Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/18wdImIjdKXa97zZMdZbf1WScgc.roa
File:                     18wdImIjdKXa97zZMdZbf1WScgc.roa (raw, json)
Hash identifier:          k1kZLZyXZ84VbViiGupycHumOeGbcuw0NgIg2Y2Ql9w=
Subject key identifier:   D7:CC:1D:22:62:23:74:A5:DA:F7:BC:D9:31:D6:5B:7F:55:92:72:07
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018D3B2BA279A8D5D7BCBB653C0CE6075939
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/18wdImIjdKXa97zZMdZbf1WScgc.roa
Signing time:             Wed 24 Jan 2024 11:12:11 +0000
ROA not before:           Wed 24 Jan 2024 11:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        88.209.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:2b:a2:79:a8:d5:d7:bc:bb:65:3c:0c:e6:07:59:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan 24 11:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7cc1d22622374a5daf7bcd931d65b7f55927207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:af:65:1a:1f:d6:a4:50:19:6e:a5:1e:79:bd:
                    48:0b:7c:18:0f:0d:f5:57:e0:3e:9e:32:c0:ce:c5:
                    92:55:1a:b0:68:be:ea:10:d2:8d:82:80:98:ec:af:
                    a8:df:c4:3a:5b:96:7f:93:d0:b2:71:21:f1:a1:51:
                    be:f7:3e:b7:76:7c:f7:6c:1c:9b:3d:c5:fa:6f:25:
                    8a:ba:d9:88:cb:7f:ac:ca:1d:62:9b:7b:8d:21:1d:
                    c8:47:ba:56:f0:18:5b:df:68:cf:d3:8f:3b:3e:9d:
                    d5:de:74:2a:f9:a9:9c:a2:96:fb:53:9f:af:be:00:
                    ad:af:90:f2:1c:49:21:12:4a:b2:0d:21:b7:6f:2d:
                    dd:0a:2a:62:88:b4:83:63:c6:41:03:ce:65:c5:19:
                    85:89:42:55:eb:3f:93:24:18:cf:52:59:54:eb:75:
                    0d:e4:a1:ca:22:2b:b3:76:5c:02:e9:9a:7b:84:e9:
                    5f:f4:f1:4a:5b:9d:c7:16:b3:61:43:1e:29:aa:08:
                    4d:f9:97:02:91:80:0b:21:2d:d8:41:0e:ed:82:ae:
                    ff:5d:a1:a8:7e:e0:6d:10:6f:42:b8:a1:58:a9:bb:
                    85:1a:27:cf:28:4e:9d:08:0f:a6:e8:a9:9a:c6:90:
                    21:6d:b1:1f:50:b5:50:19:b7:45:5e:76:b3:e8:76:
                    f7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CC:1D:22:62:23:74:A5:DA:F7:BC:D9:31:D6:5B:7F:55:92:72:07
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/18wdImIjdKXa97zZMdZbf1WScgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:b1:c4:b4:28:b6:1e:ab:a5:70:62:ad:47:33:c2:15:f2:61:
         28:4a:c1:05:33:85:26:e4:04:e2:4e:04:a4:fc:19:3c:29:52:
         f6:47:86:6c:ad:61:37:8d:2f:d6:f5:77:5a:f0:58:99:13:98:
         f0:2e:9b:cc:5a:2c:2b:23:4f:f1:74:aa:c4:60:61:d6:99:88:
         62:1d:59:47:47:66:8c:a9:a3:16:49:fd:c2:31:86:bf:af:47:
         8f:80:f3:d7:3f:10:2e:be:d0:75:b6:63:68:e9:ea:64:45:83:
         73:92:09:1c:c7:46:1e:a6:91:06:ca:c1:dc:c4:f9:49:8f:ef:
         66:b4:e5:df:68:32:a9:ea:0c:99:9d:c6:e5:31:10:b8:81:c7:
         ea:d8:ce:94:3a:c7:fb:8a:30:c5:fb:96:01:60:08:1d:ef:2f:
         24:e4:9f:b0:55:de:59:f8:96:d6:cd:da:35:c6:36:ea:cd:3c:
         fc:62:4c:c8:cb:4b:06:66:63:a8:49:7d:67:1e:ff:e0:09:54:
         2b:b6:04:4c:16:42:a6:60:18:15:16:a3:8d:ed:17:f7:7c:3a:
         8c:06:51:d9:56:7e:ff:00:0d:e5:1f:7a:39:51:08:78:28:26:
         bc:1c:d3:d0:76:b4:db:5a:e7:e6:ba:cd:33:dc:4b:c6:12:94:
         16:87:03:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07K6J5qNXXvLtlPAzmB1k5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTI0MTExMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2NjMWQyMjYyMjM3NGE1ZGFmN2JjZDkzMWQ2NWI3ZjU1OTI3MjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg69lGh/WpFAZbqUeeb1IC3wYDw31
V+A+njLAzsWSVRqwaL7qENKNgoCY7K+o38Q6W5Z/k9CycSHxoVG+9z63dnz3bByb
PcX6byWKutmIy3+syh1im3uNIR3IR7pW8Bhb32jP0487Pp3V3nQq+amcopb7U5+v
vgCtr5DyHEkhEkqyDSG3by3dCipiiLSDY8ZBA85lxRmFiUJV6z+TJBjPUllU63UN
5KHKIiuzdlwC6Zp7hOlf9PFKW53HFrNhQx4pqghN+ZcCkYALIS3YQQ7tgq7/XaGo
fuBtEG9CuKFYqbuFGifPKE6dCA+m6KmaxpAhbbEfULVQGbdFXnaz6Hb31wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfMHSJiI3Sl2ve82THWW39VknIHMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMTh3ZEltSWpkS1hhOTd6Wk1kWmJmMVdTY2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNHwMA0G
CSqGSIb3DQEBCwUAA4IBAQBKscS0KLYeq6VwYq1HM8IV8mEoSsEFM4Um5ATiTgSk
/Bk8KVL2R4ZsrWE3jS/W9Xda8FiZE5jwLpvMWiwrI0/xdKrEYGHWmYhiHVlHR2aM
qaMWSf3CMYa/r0ePgPPXPxAuvtB1tmNo6epkRYNzkgkcx0YeppEGysHcxPlJj+9m
tOXfaDKp6gyZncblMRC4gcfq2M6UOsf7ijDF+5YBYAgd7y8k5J+wVd5Z+JbWzdo1
xjbqzTz8YkzIy0sGZmOoSX1nHv/gCVQrtgRMFkKmYBgVFqON7Rf3fDqMBlHZVn7/
AA3lH3o5UQh4KCa8HNPQdrTbWufmus0z3EvGEpQWhwNt
-----END CERTIFICATE-----