Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/To3MA4BpWRqwixoVnhewSjEYzT4.roa
File:                     To3MA4BpWRqwixoVnhewSjEYzT4.roa (raw, json)
Hash identifier:          9lbf2v9hyi9SM1tsdgIMsqC0/VTZFt0QJ3oOnF+VAtU=
Subject key identifier:   4E:8D:CC:03:80:69:59:1A:B0:8B:1A:15:9E:17:B0:4A:31:18:CD:3E
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF69E78EC25639AD5A74EDEA4648D
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/To3MA4BpWRqwixoVnhewSjEYzT4.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201549
IP address blocks:        88.199.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f6:9e:78:ec:25:63:9a:d5:a7:4e:de:a4:64:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e8dcc038069591ab08b1a159e17b04a3118cd3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b6:98:01:b4:6e:d5:b4:01:e8:6a:99:09:b0:
                    0f:b6:a3:b8:61:70:6a:af:43:cb:d1:ea:0f:f3:94:
                    c9:42:e0:38:c9:94:30:dd:4c:53:39:65:5b:30:53:
                    c1:cc:7a:b1:ab:8b:c8:98:03:9a:5f:39:e5:6a:09:
                    40:8d:b9:c2:79:a6:18:b8:6c:48:47:15:2b:43:6a:
                    30:83:f8:1e:ee:c9:74:ed:77:a9:d6:ff:5f:66:5a:
                    71:9a:34:8d:ee:92:2f:1d:a1:4c:21:26:60:dc:bb:
                    b0:87:39:88:3d:34:e2:fa:64:91:57:8d:7e:fe:ba:
                    f4:2c:10:97:b3:d3:f2:f6:e4:2a:f5:22:31:cc:95:
                    49:47:56:fd:7b:30:38:a7:3c:09:ed:cf:13:2a:e9:
                    22:2d:2a:df:e8:2f:8c:5b:69:5c:c0:80:55:aa:cf:
                    da:76:28:9f:13:50:c5:46:a9:67:a1:f4:de:d5:67:
                    f9:d1:c2:57:19:c2:93:79:48:c3:fe:68:cf:34:c8:
                    50:8c:b5:56:5d:d9:fc:ff:a4:f8:90:50:f0:c8:e5:
                    ea:9e:c3:a8:af:da:e9:11:21:0a:7a:65:ab:61:f0:
                    5a:cf:d4:7a:8d:93:a9:5d:0c:6b:2f:0f:87:97:fa:
                    4e:58:39:87:f7:35:bc:9f:bf:4d:3b:cf:54:ea:ae:
                    97:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8D:CC:03:80:69:59:1A:B0:8B:1A:15:9E:17:B0:4A:31:18:CD:3E
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/To3MA4BpWRqwixoVnhewSjEYzT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.199.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:7a:d9:1e:cc:f8:59:f1:7d:09:bc:8c:64:6f:ed:4f:f4:1a:
         39:e2:d9:4b:00:e4:82:8f:b0:75:f7:06:cb:3e:22:20:29:61:
         ee:78:2b:22:9e:67:90:56:22:66:33:9a:91:0a:51:4f:57:0c:
         03:46:ac:a7:83:7e:f9:a0:25:b6:40:8c:66:a1:16:c5:d1:d4:
         82:b1:c5:78:58:5f:7c:b0:80:c3:e0:ac:cb:c1:3e:db:4d:89:
         b0:a7:0f:ab:ce:6a:10:c5:39:26:ec:be:44:18:34:d7:3e:d6:
         83:9d:dd:73:ce:0a:c4:da:58:5b:cc:c6:6d:bc:39:2d:94:d9:
         e0:91:8c:54:8b:d4:50:59:cd:91:da:96:1e:b6:4d:16:d9:f7:
         f3:3b:72:cd:5e:61:2e:9d:07:ee:bc:5f:f7:e8:49:ed:1f:aa:
         6f:9f:f4:02:e9:1c:91:90:d6:85:4b:79:55:b1:e7:0d:92:e5:
         63:99:59:b0:15:3d:a9:e6:30:99:91:06:5e:f8:4f:08:32:6d:
         20:53:77:86:06:ba:31:13:8e:1c:df:37:af:60:79:72:a9:f4:
         da:e9:df:80:0d:94:96:1b:b8:2b:cd:a5:c4:59:0c:49:c6:b9:
         85:b9:22:bb:b2:bf:9c:44:e9:d2:7a:d9:9a:c1:9a:bc:0a:fa:
         fa:4e:18:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPaeeOwlY5rVp07epGSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThkY2MwMzgwNjk1OTFhYjA4YjFhMTU5ZTE3YjA0YTMxMThjZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLaYAbRu1bQB6GqZCbAPtqO4YXBq
r0PL0eoP85TJQuA4yZQw3UxTOWVbMFPBzHqxq4vImAOaXznlaglAjbnCeaYYuGxI
RxUrQ2owg/ge7sl07Xep1v9fZlpxmjSN7pIvHaFMISZg3LuwhzmIPTTi+mSRV41+
/rr0LBCXs9Py9uQq9SIxzJVJR1b9ezA4pzwJ7c8TKukiLSrf6C+MW2lcwIBVqs/a
diifE1DFRqlnofTe1Wf50cJXGcKTeUjD/mjPNMhQjLVWXdn8/6T4kFDwyOXqnsOo
r9rpESEKemWrYfBaz9R6jZOpXQxrLw+Hl/pOWDmH9zW8n79NO89U6q6XvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6NzAOAaVkasIsaFZ4XsEoxGM0+MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvVG8zTUE0QnBXUnF3aXhvVm5oZXdTakVZelQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWMdhMA0G
CSqGSIb3DQEBCwUAA4IBAQATetkezPhZ8X0JvIxkb+1P9Bo54tlLAOSCj7B19wbL
PiIgKWHueCsinmeQViJmM5qRClFPVwwDRqyng375oCW2QIxmoRbF0dSCscV4WF98
sIDD4KzLwT7bTYmwpw+rzmoQxTkm7L5EGDTXPtaDnd1zzgrE2lhbzMZtvDktlNng
kYxUi9RQWc2R2pYetk0W2ffzO3LNXmEunQfuvF/36EntH6pvn/QC6RyRkNaFS3lV
secNkuVjmVmwFT2p5jCZkQZe+E8IMm0gU3eGBroxE44c3zevYHlyqfTa6d+ADZSW
G7grzaXEWQxJxrmFuSK7sr+cROnSetmawZq8Cvr6ThhP
-----END CERTIFICATE-----