Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/p31sX4KAjXzrdttwl5Y6gAP7RRQ.roa
File:                     p31sX4KAjXzrdttwl5Y6gAP7RRQ.roa (raw, json)
Hash identifier:          XAQznfwbCXCXQ2hZzfXQjRdBhA2N6dlK8WjtDYarJ6Y=
Subject key identifier:   A7:7D:6C:5F:82:80:8D:7C:EB:76:DB:70:97:96:3A:80:03:FB:45:14
Certificate issuer:       /CN=f75b02a29c766e5b13b3eb176a971c12dde1d4ce
Certificate serial:       018CC3489C8B176E76F8C8618D739A7D1B01
Authority key identifier: F7:5B:02:A2:9C:76:6E:5B:13:B3:EB:17:6A:97:1C:12:DD:E1:D4:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/91sCopx2blsTs-sXapccEt3h1M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/p31sX4KAjXzrdttwl5Y6gAP7RRQ.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39145
IP address blocks:        88.82.96.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/91sCopx2blsTs-sXapccEt3h1M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/91sCopx2blsTs-sXapccEt3h1M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/91sCopx2blsTs-sXapccEt3h1M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9c:8b:17:6e:76:f8:c8:61:8d:73:9a:7d:1b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75b02a29c766e5b13b3eb176a971c12dde1d4ce
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a77d6c5f82808d7ceb76db7097963a8003fb4514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:52:12:2c:e3:ac:1b:11:2d:5a:0b:ca:d0:2e:
                    9a:9d:6b:92:c9:ff:74:c0:1d:b2:65:d5:f8:d6:13:
                    74:80:2f:2a:9e:61:46:9a:0e:7a:d6:4a:c7:a8:77:
                    d2:5f:0d:06:dd:94:93:55:40:a3:cf:40:16:19:c2:
                    a7:3d:7c:31:72:6c:3e:f7:04:2f:e4:c1:41:ca:17:
                    51:c7:93:58:cd:cb:fb:0c:46:39:c7:1b:eb:75:02:
                    21:bc:e2:05:4f:01:d0:0e:f2:c0:33:a6:d8:93:16:
                    90:e9:5c:33:9d:64:9f:ff:37:4b:b7:17:2e:4f:61:
                    20:d3:83:34:35:1b:3f:a0:22:34:b3:9b:cb:d3:51:
                    15:f9:ec:cf:0c:7d:3c:8a:65:03:04:fd:f5:b5:4b:
                    59:8c:c8:04:ac:67:e1:4b:49:19:86:27:ff:be:25:
                    78:c3:40:ba:d8:3f:9d:c9:13:a7:b8:fa:1e:ae:4e:
                    b7:09:6c:33:ce:f5:4a:43:76:f7:cd:ef:e8:15:1a:
                    b1:48:14:42:79:73:fd:22:5e:45:15:f2:28:1f:bc:
                    30:e9:6b:58:ff:5a:64:90:c7:3c:60:a6:91:3a:ee:
                    8e:2b:6b:34:49:5b:d6:3e:d4:81:4f:bc:5a:ac:40:
                    da:fc:39:f2:ab:ac:6f:98:c5:42:15:9b:19:6e:3a:
                    e3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7D:6C:5F:82:80:8D:7C:EB:76:DB:70:97:96:3A:80:03:FB:45:14
            X509v3 Authority Key Identifier:
