Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/wSnw1DMsaCQ0d1eByR8MqM27TpE.roa
File:                     wSnw1DMsaCQ0d1eByR8MqM27TpE.roa (raw, json)
Hash identifier:          +IDU02yZxdB9iSa/v+qTnC753n6GPLSXTGomLR5zVmw=
Subject key identifier:   C1:29:F0:D4:33:2C:68:24:34:77:57:81:C9:1F:0C:A8:CD:BB:4E:91
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018D3B2BA33F4D73952BD9234F20AC367AB5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/wSnw1DMsaCQ0d1eByR8MqM27TpE.roa
Signing time:             Wed 24 Jan 2024 11:12:12 +0000
ROA not before:           Wed 24 Jan 2024 11:12:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        88.209.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:2b:a3:3f:4d:73:95:2b:d9:23:4f:20:ac:36:7a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan 24 11:12:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c129f0d4332c682434775781c91f0ca8cdbb4e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:db:a4:62:06:59:7d:3f:ba:a2:2f:b6:0c:75:
                    01:97:ce:14:03:96:75:4c:0d:36:49:8f:6a:ea:cd:
                    73:79:54:a8:5d:e0:01:8d:38:07:dd:0b:2b:15:29:
                    eb:6d:92:8b:ca:da:cb:62:95:83:a5:e7:27:75:55:
                    c5:25:cf:57:e0:79:94:1a:3c:dd:02:10:2f:00:02:
                    54:64:c1:fa:f1:ef:88:7c:ad:bd:5d:17:80:2c:c3:
                    cf:6b:fd:2a:5c:73:e0:7a:87:cb:25:22:2d:fc:58:
                    31:cb:e0:79:15:eb:f7:69:e8:79:7c:00:9a:70:9d:
                    23:65:61:8c:28:77:3a:74:79:4f:cf:b8:fa:45:9b:
                    c5:55:3f:65:01:af:0c:77:cb:a8:24:4f:b0:41:63:
                    14:e4:fa:57:25:f1:b2:de:99:f0:6e:09:4c:b5:4a:
                    49:cc:05:c1:de:8f:29:07:e8:5e:00:39:ad:0d:20:
                    34:bb:a3:5a:45:54:33:3e:9e:fa:bc:46:5f:10:52:
                    76:26:18:8a:9b:c1:db:ff:cc:d7:eb:10:41:de:33:
                    08:c8:00:3c:2a:98:c9:d5:a7:1f:0f:56:78:61:b5:
                    c8:09:fd:8e:6f:d8:2f:95:83:f3:07:c9:ef:31:47:
                    59:25:0e:f2:75:12:31:6c:c3:57:22:75:a8:f5:cd:
                    76:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:29:F0:D4:33:2C:68:24:34:77:57:81:C9:1F:0C:A8:CD:BB:4E:91
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/wSnw1DMsaCQ0d1eByR8MqM27TpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:02:b2:da:28:76:bf:af:2e:d9:e1:a7:f3:18:10:bc:a3:6d:
         a1:cb:11:6e:33:5f:63:0d:97:9b:a5:06:e0:67:e9:15:80:75:
         fb:27:94:b9:2f:dc:a7:06:a1:80:f2:95:5c:29:50:98:06:ea:
         10:10:25:7e:fc:1a:bf:d9:3f:bd:bf:1f:f0:1c:05:8b:6a:2a:
         fc:f2:fd:e1:f2:2f:23:95:9f:47:8c:a8:86:b1:e1:23:88:de:
         00:44:f8:c2:51:9e:ad:72:bf:62:ed:42:ca:8a:b9:2a:86:cd:
         29:10:e9:7d:53:1e:32:ef:7c:be:92:44:0f:2a:89:61:85:59:
         b4:af:af:31:19:57:fa:a2:70:ef:4b:77:41:24:26:52:92:0f:
         78:ce:80:ae:ea:29:b3:d8:d6:e2:a4:47:93:e1:69:de:72:5e:
         b1:d5:98:ff:e4:f0:ad:4b:b8:ee:40:2a:0e:6c:de:b7:6d:88:
         17:31:34:73:a4:24:52:ad:00:c2:f3:d5:72:c2:67:0f:34:61:
         9e:d4:36:18:1a:38:92:38:16:29:fa:e7:09:d0:9f:61:91:7d:
         c7:22:91:dc:5a:99:f7:68:f9:41:81:46:74:7d:00:c5:9e:99:
         7b:38:ea:f1:a0:bb:9f:59:94:12:f6:92:7b:8f:41:f7:39:f3:
         3d:b5:d0:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07K6M/TXOVK9kjTyCsNnq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTI0MTExMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTI5ZjBkNDMzMmM2ODI0MzQ3NzU3ODFjOTFmMGNhOGNkYmI0ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9ukYgZZfT+6oi+2DHUBl84UA5Z1
TA02SY9q6s1zeVSoXeABjTgH3QsrFSnrbZKLytrLYpWDpecndVXFJc9X4HmUGjzd
AhAvAAJUZMH68e+IfK29XReALMPPa/0qXHPgeofLJSIt/Fgxy+B5Fev3aeh5fACa
cJ0jZWGMKHc6dHlPz7j6RZvFVT9lAa8Md8uoJE+wQWMU5PpXJfGy3pnwbglMtUpJ
zAXB3o8pB+heADmtDSA0u6NaRVQzPp76vEZfEFJ2JhiKm8Hb/8zX6xBB3jMIyAA8
KpjJ1acfD1Z4YbXICf2Ob9gvlYPzB8nvMUdZJQ7ydRIxbMNXInWo9c12jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEp8NQzLGgkNHdXgckfDKjNu06RMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvd1NudzFETXNhQ1EwZDFlQnlSOE1xTTI3VHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNH8MA0G
CSqGSIb3DQEBCwUAA4IBAQCdArLaKHa/ry7Z4afzGBC8o22hyxFuM19jDZebpQbg
Z+kVgHX7J5S5L9ynBqGA8pVcKVCYBuoQECV+/Bq/2T+9vx/wHAWLair88v3h8i8j
lZ9HjKiGseEjiN4ARPjCUZ6tcr9i7ULKirkqhs0pEOl9Ux4y73y+kkQPKolhhVm0
r68xGVf6onDvS3dBJCZSkg94zoCu6imz2NbipEeT4Wnecl6x1Zj/5PCtS7juQCoO
bN63bYgXMTRzpCRSrQDC89VywmcPNGGe1DYYGjiSOBYp+ucJ0J9hkX3HIpHcWpn3
aPlBgUZ0fQDFnpl7OOrxoLufWZQS9pJ7j0H3OfM9tdB5
-----END CERTIFICATE-----