Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/Id8c8XTEpBEaBogF4ph1ZHd9dLc.roa
File:                     Id8c8XTEpBEaBogF4ph1ZHd9dLc.roa (raw, json)
Hash identifier:          aH0v0T2/HkIK2OuYX4iMr5dnlF13/9+CuSUPeAKBvWE=
Subject key identifier:   21:DF:1C:F1:74:C4:A4:11:1A:06:88:05:E2:98:75:64:77:7D:74:B7
Certificate issuer:       /CN=0ee296b60c038cdc6bfef4c060b1406164ec868c
Certificate serial:       018EA4D681E02BA32226B1EDB4CBA578CDF2
Authority key identifier: 0E:E2:96:B6:0C:03:8C:DC:6B:FE:F4:C0:60:B1:40:61:64:EC:86:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DuKWtgwDjNxr_vTAYLFAYWTshow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/Id8c8XTEpBEaBogF4ph1ZHd9dLc.roa
Signing time:             Wed 03 Apr 2024 16:41:45 +0000
ROA not before:           Wed 03 Apr 2024 16:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202503
IP address blocks:        193.111.52.0/22 maxlen: 22
                          193.111.52.0/23 maxlen: 23
                          193.111.53.0/25 maxlen: 25
                          193.111.54.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/DuKWtgwDjNxr_vTAYLFAYWTshow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/DuKWtgwDjNxr_vTAYLFAYWTshow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DuKWtgwDjNxr_vTAYLFAYWTshow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:d6:81:e0:2b:a3:22:26:b1:ed:b4:cb:a5:78:cd:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee296b60c038cdc6bfef4c060b1406164ec868c
        Validity
            Not Before: Apr  3 16:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21df1cf174c4a4111a068805e2987564777d74b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:67:c6:66:39:9c:0e:6d:1b:9b:5b:77:f8:b3:
                    3a:98:64:65:80:ce:7d:17:aa:f0:bf:1e:1e:be:55:
                    7b:81:c1:28:b8:85:d3:03:c0:ac:4c:c5:3e:91:9a:
                    b8:a4:e1:f4:42:36:e2:e9:47:9b:ad:2f:97:9c:88:
                    15:1f:05:2c:a0:dc:c0:fc:8d:a7:71:cd:4f:de:79:
                    a5:48:94:fb:8d:a3:46:86:bf:87:1f:74:b1:bf:46:
                    ba:c3:5a:ad:9e:de:05:67:62:a9:85:40:c1:16:fa:
                    41:29:8b:0d:6e:2d:4a:6f:97:64:a4:31:f4:d0:b5:
                    0a:4a:24:bb:f0:6e:d5:f7:19:0e:3b:3e:74:28:da:
                    59:60:49:9e:47:a1:10:0a:6d:78:b1:9b:40:e8:f0:
                    cb:c8:85:3f:4b:87:9b:65:c5:9f:1d:2c:e6:96:4d:
                    9a:da:40:f8:eb:34:98:0f:4e:72:2f:c4:7d:ec:95:
                    99:b7:35:29:11:da:8e:0d:02:7e:ef:3b:16:db:e4:
                    ac:db:a8:18:7d:ec:e4:57:64:e2:3a:88:99:45:b4:
                    31:b6:a7:c1:65:9a:e8:c3:de:60:f4:f0:b4:c7:84:
                    a9:3e:e1:91:09:04:bf:69:e4:bc:76:ae:46:4c:57:
                    d4:d6:bf:af:2a:dd:af:22:6b:ec:2f:29:f5:fb:d7:
                    98:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:DF:1C:F1:74:C4:A4:11:1A:06:88:05:E2:98:75:64:77:7D:74:B7
            X509v3 Authority Key Identifier:
