Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NQdUkIc5JM3qTXrb1E-haJySqwQ.roa
File:                     NQdUkIc5JM3qTXrb1E-haJySqwQ.roa (raw, json)
Hash identifier:          Coy20L0cpkpksUx8J7nGBXkDlyK5yeQJ/4TKHNB/s/Q=
Subject key identifier:   35:07:54:90:87:39:24:CD:EA:4D:7A:DB:D4:4F:A1:68:9C:92:AB:04
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018D3B2BA29F554F81EA15DD904B4DCF587F
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NQdUkIc5JM3qTXrb1E-haJySqwQ.roa
Signing time:             Wed 24 Jan 2024 11:12:11 +0000
ROA not before:           Wed 24 Jan 2024 11:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        88.209.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:2b:a2:9f:55:4f:81:ea:15:dd:90:4b:4d:cf:58:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan 24 11:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35075490873924cdea4d7adbd44fa1689c92ab04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:46:26:02:de:63:34:50:ef:67:f7:d7:02:86:
                    64:a8:2a:7b:be:14:37:f2:99:ef:a8:a2:0d:39:07:
                    db:8a:9f:b6:6f:b9:c1:56:c5:fc:22:c4:66:10:de:
                    90:75:09:87:97:d2:d1:1a:53:ff:da:44:00:ba:8c:
                    98:de:60:e6:0b:b3:a6:87:bd:b2:6b:64:9c:96:b8:
                    c9:c0:fb:98:68:65:39:35:aa:73:07:98:5a:ad:ce:
                    c9:ab:15:c1:2b:08:d7:76:61:68:16:48:b6:3e:24:
                    ac:34:b0:cf:6b:87:66:97:23:df:c4:34:18:43:72:
                    eb:16:ae:27:56:e7:4e:f4:f6:c5:01:e8:62:d8:26:
                    db:e5:5d:79:92:0e:ae:f0:36:10:58:5a:72:58:0a:
                    84:4f:65:dc:ac:05:69:08:00:a2:d2:68:bf:04:f5:
                    b9:c3:29:de:07:e6:9c:2e:e7:32:b5:7b:91:fe:81:
                    25:46:52:31:f5:c9:c7:c6:4e:7b:1e:d8:b7:f0:52:
                    35:d7:91:d3:ba:78:d9:1e:9a:34:78:4c:22:e7:ad:
                    aa:1d:05:d2:fd:77:f9:22:94:cc:d4:7a:a3:a1:97:
                    57:e8:6d:5b:18:82:c9:7e:be:6c:db:26:dd:38:1a:
                    5f:fa:69:69:f9:f5:2a:f9:cf:f3:cb:5f:63:65:4a:
                    71:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:07:54:90:87:39:24:CD:EA:4D:7A:DB:D4:4F:A1:68:9C:92:AB:04
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/NQdUkIc5JM3qTXrb1E-haJySqwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:b8:b8:38:0f:83:f5:cd:f6:8a:fe:c2:d4:bb:82:56:23:db:
         10:42:8c:0b:73:d1:fb:56:9d:bd:3a:41:dc:a8:62:a7:81:5e:
         54:2c:d9:37:8d:8f:ab:89:76:4c:31:bd:eb:a8:4d:1b:c2:84:
         0b:d7:f5:59:b2:f7:67:4c:b8:91:ba:2a:c8:71:2b:50:92:fd:
         78:b6:41:09:ad:2d:6b:03:7a:68:7a:09:ba:29:3f:51:8b:fc:
         af:0e:96:89:87:bb:9c:32:57:2f:05:6e:fe:b0:48:43:51:a6:
         11:af:1d:4d:e8:c0:2b:d6:0e:d6:2a:b5:44:6f:9c:27:24:ed:
         b0:23:2a:99:d9:2f:54:c9:12:59:36:b7:2e:d8:09:36:65:45:
         13:0b:be:1b:69:29:75:43:57:73:0c:5b:f5:3c:d0:0e:03:22:
         3e:13:8b:ef:55:9e:6f:32:1d:b0:2f:e8:a7:89:3a:30:0a:f8:
         33:45:51:06:0b:d9:d6:fb:18:e2:fb:45:f1:50:5a:78:d7:9f:
         ef:3d:08:ac:97:48:98:46:01:c6:c3:06:79:d3:d6:32:e8:8f:
         1b:a8:c5:42:a3:31:1c:21:29:56:1d:29:b2:c2:21:4c:16:11:
         13:5d:1b:c1:e6:2e:a1:cb:ba:32:29:a0:5f:3d:7d:65:06:b9:
         b8:b7:7b:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07K6KfVU+B6hXdkEtNz1h/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTI0MTExMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTA3NTQ5MDg3MzkyNGNkZWE0ZDdhZGJkNDRmYTE2ODljOTJhYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6UYmAt5jNFDvZ/fXAoZkqCp7vhQ3
8pnvqKINOQfbip+2b7nBVsX8IsRmEN6QdQmHl9LRGlP/2kQAuoyY3mDmC7Omh72y
a2SclrjJwPuYaGU5NapzB5harc7JqxXBKwjXdmFoFki2PiSsNLDPa4dmlyPfxDQY
Q3LrFq4nVudO9PbFAehi2Cbb5V15kg6u8DYQWFpyWAqET2XcrAVpCACi0mi/BPW5
wyneB+acLucytXuR/oElRlIx9cnHxk57Hti38FI115HTunjZHpo0eEwi562qHQXS
/Xf5IpTM1HqjoZdX6G1bGILJfr5s2ybdOBpf+mlp+fUq+c/zy19jZUpxDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUHVJCHOSTN6k1629RPoWickqsEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTlFkVWtJYzVKTTNxVFhyYjFFLWhhSnlTcXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNHwMA0G
CSqGSIb3DQEBCwUAA4IBAQBwuLg4D4P1zfaK/sLUu4JWI9sQQowLc9H7Vp29OkHc
qGKngV5ULNk3jY+riXZMMb3rqE0bwoQL1/VZsvdnTLiRuirIcStQkv14tkEJrS1r
A3poegm6KT9Ri/yvDpaJh7ucMlcvBW7+sEhDUaYRrx1N6MAr1g7WKrVEb5wnJO2w
IyqZ2S9UyRJZNrcu2Ak2ZUUTC74baSl1Q1dzDFv1PNAOAyI+E4vvVZ5vMh2wL+in
iTowCvgzRVEGC9nW+xji+0XxUFp415/vPQisl0iYRgHGwwZ509Yy6I8bqMVCozEc
ISlWHSmywiFMFhETXRvB5i6hy7oyKaBfPX1lBrm4t3un
-----END CERTIFICATE-----