Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/hRdFyAwb4_Q8ZVb_tEz5hM6YrAQ.roa
File:                     hRdFyAwb4_Q8ZVb_tEz5hM6YrAQ.roa (raw, json)
Hash identifier:          OOF3AJ9AmM2BsTS138Bqim74T3BtvzNIxeelRHnZ8Zo=
Subject key identifier:   85:17:45:C8:0C:1B:E3:F4:3C:65:56:FF:B4:4C:F9:84:CE:98:AC:04
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6BF125579FF8A58417F6B28793C57
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/hRdFyAwb4_Q8ZVb_tEz5hM6YrAQ.roa
Signing time:             Mon 01 Jan 2024 06:29:42 +0000
ROA not before:           Mon 01 Jan 2024 06:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        88.209.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:bf:12:55:79:ff:8a:58:41:7f:6b:28:79:3c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=851745c80c1be3f43c6556ffb44cf984ce98ac04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:59:83:65:fe:7f:c2:3b:04:c2:f7:ae:64:77:
                    21:ac:c9:d7:84:70:15:94:62:d4:4f:74:83:00:76:
                    c6:e3:40:67:8a:95:83:ec:c7:59:a5:90:05:8c:c5:
                    54:35:82:45:82:59:fe:74:f8:5f:2b:22:1d:0d:54:
                    36:c2:de:c1:99:ed:f8:8d:84:43:59:c9:65:b1:42:
                    2b:2a:f0:e6:ab:86:c7:01:42:29:e6:cc:c7:62:66:
                    a4:51:89:d8:81:98:50:aa:78:86:b6:86:ae:12:4c:
                    cb:db:90:6c:fd:cf:fb:f3:c1:77:f2:a8:d6:68:70:
                    68:31:7f:7b:70:fa:2f:49:d9:b7:ee:fa:10:2f:a2:
                    c0:f5:86:0b:f4:4e:48:b5:ad:93:d2:33:56:10:75:
                    61:68:23:7e:fc:42:64:fe:b9:f9:6c:12:72:ad:3c:
                    dd:40:75:8e:e9:ac:ae:f8:85:30:35:0c:6e:de:50:
                    de:d5:72:e5:ba:30:90:c9:00:0c:e6:65:1b:c9:fd:
                    32:0e:b6:c3:07:88:22:ee:35:12:8d:06:fe:d5:a5:
                    ad:3e:40:f7:c0:1f:13:27:0e:da:70:93:38:01:9d:
                    b6:fe:ca:73:4a:c6:db:d5:1d:26:7d:92:4f:bc:db:
                    43:4d:68:f8:56:2b:c8:50:d8:c5:cc:54:62:ec:5c:
                    ac:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:17:45:C8:0C:1B:E3:F4:3C:65:56:FF:B4:4C:F9:84:CE:98:AC:04
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/hRdFyAwb4_Q8ZVb_tEz5hM6YrAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:22:ed:04:e7:da:c8:83:93:42:8b:db:3d:a8:17:85:48:41:
         51:89:c6:76:70:63:53:ad:80:19:91:c6:27:d8:5f:09:58:28:
         3a:9c:1c:54:df:94:a1:bb:81:1b:f6:3b:02:9d:16:44:92:b7:
         ba:d8:67:4d:9b:45:b4:03:f0:7c:79:fe:23:24:80:f7:04:1a:
         d3:1c:5c:24:9b:a7:f5:bb:5c:83:b3:99:18:41:bc:b0:b8:36:
         a3:56:ee:96:ae:05:17:51:3c:6c:dc:52:1f:20:55:6f:c4:ab:
         75:16:af:2f:75:9e:7f:c7:75:4d:66:86:7f:ef:4e:63:c0:74:
         b2:48:51:cc:48:da:b5:a2:b5:56:5b:d2:f4:ef:a4:9e:06:5e:
         78:70:0c:a9:68:6c:7e:f4:81:10:8b:cd:22:85:01:e5:2e:ff:
         ab:9b:07:16:fd:92:f5:db:ea:d6:d3:15:89:54:d6:d7:0d:84:
         7c:04:c7:ec:69:79:47:0a:04:46:03:7f:4f:37:bf:15:2b:8f:
         c7:eb:f3:11:79:3d:f0:91:ec:79:fd:70:30:2e:b1:0a:61:80:
         70:03:69:59:82:20:5a:5a:97:49:b3:30:3b:32:52:38:af:52:
         30:af:7c:9b:35:79:31:c1:ba:9d:17:18:7f:c5:af:fb:56:09:
         e9:cb:fc:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtr8SVXn/ilhBf2soeTxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTE3NDVjODBjMWJlM2Y0M2M2NTU2ZmZiNDRjZjk4NGNlOThhYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVmDZf5/wjsEwveuZHchrMnXhHAV
lGLUT3SDAHbG40BnipWD7MdZpZAFjMVUNYJFgln+dPhfKyIdDVQ2wt7Bme34jYRD
WcllsUIrKvDmq4bHAUIp5szHYmakUYnYgZhQqniGtoauEkzL25Bs/c/788F38qjW
aHBoMX97cPovSdm37voQL6LA9YYL9E5Ita2T0jNWEHVhaCN+/EJk/rn5bBJyrTzd
QHWO6ayu+IUwNQxu3lDe1XLlujCQyQAM5mUbyf0yDrbDB4gi7jUSjQb+1aWtPkD3
wB8TJw7acJM4AZ22/spzSsbb1R0mfZJPvNtDTWj4VivIUNjFzFRi7FysAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUXRcgMG+P0PGVW/7RM+YTOmKwEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvaFJkRnlBd2I0X1E4WlZiX3RFejVoTTZZckFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHfMA0G
CSqGSIb3DQEBCwUAA4IBAQA5Iu0E59rIg5NCi9s9qBeFSEFRicZ2cGNTrYAZkcYn
2F8JWCg6nBxU35Shu4Eb9jsCnRZEkre62GdNm0W0A/B8ef4jJID3BBrTHFwkm6f1
u1yDs5kYQbywuDajVu6WrgUXUTxs3FIfIFVvxKt1Fq8vdZ5/x3VNZoZ/705jwHSy
SFHMSNq1orVWW9L076SeBl54cAypaGx+9IEQi80ihQHlLv+rmwcW/ZL12+rW0xWJ
VNbXDYR8BMfsaXlHCgRGA39PN78VK4/H6/MReT3wkex5/XAwLrEKYYBwA2lZgiBa
WpdJszA7MlI4r1Iwr3ybNXkxwbqdFxh/xa/7Vgnpy/xf
-----END CERTIFICATE-----