Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/DcpnPsKBWSVu9ROVfOol_ZaPshA.roa
File:                     DcpnPsKBWSVu9ROVfOol_ZaPshA.roa (raw, json)
Hash identifier:          vWPQ0oymcNFvDFGYk1VazUgC5hJH6ZnUFyqKYbvN/7g=
Subject key identifier:   0D:CA:67:3E:C2:81:59:25:6E:F5:13:95:7C:EA:25:FD:96:8F:B2:10
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018E581A0952691FC27CD7D0A5C34104D105
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/DcpnPsKBWSVu9ROVfOol_ZaPshA.roa
Signing time:             Tue 19 Mar 2024 19:04:45 +0000
ROA not before:           Tue 19 Mar 2024 19:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        88.151.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:58:1a:09:52:69:1f:c2:7c:d7:d0:a5:c3:41:04:d1:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Mar 19 19:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dca673ec28159256ef513957cea25fd968fb210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8b:a8:60:e9:25:4c:7a:c4:96:2c:da:ab:e6:
                    9d:ab:ff:1a:64:23:da:21:98:29:50:09:55:86:98:
                    cf:58:b2:dd:9c:56:1b:77:f3:d7:27:12:a3:f7:96:
                    f6:c6:d4:a3:cb:e4:13:65:05:86:f2:32:ab:1e:49:
                    af:f0:e7:a8:78:07:9a:a2:42:20:de:c1:76:42:39:
                    36:cb:93:72:9f:b8:73:a7:10:17:fe:54:ca:50:b5:
                    1d:57:19:b7:cd:66:56:30:0d:b8:6b:04:77:5f:8e:
                    fb:90:dc:76:fe:ee:a3:d1:ea:21:1e:a5:62:84:a8:
                    00:57:52:5c:ec:4d:d4:8f:24:a2:4e:1b:72:4d:94:
                    f9:2e:1a:d9:ce:56:d7:72:ef:85:f4:09:1e:5a:a5:
                    6a:1f:66:f8:0f:2e:0a:64:d6:fc:60:fc:c0:b5:eb:
                    8b:13:48:26:25:f1:98:97:1a:9b:c7:a9:0d:31:b8:
                    d6:ca:d3:92:f9:16:87:35:47:89:55:6a:d4:40:3e:
                    30:be:57:e1:52:dc:ca:44:3f:83:24:0c:22:95:d6:
                    be:63:ed:76:0a:90:0a:a9:c1:64:d3:21:b4:cc:ea:
                    30:79:95:03:e9:10:b8:17:5c:af:41:05:c5:35:76:
                    62:bd:d3:c9:b7:c5:fb:a4:da:5d:a6:c6:91:21:24:
                    97:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:CA:67:3E:C2:81:59:25:6E:F5:13:95:7C:EA:25:FD:96:8F:B2:10
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/DcpnPsKBWSVu9ROVfOol_ZaPshA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:12:10:01:92:dd:7d:f9:b7:2c:69:a1:7f:30:aa:3b:8f:3b:
         87:eb:9e:7e:f1:5d:ed:7c:57:b0:32:22:c5:5a:30:6d:47:24:
         fa:09:2e:c6:e9:ee:3c:ad:8b:06:13:fb:ea:f6:a6:4b:db:a2:
         bb:ca:32:4e:07:43:68:18:ae:f9:18:22:fb:76:2b:2a:5d:f9:
         50:f6:b7:4d:a1:37:f7:19:8e:e1:89:dc:81:34:e4:1f:24:de:
         95:04:4b:ce:d1:9b:07:e9:b6:b5:de:87:7f:15:2f:b0:ed:68:
         aa:a8:61:8f:0b:86:88:e1:ff:21:1f:29:45:06:d9:c6:b3:6e:
         1d:36:70:87:d5:37:54:99:1f:2b:43:9a:3a:2f:ba:8f:73:ab:
         03:a3:b5:de:27:a5:e9:38:80:7e:85:84:d1:aa:6b:c1:77:d7:
         8f:8b:29:d7:70:1b:0b:4a:b9:7e:97:ed:98:ff:7f:47:08:40:
         f7:5f:c0:94:ed:ff:16:72:2a:68:33:75:27:db:f8:7c:59:d0:
         ba:cf:f3:5d:5f:52:79:05:e5:8d:1b:65:63:eb:4a:b7:e8:fb:
         10:ae:25:fc:fc:2b:4d:ef:10:e5:f4:ae:29:57:9d:a1:ae:9b:
         30:5a:5d:6c:49:05:ab:9f:d9:d9:fb:57:2c:2a:25:2a:4f:c9:
         1f:ac:8e:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5YGglSaR/CfNfQpcNBBNEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMzE5MTkwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGNhNjczZWMyODE1OTI1NmVmNTEzOTU3Y2VhMjVmZDk2OGZiMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYuoYOklTHrElizaq+adq/8aZCPa
IZgpUAlVhpjPWLLdnFYbd/PXJxKj95b2xtSjy+QTZQWG8jKrHkmv8OeoeAeaokIg
3sF2Qjk2y5Nyn7hzpxAX/lTKULUdVxm3zWZWMA24awR3X477kNx2/u6j0eohHqVi
hKgAV1Jc7E3UjySiThtyTZT5LhrZzlbXcu+F9AkeWqVqH2b4Dy4KZNb8YPzAteuL
E0gmJfGYlxqbx6kNMbjWytOS+RaHNUeJVWrUQD4wvlfhUtzKRD+DJAwilda+Y+12
CpAKqcFk0yG0zOoweZUD6RC4F1yvQQXFNXZivdPJt8X7pNpdpsaRISSXgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3KZz7CgVklbvUTlXzqJf2Wj7IQMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvRGNwblBzS0JXU1Z1OVJPVmZPb2xfWmFQc2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfAMA0G
CSqGSIb3DQEBCwUAA4IBAQAvEhABkt19+bcsaaF/MKo7jzuH655+8V3tfFewMiLF
WjBtRyT6CS7G6e48rYsGE/vq9qZL26K7yjJOB0NoGK75GCL7disqXflQ9rdNoTf3
GY7hidyBNOQfJN6VBEvO0ZsH6ba13od/FS+w7WiqqGGPC4aI4f8hHylFBtnGs24d
NnCH1TdUmR8rQ5o6L7qPc6sDo7XeJ6XpOIB+hYTRqmvBd9ePiynXcBsLSrl+l+2Y
/39HCED3X8CU7f8WcipoM3Un2/h8WdC6z/NdX1J5BeWNG2Vj60q36PsQriX8/CtN
7xDl9K4pV52hrpswWl1sSQWrn9nZ+1csKiUqT8kfrI6b
-----END CERTIFICATE-----