Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/HDHdBYh2AggwY4LsFRWqEG2nSHU.roa
File:                     HDHdBYh2AggwY4LsFRWqEG2nSHU.roa (raw, json)
Hash identifier:          dhSjzSEAgo/VRzwhI5/r7xrxZR7zNY0KlwHOR2uSwrM=
Subject key identifier:   1C:31:DD:05:88:76:02:08:30:63:82:EC:15:15:AA:10:6D:A7:48:75
Certificate issuer:       /CN=b68b42922d387c578fa57692487f2a19068589ba
Certificate serial:       018CC8DE9A546742945BB66F66988FCBCFB6
Authority key identifier: B6:8B:42:92:2D:38:7C:57:8F:A5:76:92:48:7F:2A:19:06:85:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/totCki04fFePpXaSSH8qGQaFibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/HDHdBYh2AggwY4LsFRWqEG2nSHU.roa
Signing time:             Tue 02 Jan 2024 06:31:20 +0000
ROA not before:           Tue 02 Jan 2024 06:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209582
IP address blocks:        188.190.108.0/22 maxlen: 22
                          2a0d:d1c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/totCki04fFePpXaSSH8qGQaFibo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/totCki04fFePpXaSSH8qGQaFibo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/totCki04fFePpXaSSH8qGQaFibo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:9a:54:67:42:94:5b:b6:6f:66:98:8f:cb:cf:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b68b42922d387c578fa57692487f2a19068589ba
        Validity
            Not Before: Jan  2 06:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c31dd0588760208306382ec1515aa106da74875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:87:e0:bb:c6:1d:6e:18:bf:e5:03:cf:89:ef:
                    1a:f5:f8:48:a2:de:88:76:14:ac:ee:bc:df:83:02:
                    f4:b9:13:dd:96:82:e9:e3:de:16:ff:59:96:79:c1:
                    83:fb:29:34:17:fe:ea:12:9a:94:6a:7f:57:c5:fc:
                    9d:66:a6:8d:c2:51:4c:3a:f0:48:bc:c5:54:80:99:
                    a0:00:18:a6:0e:e3:dc:9e:dd:1f:cd:88:9f:36:fa:
                    7f:81:cf:0b:05:85:17:66:11:90:9e:60:40:68:b7:
                    f0:47:b4:43:c5:95:59:17:83:df:83:7b:f6:bf:2b:
                    73:8a:91:a8:07:85:cb:51:b3:c2:b6:e6:87:5d:af:
                    41:2f:1c:76:cf:a4:f5:81:21:60:60:e6:06:80:19:
                    06:fb:00:17:0f:d5:ef:61:cf:f5:0f:53:38:56:be:
                    bc:a2:ef:8f:12:e6:27:df:6f:dd:98:55:2c:f1:6c:
                    f3:c3:00:79:44:06:50:4f:3d:05:44:19:e6:4e:1b:
                    07:03:df:be:c4:e5:d0:58:9c:fd:cf:c1:c5:52:df:
                    ea:f4:21:3c:a1:e5:2c:77:9d:21:55:cf:36:c7:0c:
                    85:cd:41:d8:ab:b9:10:84:8e:69:7a:ec:6d:da:5e:
                    c6:e3:f2:73:12:45:43:bf:f7:ed:e1:73:76:5b:b6:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:31:DD:05:88:76:02:08:30:63:82:EC:15:15:AA:10:6D:A7:48:75
            X509v3 Authority Key Identifier:
