Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/99aLGGncA7ONgf1gcUfCn5t2xm0.roa
File:                     99aLGGncA7ONgf1gcUfCn5t2xm0.roa (raw, json)
Hash identifier:          cakgZCw2cJAcqhZM3jwQUZhMCGO4As9K3/h8++ohNgA=
Subject key identifier:   F7:D6:8B:18:69:DC:03:B3:8D:81:FD:60:71:47:C2:9F:9B:76:C6:6D
Certificate issuer:       /CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
Certificate serial:       018CC64B746F62C81B03AAC5CDC12CCF9450
Authority key identifier: 88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/99aLGGncA7ONgf1gcUfCn5t2xm0.roa
Signing time:             Mon 01 Jan 2024 18:31:22 +0000
ROA not before:           Mon 01 Jan 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8751
IP address blocks:        195.245.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:74:6f:62:c8:1b:03:aa:c5:cd:c1:2c:cf:94:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7d68b1869dc03b38d81fd607147c29f9b76c66d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:74:63:56:d1:b1:a8:0d:46:9e:8a:67:61:fa:
                    01:35:02:f9:79:02:46:41:a4:0b:4b:bf:78:b2:64:
                    b8:83:d4:c0:76:c9:e5:2e:70:c9:5f:41:62:1f:81:
                    c5:9c:b9:7c:2d:93:77:4a:7b:0f:3a:9e:07:25:4e:
                    81:20:ea:1f:e4:71:4f:2f:72:69:e7:d2:4c:1a:51:
                    5c:f0:4d:e2:45:3b:da:55:14:74:4b:da:26:14:7a:
                    76:65:42:14:50:28:39:b4:f5:70:1d:5b:f2:7f:fd:
                    cc:ad:8a:06:ef:65:c3:56:33:56:76:12:4f:5c:bb:
                    5b:bc:ea:5e:a4:7c:6a:38:e0:aa:50:6d:76:5c:5f:
                    ad:0a:62:76:87:ed:58:9b:63:1b:67:23:19:23:a3:
                    77:9e:d6:01:95:80:6c:47:7c:10:c7:6f:17:ac:30:
                    97:a2:4a:e4:41:32:c9:02:97:c6:66:f3:9d:c9:33:
                    21:87:bc:07:11:4c:d2:d9:e1:41:06:8d:f2:7b:63:
                    11:39:c4:d0:a9:2b:91:c4:d5:10:6f:83:27:3d:7a:
                    24:f2:b0:ce:1f:c1:80:f1:b2:aa:16:7d:b6:12:d8:
                    ba:51:eb:61:58:d3:2b:13:68:8c:98:25:f9:2a:cb:
                    8b:98:1f:68:d6:df:3e:0b:f2:3b:51:fd:47:7e:87:
                    f2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D6:8B:18:69:DC:03:B3:8D:81:FD:60:71:47:C2:9F:9B:76:C6:6D
            X509v3 Authority Key Identifier:
                keyid:88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/99aLGGncA7ONgf1gcUfCn5t2xm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:1a:0c:81:7c:20:bb:dd:d2:24:47:9a:12:9e:94:18:8a:61:
         45:c5:72:d9:d4:2c:65:2b:24:5c:a4:7c:bd:79:dd:0b:61:17:
         31:78:e5:28:00:b0:e3:cc:c0:ad:18:4e:dc:7a:00:d7:c6:92:
         77:c8:64:52:9d:67:df:4b:10:8f:5f:df:39:56:30:15:06:28:
         12:09:ec:ea:b8:dc:dd:90:81:7c:5b:b6:3a:53:d8:c8:a9:c9:
         c8:e4:21:7f:ed:a7:85:91:1f:c4:ac:3d:2c:5f:b5:39:a6:39:
         3b:df:b4:10:e0:40:be:1f:55:a8:0e:a4:03:6c:93:be:52:74:
         aa:a0:d0:c6:3b:b0:61:d7:d0:d2:f1:b4:92:25:65:76:94:f1:
         bc:d3:79:7f:6b:61:85:e6:c1:2c:34:3a:8d:bf:03:03:66:05:
         b5:c2:60:fd:13:c7:04:cb:ca:f9:8b:f5:19:b9:a6:2b:80:30:
         dd:ec:0d:30:13:62:08:23:71:f9:6f:38:d1:4d:c3:63:dc:4d:
         ee:53:3a:69:d0:26:00:8b:56:16:70:06:f4:a5:28:7f:23:68:
         34:f4:41:bc:55:e3:5e:42:28:8d:89:64:ed:21:0c:a8:61:60:
         a5:4a:3d:8d:fe:35:77:ea:a9:6f:7b:a9:59:56:6a:da:33:4b:
         8c:5b:2a:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3RvYsgbA6rFzcEsz5RQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YTVhYjY2OWZhYmU3MmRlYzJlODM3ODQ3NmE3ZTkxNWMy
NGVkY2YwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Q2OGIxODY5ZGMwM2IzOGQ4MWZkNjA3MTQ3YzI5ZjliNzZjNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknRjVtGxqA1GnopnYfoBNQL5eQJG
QaQLS794smS4g9TAdsnlLnDJX0FiH4HFnLl8LZN3SnsPOp4HJU6BIOof5HFPL3Jp
59JMGlFc8E3iRTvaVRR0S9omFHp2ZUIUUCg5tPVwHVvyf/3MrYoG72XDVjNWdhJP
XLtbvOpepHxqOOCqUG12XF+tCmJ2h+1Ym2MbZyMZI6N3ntYBlYBsR3wQx28XrDCX
okrkQTLJApfGZvOdyTMhh7wHEUzS2eFBBo3ye2MROcTQqSuRxNUQb4MnPXok8rDO
H8GA8bKqFn22Eti6UethWNMrE2iMmCX5KsuLmB9o1t8+C/I7Uf1HfofyhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfWixhp3AOzjYH9YHFHwp+bdsZtMB8GA1UdIwQY
MBaAFIilq2afq+ct7C6DeEdqfpFcJO3PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTkt
MTVhMDIwN2Q0NjA5LzEvOTlhTEdHbmNBN09OZ2YxZ2NVZkNuNXQyeG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTktMTVhMDIwN2Q0NjA5
LzEvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XcMA0G
CSqGSIb3DQEBCwUAA4IBAQAkGgyBfCC73dIkR5oSnpQYimFFxXLZ1CxlKyRcpHy9
ed0LYRcxeOUoALDjzMCtGE7cegDXxpJ3yGRSnWffSxCPX985VjAVBigSCezquNzd
kIF8W7Y6U9jIqcnI5CF/7aeFkR/ErD0sX7U5pjk737QQ4EC+H1WoDqQDbJO+UnSq
oNDGO7Bh19DS8bSSJWV2lPG803l/a2GF5sEsNDqNvwMDZgW1wmD9E8cEy8r5i/UZ
uaYrgDDd7A0wE2III3H5bzjRTcNj3E3uUzpp0CYAi1YWcAb0pSh/I2g09EG8VeNe
QiiNiWTtIQyoYWClSj2N/jV36qlve6lZVmraM0uMWyrC
-----END CERTIFICATE-----