Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/TWCQBg2-t-jrjyzWp02-IpHykDE.roa
File:                     TWCQBg2-t-jrjyzWp02-IpHykDE.roa (raw, json)
Hash identifier:          OzxPmG/iv0ZxRaIlS2kwO8RCX9n3cTZki/wmozkxxLc=
Subject key identifier:   4D:60:90:06:0D:BE:B7:E8:EB:8F:2C:D6:A7:4D:BE:22:91:F2:90:31
Certificate issuer:       /CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
Certificate serial:       019422FC08AACE02885E7D248E5AAC5C52D5
Authority key identifier: DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/TWCQBg2-t-jrjyzWp02-IpHykDE.roa
Signing time:             Wed 01 Jan 2025 17:48:50 +0000
ROA not before:           Wed 01 Jan 2025 17:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199659
IP address blocks:        185.223.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:08:aa:ce:02:88:5e:7d:24:8e:5a:ac:5c:52:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
        Validity
            Not Before: Jan  1 17:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d6090060dbeb7e8eb8f2cd6a74dbe2291f29031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d5:c5:b6:5b:a0:b1:f3:2c:35:a0:b4:57:36:
                    ab:39:05:05:69:51:7d:13:68:aa:4c:5c:9d:f0:fb:
                    9e:18:f1:07:65:0e:f0:d5:bb:e7:10:37:69:24:4c:
                    e7:5f:93:89:31:ed:3c:79:6d:98:3b:7c:18:af:2e:
                    4a:05:75:e6:d9:50:37:16:fb:85:16:f1:1c:1d:bc:
                    1e:1a:7d:00:4e:ec:20:9f:2f:22:cd:57:5f:dd:f4:
                    f6:34:10:2f:b4:1c:11:92:28:64:a4:08:dc:9a:ac:
                    db:8c:83:c4:f8:af:ca:0f:1c:43:90:18:39:ca:24:
                    fe:68:08:3f:a7:cc:4e:58:d0:c9:9d:52:f6:be:7c:
                    d1:d1:d3:55:ce:1e:a1:0f:f4:78:0a:b0:ea:7a:f4:
                    cb:a4:89:9d:55:b3:89:0c:ef:dd:e0:0e:26:1a:92:
                    59:7d:22:2b:3a:2a:38:aa:08:3d:b7:85:78:ab:11:
                    14:f3:b3:b6:1d:70:32:40:36:8b:61:f6:d6:5d:be:
                    c5:c2:02:90:1c:30:41:61:bb:1b:9b:fd:79:13:bd:
                    6d:8c:be:6f:79:a1:67:8b:df:85:9f:86:d5:22:9e:
                    cd:02:de:d9:dd:51:38:d2:8b:5c:07:59:7b:e5:10:
                    20:ae:22:d4:49:5a:14:71:eb:c7:70:54:e3:7e:56:
                    1b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:60:90:06:0D:BE:B7:E8:EB:8F:2C:D6:A7:4D:BE:22:91:F2:90:31
            X509v3 Authority Key Identifier:
                keyid:DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/TWCQBg2-t-jrjyzWp02-IpHykDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:d1:78:0b:7d:b5:ed:d7:00:c2:04:fd:db:0d:75:78:1d:11:
         da:75:ba:3f:18:62:cf:5d:f8:3a:52:6f:86:6d:18:36:81:8c:
         10:b0:76:74:bf:4f:eb:5e:9b:f2:38:30:c1:5d:4b:73:99:8a:
         e5:24:58:00:44:d7:07:d0:b2:ac:6e:18:8a:50:b6:16:71:52:
         56:5b:ca:f8:0b:09:60:30:cd:e5:c5:fb:a2:4d:65:00:a4:43:
         7d:78:d0:f0:ec:4d:0c:98:18:45:58:df:08:5f:4c:6b:c6:b0:
         37:ba:7c:49:04:f2:18:77:bc:35:49:e1:3f:08:af:14:5a:bf:
         7f:ad:b4:8a:0c:2b:f3:f6:aa:41:8e:cf:16:5b:f3:bc:7c:00:
         ec:1f:4f:b8:b8:64:d9:a3:51:6a:59:5b:59:26:0f:1d:31:ff:
         9c:99:63:0b:1d:f4:f4:4c:be:f6:dc:a0:96:20:63:82:04:fb:
         2e:62:16:e7:4a:e7:9d:18:46:2a:c6:29:f9:b4:14:d1:99:11:
         af:97:b6:a3:bf:80:fd:38:ef:ac:f1:59:95:c8:76:b5:2b:97:
         3a:24:17:04:80:b9:85:1c:cc:e4:1a:aa:65:c4:7d:6c:5b:b8:
         51:46:31:b5:60:86:f9:55:fb:44:67:4e:ef:e6:61:5f:01:ca:
         53:12:1e:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/AiqzgKIXn0kjlqsXFLVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYWU0YjA0NzFhNjE4NzJjNDA0MTQyZTFmOTBmNTA3NGYw
ZDZmMTUwHhcNMjUwMTAxMTc0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDYwOTAwNjBkYmViN2U4ZWI4ZjJjZDZhNzRkYmUyMjkxZjI5MDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9XFtlugsfMsNaC0VzarOQUFaVF9
E2iqTFyd8PueGPEHZQ7w1bvnEDdpJEznX5OJMe08eW2YO3wYry5KBXXm2VA3FvuF
FvEcHbweGn0ATuwgny8izVdf3fT2NBAvtBwRkihkpAjcmqzbjIPE+K/KDxxDkBg5
yiT+aAg/p8xOWNDJnVL2vnzR0dNVzh6hD/R4CrDqevTLpImdVbOJDO/d4A4mGpJZ
fSIrOio4qgg9t4V4qxEU87O2HXAyQDaLYfbWXb7FwgKQHDBBYbsbm/15E71tjL5v
eaFni9+Fn4bVIp7NAt7Z3VE40otcB1l75RAgriLUSVoUcevHcFTjflYbxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1gkAYNvrfo648s1qdNviKR8pAxMB8GA1UdIwQY
MBaAFNyuSwRxphhyxAQULh+Q9QdPDW8VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0s1TEJIR21HSExFQkJRdUg1RDFCMDhOYnhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi82N2Y5YTctYTZlOC00MjZlLWJhYzQt
NGI2OGIxNWQzMDFhLzEvVFdDUUJnMi10LWpyanl6V3AwMi1JcEh5a0RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi82N2Y5YTctYTZlOC00MjZlLWJhYzQtNGI2OGIxNWQzMDFh
LzEvM0s1TEJIR21HSExFQkJRdUg1RDFCMDhOYnhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud9YMA0G
CSqGSIb3DQEBCwUAA4IBAQAp0XgLfbXt1wDCBP3bDXV4HRHadbo/GGLPXfg6Um+G
bRg2gYwQsHZ0v0/rXpvyODDBXUtzmYrlJFgARNcH0LKsbhiKULYWcVJWW8r4Cwlg
MM3lxfuiTWUApEN9eNDw7E0MmBhFWN8IX0xrxrA3unxJBPIYd7w1SeE/CK8UWr9/
rbSKDCvz9qpBjs8WW/O8fADsH0+4uGTZo1FqWVtZJg8dMf+cmWMLHfT0TL723KCW
IGOCBPsuYhbnSuedGEYqxin5tBTRmRGvl7ajv4D9OO+s8VmVyHa1K5c6JBcEgLmF
HMzkGqplxH1sW7hRRjG1YIb5VftEZ07v5mFfAcpTEh5Z
-----END CERTIFICATE-----