                keyid:B6:8B:42:92:2D:38:7C:57:8F:A5:76:92:48:7F:2A:19:06:85:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/totCki04fFePpXaSSH8qGQaFibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/HDHdBYh2AggwY4LsFRWqEG2nSHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/totCki04fFePpXaSSH8qGQaFibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.108.0/22
                IPv6:
                  2a0d:d1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:19:f9:22:dc:84:97:d3:05:50:9c:46:23:43:d8:e3:ed:e1:
         76:47:ff:1d:4f:06:93:36:d5:e5:02:a8:3f:61:fd:02:57:1e:
         c9:89:5d:f5:88:73:1a:0f:1b:98:88:36:f1:b7:a3:5f:75:66:
         0a:88:b7:d2:b4:0c:93:20:1c:7b:74:d2:21:92:79:2b:15:1a:
         02:70:61:1c:78:f2:09:3d:4b:13:86:f5:83:4a:38:dd:84:97:
         b4:9e:e5:d5:79:b8:e9:62:f8:20:2e:b7:d5:38:98:c9:c5:f3:
         c7:60:44:e7:39:0a:50:7f:5c:4d:f0:67:74:77:5b:f1:e1:e6:
         43:81:e2:2c:5f:f4:33:04:23:1a:9f:c9:97:d6:c0:fa:a2:d3:
         d4:ac:df:b8:0c:c3:aa:13:7d:14:39:59:72:3a:50:c7:ba:74:
         65:9b:6e:5e:7f:4a:bb:78:ee:b0:9a:15:6d:c4:49:71:89:9d:
         96:25:e3:d3:0b:ec:29:19:87:1f:71:e3:94:50:90:b6:42:98:
         1d:26:51:b9:27:a2:9c:82:a5:6b:f8:7c:48:5f:13:e3:d1:fe:
         aa:8f:75:e0:e8:98:36:e5:55:d2:f8:b6:55:83:3c:6d:5c:cc:
         85:d2:19:ed:49:af:f6:a1:5a:fd:55:ae:9c:c0:76:27:da:67:
         90:16:c6:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3ppUZ0KUW7ZvZpiPy8+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGI0MjkyMmQzODdjNTc4ZmE1NzY5MjQ4N2YyYTE5MDY4
NTg5YmEwHhcNMjQwMTAyMDYzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzMxZGQwNTg4NzYwMjA4MzA2MzgyZWMxNTE1YWExMDZkYTc0ODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Yfgu8Ydbhi/5QPPie8a9fhIot6I
dhSs7rzfgwL0uRPdloLp494W/1mWecGD+yk0F/7qEpqUan9XxfydZqaNwlFMOvBI
vMVUgJmgABimDuPcnt0fzYifNvp/gc8LBYUXZhGQnmBAaLfwR7RDxZVZF4Pfg3v2
vytzipGoB4XLUbPCtuaHXa9BLxx2z6T1gSFgYOYGgBkG+wAXD9XvYc/1D1M4Vr68
ou+PEuYn32/dmFUs8WzzwwB5RAZQTz0FRBnmThsHA9++xOXQWJz9z8HFUt/q9CE8
oeUsd50hVc82xwyFzUHYq7kQhI5peuxt2l7G4/JzEkVDv/ft4XN2W7b7kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBwx3QWIdgIIMGOC7BUVqhBtp0h1MB8GA1UdIwQY
MBaAFLaLQpItOHxXj6V2kkh/KhkGhYm6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG90Q2tpMDRmRmVQcFhhU1NIOHFHUWFGaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8zMzYxOTgtM2U3Yi00NjE1LWJjZWEt
NGE1NDViMTE2ODgwLzEvSERIZEJZaDJBZ2d3WTRMc0ZSV3FFRzJuU0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8zMzYxOTgtM2U3Yi00NjE1LWJjZWEtNGE1NDViMTE2ODgw
LzEvdG90Q2tpMDRmRmVQcFhhU1NIOHFHUWFGaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCvL5sMA0E
AgACMAcDBQAqDdHAMA0GCSqGSIb3DQEBCwUAA4IBAQBsGfki3ISX0wVQnEYjQ9jj
7eF2R/8dTwaTNtXlAqg/Yf0CVx7JiV31iHMaDxuYiDbxt6NfdWYKiLfStAyTIBx7
dNIhknkrFRoCcGEcePIJPUsThvWDSjjdhJe0nuXVebjpYvggLrfVOJjJxfPHYETn
OQpQf1xN8Gd0d1vx4eZDgeIsX/QzBCMan8mX1sD6otPUrN+4DMOqE30UOVlyOlDH
unRlm25ef0q7eO6wmhVtxElxiZ2WJePTC+wpGYcfceOUUJC2QpgdJlG5J6KcgqVr
+HxIXxPj0f6qj3Xg6Jg25VXS+LZVgzxtXMyF0hntSa/2oVr9Va6cwHYn2meQFsY8
-----END CERTIFICATE-----