Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/N5mnESem4ZHjrtnpJkqpuWsp0b8.roa
File:                     N5mnESem4ZHjrtnpJkqpuWsp0b8.roa (raw, json)
Hash identifier:          D+SnRzZ4r/Ue3zyR+QUCeAKv1QC3uQXeaIpXM1yipJk=
Subject key identifier:   37:99:A7:11:27:A6:E1:91:E3:AE:D9:E9:26:4A:A9:B9:6B:29:D1:BF
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE8B7FFED4F7F7669F31FBF50345C
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/N5mnESem4ZHjrtnpJkqpuWsp0b8.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210587
IP address blocks:        88.220.138.0/24 maxlen: 24
                          2a00:4120:8005::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e8:b7:ff:ed:4f:7f:76:69:f3:1f:bf:50:34:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3799a71127a6e191e3aed9e9264aa9b96b29d1bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f2:aa:57:19:40:2d:99:71:1c:3a:2d:d8:e5:
                    0f:83:06:30:59:78:c8:49:98:0c:ee:e3:dc:ee:66:
                    d2:b1:91:7e:ec:50:1a:db:3d:11:46:72:8f:58:46:
                    14:b1:95:61:bd:80:b8:2a:cf:1c:bf:6a:61:02:81:
                    59:3b:ea:e8:ed:db:95:8f:e9:f2:f0:76:7c:e0:3a:
                    b5:c9:71:a2:b4:23:59:d8:16:57:9a:55:98:ce:79:
                    7e:7f:db:ef:b1:53:c0:dc:93:c7:e8:37:0d:32:b8:
                    7c:48:2e:05:be:80:b9:c1:69:dc:c4:a6:cc:46:13:
                    c6:e8:42:80:a1:cb:fe:50:83:d5:2f:be:a3:d6:e9:
                    ef:6e:b6:db:4c:63:2a:ad:fc:3c:a3:27:34:28:fa:
                    ca:37:18:e3:29:bf:76:6c:f0:2f:40:7d:07:2e:77:
                    e2:59:26:07:97:28:23:15:ed:be:46:8f:07:89:33:
                    81:5c:53:dc:e4:e0:04:03:26:48:23:d0:6b:d9:05:
                    fe:5c:4c:d6:c8:0e:ba:c1:03:6f:81:2d:4b:cf:f4:
                    ba:32:cc:1a:8a:1b:e7:59:54:35:3d:81:f2:1d:cb:
                    01:c0:f4:27:89:3e:93:83:a1:e0:fe:bd:55:f5:15:
                    e7:ac:f2:a4:e4:a6:4a:91:b4:e2:65:72:f7:14:d5:
                    94:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:99:A7:11:27:A6:E1:91:E3:AE:D9:E9:26:4A:A9:B9:6B:29:D1:BF
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/N5mnESem4ZHjrtnpJkqpuWsp0b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.138.0/24
                IPv6:
                  2a00:4120:8005::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:11:5f:23:95:f0:1b:97:a5:18:f7:ac:4a:cd:8b:5d:a1:eb:
         a5:96:6f:bd:22:f6:53:82:df:7a:dd:c5:2b:b3:f6:6c:d6:94:
         00:98:83:2e:8f:0c:90:1d:96:c7:87:cb:f2:b0:8b:44:c0:42:
         86:b9:18:b2:b6:a2:bb:e4:1b:ab:52:85:9b:33:49:1d:4f:64:
         1d:dc:9f:89:ea:fb:dc:60:15:ee:70:ed:31:98:bb:d9:47:2a:
         b4:f6:e2:a4:4d:3b:db:a6:a0:d1:71:bf:f1:0e:b5:66:fd:6e:
         2b:65:6b:de:5d:96:03:ac:a1:2f:8d:6a:72:97:0c:19:f4:b8:
         01:aa:59:0a:e2:0e:9a:7a:03:12:3f:36:29:34:24:ff:05:be:
         3e:b9:46:11:a2:81:fe:25:9b:0d:f9:85:5b:2e:1e:ff:ab:42:
         2c:7b:94:bb:05:ef:8d:9c:71:29:0c:af:cd:61:2f:34:c0:8a:
         c7:cd:5e:ff:4e:bb:b6:c0:6b:b3:f5:fe:df:7c:8f:d7:45:37:
         86:22:74:f8:29:cb:5c:76:05:57:45:13:63:2d:29:e1:f8:b3:
         e6:29:e2:a5:db:1f:b2:36:b2:0d:57:19:c0:1b:59:e2:6d:22:
         88:a1:c9:5f:0d:56:f5:27:31:79:00:4c:5b:b8:03:f0:c0:07:
         0a:65:97:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2ui3/+1Pf3Zp8x+/UDRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk5YTcxMTI3YTZlMTkxZTNhZWQ5ZTkyNjRhYTliOTZiMjlkMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfKqVxlALZlxHDot2OUPgwYwWXjI
SZgM7uPc7mbSsZF+7FAa2z0RRnKPWEYUsZVhvYC4Ks8cv2phAoFZO+ro7duVj+ny
8HZ84Dq1yXGitCNZ2BZXmlWYznl+f9vvsVPA3JPH6DcNMrh8SC4FvoC5wWncxKbM
RhPG6EKAocv+UIPVL76j1unvbrbbTGMqrfw8oyc0KPrKNxjjKb92bPAvQH0HLnfi
WSYHlygjFe2+Ro8HiTOBXFPc5OAEAyZII9Br2QX+XEzWyA66wQNvgS1Lz/S6Mswa
ihvnWVQ1PYHyHcsBwPQniT6Tg6Hg/r1V9RXnrPKk5KZKkbTiZXL3FNWUGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDeZpxEnpuGR467Z6SZKqblrKdG/MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvTjVtbkVTZW00WkhqcnRucEprcXB1V3NwMGI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWNyKMA8E
AgACMAkDBwAqAEEggAUwDQYJKoZIhvcNAQELBQADggEBACERXyOV8BuXpRj3rErN
i12h66WWb70i9lOC33rdxSuz9mzWlACYgy6PDJAdlseHy/Kwi0TAQoa5GLK2orvk
G6tShZszSR1PZB3cn4nq+9xgFe5w7TGYu9lHKrT24qRNO9umoNFxv/EOtWb9bitl
a95dlgOsoS+NanKXDBn0uAGqWQriDpp6AxI/Nik0JP8Fvj65RhGigf4lmw35hVsu
Hv+rQix7lLsF742ccSkMr81hLzTAisfNXv9Ou7bAa7P1/t98j9dFN4YidPgpy1x2
BVdFE2MtKeH4s+Yp4qXbH7I2sg1XGcAbWeJtIoihyV8NVvUnMXkATFu4A/DABwpl
l6A=
-----END CERTIFICATE-----