Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/0b58a8-6553-4f07-b0b7-2ffaed04738a/1/CeTE7pnBxOA4Fu9TguLhnr2vEfs.roa
File:                     CeTE7pnBxOA4Fu9TguLhnr2vEfs.roa (raw, json)
Hash identifier:          W2dHfsQfBIB86LQcK+FMfKbnaEWbW1ehiFyV9FNIBbc=
Subject key identifier:   09:E4:C4:EE:99:C1:C4:E0:38:16:EF:53:82:E2:E1:9E:BD:AF:11:FB
Certificate issuer:       /CN=58833dec655e1a88733a17a2df3da0985ab660d5
Certificate serial:       018CC86F7A3C5775DA0B95359D8672957277
Authority key identifier: 58:83:3D:EC:65:5E:1A:88:73:3A:17:A2:DF:3D:A0:98:5A:B6:60:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIM97GVeGohzOhei3z2gmFq2YNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/0b58a8-6553-4f07-b0b7-2ffaed04738a/1/CeTE7pnBxOA4Fu9TguLhnr2vEfs.roa
Signing time:             Tue 02 Jan 2024 04:29:58 +0000
ROA not before:           Tue 02 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51355
IP address blocks:        185.88.252.0/23 maxlen: 23
                          185.88.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/0b58a8-6553-4f07-b0b7-2ffaed04738a/1/WIM97GVeGohzOhei3z2gmFq2YNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/0b58a8-6553-4f07-b0b7-2ffaed04738a/1/WIM97GVeGohzOhei3z2gmFq2YNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIM97GVeGohzOhei3z2gmFq2YNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:7a:3c:57:75:da:0b:95:35:9d:86:72:95:72:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58833dec655e1a88733a17a2df3da0985ab660d5
        Validity
            Not Before: Jan  2 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09e4c4ee99c1c4e03816ef5382e2e19ebdaf11fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0a:93:40:b7:c5:59:13:08:e7:d7:08:b2:43:
                    16:ef:78:72:5e:59:71:de:e4:aa:84:c3:5a:8e:2d:
                    8c:a7:46:e8:46:a3:dc:74:51:44:dd:90:bc:4e:18:
                    dd:6c:19:20:d0:7d:1e:ff:99:8e:ad:d8:a5:fd:68:
                    ef:45:38:18:bd:f1:18:e7:34:a0:a1:53:cb:71:98:
                    7a:23:4d:af:37:42:9c:5c:3c:9c:44:d5:d0:41:9f:
                    49:41:25:c3:2f:bd:2d:77:20:6d:4e:b5:af:df:23:
                    80:87:27:8e:26:26:c7:9c:35:96:57:49:d2:06:6d:
                    f8:cf:9e:94:b6:f1:b4:82:98:11:23:7b:06:e3:a4:
                    a1:9c:8f:80:40:a0:30:52:c7:ba:f7:73:8f:b2:b6:
                    c8:e6:35:66:f5:13:bc:7d:a6:14:00:13:10:3d:d1:
                    9a:72:4e:56:fc:10:a7:fc:99:0d:81:ee:d5:b1:9b:
                    3e:b0:50:73:24:62:3f:fc:28:7a:3b:7a:c1:05:3d:
                    bb:57:e1:a5:c2:63:a2:e5:87:eb:03:02:53:7a:c5:
                    a9:1a:31:60:4c:49:05:d0:a8:a5:28:83:0d:dd:dc:
                    15:4b:4b:ab:5b:a1:78:f3:bb:a6:4e:04:56:6d:18:
                    58:9a:15:de:86:a9:1a:6e:cb:c3:e0:d9:09:9f:10:
                    e7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:E4:C4:EE:99:C1:C4:E0:38:16:EF:53:82:E2:E1:9E:BD:AF:11:FB
            X509v3 Authority Key Identifier:
