Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/dkWnsOoyUTbfxqNU9uHUGVR0Dc4.roa
File:                     dkWnsOoyUTbfxqNU9uHUGVR0Dc4.roa (raw, json)
Hash identifier:          VM8ow5627ltdxk6iWQFJ0TYn/m0TqT25beWq2uXHHIU=
Subject key identifier:   76:45:A7:B0:EA:32:51:36:DF:C6:A3:54:F6:E1:D4:19:54:74:0D:CE
Certificate issuer:       /CN=9588fb4b0fb07b2b52e30d9219898f28cfbc9a2d
Certificate serial:       018CC42561AFF09A8F4733A54CCAF2528EFB
Authority key identifier: 95:88:FB:4B:0F:B0:7B:2B:52:E3:0D:92:19:89:8F:28:CF:BC:9A:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYj7Sw-weytS4w2SGYmPKM-8mi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/dkWnsOoyUTbfxqNU9uHUGVR0Dc4.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57443
IP address blocks:        193.57.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/lYj7Sw-weytS4w2SGYmPKM-8mi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/lYj7Sw-weytS4w2SGYmPKM-8mi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYj7Sw-weytS4w2SGYmPKM-8mi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:61:af:f0:9a:8f:47:33:a5:4c:ca:f2:52:8e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9588fb4b0fb07b2b52e30d9219898f28cfbc9a2d
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7645a7b0ea325136dfc6a354f6e1d41954740dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:86:ab:11:6d:a6:3a:8f:aa:71:0d:1d:c7:c1:
                    9b:6d:f7:71:d4:d7:df:24:21:4a:fa:95:49:72:62:
                    d5:13:97:98:c8:59:c4:ed:fd:e5:f7:5c:22:c6:99:
                    8b:cd:49:4b:02:51:12:a7:86:72:51:c6:21:17:cb:
                    3c:0f:8f:4f:43:dc:f6:98:49:54:3f:26:09:34:36:
                    67:2b:2d:63:14:5a:e2:5f:5b:1b:05:4d:90:f6:d2:
                    a5:f2:e5:2b:84:d0:02:51:fe:d0:af:af:5f:e0:dc:
                    85:0c:2d:a2:05:90:a7:7f:38:dc:aa:d6:7c:63:f8:
                    25:bc:3d:44:7f:03:7a:49:78:3e:ae:57:cc:d8:be:
                    9b:43:5e:07:64:27:f9:e2:ef:16:f2:86:36:95:88:
                    51:ee:48:81:e7:be:9d:91:59:0b:7e:65:b5:5d:e6:
                    23:88:9e:6c:a8:10:0f:b9:51:9c:c5:4d:54:29:cb:
                    c0:d4:d2:46:cd:26:ed:f4:8d:31:41:f1:e2:72:13:
                    aa:18:a3:da:d9:d8:f3:6f:3e:ae:4a:90:6a:da:68:
                    ee:49:31:24:17:f5:64:25:5f:9b:80:93:1c:a1:44:
                    83:20:bb:d1:24:5b:c9:e4:e2:dc:bc:db:de:b4:40:
                    ff:71:93:de:33:b9:be:31:df:03:00:7e:d2:c1:43:
                    05:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:45:A7:B0:EA:32:51:36:DF:C6:A3:54:F6:E1:D4:19:54:74:0D:CE
            X509v3 Authority Key Identifier:
