Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/nsObN2DjPGcwLXn29XqybNz0hdw.roa
File:                     nsObN2DjPGcwLXn29XqybNz0hdw.roa (raw, json)
Hash identifier:          LniUQovzLZtOR3Vslt1uv0Oiv/eQZfXqUz8XebxPz+M=
Subject key identifier:   9E:C3:9B:37:60:E3:3C:67:30:2D:79:F6:F5:7A:B2:6C:DC:F4:85:DC
Certificate issuer:       /CN=34418e26b2aeb6eaa8143fd71830f9b354ae7bbc
Certificate serial:       019427B3706FDE877FE2516957C27DED4A52
Authority key identifier: 34:41:8E:26:B2:AE:B6:EA:A8:14:3F:D7:18:30:F9:B3:54:AE:7B:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEGOJrKutuqoFD_XGDD5s1Sue7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/nsObN2DjPGcwLXn29XqybNz0hdw.roa
Signing time:             Thu 02 Jan 2025 15:47:38 +0000
ROA not before:           Thu 02 Jan 2025 15:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211572
IP address blocks:        188.95.88.0/24 maxlen: 24
                          2a10:c140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/NEGOJrKutuqoFD_XGDD5s1Sue7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/NEGOJrKutuqoFD_XGDD5s1Sue7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEGOJrKutuqoFD_XGDD5s1Sue7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:70:6f:de:87:7f:e2:51:69:57:c2:7d:ed:4a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34418e26b2aeb6eaa8143fd71830f9b354ae7bbc
        Validity
            Not Before: Jan  2 15:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ec39b3760e33c67302d79f6f57ab26cdcf485dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d3:e9:94:84:53:b3:c4:fe:01:1c:c1:f1:21:
                    75:9e:55:35:74:1e:34:d1:36:0b:68:8d:b2:50:bc:
                    fd:4f:d2:ca:61:9b:2a:b7:d1:59:e0:14:17:80:f1:
                    21:1c:71:52:cf:81:79:ac:8c:fd:bc:53:cb:cd:37:
                    d1:f8:57:28:f0:06:94:73:f3:19:e5:c2:db:1d:08:
                    aa:10:33:40:36:3a:2c:0b:7d:2a:ce:76:7d:d8:4a:
                    6c:6d:56:63:9a:61:52:d4:82:7d:9c:5a:12:06:bb:
                    ea:3f:2b:98:64:ee:ba:7e:c5:26:8d:93:b2:93:ca:
                    48:ac:ee:e7:c7:95:ce:9f:4f:6d:df:42:ad:2b:7a:
                    a8:86:85:06:fd:91:79:c8:d9:01:6c:9c:57:6b:0f:
                    f0:ea:32:27:5e:44:ca:96:22:5f:37:17:20:f6:3f:
                    85:b3:51:8c:44:2b:77:f1:2a:86:a9:b1:5b:a0:27:
                    e1:34:95:c1:fe:24:72:4b:7d:0e:98:65:b5:07:c1:
                    32:5c:be:f7:17:67:68:1a:49:96:54:b3:bc:69:fd:
                    46:a6:a3:46:51:72:56:9c:94:ec:b8:3f:f8:b3:7e:
                    d3:9c:00:1c:33:6b:e7:3d:d2:ad:a6:b0:f3:60:ea:
                    dc:94:63:66:f7:f8:34:95:87:df:f6:90:86:ad:2b:
                    92:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C3:9B:37:60:E3:3C:67:30:2D:79:F6:F5:7A:B2:6C:DC:F4:85:DC
            X509v3 Authority Key Identifier:
