Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DYOadUqHfb_PNZxu1cy5_hpkSBg.roa
File:                     DYOadUqHfb_PNZxu1cy5_hpkSBg.roa (raw, json)
Hash identifier:          eEYETNPErMqebmlIAobMItUoKYgLHkCgaVCrZRnsjrA=
Subject key identifier:   0D:83:9A:75:4A:87:7D:BF:CF:35:9C:6E:D5:CC:B9:FE:1A:64:48:18
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019422FBA4E9A2EFD4F55006BFAE33311967
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DYOadUqHfb_PNZxu1cy5_hpkSBg.roa
Signing time:             Wed 01 Jan 2025 17:48:24 +0000
ROA not before:           Wed 01 Jan 2025 17:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        88.209.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:a4:e9:a2:ef:d4:f5:50:06:bf:ae:33:31:19:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 17:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d839a754a877dbfcf359c6ed5ccb9fe1a644818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:16:50:82:be:92:59:5e:a7:e1:98:af:d4:6a:
                    d6:8b:82:88:df:ed:ab:27:f0:4a:ab:c3:c4:88:8a:
                    f2:1b:f1:b3:42:64:eb:49:39:ab:b1:10:73:0e:0e:
                    1d:17:73:40:18:2c:8b:3d:ab:ed:76:a2:69:fd:00:
                    15:6f:1c:74:69:a1:04:97:d3:dd:35:cb:7f:91:75:
                    ff:c0:95:81:9e:d7:21:25:98:ae:64:6e:02:4f:b3:
                    aa:33:f8:10:e2:bd:b4:d2:d8:8d:f5:b6:6a:65:b3:
                    6f:bf:66:0e:90:2b:17:83:9f:e4:fa:39:58:c0:64:
                    c3:25:ff:91:4c:e3:fb:be:6a:a2:8c:33:d4:a6:1d:
                    58:e1:0f:f4:fb:19:c2:a8:9e:3c:69:44:91:db:1e:
                    2e:8b:38:24:8e:52:b1:6c:95:99:b2:e1:b0:80:14:
                    c1:76:db:2d:9e:1b:0e:37:21:d3:d4:26:c0:b9:98:
                    ef:d6:4b:1a:a6:d0:c5:97:50:f1:27:44:79:6e:43:
                    3a:c8:50:af:64:f4:ae:3c:48:35:21:0b:bf:78:83:
                    5a:37:8b:47:a7:16:aa:3e:85:47:44:05:8b:d0:35:
                    e7:e7:44:d8:36:68:ce:8a:69:ec:9a:d0:1f:d2:e2:
                    51:62:12:c3:5e:96:4d:c4:81:80:c1:85:fe:95:33:
                    cd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:83:9A:75:4A:87:7D:BF:CF:35:9C:6E:D5:CC:B9:FE:1A:64:48:18
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DYOadUqHfb_PNZxu1cy5_hpkSBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:ef:61:d4:65:07:f7:de:bf:22:eb:36:2d:0f:33:82:2a:72:
         5e:9c:47:73:c7:06:f0:54:25:bd:6c:2e:cf:0a:c8:04:c6:17:
         69:a4:1b:2a:1a:c9:92:c4:8f:3f:0c:f1:47:2e:ee:7b:cf:5b:
         e8:ab:e2:c8:14:4b:97:b7:6d:b0:95:25:6c:1e:ee:ea:80:30:
         a5:dc:31:5f:c2:d4:50:98:86:c3:ee:9b:5b:f2:1f:e4:78:97:
         59:c1:dd:4a:e6:53:e8:c5:2c:d8:55:4c:eb:98:75:eb:61:60:
         98:04:bf:a5:27:eb:27:08:84:d6:ab:1b:05:a6:ce:44:8c:01:
         73:42:ef:8d:24:b0:8a:0f:e0:3c:0f:54:ff:17:10:7f:ee:3a:
         68:0b:7a:53:be:be:8e:35:d6:97:a2:a9:dc:3e:45:85:97:08:
         f1:d1:4b:c7:cc:95:3c:8a:0d:09:47:0d:cc:34:18:fd:5e:19:
         da:b1:ad:66:d5:87:52:07:06:fc:fa:b0:59:da:25:9e:3e:86:
         c5:dc:4a:8e:84:11:b1:1f:f1:99:1e:1a:d6:db:40:1a:9f:b6:
         26:75:f7:b1:c5:18:a0:2d:0f:56:23:f4:bc:fd:3d:71:ba:68:
         18:a4:8b:c6:b2:0d:a3:5d:52:d4:5b:5c:92:18:08:56:1d:83:
         17:ef:73:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+6Tpou/U9VAGv64zMRlnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMTAxMTc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDgzOWE3NTRhODc3ZGJmY2YzNTljNmVkNWNjYjlmZTFhNjQ0ODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxZQgr6SWV6n4Ziv1GrWi4KI3+2r
J/BKq8PEiIryG/GzQmTrSTmrsRBzDg4dF3NAGCyLPavtdqJp/QAVbxx0aaEEl9Pd
Nct/kXX/wJWBntchJZiuZG4CT7OqM/gQ4r200tiN9bZqZbNvv2YOkCsXg5/k+jlY
wGTDJf+RTOP7vmqijDPUph1Y4Q/0+xnCqJ48aUSR2x4uizgkjlKxbJWZsuGwgBTB
dtstnhsONyHT1CbAuZjv1ksaptDFl1DxJ0R5bkM6yFCvZPSuPEg1IQu/eINaN4tH
pxaqPoVHRAWL0DXn50TYNmjOimnsmtAf0uJRYhLDXpZNxIGAwYX+lTPNLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2DmnVKh32/zzWcbtXMuf4aZEgYMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRFlPYWRVcUhmYl9QTlp4dTFjeTVfaHBrU0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHnMA0G
CSqGSIb3DQEBCwUAA4IBAQCa72HUZQf33r8i6zYtDzOCKnJenEdzxwbwVCW9bC7P
CsgExhdppBsqGsmSxI8/DPFHLu57z1voq+LIFEuXt22wlSVsHu7qgDCl3DFfwtRQ
mIbD7ptb8h/keJdZwd1K5lPoxSzYVUzrmHXrYWCYBL+lJ+snCITWqxsFps5EjAFz
Qu+NJLCKD+A8D1T/FxB/7jpoC3pTvr6ONdaXoqncPkWFlwjx0UvHzJU8ig0JRw3M
NBj9Xhnasa1m1YdSBwb8+rBZ2iWePobF3EqOhBGxH/GZHhrW20Aan7YmdfexxRig
LQ9WI/S8/T1xumgYpIvGsg2jXVLUW1ySGAhWHYMX73Og
-----END CERTIFICATE-----