC
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/DIHguFlWP3FYq1KzS8Kh6KFE_dY.roa
Signing time:             Tue 02 Jan 2024 12:34:58 +0000
ROA not before:           Tue 02 Jan 2024 12:34:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58104
IP address blocks:        94.184.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 18:54:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:82:5d:c8:71:dd:05:65:17:39:09:89:28:ad:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 12:34:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c81e0b859563f7158ab52b34bc2a1e8a144fdd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1d:3a:c1:6e:d7:b1:d0:60:ac:c2:24:b9:69:
                    56:a5:4a:c4:01:87:04:27:1d:b8:85:e6:3f:f9:f2:
                    e2:1f:e9:0b:be:95:ce:f0:c5:4b:49:45:2a:16:aa:
                    b2:57:18:0e:b3:06:e7:5e:a9:84:f2:eb:68:5b:87:
                    51:81:f3:32:b0:76:67:76:6a:9c:8d:a3:2f:d7:d0:
                    ca:b2:c1:ef:56:a3:aa:71:91:16:45:7d:e9:ce:ae:
                    c2:da:00:2e:85:73:20:6c:6a:36:8e:bc:06:7e:3e:
                    e0:fe:1b:ce:1b:44:62:6d:ef:85:ca:e1:ad:1c:69:
                    c0:b6:23:cf:7e:a2:0a:97:79:f5:11:c9:06:63:dc:
                    00:c0:05:ca:8a:b3:75:59:44:8e:19:68:87:33:71:
                    64:96:57:1d:02:49:d2:14:1b:fc:b4:45:f4:b5:f2:
                    57:8a:fe:08:4b:b9:64:98:a6:01:2b:0a:52:71:8d:
                    6d:0a:79:7b:85:c0:fa:3c:43:12:64:23:0c:1f:e1:
                    d6:0f:4b:38:4c:75:06:f6:0c:f6:42:22:0b:85:9b:
                    b7:6d:b7:e5:53:b3:b6:54:b5:b8:ef:de:d8:4d:1c:
                    b7:d8:fc:7d:91:38:ff:c9:68:66:1d:cb:f8:6c:25:
                    50:f6:d7:f5:b4:8d:b0:5e:3c:f1:bb:27:1c:ce:38:
                    d2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:81:E0:B8:59:56:3F:71:58:AB:52:B3:4B:C2:A1:E8:A1:44:FD:D6
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/DIHguFlWP3FYq1KzS8Kh6KFE_dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:40:ff:c4:54:12:3e:2c:c0:1c:ba:f8:d9:07:f2:7a:74:9f:
         f1:7a:1f:de:2e:fe:38:4a:f3:89:22:96:76:d8:44:27:54:f7:
         42:f5:e6:49:ea:d5:86:d3:87:f3:b4:9e:5e:7a:61:20:e5:54:
         7d:31:e3:a2:5e:e9:7b:0e:5d:71:2f:96:87:89:75:2c:18:14:
         f9:05:70:e0:fb:00:bc:53:a9:33:48:25:e2:d2:a9:b9:94:73:
         72:a1:43:a4:1d:55:03:2a:43:7d:24:fc:54:4d:07:2b:40:ea:
         5a:d6:24:c9:62:b2:c5:8a:dc:99:03:2d:b8:61:47:b4:0c:96:
         0b:95:b6:f8:9a:a6:79:e4:fd:f9:03:fc:39:a7:5c:58:e0:a1:
         1e:30:09:2f:0a:5b:c3:0a:d8:c2:b6:6a:ea:4f:af:cd:ab:50:
         16:a9:3e:b3:15:a0:5f:ea:08:b3:df:d0:57:3f:d2:51:03:ca:
         aa:cc:df:6f:f5:c1:20:54:d8:f3:7d:a9:6a:1e:6b:59:46:23:
         a0:c7:19:5e:cb:d9:89:2b:dd:20:42:23:7a:70:74:40:78:02:
         29:99:3e:3c:64:c3:8c:46:ea:39:9c:34:50:50:a5:ac:a2:1f:
         59:fb:96:94:94:c8:e3:57:81:7f:9b:42:06:2f:af:8d:ca:24:
         73:47:33:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK4JdyHHdBWUXOQmJKK3cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwMTAyMTIzNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzgxZTBiODU5NTYzZjcxNThhYjUyYjM0YmMyYTFlOGExNDRmZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB06wW7XsdBgrMIkuWlWpUrEAYcE
Jx24heY/+fLiH+kLvpXO8MVLSUUqFqqyVxgOswbnXqmE8utoW4dRgfMysHZndmqc
jaMv19DKssHvVqOqcZEWRX3pzq7C2gAuhXMgbGo2jrwGfj7g/hvOG0Ribe+FyuGt
HGnAtiPPfqIKl3n1EckGY9wAwAXKirN1WUSOGWiHM3FkllcdAknSFBv8tEX0tfJX
iv4IS7lkmKYBKwpScY1tCnl7hcD6PEMSZCMMH+HWD0s4THUG9gz2QiILhZu3bbfl
U7O2VLW4797YTRy32Px9kTj/yWhmHcv4bCVQ9tf1tI2wXjzxuycczjjS2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyB4LhZVj9xWKtSs0vCoeihRP3WMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvRElIZ3VGbFdQM0ZZcTFLelM4S2g2S0ZFX2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXrhYMA0G
CSqGSIb3DQEBCwUAA4IBAQCaQP/EVBI+LMAcuvjZB/J6dJ/xeh/eLv44SvOJIpZ2
2EQnVPdC9eZJ6tWG04fztJ5eemEg5VR9MeOiXul7Dl1xL5aHiXUsGBT5BXDg+wC8
U6kzSCXi0qm5lHNyoUOkHVUDKkN9JPxUTQcrQOpa1iTJYrLFityZAy24YUe0DJYL
lbb4mqZ55P35A/w5p1xY4KEeMAkvClvDCtjCtmrqT6/Nq1AWqT6zFaBf6giz39BX
P9JRA8qqzN9v9cEgVNjzfalqHmtZRiOgxxley9mJK90gQiN6cHRAeAIpmT48ZMOM
Ruo5nDRQUKWsoh9Z+5aUlMjjV4F/m0IGL6+NyiRzRzN7
-----END CERTIFICATE-----