Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/Qzw3QMKklDVTV524qlcJCbTkjXY.roa
File:                     Qzw3QMKklDVTV524qlcJCbTkjXY.roa (raw, json)
Hash identifier:          QKVSwwGLYqYZ4oA09EQdxh6e4vjhtWOIa6EXv/vGtBA=
Subject key identifier:   43:3C:37:40:C2:A4:94:35:53:57:9D:B8:AA:57:09:09:B4:E4:8D:76
Certificate issuer:       /CN=56c8a1713c7476e00ed2b77fd98fd89330365d87
Certificate serial:       018CC348FC287D809B8162FE117BAB45EF1E
Authority key identifier: 56:C8:A1:71:3C:74:76:E0:0E:D2:B7:7F:D9:8F:D8:93:30:36:5D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/Qzw3QMKklDVTV524qlcJCbTkjXY.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204641
IP address blocks:        88.80.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fc:28:7d:80:9b:81:62:fe:11:7b:ab:45:ef:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56c8a1713c7476e00ed2b77fd98fd89330365d87
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=433c3740c2a4943553579db8aa570909b4e48d76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:93:81:a5:69:6b:b7:14:d4:6a:03:2d:78:24:
                    66:2c:76:88:2f:f6:0d:0d:94:e4:9d:f7:bd:aa:90:
                    ed:12:de:b8:97:f4:8f:38:cc:6c:d7:df:c5:c8:ff:
                    fa:ce:b4:3b:15:86:6f:3c:00:76:d9:23:f8:1a:e3:
                    57:5f:18:d5:e8:82:d9:68:61:e4:08:e4:29:b5:7c:
                    5e:fc:c2:4f:3d:55:c7:08:75:fd:30:dd:0c:80:4a:
                    15:5d:cf:34:30:1b:66:8a:2a:a2:03:e3:ea:7a:96:
                    ba:85:52:80:a5:f4:23:8e:dc:e2:08:96:5e:5e:32:
                    46:7e:1f:df:ff:a3:97:c5:d9:61:1d:15:cf:3c:00:
                    46:da:8e:fb:e2:f9:c8:1a:6d:eb:45:77:4d:b9:32:
                    7a:15:8b:b4:4d:39:8e:b9:6d:83:9d:f8:cc:85:22:
                    63:a3:84:60:9a:78:ba:20:7d:42:c4:d1:59:5a:68:
                    69:e8:86:77:d2:41:42:b5:16:9f:2a:d7:89:25:ff:
                    01:ee:ee:db:06:5a:f3:cf:4d:9d:6b:f3:44:ec:db:
                    b5:97:70:2a:85:6d:76:76:84:37:b3:e7:a5:16:00:
                    e8:6e:da:a9:f5:66:9f:26:3e:1f:e8:80:c6:a8:89:
                    16:3e:93:63:95:24:58:53:e0:1a:f1:04:93:a2:80:
                    97:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:3C:37:40:C2:A4:94:35:53:57:9D:B8:AA:57:09:09:B4:E4:8D:76
            X509v3 Authority Key Identifier:
                keyid:56:C8:A1:71:3C:74:76:E0:0E:D2:B7:7F:D9:8F:D8:93:30:36:5D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/Qzw3QMKklDVTV524qlcJCbTkjXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:be:2c:16:99:93:5a:a0:bd:11:ad:e3:e9:c3:12:45:bf:8f:
