Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/bc2e97-3b11-49ad-b730-47936f8662be/1/88NSo5kcktbzSneBeb_02dgugIg.roa
File:                     88NSo5kcktbzSneBeb_02dgugIg.roa (raw, json)
Hash identifier:          U2Q2sX26XfalPFpBSDaRqqZwgjwHfOLx7YirRwn4qPo=
Subject key identifier:   F3:C3:52:A3:99:1C:92:D6:F3:4A:77:81:79:BF:F4:D9:D8:2E:80:88
Certificate issuer:       /CN=ed0c0ff3b474e760e8474a2c3d0eedb5be5398a6
Certificate serial:       018CC348AF08FF5D633A16B2C6A4754C1E73
Authority key identifier: ED:0C:0F:F3:B4:74:E7:60:E8:47:4A:2C:3D:0E:ED:B5:BE:53:98:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7QwP87R052DoR0osPQ7ttb5TmKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/bc2e97-3b11-49ad-b730-47936f8662be/1/88NSo5kcktbzSneBeb_02dgugIg.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        5.253.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/bc2e97-3b11-49ad-b730-47936f8662be/1/7QwP87R052DoR0osPQ7ttb5TmKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/bc2e97-3b11-49ad-b730-47936f8662be/1/7QwP87R052DoR0osPQ7ttb5TmKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7QwP87R052DoR0osPQ7ttb5TmKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:af:08:ff:5d:63:3a:16:b2:c6:a4:75:4c:1e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed0c0ff3b474e760e8474a2c3d0eedb5be5398a6
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3c352a3991c92d6f34a778179bff4d9d82e8088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ed:a6:73:0e:01:42:cc:64:c0:91:db:63:dc:
                    dd:94:c8:23:09:fa:a4:fd:b7:d3:34:9c:a2:e4:6a:
                    ab:5a:b0:a1:47:d6:95:c4:f6:d0:e2:5e:f9:00:ec:
                    b3:e6:8f:bb:52:c2:d4:30:e4:09:9b:4f:79:8a:43:
                    04:17:25:6a:22:35:2e:3e:41:ce:29:7c:01:21:80:
                    18:e7:d6:b0:5d:60:46:c2:2c:e7:f5:95:63:ed:0b:
                    b6:75:f3:56:5c:12:16:4e:ff:fc:62:ee:e6:60:28:
                    0c:a1:77:65:e1:cb:3b:5b:61:51:5c:19:23:04:ea:
                    f7:6e:f8:06:30:a2:d9:53:06:8d:fc:ee:72:d5:00:
                    49:51:71:ed:91:75:0b:e9:ff:3a:2a:25:b5:46:ab:
                    bf:21:3c:43:48:b0:40:f9:6d:b6:fa:9a:cc:a0:c7:
                    1e:47:5e:43:55:ce:08:e8:92:94:7c:6d:e5:99:ea:
                    cc:1e:eb:4c:32:5a:19:42:5f:8f:13:ff:ea:69:f9:
                    38:71:64:3a:c8:33:82:96:d6:0a:05:f0:40:dd:2a:
                    d7:69:3b:66:73:e7:2c:55:6c:0f:b8:fc:8d:cc:b9:
                    8b:9f:0d:7a:b2:5f:29:b6:04:bd:62:b7:c3:e8:2e:
                    c4:79:0e:0e:90:59:dc:d1:91:a8:00:63:b2:68:cd:
                    a2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C3:52:A3:99:1C:92:D6:F3:4A:77:81:79:BF:F4:D9:D8:2E:80:88
            X509v3 Authority Key Identifier:
                keyid:ED:0C:0F:F3:B4:74:E7:60:E8:47:4A:2C:3D:0E:ED:B5:BE:53:98:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7QwP87R052DoR0osPQ7ttb5TmKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/bc2e97-3b11-49ad-b730-47936f8662be/1/88NSo5kcktbzSneBeb_02dgugIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/bc2e97-3b11-49ad-b730-47936f8662be/1/7QwP87R052DoR0osPQ7ttb5TmKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:02:da:c1:fc:41:87:05:ed:8a:e2:e3:59:98:d3:36:3c:0f:
         32:e1:df:15:ba:7a:ca:50:c0:53:e8:a4:e0:24:8f:6c:86:ed:
         ae:af:db:fb:e4:b6:70:70:5b:5e:51:77:af:be:c6:78:25:7a:
         e6:29:8e:e1:1a:79:1c:c7:4f:79:52:70:b8:69:6d:2d:ff:20:
         0e:22:86:fe:cb:e2:06:70:a2:51:36:2c:a9:bb:6c:e4:bf:97:
         b5:b3:4e:ac:47:36:5f:1c:30:be:34:fb:30:3d:7a:90:26:ad:
         e4:9f:fe:ee:d7:11:03:95:81:26:af:56:91:6a:53:1c:4e:12:
         9a:b2:c8:c1:17:44:f1:a1:56:37:49:83:e8:93:1e:7c:02:75:
         7c:be:53:69:fc:3b:78:ed:24:27:e1:b0:68:fc:e6:b8:bf:15:
         56:81:c6:31:15:ab:f3:a2:92:9c:c0:e4:58:92:99:f6:1f:48:
         4d:73:70:e7:4b:10:29:e9:06:78:83:59:ed:22:4b:80:5a:68:
         4a:93:01:dd:4e:1b:d5:2c:10:fb:46:04:41:45:e7:5e:3b:6d:
         9d:81:39:e9:4e:ab:ac:2e:73:b2:89:1c:2c:ae:c2:ee:f8:09:
         e1:0d:fb:ab:90:d3:56:57:e7:3a:c9:50:ba:3f:ff:86:f5:a9:
         37:03:54:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSK8I/11jOhayxqR1TB5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMGMwZmYzYjQ3NGU3NjBlODQ3NGEyYzNkMGVlZGI1YmU1
Mzk4YTYwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2MzNTJhMzk5MWM5MmQ2ZjM0YTc3ODE3OWJmZjRkOWQ4MmU4MDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+2mcw4BQsxkwJHbY9zdlMgjCfqk
/bfTNJyi5GqrWrChR9aVxPbQ4l75AOyz5o+7UsLUMOQJm095ikMEFyVqIjUuPkHO
KXwBIYAY59awXWBGwizn9ZVj7Qu2dfNWXBIWTv/8Yu7mYCgMoXdl4cs7W2FRXBkj
BOr3bvgGMKLZUwaN/O5y1QBJUXHtkXUL6f86KiW1Rqu/ITxDSLBA+W22+prMoMce
R15DVc4I6JKUfG3lmerMHutMMloZQl+PE//qafk4cWQ6yDOCltYKBfBA3SrXaTtm
c+csVWwPuPyNzLmLnw16sl8ptgS9YrfD6C7EeQ4OkFnc0ZGoAGOyaM2iKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPDUqOZHJLW80p3gXm/9NnYLoCIMB8GA1UdIwQY
MBaAFO0MD/O0dOdg6EdKLD0O7bW+U5imMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1F3UDg3UjA1MkRvUjBvc1BRN3R0YjVUbUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iYzJlOTctM2IxMS00OWFkLWI3MzAt
NDc5MzZmODY2MmJlLzEvODhOU281a2NrdGJ6U25lQmViXzAyZGd1Z0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iYzJlOTctM2IxMS00OWFkLWI3MzAtNDc5MzZmODY2MmJl
LzEvN1F3UDg3UjA1MkRvUjBvc1BRN3R0YjVUbUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf3iMA0G
CSqGSIb3DQEBCwUAA4IBAQCoAtrB/EGHBe2K4uNZmNM2PA8y4d8VunrKUMBT6KTg
JI9shu2ur9v75LZwcFteUXevvsZ4JXrmKY7hGnkcx095UnC4aW0t/yAOIob+y+IG
cKJRNiypu2zkv5e1s06sRzZfHDC+NPswPXqQJq3kn/7u1xEDlYEmr1aRalMcThKa
ssjBF0TxoVY3SYPokx58AnV8vlNp/Dt47SQn4bBo/Oa4vxVWgcYxFavzopKcwORY
kpn2H0hNc3DnSxAp6QZ4g1ntIkuAWmhKkwHdThvVLBD7RgRBRedeO22dgTnpTqus
LnOyiRwsrsLu+AnhDfurkNNWV+c6yVC6P/+G9ak3A1TS
-----END CERTIFICATE-----