Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/U7DaBVV52jaGT8DV_sIgEJFPXHg.roa
File:                     U7DaBVV52jaGT8DV_sIgEJFPXHg.roa (raw, json)
Hash identifier:          pRGMZYEgachGXnu9R3uHOn0Pi/79J4M8YJXqvCE+jjo=
Subject key identifier:   53:B0:DA:05:55:79:DA:36:86:4F:C0:D5:FE:C2:20:10:91:4F:5C:78
Certificate issuer:       /CN=36e1533c3ff94b18c308f1b1c95ba44eb1f0ec77
Certificate serial:       018CC56ECAA2B2D46EABD2679365E177DC53
Authority key identifier: 36:E1:53:3C:3F:F9:4B:18:C3:08:F1:B1:C9:5B:A4:4E:B1:F0:EC:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NuFTPD_5SxjDCPGxyVukTrHw7Hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/U7DaBVV52jaGT8DV_sIgEJFPXHg.roa
Signing time:             Mon 01 Jan 2024 14:30:21 +0000
ROA not before:           Mon 01 Jan 2024 14:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25460
IP address blocks:        88.214.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/NuFTPD_5SxjDCPGxyVukTrHw7Hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/NuFTPD_5SxjDCPGxyVukTrHw7Hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NuFTPD_5SxjDCPGxyVukTrHw7Hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ca:a2:b2:d4:6e:ab:d2:67:93:65:e1:77:dc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36e1533c3ff94b18c308f1b1c95ba44eb1f0ec77
        Validity
            Not Before: Jan  1 14:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53b0da055579da36864fc0d5fec22010914f5c78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8f:7d:98:24:b6:5e:c2:0f:6b:ef:4c:fe:52:
                    95:52:eb:97:aa:d5:95:7e:98:8a:79:8a:e3:b0:a1:
                    22:df:50:2c:66:a4:d7:ae:74:12:b3:de:f2:79:9e:
                    eb:96:51:17:45:7d:30:f5:3e:01:6d:b0:68:79:48:
                    ce:ff:8b:e1:ff:c2:f4:3b:a1:9b:f9:e4:88:ff:5d:
                    7f:e6:3c:cf:bd:6b:a5:3b:22:a1:f7:a7:21:b6:ec:
                    df:db:35:90:56:4f:36:0c:b7:3a:50:9a:66:ce:3c:
                    61:95:0f:55:0e:40:42:7f:cc:8f:b8:74:29:07:07:
                    5f:6a:94:d9:31:a8:74:b0:ac:76:28:42:cd:0f:07:
                    ee:3a:aa:8a:28:65:01:49:29:40:aa:48:7d:73:b6:
                    11:d8:f5:7e:b7:57:46:99:c7:f2:7a:38:7f:87:ef:
                    14:32:2b:18:c6:04:76:30:1b:6b:2e:bd:dd:7a:e0:
                    c0:cf:e5:4b:8d:dd:42:fa:77:36:0b:47:71:33:4e:
                    90:f3:b4:bb:46:f4:85:69:64:f8:24:a1:f8:79:6f:
                    23:5e:83:fd:64:a6:fa:4e:85:87:19:bc:6b:1b:95:
                    e6:78:cf:58:3d:d2:ee:0e:b2:fd:c1:2b:5e:ec:0c:
                    62:da:69:cc:a5:b3:ff:5a:57:b1:9c:8f:9a:2b:92:
                    20:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:B0:DA:05:55:79:DA:36:86:4F:C0:D5:FE:C2:20:10:91:4F:5C:78
            X509v3 Authority Key Identifier:
                keyid:36:E1:53:3C:3F:F9:4B:18:C3:08:F1:B1:C9:5B:A4:4E:B1:F0:EC:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NuFTPD_5SxjDCPGxyVukTrHw7Hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/U7DaBVV52jaGT8DV_sIgEJFPXHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/NuFTPD_5SxjDCPGxyVukTrHw7Hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:a8:96:1c:f6:ef:0f:53:e2:09:7c:4d:98:7b:d6:66:55:9e:
         e5:c6:ae:f8:20:dd:a5:29:fd:f6:8d:48:92:ee:d7:ab:25:6e:
         f3:b1:b9:23:d2:f3:72:f1:c3:fb:02:e0:82:43:08:b1:ea:97:
         a8:d9:4a:d2:1a:1d:f7:23:1b:4d:66:7b:3d:2c:c3:18:3d:d3:
         98:0a:fe:6e:64:77:0c:1e:eb:10:2c:43:48:f4:b0:36:2e:3b:
         34:96:b9:6e:bf:ab:48:5f:e9:c6:2a:6f:62:d0:68:52:80:bc:
         4d:2a:2d:6a:4f:cb:0d:3b:8b:29:5b:01:c8:5f:0f:7a:4a:56:
         26:46:c1:c1:d8:fc:b3:b8:aa:70:2e:54:da:0f:3e:25:f7:bb:
         bd:b2:79:40:08:f1:04:21:43:73:f2:48:50:17:f5:6f:93:cc:
         fc:98:8a:3a:9f:ba:c6:91:51:af:6b:e0:76:b0:2c:c9:92:1f:
         86:6e:2c:03:f5:d0:59:97:b4:ec:6c:49:f7:1d:b2:4d:43:b3:
         1c:88:97:19:49:9b:db:03:72:50:aa:4b:f2:c1:2c:d4:5f:b0:
         e8:54:89:21:b0:23:bf:7d:64:e2:f4:21:f9:ba:b3:82:b4:8e:
         d1:65:9f:bc:7e:76:5e:b0:f8:ae:60:62:40:94:60:71:b3:5d:
         61:f1:ff:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsqistRuq9Jnk2Xhd9xTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZTE1MzNjM2ZmOTRiMThjMzA4ZjFiMWM5NWJhNDRlYjFm
MGVjNzcwHhcNMjQwMTAxMTQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2IwZGEwNTU1NzlkYTM2ODY0ZmMwZDVmZWMyMjAxMDkxNGY1Yzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi499mCS2XsIPa+9M/lKVUuuXqtWV
fpiKeYrjsKEi31AsZqTXrnQSs97yeZ7rllEXRX0w9T4BbbBoeUjO/4vh/8L0O6Gb
+eSI/11/5jzPvWulOyKh96chtuzf2zWQVk82DLc6UJpmzjxhlQ9VDkBCf8yPuHQp
BwdfapTZMah0sKx2KELNDwfuOqqKKGUBSSlAqkh9c7YR2PV+t1dGmcfyejh/h+8U
MisYxgR2MBtrLr3deuDAz+VLjd1C+nc2C0dxM06Q87S7RvSFaWT4JKH4eW8jXoP9
ZKb6ToWHGbxrG5XmeM9YPdLuDrL9wSte7Axi2mnMpbP/WlexnI+aK5IgCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOw2gVVedo2hk/A1f7CIBCRT1x4MB8GA1UdIwQY
MBaAFDbhUzw/+UsYwwjxsclbpE6x8Ox3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVGVFBEXzVTeGpEQ1BHeHlWdWtUckh3N0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9lYzU5MmYtMjQzNC00ZDFjLWI3NzUt
OTliOWYzM2RlM2IwLzEvVTdEYUJWVjUyamFHVDhEVl9zSWdFSkZQWEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9lYzU5MmYtMjQzNC00ZDFjLWI3NzUtOTliOWYzM2RlM2Iw
LzEvTnVGVFBEXzVTeGpEQ1BHeHlWdWtUckh3N0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNYkMA0G
CSqGSIb3DQEBCwUAA4IBAQBUqJYc9u8PU+IJfE2Ye9ZmVZ7lxq74IN2lKf32jUiS
7terJW7zsbkj0vNy8cP7AuCCQwix6peo2UrSGh33IxtNZns9LMMYPdOYCv5uZHcM
HusQLENI9LA2Ljs0lrluv6tIX+nGKm9i0GhSgLxNKi1qT8sNO4spWwHIXw96SlYm
RsHB2PyzuKpwLlTaDz4l97u9snlACPEEIUNz8khQF/Vvk8z8mIo6n7rGkVGva+B2
sCzJkh+GbiwD9dBZl7TsbEn3HbJNQ7MciJcZSZvbA3JQqkvywSzUX7DoVIkhsCO/
fWTi9CH5urOCtI7RZZ+8fnZesPiuYGJAlGBxs11h8f9M
-----END CERTIFICATE-----