Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/_NBgKXw1y-_MA8JLXC6-e638GsU.roa
File:                     _NBgKXw1y-_MA8JLXC6-e638GsU.roa (raw, json)
Hash identifier:          1Au2Y5sLQkU9WGKvNsPuDu9FG1h3HcOQmZc+FT/JGwM=
Subject key identifier:   FC:D0:60:29:7C:35:CB:EF:CC:03:C2:4B:5C:2E:BE:7B:AD:FC:1A:C5
Certificate issuer:       /CN=b266e6e4d5df7f8a25654144755d7bd992e73539
Certificate serial:       018CCA2B88DB1F5B2AFA13DB84C063F51F17
Authority key identifier: B2:66:E6:E4:D5:DF:7F:8A:25:65:41:44:75:5D:7B:D9:92:E7:35:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/smbm5NXff4olZUFEdV172ZLnNTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/_NBgKXw1y-_MA8JLXC6-e638GsU.roa
Signing time:             Tue 02 Jan 2024 12:34:59 +0000
ROA not before:           Tue 02 Jan 2024 12:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204332
IP address blocks:        185.252.88.0/22 maxlen: 22
                          185.252.88.0/23 maxlen: 23
                          185.252.90.0/23 maxlen: 23
                          2a0c:2440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/smbm5NXff4olZUFEdV172ZLnNTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/smbm5NXff4olZUFEdV172ZLnNTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/smbm5NXff4olZUFEdV172ZLnNTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:88:db:1f:5b:2a:fa:13:db:84:c0:63:f5:1f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b266e6e4d5df7f8a25654144755d7bd992e73539
        Validity
            Not Before: Jan  2 12:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcd060297c35cbefcc03c24b5c2ebe7badfc1ac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:b8:4a:87:de:67:5c:d8:f9:91:cc:d5:ea:e8:
                    67:df:0b:85:92:a9:c2:fa:1e:bc:61:47:8e:a3:16:
                    7f:ed:36:fa:80:c7:bf:b8:4c:43:55:d6:72:41:58:
                    cb:42:47:12:8b:44:3a:26:4e:f2:72:0a:59:1e:0f:
                    d5:bf:58:3c:c3:39:de:cb:95:ad:6a:4c:91:7c:bc:
                    44:16:0e:77:43:96:8f:69:ba:30:7a:96:91:3b:8e:
                    0b:b5:3b:5c:6d:44:69:6a:81:26:40:b3:c6:a9:f1:
                    b1:a1:18:f1:99:5e:34:78:e0:c3:00:19:e0:08:c0:
                    a1:be:7a:3c:64:a3:81:dd:44:7c:86:c0:a4:28:82:
                    10:01:03:83:86:24:7e:71:ac:05:75:a9:b1:eb:cd:
                    bd:02:be:3e:6a:14:6a:cc:00:ed:c3:78:83:ae:cc:
                    14:00:fa:72:9b:f7:91:99:77:eb:f2:25:a9:57:8b:
                    cb:bc:c9:f3:69:fc:29:ad:a7:fc:32:1d:41:68:b6:
                    a9:16:6a:31:3b:3f:79:4d:48:05:7d:4b:44:5d:54:
                    c4:f8:16:03:db:41:80:2b:88:53:72:8d:a3:57:1e:
                    c0:e4:09:b4:1e:7e:68:49:23:a9:17:2e:fc:e4:5a:
                    bc:de:7b:e2:27:33:2a:10:93:e0:68:9a:ac:f1:a5:
                    19:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:D0:60:29:7C:35:CB:EF:CC:03:C2:4B:5C:2E:BE:7B:AD:FC:1A:C5
            X509v3 Authority Key Identifier:
                keyid:B2:66:E6:E4:D5:DF:7F:8A:25:65:41:44:75:5D:7B:D9:92:E7:35:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/smbm5NXff4olZUFEdV172ZLnNTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/_NBgKXw1y-_MA8JLXC6-e638GsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/smbm5NXff4olZUFEdV172ZLnNTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.88.0/22
                IPv6:
                  2a0c:2440::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:65:07:01:35:e3:af:8c:17:44:5a:44:75:f1:ab:27:04:4c:
         c1:ba:c1:93:d5:52:de:79:17:9c:f7:04:e4:fc:88:df:2e:de:
         00:7d:e4:d0:8e:56:3c:b3:ed:2d:7a:ca:9e:9c:8d:3d:55:8e:
         20:13:eb:35:da:11:75:fb:51:db:d8:7b:7d:4c:07:72:16:5b:
         86:03:8c:e6:e7:1f:9e:c5:c3:56:f6:6f:78:a8:25:c0:ab:46:
         32:1c:3e:72:8e:82:fd:34:3a:c4:88:6c:ae:67:55:ed:cf:59:
         a6:d6:be:78:30:d4:2d:f4:d3:94:24:4c:61:12:aa:36:0b:c9:
         39:5e:22:e3:d2:0a:44:1d:3d:f0:ee:5e:9b:74:df:e1:7a:54:
         45:6d:d1:42:84:3b:60:44:ce:f8:ec:e6:e0:e1:d0:df:61:f1:
         d3:3e:65:c0:85:a6:6f:cb:e5:5d:f9:02:10:c1:d3:37:08:c6:
         0f:e5:5e:59:55:fa:32:a3:53:35:37:fe:3d:4c:10:55:26:37:
         41:86:dd:aa:ff:95:37:3a:69:a3:1b:7d:48:77:57:ac:e9:33:
         e2:56:e3:0c:8e:2f:c8:ff:fb:12:ff:08:1e:bc:ff:4a:84:1c:
         a0:0b:c9:7b:36:2e:86:0c:98:e9:9d:8c:9e:3e:56:b8:48:99:
         05:46:5a:a1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK4jbH1sq+hPbhMBj9R8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNjZlNmU0ZDVkZjdmOGEyNTY1NDE0NDc1NWQ3YmQ5OTJl
NzM1MzkwHhcNMjQwMTAyMTIzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2QwNjAyOTdjMzVjYmVmY2MwM2MyNGI1YzJlYmU3YmFkZmMxYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7rhKh95nXNj5kczV6uhn3wuFkqnC
+h68YUeOoxZ/7Tb6gMe/uExDVdZyQVjLQkcSi0Q6Jk7ycgpZHg/Vv1g8wzney5Wt
akyRfLxEFg53Q5aPabowepaRO44LtTtcbURpaoEmQLPGqfGxoRjxmV40eODDABng
CMChvno8ZKOB3UR8hsCkKIIQAQODhiR+cawFdamx6829Ar4+ahRqzADtw3iDrswU
APpym/eRmXfr8iWpV4vLvMnzafwpraf8Mh1BaLapFmoxOz95TUgFfUtEXVTE+BYD
20GAK4hTco2jVx7A5Am0Hn5oSSOpFy785Fq83nviJzMqEJPgaJqs8aUZxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPzQYCl8NcvvzAPCS1wuvnut/BrFMB8GA1UdIwQY
MBaAFLJm5uTV33+KJWVBRHVde9mS5zU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc21ibTVOWGZmNG9sWlVGRWRWMTcyWkxuTlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9lYzg4MDEtMGE3Yy00ODdlLWExMDMt
NTI1ZDdlMjJjNzg4LzEvX05CZ0tYdzF5LV9NQThKTFhDNi1lNjM4R3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9lYzg4MDEtMGE3Yy00ODdlLWExMDMtNTI1ZDdlMjJjNzg4
LzEvc21ibTVOWGZmNG9sWlVGRWRWMTcyWkxuTlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufxYMA0E
AgACMAcDBQMqDCRAMA0GCSqGSIb3DQEBCwUAA4IBAQA0ZQcBNeOvjBdEWkR18asn
BEzBusGT1VLeeRec9wTk/IjfLt4AfeTQjlY8s+0tesqenI09VY4gE+s12hF1+1Hb
2Ht9TAdyFluGA4zm5x+excNW9m94qCXAq0YyHD5yjoL9NDrEiGyuZ1Xtz1mm1r54
MNQt9NOUJExhEqo2C8k5XiLj0gpEHT3w7l6bdN/helRFbdFChDtgRM747Obg4dDf
YfHTPmXAhaZvy+Vd+QIQwdM3CMYP5V5ZVfoyo1M1N/49TBBVJjdBht2q/5U3Ommj
G31Id1es6TPiVuMMji/I//sS/wgevP9KhBygC8l7Ni6GDJjpnYyePla4SJkFRlqh
-----END CERTIFICATE-----