Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/cac593-6074-4221-befd-0a892ab47db3/1/heyDeOe_dlplpAZ5OB-3vRJYruI.roa
File:                     heyDeOe_dlplpAZ5OB-3vRJYruI.roa (raw, json)
Hash identifier:          BCgKidjJhVeIFl1h1ZYfHWnBXYcWEEGEdLTUZOOA6SI=
Subject key identifier:   85:EC:83:78:E7:BF:76:5A:65:A4:06:79:38:1F:B7:BD:12:58:AE:E2
Certificate issuer:       /CN=4557df3e546d56dbb5d230f611c724c599a72251
Certificate serial:       018CC56ED2080D1EB62DDE8454AB27E0866A
Authority key identifier: 45:57:DF:3E:54:6D:56:DB:B5:D2:30:F6:11:C7:24:C5:99:A7:22:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RVffPlRtVtu10jD2EcckxZmnIlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/cac593-6074-4221-befd-0a892ab47db3/1/heyDeOe_dlplpAZ5OB-3vRJYruI.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        88.218.132.0/22 maxlen: 22
                          2a09:aa80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/cac593-6074-4221-befd-0a892ab47db3/1/RVffPlRtVtu10jD2EcckxZmnIlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/cac593-6074-4221-befd-0a892ab47db3/1/RVffPlRtVtu10jD2EcckxZmnIlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RVffPlRtVtu10jD2EcckxZmnIlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d2:08:0d:1e:b6:2d:de:84:54:ab:27:e0:86:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4557df3e546d56dbb5d230f611c724c599a72251
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85ec8378e7bf765a65a40679381fb7bd1258aee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d0:86:2c:97:1c:fc:38:da:2d:d5:c3:a5:10:
                    63:84:8d:ef:04:e5:34:e9:0c:6e:1a:af:a2:eb:fd:
                    10:a3:92:ac:8a:54:bb:b9:db:a7:d6:91:0b:90:94:
                    8f:58:f7:3c:9b:1f:3f:c0:48:fe:62:45:14:98:17:
                    54:a5:70:45:2e:6a:d5:b7:5d:89:e7:6f:92:16:84:
                    49:e1:77:56:83:1e:6e:32:39:37:3a:5d:3d:ab:16:
                    4d:25:e1:8c:29:41:ec:15:0e:22:67:55:5f:3b:37:
                    65:28:9c:6b:f7:ab:b0:ba:7b:c9:36:de:db:13:50:
                    fd:c6:ad:41:2e:5a:a3:38:1f:40:1e:b2:6b:fb:6e:
                    f4:1d:06:02:1f:9b:a5:0f:98:67:60:c6:19:b9:63:
                    a0:cd:2f:53:49:51:c3:0a:28:3c:5e:e9:00:9d:43:
                    e3:e0:01:5f:f2:7e:54:c2:7a:b1:24:f4:f2:2e:46:
                    28:70:d1:64:40:af:b0:f6:64:86:ea:4f:f3:d8:7b:
                    40:c5:cb:9b:f1:59:8f:7a:59:12:6e:8a:5d:1e:09:
                    fe:d0:0b:21:6d:dd:55:8b:70:ad:67:5f:8a:30:74:
                    d2:8d:c0:af:7d:87:dd:ab:29:5e:ad:b0:83:a6:44:
                    91:5b:46:5b:e0:7e:b3:58:de:04:f1:02:07:cd:b2:
                    02:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:EC:83:78:E7:BF:76:5A:65:A4:06:79:38:1F:B7:BD:12:58:AE:E2
            X509v3 Authority Key Identifier:
                keyid:45:57:DF:3E:54:6D:56:DB:B5:D2:30:F6:11:C7:24:C5:99:A7:22:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RVffPlRtVtu10jD2EcckxZmnIlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/cac593-6074-4221-befd-0a892ab47db3/1/heyDeOe_dlplpAZ5OB-3vRJYruI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/cac593-6074-4221-befd-0a892ab47db3/1/RVffPlRtVtu10jD2EcckxZmnIlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.132.0/22
                IPv6:
                  2a09:aa80::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:82:59:29:db:ac:e0:7b:14:2a:0f:70:73:40:c5:7c:13:09:
         59:82:70:08:61:67:d5:57:bd:84:03:e7:c6:a7:2b:15:ec:33:
         60:ac:bf:05:13:2b:7a:35:ea:d5:48:19:fc:9b:53:56:82:94:
         bc:74:64:f6:67:c7:df:42:e5:f0:67:46:13:ff:a3:bc:37:73:
         ac:52:74:62:c3:42:0e:e1:1b:3c:72:a2:5d:4d:15:3a:00:fd:
         53:bb:ca:13:00:e3:41:48:4d:78:09:02:b4:6b:41:17:f1:e9:
         9f:44:78:ca:ae:a6:a6:38:8b:c3:01:19:49:22:32:f6:de:a0:
         db:68:6a:bd:72:19:56:ec:ea:76:ce:bc:66:ec:a7:3d:40:b2:
         fa:2d:4f:37:9b:64:68:fc:d5:80:fd:60:c1:28:6c:e4:e7:10:
         8e:06:98:66:a7:dd:4f:0f:6d:2f:68:b8:b2:0f:2c:77:49:fa:
         96:f5:b6:6b:93:0a:f5:91:f1:b3:60:15:d5:05:80:0f:b0:c2:
         0a:45:cf:c4:99:bc:08:af:61:b9:65:78:15:75:b3:7b:d6:e2:
         ce:e6:6f:54:bc:a5:c4:db:eb:fd:8f:16:3e:a6:84:7b:ee:7f:
         75:b3:5c:47:58:e8:ee:51:26:75:14:ba:26:0e:0d:ee:47:e5:
         66:dd:d7:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtIIDR62Ld6EVKsn4IZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NTdkZjNlNTQ2ZDU2ZGJiNWQyMzBmNjExYzcyNGM1OTlh
NzIyNTEwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWVjODM3OGU3YmY3NjVhNjVhNDA2NzkzODFmYjdiZDEyNThhZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttCGLJcc/DjaLdXDpRBjhI3vBOU0
6QxuGq+i6/0Qo5KsilS7udun1pELkJSPWPc8mx8/wEj+YkUUmBdUpXBFLmrVt12J
52+SFoRJ4XdWgx5uMjk3Ol09qxZNJeGMKUHsFQ4iZ1VfOzdlKJxr96uwunvJNt7b
E1D9xq1BLlqjOB9AHrJr+270HQYCH5ulD5hnYMYZuWOgzS9TSVHDCig8XukAnUPj
4AFf8n5UwnqxJPTyLkYocNFkQK+w9mSG6k/z2HtAxcub8VmPelkSbopdHgn+0Ash
bd1Vi3CtZ1+KMHTSjcCvfYfdqylerbCDpkSRW0Zb4H6zWN4E8QIHzbICGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIXsg3jnv3ZaZaQGeTgft70SWK7iMB8GA1UdIwQY
MBaAFEVX3z5UbVbbtdIw9hHHJMWZpyJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlZmZlBsUnRWdHUxMGpEMkVjY2t4Wm1uSWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jYWM1OTMtNjA3NC00MjIxLWJlZmQt
MGE4OTJhYjQ3ZGIzLzEvaGV5RGVPZV9kbHBscEFaNU9CLTN2UkpZcnVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jYWM1OTMtNjA3NC00MjIxLWJlZmQtMGE4OTJhYjQ3ZGIz
LzEvUlZmZlBsUnRWdHUxMGpEMkVjY2t4Wm1uSWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCWNqEMA0E
AgACMAcDBQAqCaqAMA0GCSqGSIb3DQEBCwUAA4IBAQAXglkp26zgexQqD3BzQMV8
EwlZgnAIYWfVV72EA+fGpysV7DNgrL8FEyt6NerVSBn8m1NWgpS8dGT2Z8ffQuXw
Z0YT/6O8N3OsUnRiw0IO4Rs8cqJdTRU6AP1Tu8oTAONBSE14CQK0a0EX8emfRHjK
rqamOIvDARlJIjL23qDbaGq9chlW7Op2zrxm7Kc9QLL6LU83m2Ro/NWA/WDBKGzk
5xCOBphmp91PD20vaLiyDyx3SfqW9bZrkwr1kfGzYBXVBYAPsMIKRc/EmbwIr2G5
ZXgVdbN71uLO5m9UvKXE2+v9jxY+poR77n91s1xHWOjuUSZ1FLomDg3uR+Vm3deR
-----END CERTIFICATE-----