Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/7BY8w0U5VOpMEOr5_qQyvRG15Vs.roa
File:                     7BY8w0U5VOpMEOr5_qQyvRG15Vs.roa (raw, json)
Hash identifier:          lfZlUEMAJTiyXiJA/HSsDsbPbv8dtrgktEnQ6REFmwE=
Subject key identifier:   EC:16:3C:C3:45:39:54:EA:4C:10:EA:F9:FE:A4:32:BD:11:B5:E5:5B
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014CD8C9029F0FB9B8A6FFBA67DE81
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/7BY8w0U5VOpMEOr5_qQyvRG15Vs.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209371
IP address blocks:        88.216.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4c:d8:c9:02:9f:0f:b9:b8:a6:ff:ba:67:de:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec163cc3453954ea4c10eaf9fea432bd11b5e55b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:db:2e:fa:04:92:0a:de:25:e7:f8:6f:f7:72:
                    ef:a9:91:41:ca:c7:96:12:2e:e6:e8:3a:88:b4:88:
                    2b:44:0f:7d:6f:f8:ed:a6:fd:66:e1:9b:2a:1c:dc:
                    8b:20:2c:c7:f1:79:45:1b:cf:d1:9b:14:18:63:9f:
                    ef:51:45:9a:e9:6e:45:4b:65:f3:4e:ad:63:b1:68:
                    5d:44:fc:da:5d:5c:7b:7a:08:75:de:9f:56:6c:43:
                    90:f1:4e:63:58:80:08:f1:10:40:63:83:10:99:24:
                    2c:cc:cf:5e:58:c8:fa:28:6b:57:26:c1:71:4d:f5:
                    78:71:db:87:b5:83:f1:10:db:37:a0:71:7c:1a:f4:
                    86:4a:c0:90:51:0c:11:ee:e5:81:46:58:6a:b7:4e:
                    7b:41:4d:76:6b:35:ec:98:1f:bd:c5:f4:20:0e:2f:
                    eb:17:81:0a:1b:65:42:0d:9c:8a:f0:0f:ce:9c:a8:
                    28:15:03:16:ff:1a:41:5b:19:9a:c0:a0:12:92:36:
                    55:62:d0:08:2b:a7:16:31:15:01:68:f4:5b:75:22:
                    44:a9:b9:5c:19:15:95:d8:3c:49:f1:5e:7c:41:b2:
                    fd:8d:f7:19:fc:f9:2d:e6:45:ee:e9:4c:eb:87:1f:
                    5f:04:27:7d:7c:d9:55:ff:66:b4:68:2e:87:15:57:
                    12:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:16:3C:C3:45:39:54:EA:4C:10:EA:F9:FE:A4:32:BD:11:B5:E5:5B
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/7BY8w0U5VOpMEOr5_qQyvRG15Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:23:7f:94:a3:46:90:8a:d8:c8:c5:b4:e7:bd:0d:fb:37:25:
         8a:07:bd:f2:72:e2:a5:3e:42:2b:fb:66:3a:e4:d6:68:d6:7c:
         75:13:30:33:f6:d2:ec:3b:7f:21:21:b3:3e:ae:3b:3c:d3:0f:
         e3:d8:d7:da:1b:98:e1:06:50:33:da:6f:d0:80:6d:60:2f:f0:
         82:fd:4f:05:a8:15:51:af:47:f5:01:bb:2b:0e:e7:0a:fe:26:
         7f:01:d1:ba:f5:3a:79:ea:16:45:e9:36:8f:1d:94:2c:c5:15:
         b5:20:59:da:c4:e9:8a:17:42:5d:7b:6c:97:01:68:63:1f:f8:
         31:65:0e:d2:5f:33:d0:f3:ed:e2:96:08:89:95:51:a6:9a:3d:
         6e:6b:bf:39:53:d3:f7:07:37:49:c5:86:c5:b5:2a:1b:01:94:
         72:b4:ca:87:e5:a7:70:5c:01:44:68:d1:bb:b8:75:8a:6b:74:
         60:10:e1:6c:bf:68:ac:98:0b:29:19:e1:e8:e7:92:b5:70:37:
         b3:16:2c:d1:03:3d:e7:9f:99:55:86:8b:5b:e0:1e:4b:61:54:
         9b:c9:08:20:1c:95:cd:67:cf:c2:d0:8c:ab:0d:73:a7:64:01:
         c7:12:72:25:a7:29:04:09:dd:5a:c3:8d:9b:87:7d:8d:e6:52:
         fd:a9:a7:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUzYyQKfD7m4pv+6Z96BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzE2M2NjMzQ1Mzk1NGVhNGMxMGVhZjlmZWE0MzJiZDExYjVlNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9su+gSSCt4l5/hv93LvqZFByseW
Ei7m6DqItIgrRA99b/jtpv1m4ZsqHNyLICzH8XlFG8/RmxQYY5/vUUWa6W5FS2Xz
Tq1jsWhdRPzaXVx7egh13p9WbEOQ8U5jWIAI8RBAY4MQmSQszM9eWMj6KGtXJsFx
TfV4cduHtYPxENs3oHF8GvSGSsCQUQwR7uWBRlhqt057QU12azXsmB+9xfQgDi/r
F4EKG2VCDZyK8A/OnKgoFQMW/xpBWxmawKASkjZVYtAIK6cWMRUBaPRbdSJEqblc
GRWV2DxJ8V58QbL9jfcZ/Pkt5kXu6Uzrhx9fBCd9fNlV/2a0aC6HFVcSDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwWPMNFOVTqTBDq+f6kMr0RteVbMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvN0JZOHcwVTVWT3BNRU9yNV9xUXl2UkcxNVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNhgMA0G
CSqGSIb3DQEBCwUAA4IBAQARI3+Uo0aQitjIxbTnvQ37NyWKB73ycuKlPkIr+2Y6
5NZo1nx1EzAz9tLsO38hIbM+rjs80w/j2NfaG5jhBlAz2m/QgG1gL/CC/U8FqBVR
r0f1AbsrDucK/iZ/AdG69Tp56hZF6TaPHZQsxRW1IFnaxOmKF0Jde2yXAWhjH/gx
ZQ7SXzPQ8+3ilgiJlVGmmj1ua785U9P3BzdJxYbFtSobAZRytMqH5adwXAFEaNG7
uHWKa3RgEOFsv2ismAspGeHo55K1cDezFizRAz3nn5lVhotb4B5LYVSbyQggHJXN
Z8/C0IyrDXOnZAHHEnIlpykECd1aw42bh32N5lL9qaff
-----END CERTIFICATE-----