Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/o8_IlbSQ3cXHYXMbc1tPtWdTi0E.roa
File:                     o8_IlbSQ3cXHYXMbc1tPtWdTi0E.roa (raw, json)
Hash identifier:          C68/9kqfDMWeXJJ6ucBieAev1p5TyaKUVJ0Ui5219wc=
Subject key identifier:   A3:CF:C8:95:B4:90:DD:C5:C7:61:73:1B:73:5B:4F:B5:67:53:8B:41
Certificate issuer:       /CN=63b82772af3d611b99b1ba6e3eb6cbfd16965363
Certificate serial:       018CC6B9036B210A1378B423A5A9A6A14933
Authority key identifier: 63:B8:27:72:AF:3D:61:1B:99:B1:BA:6E:3E:B6:CB:FD:16:96:53:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y7gncq89YRuZsbpuPrbL_RaWU2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/o8_IlbSQ3cXHYXMbc1tPtWdTi0E.roa
Signing time:             Mon 01 Jan 2024 20:31:02 +0000
ROA not before:           Mon 01 Jan 2024 20:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6866
IP address blocks:        88.218.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/Y7gncq89YRuZsbpuPrbL_RaWU2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/Y7gncq89YRuZsbpuPrbL_RaWU2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y7gncq89YRuZsbpuPrbL_RaWU2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:03:6b:21:0a:13:78:b4:23:a5:a9:a6:a1:49:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63b82772af3d611b99b1ba6e3eb6cbfd16965363
        Validity
            Not Before: Jan  1 20:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3cfc895b490ddc5c761731b735b4fb567538b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:42:fd:80:3e:71:cb:ae:83:1c:81:97:6b:94:
                    60:9a:5a:0f:a7:73:0d:66:5b:9e:c8:36:1b:ea:c5:
                    82:74:9f:39:66:aa:b3:76:1d:4d:7b:4a:e5:48:b9:
                    7d:38:45:be:e1:c5:1b:f6:ff:eb:4a:71:40:38:44:
                    68:c2:9e:35:5a:f2:f6:26:b1:88:b8:cb:a2:5b:47:
                    d3:4a:1f:11:59:bb:bc:58:5a:eb:91:9f:b1:a5:9b:
                    ae:07:18:23:45:29:ce:18:4c:b9:81:69:a3:5f:de:
                    0e:54:e6:fa:8c:fb:b7:6c:15:40:e5:b9:25:9c:b4:
                    8e:93:70:ad:ee:5b:9f:58:ba:be:72:10:42:55:36:
                    60:2d:56:f8:54:bb:9d:0b:7e:5b:6e:ca:4e:4b:fc:
                    cc:44:48:0d:04:f1:d9:fb:dc:45:a7:2d:27:11:b9:
                    95:db:59:36:56:7b:67:14:61:ea:60:26:b0:a2:3c:
                    3a:2f:45:4a:65:af:63:38:54:8d:47:63:ba:6d:48:
                    37:c4:7d:76:86:df:35:7e:80:fc:ec:52:95:06:02:
                    44:74:7e:68:4e:54:57:fc:30:b5:16:8b:38:ab:43:
                    1e:e4:52:b5:c6:b8:19:47:a4:7c:90:e1:48:e8:25:
                    17:d4:44:e5:d0:9d:49:40:fb:e3:89:50:e2:f2:32:
                    ac:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CF:C8:95:B4:90:DD:C5:C7:61:73:1B:73:5B:4F:B5:67:53:8B:41
            X509v3 Authority Key Identifier:
                keyid:63:B8:27:72:AF:3D:61:1B:99:B1:BA:6E:3E:B6:CB:FD:16:96:53:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y7gncq89YRuZsbpuPrbL_RaWU2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/o8_IlbSQ3cXHYXMbc1tPtWdTi0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb0d91-8270-4550-8fac-0ce2038aaa7b/1/Y7gncq89YRuZsbpuPrbL_RaWU2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:44:26:e5:a8:0e:2e:11:3a:e0:79:63:eb:40:38:6c:98:fc:
         c0:0a:94:0c:72:cd:91:90:34:31:e8:00:98:d9:93:f5:a5:9f:
         16:9e:23:78:02:46:36:f1:9f:76:d9:cd:4f:4a:22:c4:14:b2:
         7d:ed:83:c5:c1:d2:66:0b:34:12:d2:ec:39:b0:5e:fc:ab:ce:
         af:94:8f:e0:64:ea:d4:3c:b4:11:84:cc:7e:fa:af:ef:d4:16:
         d5:d5:fd:a6:9c:80:84:9d:89:e8:58:64:49:35:01:73:c3:c2:
         d8:25:35:ec:1c:7a:f1:65:8b:ea:a0:27:5a:d9:2b:49:8f:e3:
         35:22:11:74:ec:b6:00:03:80:33:1f:8d:e8:c6:06:81:a4:5b:
         6c:4d:27:4c:19:33:e8:48:75:9f:0a:f3:d4:68:8f:4f:e4:15:
         2d:c5:70:af:18:eb:c3:02:e9:40:27:bf:df:0a:fc:59:45:6a:
         eb:7a:fa:e6:9d:2c:42:a3:ec:70:b9:d6:fa:f1:a1:a5:36:f5:
         f1:00:9d:9d:bc:f2:28:95:fe:30:8c:58:2b:17:f6:58:bb:fa:
         94:e8:eb:e0:bc:67:85:32:6a:fe:92:27:df:09:8b:33:e8:6d:
         7a:0e:9c:6c:cd:7f:26:d4:ec:a4:6f:19:aa:4d:ff:1c:03:a8:
         3c:49:98:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQNrIQoTeLQjpammoUkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYjgyNzcyYWYzZDYxMWI5OWIxYmE2ZTNlYjZjYmZkMTY5
NjUzNjMwHhcNMjQwMTAxMjAzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NmYzg5NWI0OTBkZGM1Yzc2MTczMWI3MzViNGZiNTY3NTM4YjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUL9gD5xy66DHIGXa5RgmloPp3MN
ZlueyDYb6sWCdJ85Zqqzdh1Ne0rlSLl9OEW+4cUb9v/rSnFAOERowp41WvL2JrGI
uMuiW0fTSh8RWbu8WFrrkZ+xpZuuBxgjRSnOGEy5gWmjX94OVOb6jPu3bBVA5bkl
nLSOk3Ct7lufWLq+chBCVTZgLVb4VLudC35bbspOS/zMREgNBPHZ+9xFpy0nEbmV
21k2VntnFGHqYCawojw6L0VKZa9jOFSNR2O6bUg3xH12ht81foD87FKVBgJEdH5o
TlRX/DC1Fos4q0Me5FK1xrgZR6R8kOFI6CUX1ETl0J1JQPvjiVDi8jKs0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPPyJW0kN3Fx2FzG3NbT7VnU4tBMB8GA1UdIwQY
MBaAFGO4J3KvPWEbmbG6bj62y/0WllNjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTdnbmNxODlZUnVac2JwdVByYkxfUmFXVTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9jYjBkOTEtODI3MC00NTUwLThmYWMt
MGNlMjAzOGFhYTdiLzEvbzhfSWxiU1EzY1hIWVhNYmMxdFB0V2RUaTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9jYjBkOTEtODI3MC00NTUwLThmYWMtMGNlMjAzOGFhYTdi
LzEvWTdnbmNxODlZUnVac2JwdVByYkxfUmFXVTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNroMA0G
CSqGSIb3DQEBCwUAA4IBAQAMRCblqA4uETrgeWPrQDhsmPzACpQMcs2RkDQx6ACY
2ZP1pZ8WniN4AkY28Z922c1PSiLEFLJ97YPFwdJmCzQS0uw5sF78q86vlI/gZOrU
PLQRhMx++q/v1BbV1f2mnICEnYnoWGRJNQFzw8LYJTXsHHrxZYvqoCda2StJj+M1
IhF07LYAA4AzH43oxgaBpFtsTSdMGTPoSHWfCvPUaI9P5BUtxXCvGOvDAulAJ7/f
CvxZRWrrevrmnSxCo+xwudb68aGlNvXxAJ2dvPIolf4wjFgrF/ZYu/qU6OvgvGeF
Mmr+kiffCYsz6G16DpxszX8m1OykbxmqTf8cA6g8SZji
-----END CERTIFICATE-----