                keyid:34:41:8E:26:B2:AE:B6:EA:A8:14:3F:D7:18:30:F9:B3:54:AE:7B:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEGOJrKutuqoFD_XGDD5s1Sue7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/nsObN2DjPGcwLXn29XqybNz0hdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/1d4f36-b97d-4d98-bb2c-b8a27472a896/1/NEGOJrKutuqoFD_XGDD5s1Sue7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.88.0/24
                IPv6:
                  2a10:c140::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:f8:4c:b5:5d:aa:fa:c3:8a:ab:b9:6e:f4:44:8f:b3:1e:6f:
         87:68:9c:02:b0:23:78:da:5d:14:29:b1:6a:ba:96:27:3b:23:
         b7:ed:4f:2d:20:fb:e6:ee:57:cb:53:a0:40:55:bd:59:dc:7a:
         4e:1d:91:b4:8b:f7:91:7e:8b:2e:f2:a3:7d:48:83:e2:f4:d6:
         71:20:f4:b6:34:c2:e6:ba:83:e6:11:a5:89:ff:a4:29:c6:bd:
         13:dd:ce:7b:62:3a:be:8b:53:2d:d8:f5:09:03:12:45:8c:2b:
         db:55:3a:de:10:df:69:d7:0e:13:84:f1:12:f1:8c:c4:19:62:
         34:f4:c6:d7:9e:98:83:e3:5d:c7:38:ed:55:02:c0:25:ee:d8:
         60:00:80:c1:a3:3d:1d:54:7e:33:87:55:ff:a6:d8:b7:68:bf:
         4d:36:62:7f:31:50:2e:ac:d0:df:4b:a0:41:56:e7:aa:43:37:
         45:13:75:1e:63:34:a5:2a:b9:25:b9:d7:33:8d:a1:1d:8c:57:
         3d:5e:17:ef:79:8a:ab:eb:c9:f5:19:d5:40:24:42:d5:2f:df:
         ec:99:fd:ba:22:37:a0:d3:69:db:94:16:bc:61:15:c6:30:20:
         7e:ff:93:1d:68:cd:02:1d:1a:4c:d8:39:2b:35:0e:42:44:07:
         a6:43:6b:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQns3Bv3od/4lFpV8J97UpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NDE4ZTI2YjJhZWI2ZWFhODE0M2ZkNzE4MzBmOWIzNTRh
ZTdiYmMwHhcNMjUwMTAyMTU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWMzOWIzNzYwZTMzYzY3MzAyZDc5ZjZmNTdhYjI2Y2RjZjQ4NWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdPplIRTs8T+ARzB8SF1nlU1dB40
0TYLaI2yULz9T9LKYZsqt9FZ4BQXgPEhHHFSz4F5rIz9vFPLzTfR+Fco8AaUc/MZ
5cLbHQiqEDNANjosC30qznZ92EpsbVZjmmFS1IJ9nFoSBrvqPyuYZO66fsUmjZOy
k8pIrO7nx5XOn09t30KtK3qohoUG/ZF5yNkBbJxXaw/w6jInXkTKliJfNxcg9j+F
s1GMRCt38SqGqbFboCfhNJXB/iRyS30OmGW1B8EyXL73F2doGkmWVLO8af1GpqNG
UXJWnJTsuD/4s37TnAAcM2vnPdKtprDzYOrclGNm9/g0lYff9pCGrSuSBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ7Dmzdg4zxnMC159vV6smzc9IXcMB8GA1UdIwQY
MBaAFDRBjiayrrbqqBQ/1xgw+bNUrnu8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVHT0pyS3V0dXFvRkRfWEdERDVzMVN1ZTd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xZDRmMzYtYjk3ZC00ZDk4LWJiMmMt
YjhhMjc0NzJhODk2LzEvbnNPYk4yRGpQR2N3TFhuMjlYcXliTnowaGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xZDRmMzYtYjk3ZC00ZDk4LWJiMmMtYjhhMjc0NzJhODk2
LzEvTkVHT0pyS3V0dXFvRkRfWEdERDVzMVN1ZTd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvF9YMA0E
AgACMAcDBQMqEMFAMA0GCSqGSIb3DQEBCwUAA4IBAQC1+Ey1Xar6w4qruW70RI+z
Hm+HaJwCsCN42l0UKbFqupYnOyO37U8tIPvm7lfLU6BAVb1Z3HpOHZG0i/eRfosu
8qN9SIPi9NZxIPS2NMLmuoPmEaWJ/6Qpxr0T3c57Yjq+i1Mt2PUJAxJFjCvbVTre
EN9p1w4ThPES8YzEGWI09MbXnpiD413HOO1VAsAl7thgAIDBoz0dVH4zh1X/pti3
aL9NNmJ/MVAurNDfS6BBVueqQzdFE3UeYzSlKrkludczjaEdjFc9XhfveYqr68n1
GdVAJELVL9/smf26Ijeg02nblBa8YRXGMCB+/5MdaM0CHRpM2DkrNQ5CRAemQ2vz
-----END CERTIFICATE-----