         2c:13:63:2e:3e:a2:2a:5c:e5:a4:bb:73:be:a9:94:82:af:c8:
         70:b2:41:2c:a3:4f:51:72:17:05:5a:04:0b:f2:74:28:07:8d:
         01:c3:c9:e6:0f:30:02:d6:f8:60:fb:d3:2e:b8:29:ef:05:7a:
         50:2f:fe:4c:26:f7:c5:92:cf:0f:33:0b:e1:55:1e:4e:88:3b:
         43:ab:84:b3:d6:68:7e:c7:a7:9d:a2:ba:65:7c:59:74:55:b9:
         04:ca:27:44:f5:fc:1d:80:3c:49:a1:16:50:8b:e3:7e:61:22:
         d6:23:b5:2f:15:bb:70:0a:67:27:8c:1e:4c:81:95:a9:43:e1:
         a1:85:97:8e:64:59:f7:9a:08:43:5e:5a:a4:5c:bd:06:61:0a:
         05:31:3a:52:38:ca:0a:ec:9b:a1:9e:38:07:5e:b4:f0:b5:80:
         0a:bc:dd:4e:83:26:91:84:ac:ae:1a:53:7a:4b:4c:fe:33:c5:
         65:02:3d:72:60:30:f1:62:c7:04:a3:41:76:4d:27:34:a6:9f:
         38:e0:72:0a:e3:78:cf:f0:94:43:fb:db:61:09:bd:26:8f:ba:
         5c:6f:c9:fb:8a:2f:a6:87:46:37:11:32:75:fe:8d:59:30:52:
         57:48:51:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPwofYCbgWL+EXurRe8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YzhhMTcxM2M3NDc2ZTAwZWQyYjc3ZmQ5OGZkODkzMzAz
NjVkODcwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzNjMzc0MGMyYTQ5NDM1NTM1NzlkYjhhYTU3MDkwOWI0ZTQ4ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5OBpWlrtxTUagMteCRmLHaIL/YN
DZTknfe9qpDtEt64l/SPOMxs19/FyP/6zrQ7FYZvPAB22SP4GuNXXxjV6ILZaGHk
COQptXxe/MJPPVXHCHX9MN0MgEoVXc80MBtmiiqiA+Pqepa6hVKApfQjjtziCJZe
XjJGfh/f/6OXxdlhHRXPPABG2o774vnIGm3rRXdNuTJ6FYu0TTmOuW2DnfjMhSJj
o4Rgmni6IH1CxNFZWmhp6IZ30kFCtRafKteJJf8B7u7bBlrzz02da/NE7Nu1l3Aq
hW12doQ3s+elFgDobtqp9WafJj4f6IDGqIkWPpNjlSRYU+Aa8QSTooCXKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM8N0DCpJQ1U1eduKpXCQm05I12MB8GA1UdIwQY
MBaAFFbIoXE8dHbgDtK3f9mP2JMwNl2HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnNpaGNUeDBkdUFPMHJkXzJZX1lrekEyWFljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8yM2Q1MjUtODI5Ni00ZjljLTlkZTQt
OTFlMzJjNTE3MTUyLzEvUXp3M1FNS2tsRFZUVjUyNHFsY0pDYlRralhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8yM2Q1MjUtODI5Ni00ZjljLTlkZTQtOTFlMzJjNTE3MTUy
LzEvVnNpaGNUeDBkdUFPMHJkXzJZX1lrekEyWFljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCQMA0G
CSqGSIb3DQEBCwUAA4IBAQAKviwWmZNaoL0RrePpwxJFv48sE2MuPqIqXOWku3O+
qZSCr8hwskEso09RchcFWgQL8nQoB40Bw8nmDzAC1vhg+9MuuCnvBXpQL/5MJvfF
ks8PMwvhVR5OiDtDq4Sz1mh+x6edorplfFl0VbkEyidE9fwdgDxJoRZQi+N+YSLW
I7UvFbtwCmcnjB5MgZWpQ+GhhZeOZFn3mghDXlqkXL0GYQoFMTpSOMoK7JuhnjgH
XrTwtYAKvN1OgyaRhKyuGlN6S0z+M8VlAj1yYDDxYscEo0F2TSc0pp844HIK43jP
8JRD+9thCb0mj7pcb8n7ii+mh0Y3ETJ1/o1ZMFJXSFGr
-----END CERTIFICATE-----