                keyid:95:88:FB:4B:0F:B0:7B:2B:52:E3:0D:92:19:89:8F:28:CF:BC:9A:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYj7Sw-weytS4w2SGYmPKM-8mi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/dkWnsOoyUTbfxqNU9uHUGVR0Dc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/lYj7Sw-weytS4w2SGYmPKM-8mi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:3c:7c:65:94:ea:a5:24:a7:43:1a:2b:e5:1d:a9:27:53:1f:
         1e:61:88:0b:6e:ba:c0:f0:68:4e:73:35:a3:48:d4:48:8b:dd:
         26:98:63:b2:4e:c5:33:4b:70:07:e0:a5:de:31:9a:46:c4:72:
         be:94:63:fa:34:dc:e6:1b:7f:b2:04:ea:37:f9:26:07:10:15:
         a4:41:be:f4:8c:4d:e8:d5:f1:fe:a6:cf:97:50:ff:9a:23:56:
         b7:42:7a:07:82:0f:9c:b2:e7:4c:65:04:45:5e:29:30:01:17:
         24:b8:25:9d:94:9d:27:8c:db:1f:b1:63:68:8c:8c:7c:19:bc:
         d7:7e:ac:5e:02:b2:7a:b2:d6:db:47:48:75:26:dc:c8:f4:ea:
         49:cc:7f:19:ba:8a:8c:c7:24:a7:fb:95:8a:8c:10:af:f7:5e:
         9c:ab:5e:8e:9e:00:b9:94:9f:bc:eb:e3:a1:e6:f1:fa:da:33:
         dc:ad:3a:64:3a:72:d6:01:46:a9:c9:8b:5d:ef:d7:3c:a9:f3:
         8b:5b:de:64:04:72:05:2b:b0:dd:84:24:2c:eb:f3:bf:13:4f:
         71:93:fa:ee:ca:71:01:fd:ee:dd:9b:38:21:a9:54:36:c9:b0:
         03:40:97:e0:e6:b5:2f:00:59:43:94:bd:94:38:b5:c4:15:6b:
         54:5d:37:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWGv8JqPRzOlTMryUo77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODhmYjRiMGZiMDdiMmI1MmUzMGQ5MjE5ODk4ZjI4Y2Zi
YzlhMmQwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjQ1YTdiMGVhMzI1MTM2ZGZjNmEzNTRmNmUxZDQxOTU0NzQwZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIarEW2mOo+qcQ0dx8Gbbfdx1Nff
JCFK+pVJcmLVE5eYyFnE7f3l91wixpmLzUlLAlESp4ZyUcYhF8s8D49PQ9z2mElU
PyYJNDZnKy1jFFriX1sbBU2Q9tKl8uUrhNACUf7Qr69f4NyFDC2iBZCnfzjcqtZ8
Y/glvD1EfwN6SXg+rlfM2L6bQ14HZCf54u8W8oY2lYhR7kiB576dkVkLfmW1XeYj
iJ5sqBAPuVGcxU1UKcvA1NJGzSbt9I0xQfHichOqGKPa2djzbz6uSpBq2mjuSTEk
F/VkJV+bgJMcoUSDILvRJFvJ5OLcvNvetED/cZPeM7m+Md8DAH7SwUMF/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZFp7DqMlE238ajVPbh1BlUdA3OMB8GA1UdIwQY
MBaAFJWI+0sPsHsrUuMNkhmJjyjPvJotMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlqN1N3LXdleXRTNHcyU0dZbVBLTS04bWkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mYjg1ZDMtNjY2MC00MzBlLTlhYzct
ODZkMmMzMTFkYjE3LzEvZGtXbnNPb3lVVGJmeHFOVTl1SFVHVlIwRGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mYjg1ZDMtNjY2MC00MzBlLTlhYzctODZkMmMzMTFkYjE3
LzEvbFlqN1N3LXdleXRTNHcyU0dZbVBLTS04bWkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTnQMA0G
CSqGSIb3DQEBCwUAA4IBAQA+PHxllOqlJKdDGivlHaknUx8eYYgLbrrA8GhOczWj
SNRIi90mmGOyTsUzS3AH4KXeMZpGxHK+lGP6NNzmG3+yBOo3+SYHEBWkQb70jE3o
1fH+ps+XUP+aI1a3QnoHgg+csudMZQRFXikwARckuCWdlJ0njNsfsWNojIx8GbzX
fqxeArJ6stbbR0h1JtzI9OpJzH8ZuoqMxySn+5WKjBCv916cq16OngC5lJ+86+Oh
5vH62jPcrTpkOnLWAUapyYtd79c8qfOLW95kBHIFK7DdhCQs6/O/E09xk/ruynEB
/e7dmzghqVQ2ybADQJfg5rUvAFlDlL2UOLXEFWtUXTft
-----END CERTIFICATE-----