Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/G6NSWYCvniGQNwfFgci0NfgxLgE.roa
File:                     G6NSWYCvniGQNwfFgci0NfgxLgE.roa (raw, json)
Hash identifier:          dbFO28SvWoFJIF8W5Qm2OIWehlVm9N61zjPD+CVfZcc=
Subject key identifier:   1B:A3:52:59:80:AF:9E:21:90:37:07:C5:81:C8:B4:35:F8:31:2E:01
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC95372A00CEAEDE65FEF02922F2A68C0
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/G6NSWYCvniGQNwfFgci0NfgxLgE.roa
Signing time:             Tue 02 Jan 2024 08:38:58 +0000
ROA not before:           Tue 02 Jan 2024 08:38:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        88.209.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:53:72:a0:0c:ea:ed:e6:5f:ef:02:92:2f:2a:68:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  2 08:38:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ba3525980af9e21903707c581c8b435f8312e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0d:ed:16:aa:3e:c5:66:19:7f:78:06:e3:83:
                    f3:a4:ca:31:61:27:2d:b0:0c:7b:c4:50:a0:33:16:
                    8c:cc:01:e0:76:42:dc:79:63:45:c7:eb:5d:0c:97:
                    f2:c5:6b:bb:bb:a0:af:0a:73:d6:14:19:ca:08:9b:
                    4e:95:55:1c:23:7d:f1:60:05:2a:5a:b8:37:75:c7:
                    cf:24:e9:ed:17:77:8c:48:75:71:64:78:e9:9b:99:
                    c8:12:eb:58:73:25:23:ef:b1:1a:a1:23:e9:a0:11:
                    8f:ae:f9:23:d0:22:2c:22:f3:08:0b:52:d3:28:93:
                    b5:8b:b4:40:f4:9d:86:1c:6a:f9:de:3a:f1:92:14:
                    42:bd:18:01:eb:04:00:d0:5c:9b:38:50:54:a7:6d:
                    21:58:10:51:52:68:8c:23:2f:0d:f1:1d:7f:68:0a:
                    d3:9b:52:73:4d:15:74:b2:20:75:72:84:04:af:73:
                    3e:2c:a2:6d:01:5f:06:94:5e:4b:98:a7:a7:fb:75:
                    c8:47:92:7b:0b:fd:c2:fd:4f:bb:7d:b1:e4:43:44:
                    79:9d:b8:35:ca:15:67:e2:94:4b:f4:62:d5:e2:2f:
                    82:cb:e1:bd:ed:64:75:f0:4f:c2:d6:da:db:33:d2:
                    4e:6a:be:53:8d:14:bd:11:eb:54:2b:da:a3:4f:39:
                    9c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:A3:52:59:80:AF:9E:21:90:37:07:C5:81:C8:B4:35:F8:31:2E:01
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/G6NSWYCvniGQNwfFgci0NfgxLgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:21:5b:10:1c:a0:a4:c7:05:0e:aa:95:3c:bd:34:32:48:a8:
         74:e1:9d:98:3b:d9:33:f7:6e:57:f6:30:a5:a9:aa:26:d4:c6:
         56:9a:14:14:41:7a:b8:cb:99:91:c3:8d:e0:af:8c:50:03:04:
         32:6d:46:b8:9f:c4:a0:73:48:39:af:a7:f1:14:56:79:79:7d:
         2a:06:4a:de:f6:2d:c4:ec:49:00:b8:7d:74:4f:38:04:2e:ee:
         29:f1:f3:79:1d:73:68:3e:a6:c1:53:0f:39:17:04:4a:77:df:
         a6:aa:1e:6e:59:a5:91:14:e4:3c:4c:07:47:9d:92:0e:36:d4:
         1d:bf:ae:9e:2c:ea:df:6f:cf:af:04:0e:82:8d:8d:6a:5a:ef:
         c0:e7:4a:f3:39:73:8a:9c:ae:b6:23:57:28:8c:9d:c5:74:36:
         42:00:f2:7b:4d:5f:99:43:95:ad:4f:eb:d7:5b:91:73:c7:ce:
         ec:10:7b:c0:bb:3c:ba:12:aa:14:03:18:cb:b2:8b:38:51:36:
         1a:25:db:7d:c6:73:a7:77:86:2f:94:e2:bb:8a:ec:44:a1:3f:
         42:36:3d:b9:16:f5:30:fa:15:f0:71:4d:6d:a9:eb:ab:77:29:
         55:28:cc:d2:3d:de:9a:e9:6a:95:46:82:48:97:b5:7e:57:e5:
         7d:b7:80:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJU3KgDOrt5l/vApIvKmjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAyMDgzODU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmEzNTI1OTgwYWY5ZTIxOTAzNzA3YzU4MWM4YjQzNWY4MzEyZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA3tFqo+xWYZf3gG44PzpMoxYSct
sAx7xFCgMxaMzAHgdkLceWNFx+tdDJfyxWu7u6CvCnPWFBnKCJtOlVUcI33xYAUq
Wrg3dcfPJOntF3eMSHVxZHjpm5nIEutYcyUj77EaoSPpoBGPrvkj0CIsIvMIC1LT
KJO1i7RA9J2GHGr53jrxkhRCvRgB6wQA0FybOFBUp20hWBBRUmiMIy8N8R1/aArT
m1JzTRV0siB1coQEr3M+LKJtAV8GlF5LmKen+3XIR5J7C/3C/U+7fbHkQ0R5nbg1
yhVn4pRL9GLV4i+Cy+G97WR18E/C1trbM9JOar5TjRS9EetUK9qjTzmc5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBujUlmAr54hkDcHxYHItDX4MS4BMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRzZOU1dZQ3ZuaUdRTndmRmdjaTBOZmd4TGdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHlMA0G
CSqGSIb3DQEBCwUAA4IBAQBUIVsQHKCkxwUOqpU8vTQySKh04Z2YO9kz925X9jCl
qaom1MZWmhQUQXq4y5mRw43gr4xQAwQybUa4n8Sgc0g5r6fxFFZ5eX0qBkre9i3E
7EkAuH10TzgELu4p8fN5HXNoPqbBUw85FwRKd9+mqh5uWaWRFOQ8TAdHnZIONtQd
v66eLOrfb8+vBA6CjY1qWu/A50rzOXOKnK62I1cojJ3FdDZCAPJ7TV+ZQ5WtT+vX
W5Fzx87sEHvAuzy6EqoUAxjLsos4UTYaJdt9xnOnd4YvlOK7iuxEoT9CNj25FvUw
+hXwcU1tqeurdylVKMzSPd6a6WqVRoJIl7V+V+V9t4D7
-----END CERTIFICATE-----