Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/S2LMSOCykGbPnC0b2amPMBOu4Ag.roa
File:                     S2LMSOCykGbPnC0b2amPMBOu4Ag.roa (raw, json)
Hash identifier:          8Ctm6mQg1We9yL39ag5c3GPAVh+1wjC/68F+w6L02GE=
Subject key identifier:   4B:62:CC:48:E0:B2:90:66:CF:9C:2D:1B:D9:A9:8F:30:13:AE:E0:08
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018E4DE6090632ECA55F11928A1933390178
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/S2LMSOCykGbPnC0b2amPMBOu4Ag.roa
Signing time:             Sun 17 Mar 2024 19:31:44 +0000
ROA not before:           Sun 17 Mar 2024 19:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216030
IP address blocks:        176.97.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4d:e6:09:06:32:ec:a5:5f:11:92:8a:19:33:39:01:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Mar 17 19:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b62cc48e0b29066cf9c2d1bd9a98f3013aee008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d4:19:84:57:37:a9:ca:17:49:e6:d1:64:a9:
                    f0:02:6c:d7:ef:9a:eb:cf:7b:e8:5c:74:ba:e8:5e:
                    d5:fc:c5:94:61:32:58:67:fe:40:4d:e6:2a:a2:51:
                    42:b5:e8:02:f4:47:f4:f4:42:bd:f4:f5:92:0d:3d:
                    5e:a3:32:e1:3f:8a:21:c6:3e:82:80:81:2a:f8:56:
                    54:5e:eb:61:d2:c8:cf:74:88:23:cb:ba:57:44:06:
                    2d:13:58:f5:32:a3:c7:2a:aa:b9:44:33:8a:7c:8e:
                    d2:90:a8:b5:42:ac:3e:22:51:f0:71:3b:49:a0:1c:
                    86:98:36:4b:0c:c2:14:81:d2:5b:29:e4:8f:cd:e4:
                    d3:1f:76:9f:4c:40:9d:2f:7b:36:40:78:a8:c8:99:
                    b5:db:22:01:9b:a0:f7:16:f1:84:68:87:63:1b:f3:
                    50:70:73:88:68:ab:fb:fd:b9:8b:8a:53:c8:a4:fe:
                    53:fc:5b:fa:e7:6f:ca:2b:e8:83:f1:e3:06:8d:c6:
                    bc:fc:aa:39:5f:24:96:a3:62:5c:91:c8:14:5c:e7:
                    d4:0e:ba:06:13:7f:ba:e3:a8:77:63:49:7c:70:26:
                    fa:d8:bd:42:91:09:56:ec:a1:2e:d0:8e:10:47:c4:
                    0e:f9:61:df:d6:ad:a1:73:61:41:7d:c1:03:3a:0e:
                    ca:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:62:CC:48:E0:B2:90:66:CF:9C:2D:1B:D9:A9:8F:30:13:AE:E0:08
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/S2LMSOCykGbPnC0b2amPMBOu4Ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:4a:90:23:29:50:e4:15:0d:83:de:3c:d9:0b:fc:c8:62:01:
         cc:d1:41:63:77:a5:bf:dc:42:37:02:90:3c:38:e5:e2:f1:a6:
         79:bb:60:d7:0f:2b:ec:a2:9b:49:1f:44:b1:5b:e6:2d:a6:4a:
         a1:d3:bd:f1:c5:79:02:2f:22:88:36:33:77:cf:02:ff:ee:3c:
         f3:8b:c9:c5:50:d9:10:51:c3:cd:74:8a:09:dc:3a:65:be:10:
         85:02:5d:92:87:e7:b5:75:69:85:6f:2a:11:e9:5f:f6:ab:67:
         6b:aa:fc:c5:76:aa:50:ba:86:f5:9e:ac:3e:29:cd:f1:23:84:
         f5:c5:18:d2:93:29:4d:b2:e8:55:a7:6a:c2:ad:0c:8d:f9:ed:
         ec:e0:8a:e6:2e:7d:dc:78:94:d1:ea:28:64:9b:5f:9f:84:a4:
         be:3a:c3:02:29:a7:df:7f:19:a8:0c:39:c9:36:db:ca:1f:b4:
         59:7c:a9:b7:c9:fc:c6:c0:43:40:14:56:02:26:a2:df:89:4e:
         ea:d9:f3:97:7c:11:bc:ff:b2:ad:ea:a5:08:9a:ef:ac:f6:b8:
         53:7a:30:a4:cd:e3:42:d4:be:1b:b8:db:90:5e:b3:2d:a2:20:
         28:f9:91:5a:73:92:16:10:21:87:51:af:db:85:7e:2e:60:88:
         f6:14:70:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5N5gkGMuylXxGSihkzOQF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMzE3MTkzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjYyY2M0OGUwYjI5MDY2Y2Y5YzJkMWJkOWE5OGYzMDEzYWVlMDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNQZhFc3qcoXSebRZKnwAmzX75rr
z3voXHS66F7V/MWUYTJYZ/5ATeYqolFCtegC9Ef09EK99PWSDT1eozLhP4ohxj6C
gIEq+FZUXuth0sjPdIgjy7pXRAYtE1j1MqPHKqq5RDOKfI7SkKi1Qqw+IlHwcTtJ
oByGmDZLDMIUgdJbKeSPzeTTH3afTECdL3s2QHioyJm12yIBm6D3FvGEaIdjG/NQ
cHOIaKv7/bmLilPIpP5T/Fv652/KK+iD8eMGjca8/Ko5XySWo2JckcgUXOfUDroG
E3+646h3Y0l8cCb62L1CkQlW7KEu0I4QR8QO+WHf1q2hc2FBfcEDOg7K9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtizEjgspBmz5wtG9mpjzATruAIMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvUzJMTVNPQ3lrR2JQbkMwYjJhbVBNQk91NEFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGHVMA0G
CSqGSIb3DQEBCwUAA4IBAQAHSpAjKVDkFQ2D3jzZC/zIYgHM0UFjd6W/3EI3ApA8
OOXi8aZ5u2DXDyvsoptJH0SxW+Ytpkqh073xxXkCLyKINjN3zwL/7jzzi8nFUNkQ
UcPNdIoJ3DplvhCFAl2Sh+e1dWmFbyoR6V/2q2drqvzFdqpQuob1nqw+Kc3xI4T1
xRjSkylNsuhVp2rCrQyN+e3s4IrmLn3ceJTR6ihkm1+fhKS+OsMCKafffxmoDDnJ
NtvKH7RZfKm3yfzGwENAFFYCJqLfiU7q2fOXfBG8/7Kt6qUImu+s9rhTejCkzeNC
1L4buNuQXrMtoiAo+ZFac5IWECGHUa/bhX4uYIj2FHBN
-----END CERTIFICATE-----