Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d9db98-4010-4328-8445-eecfe7fcf1c0/1/c-Ekm6vBy_Z13dWB58KqGbpfuh4.roa
File:                     c-Ekm6vBy_Z13dWB58KqGbpfuh4.roa (raw, json)
Hash identifier:          qhPMOe8K/v6d8nsh4WBKMNj5PMqTHhyGquLfRAHN1w4=
Subject key identifier:   73:E1:24:9B:AB:C1:CB:F6:75:DD:D5:81:E7:C2:AA:19:BA:5F:BA:1E
Certificate issuer:       /CN=f970877985b0c5cf69167c91e837424c47d9a425
Certificate serial:       018CC94E597BA7062665CD1243E69D54530A
Authority key identifier: F9:70:87:79:85:B0:C5:CF:69:16:7C:91:E8:37:42:4C:47:D9:A4:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-XCHeYWwxc9pFnyR6DdCTEfZpCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d9db98-4010-4328-8445-eecfe7fcf1c0/1/c-Ekm6vBy_Z13dWB58KqGbpfuh4.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35800
IP address blocks:        194.88.152.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d9db98-4010-4328-8445-eecfe7fcf1c0/1/1-XCHeYWwxc9pFnyR6DdCTEfZpCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d9db98-4010-4328-8445-eecfe7fcf1c0/1/1-XCHeYWwxc9pFnyR6DdCTEfZpCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-XCHeYWwxc9pFnyR6DdCTEfZpCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:59:7b:a7:06:26:65:cd:12:43:e6:9d:54:53:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f970877985b0c5cf69167c91e837424c47d9a425
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73e1249babc1cbf675ddd581e7c2aa19ba5fba1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:72:3a:d0:fa:d5:1f:e6:1b:12:c6:3c:10:90:
                    73:29:2e:7b:dd:00:f3:72:71:af:d1:21:30:4d:ba:
                    cc:2c:db:22:48:90:df:b1:d3:db:1d:09:77:50:4d:
                    a3:bc:fc:76:e5:ae:80:56:fb:92:41:04:02:07:00:
                    74:a3:5b:33:01:e7:e7:ab:70:79:c0:9e:e1:a5:b1:
                    29:44:7e:78:1c:ee:77:ec:1f:43:de:37:a0:30:09:
                    ee:dd:5e:a6:15:94:9b:fe:1c:2f:58:a5:2d:20:27:
                    df:fb:df:d9:42:37:60:ac:cb:83:19:71:cd:eb:1f:
                    3d:d6:a4:bc:bb:ec:a0:8c:3c:af:c8:72:69:92:a2:
                    1e:75:41:52:68:0d:1d:77:ea:1b:e6:c1:bf:c7:95:
                    04:80:a0:05:99:02:e1:96:48:9e:19:14:88:a9:f1:
                    85:d4:af:e0:ed:1d:c6:a1:ee:2b:bb:d2:b0:be:a5:
                    7d:36:4f:5b:11:58:8e:d8:43:cf:70:75:dd:df:6f:
                    ef:71:9f:61:51:60:f1:77:bd:39:ab:be:95:b5:88:
                    f8:39:e2:3f:42:3b:73:ea:a3:46:38:50:8c:65:af:
                    a7:91:9c:1d:d2:d9:63:80:e5:51:e7:47:2e:74:d1:
                    39:2c:ed:49:bf:16:b9:75:3f:d8:18:7b:db:8b:f7:
                    5b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:E1:24:9B:AB:C1:CB:F6:75:DD:D5:81:E7:C2:AA:19:BA:5F:BA:1E
            X509v3 Authority Key Identifier:
                keyid:F9:70:87:79:85:B0:C5:CF:69:16:7C:91:E8:37:42:4C:47:D9:A4:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XCHeYWwxc9pFnyR6DdCTEfZpCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d9db98-4010-4328-8445-eecfe7fcf1c0/1/c-Ekm6vBy_Z13dWB58KqGbpfuh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d9db98-4010-4328-8445-eecfe7fcf1c0/1/1-XCHeYWwxc9pFnyR6DdCTEfZpCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:c7:7a:ce:13:60:47:ad:1e:99:29:27:ac:3d:a9:1f:c0:f1:
         76:df:b5:05:7e:2c:96:02:a3:e1:61:c3:6e:d9:54:03:c3:81:
         9a:7e:f2:c6:79:4e:1f:11:d4:7d:61:05:a0:9a:9a:09:ce:d6:
         5e:6c:20:8f:e5:95:81:bf:f9:dd:a3:bc:7b:c8:15:49:bf:48:
         38:de:25:b8:82:43:d7:c2:0c:7f:5f:64:42:66:1d:66:4d:c3:
         1f:af:60:eb:40:97:1a:29:5f:0d:6d:71:22:ab:c7:85:81:99:
         3b:18:d6:5c:c6:6c:90:a8:7a:df:53:98:2d:3c:9c:73:f8:a0:
         d4:82:61:75:0b:c8:5a:a2:89:31:bd:b1:89:5b:87:ea:3b:b3:
         82:ea:70:53:2c:7e:91:2d:fd:41:70:54:1c:5c:fa:c7:48:f4:
         f5:e3:e9:4c:59:8e:47:82:bb:cd:e2:97:2d:77:eb:93:91:24:
         9f:ae:47:89:e3:cf:ac:65:3f:5a:b7:6f:16:4f:11:cf:7e:48:
         e0:80:9a:b1:fc:05:65:2c:9f:c1:94:06:f9:ee:44:2f:b5:f2:
         3a:0a:c4:b7:1e:21:ac:34:1d:79:66:f4:29:0b:b9:83:9c:9d:
         1f:4f:af:a1:ef:39:46:64:c4:bf:10:56:f0:6d:6d:17:42:1b:
         ca:73:1b:b5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTll7pwYmZc0SQ+adVFMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NzA4Nzc5ODViMGM1Y2Y2OTE2N2M5MWU4Mzc0MjRjNDdk
OWE0MjUwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2UxMjQ5YmFiYzFjYmY2NzVkZGQ1ODFlN2MyYWExOWJhNWZiYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXI60PrVH+YbEsY8EJBzKS573QDz
cnGv0SEwTbrMLNsiSJDfsdPbHQl3UE2jvPx25a6AVvuSQQQCBwB0o1szAefnq3B5
wJ7hpbEpRH54HO537B9D3jegMAnu3V6mFZSb/hwvWKUtICff+9/ZQjdgrMuDGXHN
6x891qS8u+ygjDyvyHJpkqIedUFSaA0dd+ob5sG/x5UEgKAFmQLhlkieGRSIqfGF
1K/g7R3Goe4ru9KwvqV9Nk9bEViO2EPPcHXd32/vcZ9hUWDxd705q76VtYj4OeI/
Qjtz6qNGOFCMZa+nkZwd0tljgOVR50cudNE5LO1Jvxa5dT/YGHvbi/db6QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHPhJJurwcv2dd3VgefCqhm6X7oeMB8GA1UdIwQY
MBaAFPlwh3mFsMXPaRZ8keg3QkxH2aQlMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YQ0hlWVd3eGM5cEZueVI2RGRDVEVmWnBDVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQvZDlkYjk4LTQwMTAtNDMyOC04NDQ1
LWVlY2ZlN2ZjZjFjMC8xL2MtRWttNnZCeV9aMTNkV0I1OEtxR2JwZnVoNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjQvZDlkYjk4LTQwMTAtNDMyOC04NDQ1LWVlY2ZlN2ZjZjFj
MC8xLzEtWENIZVlXd3hjOXBGbnlSNkRkQ1RFZlpwQ1UuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCWJgw
DQYJKoZIhvcNAQELBQADggEBAIjHes4TYEetHpkpJ6w9qR/A8XbftQV+LJYCo+Fh
w27ZVAPDgZp+8sZ5Th8R1H1hBaCamgnO1l5sII/llYG/+d2jvHvIFUm/SDjeJbiC
Q9fCDH9fZEJmHWZNwx+vYOtAlxopXw1tcSKrx4WBmTsY1lzGbJCoet9TmC08nHP4
oNSCYXULyFqiiTG9sYlbh+o7s4LqcFMsfpEt/UFwVBxc+sdI9PXj6UxZjkeCu83i
ly1365ORJJ+uR4njz6xlP1q3bxZPEc9+SOCAmrH8BWUsn8GUBvnuRC+18joKxLce
Iaw0HXlm9CkLuYOcnR9Pr6HvOUZkxL8QVvBtbRdCG8pzG7U=
-----END CERTIFICATE-----