Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/88wO49Y78qOfTgNWS-x1axS1x9w.roa
File:                     88wO49Y78qOfTgNWS-x1axS1x9w.roa (raw, json)
Hash identifier:          D18sUf/rpIJpE0O+sLXW2OGDO1EWyOpWUZnRfwZcPFI=
Subject key identifier:   F3:CC:0E:E3:D6:3B:F2:A3:9F:4E:03:56:4B:EC:75:6B:14:B5:C7:DC
Certificate issuer:       /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial:       018CC56E28AD999D8533364F6B2924645952
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/88wO49Y78qOfTgNWS-x1axS1x9w.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        185.252.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 10:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:28:ad:99:9d:85:33:36:4f:6b:29:24:64:59:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3cc0ee3d63bf2a39f4e03564bec756b14b5c7dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:21:b6:35:18:80:0d:ff:6d:7f:f3:2f:d9:83:
                    59:f4:82:84:4d:85:40:8e:1e:7a:0d:54:50:2f:64:
                    91:fd:7e:54:a8:85:db:65:de:b1:49:9b:92:7b:c8:
                    bd:21:7a:5e:e6:7a:92:32:a3:bc:d7:bf:40:ba:be:
                    c7:56:29:9c:9e:b4:6e:0d:5b:6a:d6:d5:2d:ef:d3:
                    13:e4:b3:10:d4:26:3e:93:33:01:69:27:d8:b3:c0:
                    f1:fc:86:30:d8:46:af:60:08:c9:a1:d0:b8:c4:cb:
                    0a:3c:b4:d0:3a:8a:4a:34:3b:93:d4:fd:c2:fb:75:
                    85:94:24:c2:29:c3:24:c3:21:9d:bc:4b:70:aa:75:
                    33:e0:9b:c1:68:74:fc:72:8d:47:6e:3c:4d:6e:ce:
                    cc:ad:d6:48:7b:7b:60:64:49:ce:58:ce:34:c7:ff:
                    f4:18:d5:03:75:61:90:e5:aa:3a:a3:88:b5:5e:28:
                    84:f3:56:88:c2:13:42:24:6f:0b:ec:01:83:15:f8:
                    4a:e5:52:10:b5:ca:b7:b5:06:ce:6d:65:da:79:4a:
                    7c:24:f1:40:e5:9d:bc:d8:67:23:56:c1:b6:84:2c:
                    91:fb:d2:ac:e7:f6:75:54:73:d6:9b:0a:f0:56:aa:
                    0e:44:ea:c6:57:e6:4b:77:c7:9c:8a:7b:a4:3a:f3:
                    e0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CC:0E:E3:D6:3B:F2:A3:9F:4E:03:56:4B:EC:75:6B:14:B5:C7:DC
            X509v3 Authority Key Identifier:
                keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/88wO49Y78qOfTgNWS-x1axS1x9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:a0:6f:ec:e6:73:e6:de:a8:cb:ee:1c:a3:ce:99:c3:6a:7e:
         f3:bd:3e:11:8a:4d:f0:72:50:1f:18:61:91:fb:63:25:89:42:
         77:9f:7b:0f:c7:46:03:c8:2e:6c:55:d8:fa:be:ba:e8:d9:20:
         b3:b0:fc:88:72:42:65:a8:b7:af:ca:59:25:18:83:bc:aa:d6:
         de:a8:2d:dd:2b:b7:b6:57:11:17:50:2b:8d:4d:cb:99:75:89:
         10:ee:8b:10:d6:04:00:1d:4c:c3:ab:40:f5:98:8a:7c:20:3a:
         12:6c:c7:83:1f:6b:6d:c0:49:d3:d3:a4:db:6d:bf:36:e0:b0:
         4f:3c:ab:72:87:19:20:de:2b:dc:e1:81:36:eb:e0:25:25:8f:
         f7:b2:4b:98:90:1d:7c:3a:d1:99:5c:c8:28:4c:3c:ed:bd:e6:
         f8:7f:88:00:1c:2e:41:05:2c:c3:c4:4a:2f:be:90:70:53:c9:
         35:a8:0e:46:6c:1d:da:c4:56:dd:eb:13:12:a2:f8:63:59:db:
         80:c8:95:23:86:be:c1:f7:c7:e4:f2:81:70:6b:f8:20:8a:70:
         80:c6:ea:42:63:b4:dc:06:f8:0d:0c:be:c4:85:56:72:da:89:
         ea:3e:8e:f3:5a:1f:97:36:72:37:98:7a:8f:07:f4:dd:72:19:
         6f:75:77:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiitmZ2FMzZPaykkZFlSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2NjMGVlM2Q2M2JmMmEzOWY0ZTAzNTY0YmVjNzU2YjE0YjVjN2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgiG2NRiADf9tf/Mv2YNZ9IKETYVA
jh56DVRQL2SR/X5UqIXbZd6xSZuSe8i9IXpe5nqSMqO8179Aur7HVimcnrRuDVtq
1tUt79MT5LMQ1CY+kzMBaSfYs8Dx/IYw2EavYAjJodC4xMsKPLTQOopKNDuT1P3C
+3WFlCTCKcMkwyGdvEtwqnUz4JvBaHT8co1HbjxNbs7MrdZIe3tgZEnOWM40x//0
GNUDdWGQ5ao6o4i1XiiE81aIwhNCJG8L7AGDFfhK5VIQtcq3tQbObWXaeUp8JPFA
5Z282GcjVsG2hCyR+9Ks5/Z1VHPWmwrwVqoOROrGV+ZLd8ecinukOvPgZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPMDuPWO/Kjn04DVkvsdWsUtcfcMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvODh3TzQ5WTc4cU9mVGdOV1MteDFheFMxeDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufzUMA0G
CSqGSIb3DQEBCwUAA4IBAQBhoG/s5nPm3qjL7hyjzpnDan7zvT4Rik3wclAfGGGR
+2MliUJ3n3sPx0YDyC5sVdj6vrro2SCzsPyIckJlqLevylklGIO8qtbeqC3dK7e2
VxEXUCuNTcuZdYkQ7osQ1gQAHUzDq0D1mIp8IDoSbMeDH2ttwEnT06Tbbb824LBP
PKtyhxkg3ivc4YE26+AlJY/3skuYkB18OtGZXMgoTDztveb4f4gAHC5BBSzDxEov
vpBwU8k1qA5GbB3axFbd6xMSovhjWduAyJUjhr7B98fk8oFwa/gginCAxupCY7Tc
BvgNDL7EhVZy2onqPo7zWh+XNnI3mHqPB/TdchlvdXfB
-----END CERTIFICATE-----