Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/oMyMLn7d5ne7cETHQ-KYE6W1ThU.roa
File:                     oMyMLn7d5ne7cETHQ-KYE6W1ThU.roa (raw, json)
Hash identifier:          0cjE9FXOxLFWIVu9SLXGsCoIvTp36tAZXj2jR6cQV8Q=
Subject key identifier:   A0:CC:8C:2E:7E:DD:E6:77:BB:70:44:C7:43:E2:98:13:A5:B5:4E:15
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B2368A6F67B7E090201E5DBB24ED43
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/oMyMLn7d5ne7cETHQ-KYE6W1ThU.roa
Signing time:             Wed 01 Jan 2025 11:48:34 +0000
ROA not before:           Wed 01 Jan 2025 11:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207735
IP address blocks:        88.220.118.0/23 maxlen: 23
                          88.220.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:36:8a:6f:67:b7:e0:90:20:1e:5d:bb:24:ed:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0cc8c2e7edde677bb7044c743e29813a5b54e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8b:c8:ce:6c:d9:2e:90:ba:f0:30:4e:5d:03:
                    19:7d:9f:47:8e:98:86:75:13:00:c2:7e:56:ef:b3:
                    9a:a5:70:72:ce:c9:d5:c2:37:96:59:58:71:c5:6d:
                    d6:82:37:5a:9f:59:24:55:82:b7:2c:89:04:37:09:
                    1b:bf:33:f7:30:08:6f:9e:cc:04:8d:03:c1:6e:d5:
                    34:95:64:dd:55:66:b5:6a:e2:b8:21:60:9f:0b:d7:
                    c0:8e:f1:d9:73:ff:0e:ee:18:9b:93:fe:78:03:69:
                    0c:09:84:b6:14:ba:68:c1:12:55:aa:f5:bf:7b:e5:
                    f5:e0:4a:05:8c:94:bc:d2:0e:1a:9f:09:7e:74:fd:
                    cd:d0:e8:8b:72:48:20:72:b1:43:7d:62:62:be:8b:
                    ae:6f:53:9a:b3:84:50:7d:02:57:d1:b2:95:7c:9e:
                    0d:5a:b9:a0:bb:b9:29:5f:ad:c0:54:d7:19:55:50:
                    b2:5b:e7:23:94:ab:ba:98:b1:d4:94:f2:a3:62:b1:
                    7a:85:03:2b:e3:fe:17:7f:99:c9:22:38:f2:f4:0a:
                    3a:74:9b:65:f7:2b:e8:7e:03:da:c6:1f:2a:e2:0f:
                    7e:7b:41:36:b4:85:c8:27:83:7c:21:c6:9b:42:9c:
                    12:cc:b5:4b:f3:92:37:3e:cf:bd:b0:cc:93:da:95:
                    0a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:CC:8C:2E:7E:DD:E6:77:BB:70:44:C7:43:E2:98:13:A5:B5:4E:15
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/oMyMLn7d5ne7cETHQ-KYE6W1ThU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.118.0/23
                  88.220.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:8f:fb:db:f2:6d:db:88:75:f6:6a:78:7e:90:dc:c5:90:f3:
         e1:74:d3:0e:b3:95:40:0f:d9:9b:ca:32:bf:a8:f3:6f:10:aa:
         b4:ea:4b:3e:d9:5c:2b:9c:9b:cd:00:2f:c3:1b:c6:5a:2d:89:
         46:98:b0:1f:6b:13:f8:f2:cf:43:49:e3:08:47:23:b9:cf:6d:
         95:aa:98:f2:4f:c5:45:6d:b3:2a:a7:a0:80:13:31:bb:1d:a1:
         36:c5:3b:c4:4e:a0:40:88:11:2a:19:57:bb:16:1a:c3:9a:d0:
         2e:cc:10:c1:6d:d1:fd:5c:be:9b:97:5c:a9:6d:0f:38:47:54:
         0c:a2:9d:a3:93:24:d4:61:e1:c3:0a:70:df:b6:1c:c1:92:37:
         b5:fd:52:a6:46:93:71:0c:bf:08:17:36:09:f0:32:07:9b:09:
         f2:65:39:d7:ca:ef:44:e9:13:f1:96:7d:f4:0b:62:c6:04:e7:
         b7:f2:f8:55:39:c0:71:ed:ef:58:64:3f:49:6d:08:09:ce:16:
         d1:a2:33:85:5e:29:25:a3:7d:78:aa:76:43:76:26:16:34:d6:
         b3:86:12:4a:02:ba:2c:b9:9a:51:04:36:d6:be:90:27:2d:2d:
         1d:d5:ed:7c:3b:1a:52:03:3d:72:d0:38:a2:a1:72:23:af:37:
         3c:17:75:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsjaKb2e34JAgHl27JO1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGNjOGMyZTdlZGRlNjc3YmI3MDQ0Yzc0M2UyOTgxM2E1YjU0ZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YvIzmzZLpC68DBOXQMZfZ9HjpiG
dRMAwn5W77OapXByzsnVwjeWWVhxxW3Wgjdan1kkVYK3LIkENwkbvzP3MAhvnswE
jQPBbtU0lWTdVWa1auK4IWCfC9fAjvHZc/8O7hibk/54A2kMCYS2FLpowRJVqvW/
e+X14EoFjJS80g4anwl+dP3N0OiLckggcrFDfWJivouub1Oas4RQfQJX0bKVfJ4N
Wrmgu7kpX63AVNcZVVCyW+cjlKu6mLHUlPKjYrF6hQMr4/4Xf5nJIjjy9Ao6dJtl
9yvofgPaxh8q4g9+e0E2tIXIJ4N8IcabQpwSzLVL85I3Ps+9sMyT2pUKlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKDMjC5+3eZ3u3BEx0PimBOltU4VMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvb015TUxuN2Q1bmU3Y0VUSFEtS1lFNlcxVGhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWNx2AwQA
WNx9MA0GCSqGSIb3DQEBCwUAA4IBAQDFj/vb8m3biHX2anh+kNzFkPPhdNMOs5VA
D9mbyjK/qPNvEKq06ks+2VwrnJvNAC/DG8ZaLYlGmLAfaxP48s9DSeMIRyO5z22V
qpjyT8VFbbMqp6CAEzG7HaE2xTvETqBAiBEqGVe7FhrDmtAuzBDBbdH9XL6bl1yp
bQ84R1QMop2jkyTUYeHDCnDfthzBkje1/VKmRpNxDL8IFzYJ8DIHmwnyZTnXyu9E
6RPxln30C2LGBOe38vhVOcBx7e9YZD9JbQgJzhbRojOFXiklo314qnZDdiYWNNaz
hhJKArosuZpRBDbWvpAnLS0d1e18OxpSAz1y0DiioXIjrzc8F3VX
-----END CERTIFICATE-----