Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/Pp8OdPob2cT-poRS_WjJxcfhQF8.roa
File:                     Pp8OdPob2cT-poRS_WjJxcfhQF8.roa (raw, json)
Hash identifier:          CY33IU0lek1rGDYW0V8a+p/p840y8eHzC19IY38Lslo=
Subject key identifier:   3E:9F:0E:74:FA:1B:D9:C4:FE:A6:84:52:FD:68:C9:C5:C7:E1:40:5F
Certificate issuer:       /CN=0cb7a2adc6dcaf177b93a336cb8ececc5af30258
Certificate serial:       018CCA2B1DAC98BFC46EABF8495D3481EE30
Authority key identifier: 0C:B7:A2:AD:C6:DC:AF:17:7B:93:A3:36:CB:8E:CE:CC:5A:F3:02:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DLeircbcrxd7k6M2y47OzFrzAlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/Pp8OdPob2cT-poRS_WjJxcfhQF8.roa
Signing time:             Tue 02 Jan 2024 12:34:32 +0000
ROA not before:           Tue 02 Jan 2024 12:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201290
IP address blocks:        185.214.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/DLeircbcrxd7k6M2y47OzFrzAlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/DLeircbcrxd7k6M2y47OzFrzAlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DLeircbcrxd7k6M2y47OzFrzAlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:1d:ac:98:bf:c4:6e:ab:f8:49:5d:34:81:ee:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cb7a2adc6dcaf177b93a336cb8ececc5af30258
        Validity
            Not Before: Jan  2 12:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e9f0e74fa1bd9c4fea68452fd68c9c5c7e1405f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f8:c1:47:1b:51:28:11:03:9c:b6:0d:fb:54:
                    af:2a:9d:6c:bc:50:41:f2:ee:25:09:f8:4f:d3:e7:
                    0f:58:44:67:fa:3c:ed:f6:13:71:04:df:65:be:ef:
                    f3:b0:97:46:5f:8c:f2:6b:ca:0b:fc:3a:41:b5:f7:
                    64:71:98:e4:75:77:7a:f9:f2:22:cd:09:e9:e5:44:
                    08:b2:f4:76:b5:82:db:48:cb:7d:22:74:7a:64:83:
                    d2:85:d1:76:eb:26:c6:ed:45:f0:0c:34:06:22:f3:
                    88:ce:b2:1d:70:c8:f2:36:da:96:77:c0:35:33:f2:
                    ff:af:06:d0:14:f0:19:2d:e8:c6:dd:d4:df:f8:32:
                    68:7c:5d:bd:e9:86:25:52:c8:8d:57:51:b9:de:79:
                    a5:0d:dd:b3:73:47:82:d2:a2:c5:f9:81:72:f4:ef:
                    e5:64:5c:11:43:96:61:90:0e:65:22:58:ab:5b:54:
                    74:a9:8e:a2:7c:dd:84:d9:90:77:4a:69:ec:a8:b9:
                    90:6e:0b:37:1c:50:ee:fc:fa:23:3a:63:d3:67:43:
                    b4:dc:c6:3d:a0:d5:80:19:db:3c:ed:38:71:6e:ad:
                    9d:de:7f:89:5b:6e:13:18:26:46:8e:51:5c:b2:1a:
                    34:3c:f1:b7:d4:6c:ab:42:6d:36:20:96:de:43:ca:
                    9d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9F:0E:74:FA:1B:D9:C4:FE:A6:84:52:FD:68:C9:C5:C7:E1:40:5F
            X509v3 Authority Key Identifier:
