Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/u7hVF-Xk10f-fxQic85mTu7Bgz8.roa
File:                     u7hVF-Xk10f-fxQic85mTu7Bgz8.roa (raw, json)
Hash identifier:          swy2/y0+2xSDilZKevKbvEG5hofRPNsTIwU/ccy9KG4=
Subject key identifier:   BB:B8:55:17:E5:E4:D7:47:FE:7F:14:22:73:CE:66:4E:EE:C1:83:3F
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF2B289500E0EE573733DF2F94E45
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/u7hVF-Xk10f-fxQic85mTu7Bgz8.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199296
IP address blocks:        88.199.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 04:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f2:b2:89:50:0e:0e:e5:73:73:3d:f2:f9:4e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbb85517e5e4d747fe7f142273ce664eeec1833f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:1b:f2:28:dc:e9:82:4c:c0:e9:7f:b9:4d:2f:
                    b5:7a:b3:86:0b:48:27:74:08:f1:f2:fd:5b:c0:09:
                    db:ac:5e:a1:22:79:95:29:3b:c2:73:1d:1a:9d:ef:
                    43:a6:28:73:05:cb:e6:2b:0e:a6:0a:ef:00:eb:ce:
                    59:61:6d:d6:18:b0:0b:c6:0a:fb:eb:72:4d:40:8a:
                    62:95:5e:66:0c:42:19:d6:5b:21:15:44:3a:a1:47:
                    9b:66:52:ca:bc:23:33:50:24:9d:23:8d:07:21:bd:
                    d2:f0:e3:06:b9:a1:fb:7b:75:1c:dd:1f:01:2f:0c:
                    de:17:34:ac:01:5a:4e:d3:44:99:44:41:f7:57:4b:
                    32:a6:f9:16:e4:93:fc:79:6f:f7:48:f2:72:55:f4:
                    8b:4c:bf:7d:2c:73:28:cf:81:0f:4a:80:bb:49:17:
                    b2:15:86:c9:ae:0b:65:1c:4e:ad:6e:d1:65:ea:1a:
                    6a:65:39:cf:82:bd:49:59:4e:34:ff:e9:61:bf:d4:
                    32:5e:f8:9a:e0:c9:d8:29:3e:f6:82:0f:34:f1:42:
                    c5:76:e9:33:56:49:d6:58:54:1e:e1:4f:a6:a1:c3:
                    f1:36:4b:ec:25:06:62:05:e7:f9:2f:7f:f2:ea:c6:
                    d6:47:6b:19:76:8d:06:9a:20:fc:9d:16:59:a2:d4:
                    03:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B8:55:17:E5:E4:D7:47:FE:7F:14:22:73:CE:66:4E:EE:C1:83:3F
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/u7hVF-Xk10f-fxQic85mTu7Bgz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.199.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:6e:a7:18:08:bb:7f:cf:2a:8b:6e:21:a7:1e:9d:e1:b0:86:
         06:5b:12:c6:94:47:de:2a:16:f3:5c:9c:e6:dc:11:8b:06:b1:
         df:60:dd:a5:45:5c:ea:90:1d:a0:53:5e:4d:1b:4b:4d:34:bc:
         f2:6c:da:35:22:f6:26:2b:60:d6:72:a5:e6:9e:87:f8:5b:2e:
         fa:88:77:c7:a8:8f:f2:ac:a2:3a:9d:18:4a:d6:de:54:df:4c:
         e7:46:e2:7b:5e:6b:90:33:d3:25:e9:ce:b7:c5:ea:a7:e7:49:
         77:43:c2:b9:1f:f4:93:a2:d8:82:ed:75:e1:b1:4d:43:6c:30:
         e8:36:70:3b:82:97:11:98:92:36:e9:85:18:fd:0e:a2:e3:85:
         58:d4:bb:27:45:71:bb:17:4f:bc:16:9f:2c:d5:19:08:92:63:
         78:78:a7:db:65:9b:6f:3c:ac:35:53:51:1a:14:14:bd:55:c3:
         37:70:63:61:62:50:b2:72:5e:93:fc:33:74:ce:a5:9b:89:46:
         40:7f:5b:93:83:2c:53:ea:94:5b:73:19:7b:7c:5f:08:6f:d8:
         63:1c:79:77:8b:31:08:cc:3c:88:42:39:ff:6b:9d:1d:c6:15:
         c1:59:f4:67:83:77:cc:4b:cb:95:77:c1:e9:10:b6:1a:0e:94:
         d7:1e:33:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPKyiVAODuVzcz3y+U5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmI4NTUxN2U1ZTRkNzQ3ZmU3ZjE0MjI3M2NlNjY0ZWVlYzE4MzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xvyKNzpgkzA6X+5TS+1erOGC0gn
dAjx8v1bwAnbrF6hInmVKTvCcx0ane9DpihzBcvmKw6mCu8A685ZYW3WGLALxgr7
63JNQIpilV5mDEIZ1lshFUQ6oUebZlLKvCMzUCSdI40HIb3S8OMGuaH7e3Uc3R8B
LwzeFzSsAVpO00SZREH3V0sypvkW5JP8eW/3SPJyVfSLTL99LHMoz4EPSoC7SRey
FYbJrgtlHE6tbtFl6hpqZTnPgr1JWU40/+lhv9QyXvia4MnYKT72gg808ULFdukz
VknWWFQe4U+mocPxNkvsJQZiBef5L3/y6sbWR2sZdo0GmiD8nRZZotQDqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLu4VRfl5NdH/n8UInPOZk7uwYM/MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvdTdoVkYtWGsxMGYtZnhRaWM4NW1UdTdCZ3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWMeQMA0G
CSqGSIb3DQEBCwUAA4IBAQCYbqcYCLt/zyqLbiGnHp3hsIYGWxLGlEfeKhbzXJzm
3BGLBrHfYN2lRVzqkB2gU15NG0tNNLzybNo1IvYmK2DWcqXmnof4Wy76iHfHqI/y
rKI6nRhK1t5U30znRuJ7XmuQM9Ml6c63xeqn50l3Q8K5H/STotiC7XXhsU1DbDDo
NnA7gpcRmJI26YUY/Q6i44VY1LsnRXG7F0+8Fp8s1RkIkmN4eKfbZZtvPKw1U1Ea
FBS9VcM3cGNhYlCycl6T/DN0zqWbiUZAf1uTgyxT6pRbcxl7fF8Ib9hjHHl3izEI
zDyIQjn/a50dxhXBWfRng3fMS8uVd8HpELYaDpTXHjMl
-----END CERTIFICATE-----