                keyid:0E:E2:96:B6:0C:03:8C:DC:6B:FE:F4:C0:60:B1:40:61:64:EC:86:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DuKWtgwDjNxr_vTAYLFAYWTshow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/Id8c8XTEpBEaBogF4ph1ZHd9dLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/DuKWtgwDjNxr_vTAYLFAYWTshow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:9d:3f:ac:7a:17:1b:36:5e:87:e9:da:3b:85:b3:83:a8:5d:
         30:10:d7:e9:34:70:d5:f4:6e:79:89:ff:9a:04:ae:56:d0:17:
         a5:01:2c:08:44:7d:68:13:7d:e3:1a:f4:da:66:f7:3c:f4:0a:
         c4:92:18:26:94:cc:98:5a:38:22:be:72:6a:9f:60:92:8a:6e:
         ac:16:38:88:ee:98:c0:cf:e8:99:39:72:e8:69:1a:72:f0:60:
         90:87:ed:f1:2d:43:40:cd:ff:b9:73:94:b7:30:ef:af:db:dc:
         a6:99:94:ab:07:78:c2:d4:b1:3b:92:fa:40:0e:5f:50:6a:be:
         64:6c:c3:f2:80:ed:6f:18:38:3a:3d:17:c4:19:2b:9b:03:d1:
         96:db:2a:be:91:fa:ac:37:15:d9:c9:4d:73:00:8b:63:d1:c5:
         45:aa:48:7d:93:cc:26:81:03:91:b1:7f:68:43:e7:dc:79:21:
         e2:dd:c3:2f:b6:b7:4f:c6:9e:8e:3c:20:f8:aa:85:dc:5d:18:
         15:71:69:dd:5c:d1:76:82:16:6c:f1:71:b4:ac:d8:ce:48:e9:
         92:cc:91:15:0f:b4:82:5c:fc:f4:dd:a6:39:6a:51:62:a9:f2:
         28:13:93:c7:41:0e:f0:70:67:be:05:c6:f0:3c:82:39:08:fb:
         79:4a:a1:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6k1oHgK6MiJrHttMuleM3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZTI5NmI2MGMwMzhjZGM2YmZlZjRjMDYwYjE0MDYxNjRl
Yzg2OGMwHhcNMjQwNDAzMTY0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWRmMWNmMTc0YzRhNDExMWEwNjg4MDVlMjk4NzU2NDc3N2Q3NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02fGZjmcDm0bm1t3+LM6mGRlgM59
F6rwvx4evlV7gcEouIXTA8CsTMU+kZq4pOH0Qjbi6UebrS+XnIgVHwUsoNzA/I2n
cc1P3nmlSJT7jaNGhr+HH3Sxv0a6w1qtnt4FZ2KphUDBFvpBKYsNbi1Kb5dkpDH0
0LUKSiS78G7V9xkOOz50KNpZYEmeR6EQCm14sZtA6PDLyIU/S4ebZcWfHSzmlk2a
2kD46zSYD05yL8R97JWZtzUpEdqODQJ+7zsW2+Ss26gYfezkV2TiOoiZRbQxtqfB
ZZrow95g9PC0x4SpPuGRCQS/aeS8dq5GTFfU1r+vKt2vImvsLyn1+9eYLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHfHPF0xKQRGgaIBeKYdWR3fXS3MB8GA1UdIwQY
MBaAFA7ilrYMA4zca/70wGCxQGFk7IaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHVLV3Rnd0RqTnhyX3ZUQVlMRkFZV1RzaG93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8wY2QwZTctMmRhOS00MDJiLThhNDkt
ZjVjODA1ZjAyNTViLzEvSWQ4YzhYVEVwQkVhQm9nRjRwaDFaSGQ5ZExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8wY2QwZTctMmRhOS00MDJiLThhNDktZjVjODA1ZjAyNTVi
LzEvRHVLV3Rnd0RqTnhyX3ZUQVlMRkFZV1RzaG93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW80MA0G
CSqGSIb3DQEBCwUAA4IBAQARnT+sehcbNl6H6do7hbODqF0wENfpNHDV9G55if+a
BK5W0BelASwIRH1oE33jGvTaZvc89ArEkhgmlMyYWjgivnJqn2CSim6sFjiI7pjA
z+iZOXLoaRpy8GCQh+3xLUNAzf+5c5S3MO+v29ymmZSrB3jC1LE7kvpADl9Qar5k
bMPygO1vGDg6PRfEGSubA9GW2yq+kfqsNxXZyU1zAItj0cVFqkh9k8wmgQORsX9o
Q+fceSHi3cMvtrdPxp6OPCD4qoXcXRgVcWndXNF2ghZs8XG0rNjOSOmSzJEVD7SC
XPz03aY5alFiqfIoE5PHQQ7wcGe+BcbwPII5CPt5SqGA
-----END CERTIFICATE-----