Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/36708b-d66b-407f-9547-f02116226a88/1/G1ndeUk9qPKHWDD4dz4eBTj-ybQ.roa
File:                     G1ndeUk9qPKHWDD4dz4eBTj-ybQ.roa (raw, json)
Hash identifier:          ZLcwK+2y9c0o1JqTu+wN007mOJ2gOXWktha3K/D/Tzk=
Subject key identifier:   1B:59:DD:79:49:3D:A8:F2:87:58:30:F8:77:3E:1E:05:38:FE:C9:B4
Certificate issuer:       /CN=758621623ac6cab8f6bde5526e7a2931d626fe8c
Certificate serial:       018CC424723D845D1E90BABEF0142AF89049
Authority key identifier: 75:86:21:62:3A:C6:CA:B8:F6:BD:E5:52:6E:7A:29:31:D6:26:FE:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dYYhYjrGyrj2veVSbnopMdYm_ow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/36708b-d66b-407f-9547-f02116226a88/1/G1ndeUk9qPKHWDD4dz4eBTj-ybQ.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21385
IP address blocks:        194.88.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/36708b-d66b-407f-9547-f02116226a88/1/dYYhYjrGyrj2veVSbnopMdYm_ow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/36708b-d66b-407f-9547-f02116226a88/1/dYYhYjrGyrj2veVSbnopMdYm_ow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dYYhYjrGyrj2veVSbnopMdYm_ow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:72:3d:84:5d:1e:90:ba:be:f0:14:2a:f8:90:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=758621623ac6cab8f6bde5526e7a2931d626fe8c
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b59dd79493da8f2875830f8773e1e0538fec9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:20:61:a5:2c:5f:23:2f:39:ff:fc:25:56:8f:
                    ed:83:89:a7:6c:6f:16:de:92:33:73:ca:bf:72:89:
                    3d:a3:cd:84:9a:2f:44:61:39:45:e7:02:6b:7d:55:
                    45:33:26:14:58:0d:ff:88:e9:d3:93:5c:9d:53:7f:
                    a1:1b:d9:7f:16:77:0d:cf:49:b7:6d:35:21:9a:a3:
                    5a:49:b7:b8:d1:c7:b9:fb:39:21:a1:9e:21:7e:de:
                    89:19:21:b6:37:02:4a:4e:fb:d2:79:c3:d0:3a:07:
                    37:ed:d5:2a:af:bb:6f:c0:4d:1f:73:5a:06:58:31:
                    26:d5:a6:4e:b8:b6:b9:10:e5:f0:30:a3:39:d7:fd:
                    42:8c:13:4c:78:bc:59:30:7b:dc:fd:44:1d:d3:6f:
                    b1:00:fb:f0:94:60:7f:69:1e:65:f9:0d:85:45:79:
                    41:9f:c1:06:86:a8:77:7d:61:08:b4:41:71:f6:25:
                    b3:0c:6a:33:db:9b:cf:4e:b0:3e:f1:04:64:63:e7:
                    17:81:b2:22:48:fe:8a:ce:93:9a:94:d5:8b:d1:37:
                    73:02:3b:07:b5:c9:0b:67:d4:f1:ff:51:7c:ad:92:
                    62:c0:08:b7:d3:e2:90:21:e2:6d:3e:90:e9:53:35:
                    42:c7:1f:b6:4d:02:8a:f6:f2:bf:4e:30:32:10:79:
                    07:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:59:DD:79:49:3D:A8:F2:87:58:30:F8:77:3E:1E:05:38:FE:C9:B4
            X509v3 Authority Key Identifier:
                keyid:75:86:21:62:3A:C6:CA:B8:F6:BD:E5:52:6E:7A:29:31:D6:26:FE:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dYYhYjrGyrj2veVSbnopMdYm_ow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/36708b-d66b-407f-9547-f02116226a88/1/G1ndeUk9qPKHWDD4dz4eBTj-ybQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/36708b-d66b-407f-9547-f02116226a88/1/dYYhYjrGyrj2veVSbnopMdYm_ow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ba:b9:21:fb:c5:b3:82:f8:a6:60:19:a3:05:df:d3:b4:03:
         85:fc:87:11:4f:b5:14:a2:7d:5e:8e:db:36:79:c2:8b:1d:3d:
         f1:08:4f:89:b0:7d:8b:e7:3f:89:7b:d0:8b:72:8e:ee:db:91:
         6a:83:a6:e5:8b:15:82:6f:3c:76:41:e2:30:7d:91:34:f7:e5:
         1d:8d:95:66:81:5c:8f:96:6f:bc:a2:8b:34:46:d6:50:7d:f4:
         7e:c6:4f:f9:0d:0c:52:c0:32:cc:33:80:07:84:f9:be:d0:ab:
         70:95:35:12:db:f3:dd:1a:1a:94:3d:18:8d:b0:20:54:db:91:
         18:cb:db:51:24:e0:6a:fe:b8:f5:6a:76:e9:6d:4a:44:8b:22:
         6f:1d:10:e4:b1:35:90:73:c3:a1:30:08:61:fa:94:c4:40:e0:
         4b:47:ac:b3:49:57:d5:fc:f5:c0:91:15:12:74:b8:bf:e9:0e:
         59:28:1e:17:d3:83:0b:23:e3:7b:f0:98:a3:b9:88:2e:d8:25:
         b0:d5:1e:95:29:70:83:19:96:54:7e:65:e7:50:fb:7b:a5:b9:
         90:83:2a:22:5e:a8:4f:1d:ec:b3:b8:b9:48:50:a2:28:77:fb:
         8c:ac:3f:92:31:8e:86:c9:82:de:a2:03:ee:bf:50:95:e4:0f:
         14:f1:24:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHI9hF0ekLq+8BQq+JBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ODYyMTYyM2FjNmNhYjhmNmJkZTU1MjZlN2EyOTMxZDYy
NmZlOGMwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjU5ZGQ3OTQ5M2RhOGYyODc1ODMwZjg3NzNlMWUwNTM4ZmVjOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSBhpSxfIy85//wlVo/tg4mnbG8W
3pIzc8q/cok9o82Emi9EYTlF5wJrfVVFMyYUWA3/iOnTk1ydU3+hG9l/FncNz0m3
bTUhmqNaSbe40ce5+zkhoZ4hft6JGSG2NwJKTvvSecPQOgc37dUqr7tvwE0fc1oG
WDEm1aZOuLa5EOXwMKM51/1CjBNMeLxZMHvc/UQd02+xAPvwlGB/aR5l+Q2FRXlB
n8EGhqh3fWEItEFx9iWzDGoz25vPTrA+8QRkY+cXgbIiSP6KzpOalNWL0TdzAjsH
tckLZ9Tx/1F8rZJiwAi30+KQIeJtPpDpUzVCxx+2TQKK9vK/TjAyEHkHmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtZ3XlJPajyh1gw+Hc+HgU4/sm0MB8GA1UdIwQY
MBaAFHWGIWI6xsq49r3lUm56KTHWJv6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFlZaFlqckd5cmoydmVWU2Jub3BNZFltX293LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zNjcwOGItZDY2Yi00MDdmLTk1NDct
ZjAyMTE2MjI2YTg4LzEvRzFuZGVVazlxUEtIV0RENGR6NGVCVGoteWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zNjcwOGItZDY2Yi00MDdmLTk1NDctZjAyMTE2MjI2YTg4
LzEvZFlZaFlqckd5cmoydmVWU2Jub3BNZFltX293LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlgKMA0G
CSqGSIb3DQEBCwUAA4IBAQBburkh+8WzgvimYBmjBd/TtAOF/IcRT7UUon1ejts2
ecKLHT3xCE+JsH2L5z+Je9CLco7u25Fqg6blixWCbzx2QeIwfZE09+UdjZVmgVyP
lm+8oos0RtZQffR+xk/5DQxSwDLMM4AHhPm+0KtwlTUS2/PdGhqUPRiNsCBU25EY
y9tRJOBq/rj1anbpbUpEiyJvHRDksTWQc8OhMAhh+pTEQOBLR6yzSVfV/PXAkRUS
dLi/6Q5ZKB4X04MLI+N78JijuYgu2CWw1R6VKXCDGZZUfmXnUPt7pbmQgyoiXqhP
HeyzuLlIUKIod/uMrD+SMY6GyYLeogPuv1CV5A8U8STO
-----END CERTIFICATE-----