                keyid:F7:5B:02:A2:9C:76:6E:5B:13:B3:EB:17:6A:97:1C:12:DD:E1:D4:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/91sCopx2blsTs-sXapccEt3h1M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/p31sX4KAjXzrdttwl5Y6gAP7RRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/0a9ff2-7df8-43f3-a31f-bcdbb542cb5a/1/91sCopx2blsTs-sXapccEt3h1M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.82.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         96:ce:05:11:a4:cc:b1:b7:ac:60:bc:7f:4c:36:a1:97:b9:13:
         92:d5:cd:ce:f3:ed:f1:f0:03:f1:8e:67:e8:e1:5e:1f:86:bd:
         dc:ba:07:30:60:4a:5f:52:59:40:a3:db:3d:14:ee:96:84:9a:
         6c:74:7d:73:3f:cb:46:e6:e0:b9:ea:0d:12:56:4a:cd:57:15:
         1f:95:61:71:a0:c2:51:87:1d:b4:cc:0f:c1:8f:b1:34:db:2e:
         09:d3:55:4a:1b:f9:7f:7b:1a:2d:d0:f5:31:61:1b:9a:ed:db:
         98:2b:20:1b:ed:e6:b9:5e:ad:9b:c1:f5:b6:27:27:f0:6a:dc:
         7d:00:a4:09:9c:a0:cc:e8:ab:16:fd:4d:b7:8c:28:e3:96:b9:
         0b:ea:c1:24:57:c6:24:ba:78:ba:b5:f7:65:52:5f:2d:0a:a8:
         b2:3b:88:10:32:06:eb:9e:ef:3a:1b:c2:52:59:d5:f0:22:c6:
         8a:97:75:39:cb:9d:88:db:dc:e3:11:c1:5e:3f:62:5e:5a:de:
         75:29:ba:91:b1:05:29:10:09:23:17:d2:09:b9:65:06:8d:b8:
         6d:07:dd:4c:f2:d4:06:ce:09:2b:aa:8a:70:c1:4d:01:82:62:
         7d:41:0e:12:b2:de:ad:ed:e4:fc:e5:fc:c7:d8:5b:4b:70:51:
         23:0d:75:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJyLF252+MhhjXOafRsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWIwMmEyOWM3NjZlNWIxM2IzZWIxNzZhOTcxYzEyZGRl
MWQ0Y2UwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdkNmM1ZjgyODA4ZDdjZWI3NmRiNzA5Nzk2M2E4MDAzZmI0NTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFISLOOsGxEtWgvK0C6anWuSyf90
wB2yZdX41hN0gC8qnmFGmg561krHqHfSXw0G3ZSTVUCjz0AWGcKnPXwxcmw+9wQv
5MFByhdRx5NYzcv7DEY5xxvrdQIhvOIFTwHQDvLAM6bYkxaQ6VwznWSf/zdLtxcu
T2Eg04M0NRs/oCI0s5vL01EV+ezPDH08imUDBP31tUtZjMgErGfhS0kZhif/viV4
w0C62D+dyROnuPoerk63CWwzzvVKQ3b3ze/oFRqxSBRCeXP9Il5FFfIoH7ww6WtY
/1pkkMc8YKaROu6OK2s0SVvWPtSBT7xarEDa/Dnyq6xvmMVCFZsZbjrjZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd9bF+CgI1863bbcJeWOoAD+0UUMB8GA1UdIwQY
MBaAFPdbAqKcdm5bE7PrF2qXHBLd4dTOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTFzQ29weDJibHNUcy1zWGFwY2NFdDNoMU00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8wYTlmZjItN2RmOC00M2YzLWEzMWYt
YmNkYmI1NDJjYjVhLzEvcDMxc1g0S0FqWHpyZHR0d2w1WTZnQVA3UlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8wYTlmZjItN2RmOC00M2YzLWEzMWYtYmNkYmI1NDJjYjVh
LzEvOTFzQ29weDJibHNUcy1zWGFwY2NFdDNoMU00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWFJgMA0G
CSqGSIb3DQEBCwUAA4IBAQCWzgURpMyxt6xgvH9MNqGXuROS1c3O8+3x8APxjmfo
4V4fhr3cugcwYEpfUllAo9s9FO6WhJpsdH1zP8tG5uC56g0SVkrNVxUflWFxoMJR
hx20zA/Bj7E02y4J01VKG/l/exot0PUxYRua7duYKyAb7ea5Xq2bwfW2Jyfwatx9
AKQJnKDM6KsW/U23jCjjlrkL6sEkV8Ykuni6tfdlUl8tCqiyO4gQMgbrnu86G8JS
WdXwIsaKl3U5y52I29zjEcFeP2JeWt51KbqRsQUpEAkjF9IJuWUGjbhtB91M8tQG
zgkrqopwwU0BgmJ9QQ4Sst6t7eT85fzH2FtLcFEjDXWf
-----END CERTIFICATE-----