                keyid:0C:B7:A2:AD:C6:DC:AF:17:7B:93:A3:36:CB:8E:CE:CC:5A:F3:02:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DLeircbcrxd7k6M2y47OzFrzAlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/Pp8OdPob2cT-poRS_WjJxcfhQF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/2f7894-756d-4cbf-977c-3c5ae761cab0/1/DLeircbcrxd7k6M2y47OzFrzAlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:b4:45:86:fd:df:59:38:d6:ba:1b:14:c5:31:f6:73:92:e8:
         6f:b2:38:9a:6b:bf:ec:2b:81:cd:5e:1b:01:d4:27:1d:d9:04:
         90:1e:7f:76:3c:c0:68:8b:28:b4:30:5a:83:c9:56:10:f2:4c:
         36:cb:04:32:59:8a:05:c1:35:01:86:3f:c8:82:0b:bf:7e:ef:
         f8:0f:7c:6f:59:e2:5e:35:aa:c3:c0:7d:ef:b6:08:50:c1:31:
         ca:a5:cb:c7:e5:ec:f4:a1:70:5f:f2:6f:c2:aa:bc:f4:ff:58:
         f4:47:49:60:73:c6:3e:c9:4a:86:32:a9:55:ec:5b:e3:af:97:
         3a:9d:a8:d9:ca:d8:55:1c:98:6d:36:8a:82:b5:12:56:02:e0:
         2c:b3:3b:d3:f6:89:a1:6b:36:22:fe:69:20:82:8f:4f:93:34:
         c0:ef:90:7d:ee:d7:a2:51:b8:c8:76:b9:ff:ca:c6:8a:73:c1:
         f4:a9:cd:1d:5a:a9:a4:f7:56:b3:14:b8:19:a2:c8:0a:35:ce:
         72:41:99:48:16:98:24:28:73:aa:00:73:44:7e:4a:d4:2d:9e:
         7a:d7:6e:4f:0a:1e:70:8f:ef:7e:f5:4b:b8:0f:71:5b:a8:e4:
         a0:71:7c:b5:81:83:9e:5b:ea:c8:de:98:e2:d6:49:e2:10:69:
         be:f3:be:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKx2smL/Ebqv4SV00ge4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYjdhMmFkYzZkY2FmMTc3YjkzYTMzNmNiOGVjZWNjNWFm
MzAyNTgwHhcNMjQwMTAyMTIzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTlmMGU3NGZhMWJkOWM0ZmVhNjg0NTJmZDY4YzljNWM3ZTE0MDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/jBRxtRKBEDnLYN+1SvKp1svFBB
8u4lCfhP0+cPWERn+jzt9hNxBN9lvu/zsJdGX4zya8oL/DpBtfdkcZjkdXd6+fIi
zQnp5UQIsvR2tYLbSMt9InR6ZIPShdF26ybG7UXwDDQGIvOIzrIdcMjyNtqWd8A1
M/L/rwbQFPAZLejG3dTf+DJofF296YYlUsiNV1G53nmlDd2zc0eC0qLF+YFy9O/l
ZFwRQ5ZhkA5lIlirW1R0qY6ifN2E2ZB3SmnsqLmQbgs3HFDu/PojOmPTZ0O03MY9
oNWAGds87Thxbq2d3n+JW24TGCZGjlFcsho0PPG31GyrQm02IJbeQ8qdUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6fDnT6G9nE/qaEUv1oycXH4UBfMB8GA1UdIwQY
MBaAFAy3oq3G3K8Xe5OjNsuOzsxa8wJYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRExlaXJjYmNyeGQ3azZNMnk0N096RnJ6QWxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8yZjc4OTQtNzU2ZC00Y2JmLTk3N2Mt
M2M1YWU3NjFjYWIwLzEvUHA4T2RQb2IyY1QtcG9SU19Xakp4Y2ZoUUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8yZjc4OTQtNzU2ZC00Y2JmLTk3N2MtM2M1YWU3NjFjYWIw
LzEvRExlaXJjYmNyeGQ3azZNMnk0N096RnJ6QWxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZYMA0G
CSqGSIb3DQEBCwUAA4IBAQBCtEWG/d9ZONa6GxTFMfZzkuhvsjiaa7/sK4HNXhsB
1Ccd2QSQHn92PMBoiyi0MFqDyVYQ8kw2ywQyWYoFwTUBhj/Iggu/fu/4D3xvWeJe
NarDwH3vtghQwTHKpcvH5ez0oXBf8m/Cqrz0/1j0R0lgc8Y+yUqGMqlV7Fvjr5c6
najZythVHJhtNoqCtRJWAuAsszvT9omhazYi/mkggo9PkzTA75B97teiUbjIdrn/
ysaKc8H0qc0dWqmk91azFLgZosgKNc5yQZlIFpgkKHOqAHNEfkrULZ56125PCh5w
j+9+9Uu4D3FbqOSgcXy1gYOeW+rI3pji1kniEGm+876N
-----END CERTIFICATE-----