Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eU0vMwNYWb2n7r848g5GvtaeBQU.roa
File:                     eU0vMwNYWb2n7r848g5GvtaeBQU.roa (raw, json)
Hash identifier:          s9i9CAi3jO9jhQtEHfldhwQrPU9Cjsaolqt8PSz64yE=
Subject key identifier:   79:4D:2F:33:03:58:59:BD:A7:EE:BF:38:F2:0E:46:BE:D6:9E:05:05
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018E56D6DB39A2B99150A9E3076BF74AFD01
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eU0vMwNYWb2n7r848g5GvtaeBQU.roa
Signing time:             Tue 19 Mar 2024 13:11:45 +0000
ROA not before:           Tue 19 Mar 2024 13:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        88.151.56.0/23 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:d6:db:39:a2:b9:91:50:a9:e3:07:6b:f7:4a:fd:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar 19 13:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=794d2f33035859bda7eebf38f20e46bed69e0505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:55:18:b2:55:cc:6c:bc:43:3e:dd:16:a5:40:
                    28:57:da:5b:d8:64:08:b0:76:65:8d:b7:32:f9:72:
                    6c:cd:ff:31:f2:b2:9d:7a:10:28:98:a6:28:59:8c:
                    e5:10:0a:54:f9:78:e3:c9:17:5c:b4:44:51:72:a3:
                    7d:01:22:75:ff:d9:c4:24:11:6c:b5:33:74:08:18:
                    06:32:c2:b8:d3:fe:02:96:b2:90:ce:78:6e:52:ab:
                    5e:d0:72:09:e8:d8:0d:0c:6d:a9:9b:57:a4:c7:d9:
                    ee:9c:03:24:4a:08:9c:21:14:ff:c0:59:c3:cb:a6:
                    a3:9b:ec:2c:1f:be:b2:cf:c0:1a:84:de:71:bb:88:
                    6d:3d:23:4e:3a:f0:ba:3e:5b:b4:ab:f4:7f:da:26:
                    83:0d:43:e8:a5:80:49:2d:2b:35:80:61:42:58:28:
                    41:45:05:2f:c6:7a:fa:e2:12:53:36:98:67:78:13:
                    90:00:8b:13:94:9e:30:43:03:30:46:fe:1a:1f:bf:
                    d2:b8:00:bc:c4:2c:5a:04:94:94:2f:5e:7d:a0:7b:
                    f6:74:aa:26:1d:27:20:f9:83:9c:8c:cd:ab:63:6a:
                    ff:0f:0d:33:9e:15:55:1d:7c:ac:c8:1c:59:c7:c0:
                    f5:6f:f3:f9:a5:3f:2a:c1:ad:13:f0:87:67:ec:9b:
                    27:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:4D:2F:33:03:58:59:BD:A7:EE:BF:38:F2:0E:46:BE:D6:9E:05:05
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eU0vMwNYWb2n7r848g5GvtaeBQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.56.0/23
                  88.209.211.0/24
                  88.209.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:4b:3d:a3:76:23:b1:e0:6b:af:5d:18:96:91:88:c5:2a:28:
         36:67:cc:e0:19:a9:4b:82:a8:ba:57:69:3f:cb:c6:d5:49:47:
         fc:6b:1d:eb:37:f8:87:91:bf:17:17:ef:c0:d1:c9:99:d2:1c:
         c0:35:36:de:0b:12:ea:92:8e:d0:55:73:3a:01:51:1f:69:3f:
         9e:8b:88:32:ee:5d:58:ed:cd:a4:87:97:93:76:0b:15:ea:15:
         41:62:19:b9:8c:07:71:33:a4:e5:a9:56:d2:1f:bb:73:b7:20:
         1a:c6:5c:94:60:bc:73:bc:ba:41:af:98:eb:55:ec:49:c1:07:
         8e:0a:64:a4:8a:31:6b:85:0b:a7:36:f9:2c:87:68:c3:d9:ca:
         9c:4c:50:e7:06:05:27:1b:77:0d:f9:6f:3c:11:37:53:53:35:
         1d:db:e2:04:62:4c:26:0b:d1:49:7a:98:4c:3b:13:c6:46:4b:
         07:ed:d6:64:20:27:f0:0b:dd:69:c6:d4:b1:e2:73:50:5a:5e:
         53:b8:e4:f9:35:da:7c:b4:6c:a3:3e:a9:c3:6c:3a:de:98:9d:
         f0:4b:5c:ea:10:34:9c:8d:34:be:93:cf:3a:6e:43:dd:4d:0e:
         e5:df:de:dd:08:d4:8c:4d:37:87:86:dc:13:aa:aa:d5:69:e3:
         13:d7:27:09
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5W1ts5ormRUKnjB2v3Sv0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMzE5MTMxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTRkMmYzMzAzNTg1OWJkYTdlZWJmMzhmMjBlNDZiZWQ2OWUwNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFUYslXMbLxDPt0WpUAoV9pb2GQI
sHZljbcy+XJszf8x8rKdehAomKYoWYzlEApU+XjjyRdctERRcqN9ASJ1/9nEJBFs
tTN0CBgGMsK40/4ClrKQznhuUqte0HIJ6NgNDG2pm1ekx9nunAMkSgicIRT/wFnD
y6ajm+wsH76yz8AahN5xu4htPSNOOvC6Plu0q/R/2iaDDUPopYBJLSs1gGFCWChB
RQUvxnr64hJTNphneBOQAIsTlJ4wQwMwRv4aH7/SuAC8xCxaBJSUL159oHv2dKom
HScg+YOcjM2rY2r/Dw0znhVVHXysyBxZx8D1b/P5pT8qwa0T8Idn7JsnowIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHlNLzMDWFm9p+6/OPIORr7WngUFMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZVUwdk13TllXYjJuN3I4NDhnNUd2dGFlQlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBWJc4AwQA
WNHTAwQCWNHoMA0GCSqGSIb3DQEBCwUAA4IBAQAcSz2jdiOx4GuvXRiWkYjFKig2
Z8zgGalLgqi6V2k/y8bVSUf8ax3rN/iHkb8XF+/A0cmZ0hzANTbeCxLqko7QVXM6
AVEfaT+ei4gy7l1Y7c2kh5eTdgsV6hVBYhm5jAdxM6TlqVbSH7tztyAaxlyUYLxz
vLpBr5jrVexJwQeOCmSkijFrhQunNvksh2jD2cqcTFDnBgUnG3cN+W88ETdTUzUd
2+IEYkwmC9FJephMOxPGRksH7dZkICfwC91pxtSx4nNQWl5TuOT5Ndp8tGyjPqnD
bDremJ3wS1zqEDScjTS+k886bkPdTQ7l397dCNSMTTeHhtwTqqrVaeMT1ycJ
-----END CERTIFICATE-----