Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XEtaDT0YjvtJCZ6gOV18zb12aW8.roa
File:                     XEtaDT0YjvtJCZ6gOV18zb12aW8.roa (raw, json)
Hash identifier:          gApTxZ3FLt09iBiYntacMzRVW6/ybC6npt6BkVK+zIA=
Subject key identifier:   5C:4B:5A:0D:3D:18:8E:FB:49:09:9E:A0:39:5D:7C:CD:BD:76:69:6F
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018CC8018CE9677F33589FF9E21ACD79403D
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XEtaDT0YjvtJCZ6gOV18zb12aW8.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211415
IP address blocks:        88.218.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8c:e9:67:7f:33:58:9f:f9:e2:1a:cd:79:40:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c4b5a0d3d188efb49099ea0395d7ccdbd76696f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:8c:09:2f:46:02:1a:5e:67:f7:13:ce:32:ab:
                    c9:48:6f:b7:1f:45:03:74:41:7a:22:b4:3f:0b:95:
                    2d:48:db:0b:a4:d4:a5:98:e5:c3:5b:95:28:80:ed:
                    69:eb:e6:91:2f:ef:df:b0:2e:37:ae:bf:16:21:c9:
                    87:94:bd:cb:c8:0d:0a:99:56:19:a3:89:c7:60:e5:
                    36:09:5b:8d:17:6b:a4:bf:67:c4:f0:c2:d0:e5:e6:
                    e4:6c:73:9a:a6:9c:9f:59:50:1e:74:d5:47:c8:fe:
                    6e:f0:c7:77:2d:4a:6e:cb:b5:d0:67:88:21:a9:0c:
                    f1:ec:6c:d7:0d:83:ac:0c:a5:54:c1:e4:02:29:24:
                    5d:d1:dc:2b:63:9f:40:f9:2b:ad:81:7a:84:2b:b0:
                    f9:76:35:a0:c2:e1:55:39:5e:bc:aa:a9:98:ff:65:
                    ef:71:d3:b6:1d:ec:f8:50:bf:64:30:75:5e:de:e0:
                    ab:77:30:2b:96:bc:0c:e2:f1:5e:08:1f:fc:40:10:
                    68:58:ff:5f:90:2c:2b:3c:b7:ea:a6:15:e2:53:1f:
                    3d:7a:ab:13:00:b2:98:8b:94:69:b6:be:ed:75:30:
                    c8:7b:2f:f4:b4:62:86:e1:47:7e:5d:01:f3:83:54:
                    4b:bb:db:e9:a8:f5:ba:11:43:e9:9f:a8:e4:3b:34:
                    ef:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:4B:5A:0D:3D:18:8E:FB:49:09:9E:A0:39:5D:7C:CD:BD:76:69:6F
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XEtaDT0YjvtJCZ6gOV18zb12aW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:01:2c:15:e1:dd:a9:86:fb:de:d1:09:b5:92:07:77:fe:c5:
         c4:10:38:e7:12:6c:0b:42:65:c1:33:bf:b3:1b:07:a9:df:7e:
         a8:7d:3c:d3:86:23:d8:b1:ca:cf:f9:32:d7:00:58:47:5f:10:
         cf:59:b0:66:31:e9:7d:a2:6a:a9:f2:fe:64:2c:07:dd:04:41:
         51:e5:81:d4:59:8a:4f:a9:72:39:f5:4e:e3:08:b5:88:2c:d3:
         82:f7:38:3f:92:72:a2:c5:a4:78:38:5f:c2:f8:dd:57:51:67:
         57:2b:05:eb:29:29:7b:c6:4d:10:2a:24:04:d0:04:1a:f9:46:
         e6:5e:58:1d:b8:6d:90:6c:54:85:c9:71:36:d4:71:2a:57:03:
         b2:4e:37:89:f3:c4:50:46:6f:97:29:dc:f5:54:e3:03:e1:76:
         45:2a:33:94:d7:d8:a1:05:9b:d3:98:ce:36:f6:61:f0:88:aa:
         2d:67:ab:95:62:b5:12:97:85:0e:52:ce:44:da:c0:df:63:10:
         e0:32:09:24:8f:7a:5d:80:ba:c4:33:a3:14:a9:61:74:78:e8:
         24:3c:fe:e1:2f:7e:e6:53:b4:6f:06:47:93:42:47:19:6c:20:
         c7:ff:9d:f0:80:cf:0a:55:11:7f:d1:57:3a:e4:38:13:f3:70:
         34:5e:16:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYzpZ38zWJ/54hrNeUA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzRiNWEwZDNkMTg4ZWZiNDkwOTllYTAzOTVkN2NjZGJkNzY2OTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9IwJL0YCGl5n9xPOMqvJSG+3H0UD
dEF6IrQ/C5UtSNsLpNSlmOXDW5UogO1p6+aRL+/fsC43rr8WIcmHlL3LyA0KmVYZ
o4nHYOU2CVuNF2ukv2fE8MLQ5ebkbHOappyfWVAedNVHyP5u8Md3LUpuy7XQZ4gh
qQzx7GzXDYOsDKVUweQCKSRd0dwrY59A+SutgXqEK7D5djWgwuFVOV68qqmY/2Xv
cdO2Hez4UL9kMHVe3uCrdzArlrwM4vFeCB/8QBBoWP9fkCwrPLfqphXiUx89eqsT
ALKYi5Rptr7tdTDIey/0tGKG4Ud+XQHzg1RLu9vpqPW6EUPpn6jkOzTvtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxLWg09GI77SQmeoDldfM29dmlvMB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvWEV0YURUMFlqdnRKQ1o2Z09WMTh6YjEyYVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNopMA0G
CSqGSIb3DQEBCwUAA4IBAQBTASwV4d2phvve0Qm1kgd3/sXEEDjnEmwLQmXBM7+z
Gwep336ofTzThiPYscrP+TLXAFhHXxDPWbBmMel9omqp8v5kLAfdBEFR5YHUWYpP
qXI59U7jCLWILNOC9zg/knKixaR4OF/C+N1XUWdXKwXrKSl7xk0QKiQE0AQa+Ubm
XlgduG2QbFSFyXE21HEqVwOyTjeJ88RQRm+XKdz1VOMD4XZFKjOU19ihBZvTmM42
9mHwiKotZ6uVYrUSl4UOUs5E2sDfYxDgMgkkj3pdgLrEM6MUqWF0eOgkPP7hL37m
U7RvBkeTQkcZbCDH/53wgM8KVRF/0Vc65DgT83A0XhYe
-----END CERTIFICATE-----