                keyid:58:83:3D:EC:65:5E:1A:88:73:3A:17:A2:DF:3D:A0:98:5A:B6:60:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIM97GVeGohzOhei3z2gmFq2YNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0b58a8-6553-4f07-b0b7-2ffaed04738a/1/CeTE7pnBxOA4Fu9TguLhnr2vEfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0b58a8-6553-4f07-b0b7-2ffaed04738a/1/WIM97GVeGohzOhei3z2gmFq2YNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:bb:90:6b:68:cb:15:a0:da:d3:34:49:e4:9b:c7:d8:fe:3a:
         21:94:85:3b:44:9f:ac:cf:9b:e9:82:52:37:0a:52:3e:14:76:
         46:01:f8:9d:62:6f:98:d7:58:f8:d8:a4:f7:9f:96:91:0a:ff:
         57:dd:ca:30:58:80:bc:fd:fa:39:73:35:bf:b6:9f:f4:d0:74:
         be:87:5e:a0:0d:c8:7f:ca:0f:18:86:6b:e6:75:b3:9d:8e:8c:
         fa:5b:d1:17:e2:29:49:c1:eb:b8:54:9d:df:d5:17:d0:bd:d5:
         2b:3f:a1:d3:d2:b5:eb:cf:00:8a:9b:c8:38:66:b8:2b:f4:64:
         1c:53:35:cd:97:40:12:15:31:2b:5a:59:b1:03:8e:af:16:e6:
         88:3e:41:e5:65:c3:00:02:8b:33:55:46:a3:c3:9a:62:20:a1:
         7b:f6:c9:cb:fe:03:9e:95:a0:b2:df:55:f4:93:37:23:b8:ac:
         5d:18:39:40:8a:a0:ad:4a:1f:11:90:42:71:c5:3a:a7:8f:21:
         6b:94:0b:e2:e8:55:c0:be:1f:1c:89:ec:94:dd:99:84:0f:3f:
         a7:34:77:4d:fa:66:b8:94:e9:75:64:80:60:ea:ba:3f:3f:26:
         91:df:06:58:6e:30:7f:db:31:74:e3:7a:13:af:dd:2c:82:8c:
         69:83:2d:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3o8V3XaC5U1nYZylXJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODMzZGVjNjU1ZTFhODg3MzNhMTdhMmRmM2RhMDk4NWFi
NjYwZDUwHhcNMjQwMTAyMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWU0YzRlZTk5YzFjNGUwMzgxNmVmNTM4MmUyZTE5ZWJkYWYxMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQqTQLfFWRMI59cIskMW73hyXllx
3uSqhMNaji2Mp0boRqPcdFFE3ZC8ThjdbBkg0H0e/5mOrdil/WjvRTgYvfEY5zSg
oVPLcZh6I02vN0KcXDycRNXQQZ9JQSXDL70tdyBtTrWv3yOAhyeOJibHnDWWV0nS
Bm34z56UtvG0gpgRI3sG46ShnI+AQKAwUse693OPsrbI5jVm9RO8faYUABMQPdGa
ck5W/BCn/JkNge7VsZs+sFBzJGI//Ch6O3rBBT27V+GlwmOi5YfrAwJTesWpGjFg
TEkF0KilKIMN3dwVS0urW6F487umTgRWbRhYmhXehqkabsvD4NkJnxDnqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnkxO6ZwcTgOBbvU4Li4Z69rxH7MB8GA1UdIwQY
MBaAFFiDPexlXhqIczoXot89oJhatmDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lNOTdHVmVHb2h6T2hlaTN6MmdtRnEyWU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8wYjU4YTgtNjU1My00ZjA3LWIwYjct
MmZmYWVkMDQ3MzhhLzEvQ2VURTdwbkJ4T0E0RnU5VGd1TGhucjJ2RWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8wYjU4YTgtNjU1My00ZjA3LWIwYjctMmZmYWVkMDQ3Mzhh
LzEvV0lNOTdHVmVHb2h6T2hlaTN6MmdtRnEyWU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVj8MA0G
CSqGSIb3DQEBCwUAA4IBAQBwu5BraMsVoNrTNEnkm8fY/johlIU7RJ+sz5vpglI3
ClI+FHZGAfidYm+Y11j42KT3n5aRCv9X3cowWIC8/fo5czW/tp/00HS+h16gDch/
yg8YhmvmdbOdjoz6W9EX4ilJweu4VJ3f1RfQvdUrP6HT0rXrzwCKm8g4Zrgr9GQc
UzXNl0ASFTErWlmxA46vFuaIPkHlZcMAAoszVUajw5piIKF79snL/gOelaCy31X0
kzcjuKxdGDlAiqCtSh8RkEJxxTqnjyFrlAvi6FXAvh8cieyU3ZmEDz+nNHdN+ma4
lOl1ZIBg6ro/PyaR3wZYbjB/2zF043oTr90sgoxpgy1C
-----END CERTIFICATE-----