Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8EOXoah0yB1la4V4npqxZcxxO-E.roa
File:                     8EOXoah0yB1la4V4npqxZcxxO-E.roa (raw, json)
Hash identifier:          Ggd1O8SZhiJMcS/5L5RD+8LJQjT8sxS1mEooec2MuCY=
Subject key identifier:   F0:43:97:A1:A8:74:C8:1D:65:6B:85:78:9E:9A:B1:65:CC:71:3B:E1
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0192C2536156C9AAEEED5E5BE7426725D2B2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8EOXoah0yB1la4V4npqxZcxxO-E.roa
Signing time:             Fri 25 Oct 2024 06:18:17 +0000
ROA not before:           Fri 25 Oct 2024 06:18:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        88.209.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c2:53:61:56:c9:aa:ee:ed:5e:5b:e7:42:67:25:d2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 25 06:18:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f04397a1a874c81d656b85789e9ab165cc713be1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d3:2a:c2:3b:60:cb:5c:1d:23:10:77:35:65:
                    84:9c:2f:2b:08:8d:b4:03:a5:d8:46:0d:25:80:96:
                    97:e8:ef:71:0c:16:6e:d3:7f:28:ad:83:c8:d4:39:
                    86:19:f8:5e:df:b7:ed:44:e0:5e:75:21:23:c7:2e:
                    16:07:84:94:ec:a2:18:e7:71:f7:78:9b:78:5c:dc:
                    7e:94:0e:d6:6b:c6:fe:b0:1b:0e:1a:d6:e7:8e:eb:
                    d8:38:79:23:59:9a:fe:1d:bd:10:5a:72:36:32:ec:
                    af:d3:6e:f0:83:66:56:6f:5f:ea:5d:d6:ba:e3:0e:
                    fc:0f:3a:19:cd:73:80:43:fb:ae:dd:85:b7:8d:1d:
                    66:0a:6a:cd:5c:b4:05:f3:28:17:e5:a5:51:31:ae:
                    b8:9f:25:25:9e:79:36:94:96:3c:60:70:59:5b:a3:
                    02:e1:bb:7a:1b:1d:68:49:82:d4:02:63:16:08:3e:
                    15:4e:22:80:d4:e2:ca:56:64:4a:e9:e2:06:0f:8c:
                    67:e5:6c:61:34:9e:eb:10:e4:01:3d:38:e7:eb:f2:
                    1b:0b:5c:20:34:5c:bb:84:ad:9a:88:41:ca:95:12:
                    db:00:88:e8:2a:16:7c:c1:cc:97:8d:f4:2a:90:82:
                    e1:fe:d7:0a:c4:38:b1:82:15:08:e8:44:71:43:23:
                    ca:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:43:97:A1:A8:74:C8:1D:65:6B:85:78:9E:9A:B1:65:CC:71:3B:E1
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8EOXoah0yB1la4V4npqxZcxxO-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:0b:97:e3:0b:f8:79:76:09:25:4d:cd:8a:eb:4c:8f:9e:15:
         24:aa:12:6a:27:6d:e5:f5:2e:1e:fb:af:c0:c9:37:ee:d9:a8:
         43:77:15:29:78:af:f7:37:96:16:4b:4c:8d:22:4c:83:2e:18:
         59:62:cd:4e:37:80:c8:6c:b1:d5:53:d1:62:be:1b:c4:fd:ab:
         ce:79:5c:7f:de:f3:d5:e9:36:ad:b0:7e:72:d7:3c:c1:ca:b3:
         cd:42:82:a6:21:1f:1e:e1:a8:59:ca:49:f6:f0:0f:af:d1:64:
         55:34:7f:76:3f:3e:57:f7:c1:cf:25:b7:9d:b7:4f:5e:94:74:
         7a:88:e1:a6:30:dd:99:3d:7c:f6:60:64:16:0e:7f:f0:b4:95:
         a1:7a:c6:53:bf:d7:bc:41:25:e9:e9:95:19:e1:d8:69:04:d1:
         9e:87:c4:92:1d:61:9c:ef:f2:c4:0b:48:57:ee:a6:dc:ed:ff:
         eb:a1:28:8c:8a:e6:3a:9d:4c:88:7e:df:98:c8:c5:47:98:d7:
         21:b6:20:2d:82:ea:d1:f3:4c:a1:11:80:ff:61:c7:a7:42:79:
         c0:a8:70:cd:84:ca:6d:a9:af:82:73:04:60:9a:17:40:9c:d4:
         17:9b:9e:91:c8:79:d8:ac:91:07:a2:f1:d8:c8:85:31:6c:1c:
         6c:c7:5d:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLCU2FWyaru7V5b50JnJdKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQxMDI1MDYxODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQzOTdhMWE4NzRjODFkNjU2Yjg1Nzg5ZTlhYjE2NWNjNzEzYmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdMqwjtgy1wdIxB3NWWEnC8rCI20
A6XYRg0lgJaX6O9xDBZu038orYPI1DmGGfhe37ftROBedSEjxy4WB4SU7KIY53H3
eJt4XNx+lA7Wa8b+sBsOGtbnjuvYOHkjWZr+Hb0QWnI2Muyv027wg2ZWb1/qXda6
4w78DzoZzXOAQ/uu3YW3jR1mCmrNXLQF8ygX5aVRMa64nyUlnnk2lJY8YHBZW6MC
4bt6Gx1oSYLUAmMWCD4VTiKA1OLKVmRK6eIGD4xn5WxhNJ7rEOQBPTjn6/IbC1wg
NFy7hK2aiEHKlRLbAIjoKhZ8wcyXjfQqkILh/tcKxDixghUI6ERxQyPKzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBDl6GodMgdZWuFeJ6asWXMcTvhMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvOEVPWG9haDB5QjFsYTRWNG5wcXhaY3h4Ty1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHDMA0G
CSqGSIb3DQEBCwUAA4IBAQAZC5fjC/h5dgklTc2K60yPnhUkqhJqJ23l9S4e+6/A
yTfu2ahDdxUpeK/3N5YWS0yNIkyDLhhZYs1ON4DIbLHVU9FivhvE/avOeVx/3vPV
6TatsH5y1zzByrPNQoKmIR8e4ahZykn28A+v0WRVNH92Pz5X98HPJbedt09elHR6
iOGmMN2ZPXz2YGQWDn/wtJWhesZTv9e8QSXp6ZUZ4dhpBNGeh8SSHWGc7/LEC0hX
7qbc7f/roSiMiuY6nUyIft+YyMVHmNchtiAtgurR80yhEYD/YcenQnnAqHDNhMpt
qa+CcwRgmhdAnNQXm56RyHnYrJEHovHYyIUxbBxsx11J
-----END CERTIFICATE-----