Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/VdYLbstMzE9hiBKWz4nx_oDRAsU.roa
File:                     VdYLbstMzE9hiBKWz4nx_oDRAsU.roa (raw, json)
Hash identifier:          i1ClkBCcGb1AU43EQC3FZdPkPh3N8gVV637B5KYNWLM=
Subject key identifier:   55:D6:0B:6E:CB:4C:CC:4F:61:88:12:96:CF:89:F1:FE:80:D1:02:C5
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0192908BC5C357F8861289640CDA58D304DC
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/VdYLbstMzE9hiBKWz4nx_oDRAsU.roa
Signing time:             Tue 15 Oct 2024 14:18:52 +0000
ROA not before:           Tue 15 Oct 2024 14:18:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        88.209.194.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          92.52.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:90:8b:c5:c3:57:f8:86:12:89:64:0c:da:58:d3:04:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 15 14:18:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55d60b6ecb4ccc4f61881296cf89f1fe80d102c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f0:23:c2:c0:31:0e:8c:b3:1d:08:20:db:fe:
                    c3:95:34:1c:20:cd:98:db:e3:c9:08:ac:5e:f2:1f:
                    a9:2d:51:f0:44:ec:3d:0d:02:a6:81:8e:b2:11:dc:
                    19:5c:2c:be:14:f6:d0:9b:bf:fb:8e:17:75:79:e4:
                    02:c6:75:c5:9f:65:58:59:8b:35:c1:ab:68:dd:94:
                    da:89:5c:cc:f3:e2:06:f8:50:ee:8b:95:cf:a6:fc:
                    d9:72:87:49:cc:80:18:e7:22:6a:71:c4:4f:81:88:
                    a5:88:df:bc:26:10:66:e4:fa:92:8e:3e:9d:a1:ac:
                    09:f3:1a:a7:a3:91:e0:3a:f9:a4:d3:04:7c:9a:d8:
                    1c:3c:74:e1:6f:27:c2:86:60:78:2b:c1:46:53:2a:
                    4e:cb:9c:59:1b:77:a6:c8:8f:c2:34:01:62:6e:8f:
                    39:8b:f2:30:d8:3d:84:ec:16:59:af:6d:d8:01:f5:
                    1c:16:5b:9c:30:0b:52:f9:da:77:d0:f2:72:c6:da:
                    29:81:f0:be:f4:5a:c8:75:6f:4b:2f:73:11:69:88:
                    a7:bd:9a:b1:d8:dc:9e:0c:3d:e8:ff:58:bf:c9:ba:
                    50:90:b8:9e:21:ac:e3:4c:30:5f:08:b3:a7:88:44:
                    b5:05:01:77:48:47:c7:d4:08:aa:0b:a8:a7:ed:2a:
                    a9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:D6:0B:6E:CB:4C:CC:4F:61:88:12:96:CF:89:F1:FE:80:D1:02:C5
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/VdYLbstMzE9hiBKWz4nx_oDRAsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.194.0/24
                  88.209.211.0/24
                  92.52.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:f0:a0:32:6e:cf:7a:ae:23:6e:0b:35:03:a1:54:f6:d4:c6:
         e5:96:67:ad:11:a9:3d:88:ab:5d:aa:16:04:cb:41:f7:15:c9:
         2f:1f:da:1d:4b:cb:e6:8f:79:97:48:59:0b:fa:db:f1:08:7d:
         8e:82:9c:64:93:90:91:a7:e9:9e:e8:dd:70:81:79:2a:a1:b0:
         45:aa:5b:82:3b:3c:e7:a1:a8:5d:14:60:69:e3:56:45:4b:cd:
         39:8c:e6:38:98:cc:14:16:c7:fb:84:66:af:9e:4f:32:f6:22:
         bb:f5:3d:c3:ae:ec:89:46:d9:16:b9:c2:f3:59:1c:ae:98:2c:
         4b:28:2e:ea:94:34:bb:17:53:58:4c:ca:c1:9b:05:52:0f:3a:
         fc:ae:07:7c:09:be:13:3a:cb:e1:c1:04:8c:07:dd:df:e4:e8:
         1a:b8:e4:08:2c:7f:af:ca:00:bf:a4:f5:61:e1:e4:61:16:fb:
         fc:44:23:75:13:c7:99:19:e6:c2:f4:d3:59:73:c2:f7:3d:b9:
         19:bc:06:cd:04:c0:78:8f:04:71:01:60:c5:e7:62:1c:68:0c:
         3d:c8:3f:ee:2e:40:70:48:73:ac:42:b0:54:96:3d:67:8d:9f:
         d3:66:0c:46:c9:c6:7c:a4:7b:21:24:79:b0:00:09:c8:d5:6a:
         3c:ec:7f:85
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZKQi8XDV/iGEolkDNpY0wTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQxMDE1MTQxODUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWQ2MGI2ZWNiNGNjYzRmNjE4ODEyOTZjZjg5ZjFmZTgwZDEwMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofAjwsAxDoyzHQgg2/7DlTQcIM2Y
2+PJCKxe8h+pLVHwROw9DQKmgY6yEdwZXCy+FPbQm7/7jhd1eeQCxnXFn2VYWYs1
wato3ZTaiVzM8+IG+FDui5XPpvzZcodJzIAY5yJqccRPgYiliN+8JhBm5PqSjj6d
oawJ8xqno5HgOvmk0wR8mtgcPHThbyfChmB4K8FGUypOy5xZG3emyI/CNAFibo85
i/Iw2D2E7BZZr23YAfUcFlucMAtS+dp30PJyxtopgfC+9FrIdW9LL3MRaYinvZqx
2NyeDD3o/1i/ybpQkLieIazjTDBfCLOniES1BQF3SEfH1AiqC6in7SqpqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFXWC27LTMxPYYgSls+J8f6A0QLFMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVmRZTGJzdE16RTloaUJLV3o0bnhfb0RSQXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWNHCAwQA
WNHTAwQAXDTbMA0GCSqGSIb3DQEBCwUAA4IBAQCR8KAybs96riNuCzUDoVT21Mbl
lmetEak9iKtdqhYEy0H3FckvH9odS8vmj3mXSFkL+tvxCH2Ogpxkk5CRp+me6N1w
gXkqobBFqluCOzznoahdFGBp41ZFS805jOY4mMwUFsf7hGavnk8y9iK79T3DruyJ
RtkWucLzWRyumCxLKC7qlDS7F1NYTMrBmwVSDzr8rgd8Cb4TOsvhwQSMB93f5Oga
uOQILH+vygC/pPVh4eRhFvv8RCN1E8eZGebC9NNZc8L3PbkZvAbNBMB4jwRxAWDF
52IcaAw9yD/uLkBwSHOsQrBUlj1njZ/TZgxGycZ8pHshJHmwAAnI1Wo87H+F
-----END CERTIFICATE-----