Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/28c90c-9a63-40b4-92cf-2d7b8570dd03/1/kdtWeW5ee_DDOTvrnKxvdqzU2fU.roa
File:                     kdtWeW5ee_DDOTvrnKxvdqzU2fU.roa (raw, json)
Hash identifier:          ZsUq0wvOb7B6ZRVgqhF26PngC49k33jv2Sz1rBKh1LM=
Subject key identifier:   91:DB:56:79:6E:5E:7B:F0:C3:39:3B:EB:9C:AC:6F:76:AC:D4:D9:F5
Certificate issuer:       /CN=cee4c15c8707dfbdfda83be3a693c35947f16d59
Certificate serial:       018CC5DCAFC0EF10EF113BBCFB848427F70E
Authority key identifier: CE:E4:C1:5C:87:07:DF:BD:FD:A8:3B:E3:A6:93:C3:59:47:F1:6D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zuTBXIcH3739qDvjppPDWUfxbVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/28c90c-9a63-40b4-92cf-2d7b8570dd03/1/kdtWeW5ee_DDOTvrnKxvdqzU2fU.roa
Signing time:             Mon 01 Jan 2024 16:30:23 +0000
ROA not before:           Mon 01 Jan 2024 16:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205774
IP address blocks:        185.159.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/28c90c-9a63-40b4-92cf-2d7b8570dd03/1/zuTBXIcH3739qDvjppPDWUfxbVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/28c90c-9a63-40b4-92cf-2d7b8570dd03/1/zuTBXIcH3739qDvjppPDWUfxbVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zuTBXIcH3739qDvjppPDWUfxbVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:af:c0:ef:10:ef:11:3b:bc:fb:84:84:27:f7:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cee4c15c8707dfbdfda83be3a693c35947f16d59
        Validity
            Not Before: Jan  1 16:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91db56796e5e7bf0c3393beb9cac6f76acd4d9f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3c:83:60:89:2c:ac:9e:df:3d:f3:f7:5a:ff:
                    af:7c:da:0d:e3:84:55:fb:08:80:fe:4e:f7:4e:c7:
                    bb:1d:d9:3a:94:96:ff:56:17:1c:4a:fa:97:f3:fa:
                    70:67:9b:6d:e3:03:d7:e2:18:e1:7a:2a:9b:9b:c4:
                    99:d4:b9:81:6a:cd:cf:a8:2f:ae:36:56:21:36:21:
                    ec:78:70:04:fd:71:61:13:51:ee:10:2b:c6:c8:a0:
                    51:38:bd:3a:45:50:ed:9c:45:da:4c:bc:ba:69:87:
                    e0:55:68:af:f3:c9:91:21:b1:bc:e0:a4:2e:9a:d6:
                    c7:12:f2:85:29:06:e7:dc:c9:19:de:b1:d9:8d:f5:
                    38:07:eb:91:0b:c8:69:46:8a:29:e3:f5:54:b9:28:
                    ae:52:9e:9a:9d:c2:3c:53:43:6e:8d:eb:e6:4a:4b:
                    ec:7e:ad:07:24:68:ae:b6:e0:40:da:17:34:2c:c1:
                    ac:04:3b:54:77:2e:9e:ef:f1:7e:b3:97:c0:69:25:
                    5f:8f:46:f7:23:60:20:2f:d2:86:f5:dc:bb:81:fa:
                    80:83:e1:38:ad:ee:ad:9c:55:7f:87:c9:da:b1:14:
                    21:64:da:7e:9f:e0:ce:cf:13:6f:35:24:16:b8:62:
                    70:74:53:c2:44:45:f4:cc:aa:c0:9b:19:53:10:b6:
                    30:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DB:56:79:6E:5E:7B:F0:C3:39:3B:EB:9C:AC:6F:76:AC:D4:D9:F5
            X509v3 Authority Key Identifier:
                keyid:CE:E4:C1:5C:87:07:DF:BD:FD:A8:3B:E3:A6:93:C3:59:47:F1:6D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zuTBXIcH3739qDvjppPDWUfxbVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/28c90c-9a63-40b4-92cf-2d7b8570dd03/1/kdtWeW5ee_DDOTvrnKxvdqzU2fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/28c90c-9a63-40b4-92cf-2d7b8570dd03/1/zuTBXIcH3739qDvjppPDWUfxbVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:24:53:7a:12:a6:46:f7:fd:32:0e:70:4c:2e:1f:25:bd:07:
         7a:44:b9:d6:9a:90:70:b4:f8:7f:43:d7:85:fa:4d:dc:fc:6a:
         d3:20:c9:c7:34:3e:ee:11:dc:0a:02:91:49:be:4b:bc:f4:20:
         13:c8:8a:c1:32:42:1b:77:ff:ea:7e:3f:74:d7:84:04:c5:7e:
         61:9c:7d:14:9a:78:df:89:5e:7a:a7:f3:c8:d4:10:e4:04:22:
         1b:bc:41:09:e7:c4:20:3a:2b:e6:1b:ce:b4:f2:04:b2:56:e4:
         b1:b9:1e:4c:85:d7:31:5b:d6:3f:45:49:44:a3:09:26:50:e7:
         5b:fd:e8:c3:65:ee:a0:f7:6c:49:cb:a8:e6:de:c2:28:cf:0a:
         4e:61:72:da:77:4c:33:a3:14:f0:c6:59:02:4d:00:38:54:36:
         43:80:b2:c3:af:25:52:07:c6:7e:1f:07:32:01:fa:96:20:a2:
         1b:54:05:4e:09:9f:71:08:d0:c7:17:e3:1b:67:47:cc:a8:e3:
         af:d7:f9:cf:54:de:9d:b7:27:92:df:8b:9e:b2:91:af:81:e1:
         7c:6e:2f:a1:f3:70:6a:d2:1d:eb:80:b6:5d:7a:4a:ea:13:3c:
         80:f6:e3:30:f0:f9:77:e2:0f:24:5e:5a:b8:af:cb:50:7d:08:
         08:ae:d0:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3K/A7xDvETu8+4SEJ/cOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZTRjMTVjODcwN2RmYmRmZGE4M2JlM2E2OTNjMzU5NDdm
MTZkNTkwHhcNMjQwMTAxMTYzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRiNTY3OTZlNWU3YmYwYzMzOTNiZWI5Y2FjNmY3NmFjZDRkOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujyDYIksrJ7fPfP3Wv+vfNoN44RV
+wiA/k73Tse7Hdk6lJb/VhccSvqX8/pwZ5tt4wPX4hjheiqbm8SZ1LmBas3PqC+u
NlYhNiHseHAE/XFhE1HuECvGyKBROL06RVDtnEXaTLy6aYfgVWiv88mRIbG84KQu
mtbHEvKFKQbn3MkZ3rHZjfU4B+uRC8hpRoop4/VUuSiuUp6ancI8U0NujevmSkvs
fq0HJGiutuBA2hc0LMGsBDtUdy6e7/F+s5fAaSVfj0b3I2AgL9KG9dy7gfqAg+E4
re6tnFV/h8nasRQhZNp+n+DOzxNvNSQWuGJwdFPCREX0zKrAmxlTELYw0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHbVnluXnvwwzk765ysb3as1Nn1MB8GA1UdIwQY
MBaAFM7kwVyHB9+9/ag746aTw1lH8W1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenVUQlhJY0gzNzM5cUR2anBwUERXVWZ4YlZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8yOGM5MGMtOWE2My00MGI0LTkyY2Yt
MmQ3Yjg1NzBkZDAzLzEva2R0V2VXNWVlX0RET1R2cm5LeHZkcXpVMmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8yOGM5MGMtOWE2My00MGI0LTkyY2YtMmQ3Yjg1NzBkZDAz
LzEvenVUQlhJY0gzNzM5cUR2anBwUERXVWZ4YlZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ9YMA0G
CSqGSIb3DQEBCwUAA4IBAQAjJFN6EqZG9/0yDnBMLh8lvQd6RLnWmpBwtPh/Q9eF
+k3c/GrTIMnHND7uEdwKApFJvku89CATyIrBMkIbd//qfj9014QExX5hnH0Umnjf
iV56p/PI1BDkBCIbvEEJ58QgOivmG8608gSyVuSxuR5MhdcxW9Y/RUlEowkmUOdb
/ejDZe6g92xJy6jm3sIozwpOYXLad0wzoxTwxlkCTQA4VDZDgLLDryVSB8Z+Hwcy
AfqWIKIbVAVOCZ9xCNDHF+MbZ0fMqOOv1/nPVN6dtyeS34uespGvgeF8bi+h83Bq
0h3rgLZdekrqEzyA9uMw8Pl34g8kXlq4r8tQfQgIrtDd
-----END CERTIFICATE-----