Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/oxTMcdCOP_gruq1r_alqC53kwcM.roa
File:                     oxTMcdCOP_gruq1r_alqC53kwcM.roa (raw, json)
Hash identifier:          xEx6UmyMYZTWHX0XuWfcQY23PPfwYCi+8Zgvz5UDMuc=
Subject key identifier:   A3:14:CC:71:D0:8E:3F:F8:2B:BA:AD:6B:FD:A9:6A:0B:9D:E4:C1:C3
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       018DF9E28516A0F0916D0483AD04F1D028B8
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/oxTMcdCOP_gruq1r_alqC53kwcM.roa
Signing time:             Fri 01 Mar 2024 11:59:48 +0000
ROA not before:           Fri 01 Mar 2024 11:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216030
IP address blocks:        88.218.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:e2:85:16:a0:f0:91:6d:04:83:ad:04:f1:d0:28:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Mar  1 11:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a314cc71d08e3ff82bbaad6bfda96a0b9de4c1c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cf:31:01:ce:cf:ac:57:6a:85:61:56:4d:6a:
                    53:ef:a6:b7:4e:3f:2b:cd:6b:62:9b:b6:cf:30:37:
                    0a:5e:08:1a:18:66:d5:00:45:e8:a3:b6:33:47:33:
                    18:f1:5d:bb:11:83:30:47:31:68:ff:54:cd:5a:7b:
                    94:69:da:5d:53:f2:f6:47:99:8a:c5:01:62:79:bc:
                    f5:41:0f:75:2a:ca:71:e9:32:09:34:69:66:5b:04:
                    04:af:0b:b5:bc:67:48:aa:2b:60:c3:73:f8:e4:cc:
                    8d:36:49:5c:f4:d2:cc:f6:61:0b:2d:f3:85:f8:b5:
                    f1:88:07:73:56:03:69:49:fa:27:f9:83:8b:e7:d4:
                    ff:d7:d5:47:94:51:c2:d6:95:2f:b9:31:54:22:94:
                    52:b1:ac:36:c3:e2:14:95:db:63:4c:55:af:d4:e1:
                    a3:23:19:6f:d3:f4:16:c7:6b:bf:69:29:df:e5:37:
                    fd:f4:a5:60:e1:9b:09:36:48:0f:a1:be:63:71:30:
                    f4:b3:38:24:6f:c0:47:21:98:44:ff:9f:f8:4f:ea:
                    4b:59:42:8e:d6:ff:8f:61:71:0b:98:b7:11:76:71:
                    9d:e8:37:b2:5d:97:fc:90:f5:f1:18:fb:d6:d6:5a:
                    cc:51:57:21:e3:c3:4a:41:40:b6:85:f5:1d:e8:7b:
                    91:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:14:CC:71:D0:8E:3F:F8:2B:BA:AD:6B:FD:A9:6A:0B:9D:E4:C1:C3
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/oxTMcdCOP_gruq1r_alqC53kwcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f2:ef:19:2c:ee:28:b3:b7:fa:73:e6:b0:0c:32:44:da:f4:
         a8:53:8a:80:62:fa:7d:54:ac:7c:6a:44:b1:52:49:e7:7b:0f:
         41:4a:9b:42:46:16:c8:96:9c:5c:ce:7a:43:8a:0e:d1:38:76:
         53:fe:0b:7a:8f:21:25:a0:57:fe:0e:37:d2:b6:76:06:55:64:
         ef:6a:a1:99:68:2a:cd:18:13:07:83:0d:7a:e7:c1:22:d9:76:
         21:de:da:ad:93:7b:b0:52:db:e9:73:cc:6d:55:44:df:9b:9b:
         58:5a:cd:c9:16:0c:a9:aa:90:0d:b7:d6:30:2a:a4:0b:a5:24:
         6c:24:49:a2:1b:f1:6b:ea:d5:eb:48:37:e2:bd:75:55:b2:5a:
         83:05:38:80:4d:70:8d:14:1c:0f:d1:25:92:79:08:eb:ef:dd:
         67:c0:c0:e5:01:be:a4:d4:a7:41:02:09:0e:5c:c2:eb:c3:6e:
         42:05:f7:c8:e3:61:06:b3:cb:e3:78:37:37:e1:84:42:d0:4d:
         69:6d:c3:d8:cb:44:9c:ca:9d:6c:5e:c0:e7:2d:95:82:e6:34:
         fa:85:dd:2c:2a:41:c1:f2:4d:3e:e0:77:54:c3:23:b7:f6:f9:
         96:56:3f:7b:e0:12:07:af:a1:16:45:81:26:00:5e:58:ec:9a:
         93:33:fb:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY354oUWoPCRbQSDrQTx0Ci4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjQwMzAxMTE1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE0Y2M3MWQwOGUzZmY4MmJiYWFkNmJmZGE5NmEwYjlkZTRjMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc8xAc7PrFdqhWFWTWpT76a3Tj8r
zWtim7bPMDcKXggaGGbVAEXoo7YzRzMY8V27EYMwRzFo/1TNWnuUadpdU/L2R5mK
xQFiebz1QQ91Kspx6TIJNGlmWwQErwu1vGdIqitgw3P45MyNNklc9NLM9mELLfOF
+LXxiAdzVgNpSfon+YOL59T/19VHlFHC1pUvuTFUIpRSsaw2w+IUldtjTFWv1OGj
Ixlv0/QWx2u/aSnf5Tf99KVg4ZsJNkgPob5jcTD0szgkb8BHIZhE/5/4T+pLWUKO
1v+PYXELmLcRdnGd6DeyXZf8kPXxGPvW1lrMUVch48NKQUC2hfUd6HuROQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMUzHHQjj/4K7qta/2pagud5MHDMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvb3hUTWNkQ09QX2dydXExcl9hbHFDNTNrd2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNrNMA0G
CSqGSIb3DQEBCwUAA4IBAQBp8u8ZLO4os7f6c+awDDJE2vSoU4qAYvp9VKx8akSx
Uknnew9BSptCRhbIlpxcznpDig7ROHZT/gt6jyEloFf+DjfStnYGVWTvaqGZaCrN
GBMHgw1658Ei2XYh3tqtk3uwUtvpc8xtVUTfm5tYWs3JFgypqpANt9YwKqQLpSRs
JEmiG/Fr6tXrSDfivXVVslqDBTiATXCNFBwP0SWSeQjr791nwMDlAb6k1KdBAgkO
XMLrw25CBffI42EGs8vjeDc34YRC0E1pbcPYy0Scyp1sXsDnLZWC5jT6hd0sKkHB
8k0+4HdUwyO39vmWVj974BIHr6EWRYEmAF5Y7JqTM/sx
-----END CERTIFICATE-----