Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/db1YSfopv0SVrCyAwwhKNECwB1g.roa
File:                     db1YSfopv0SVrCyAwwhKNECwB1g.roa (raw, json)
Hash identifier:          sKEKxmP3HU4RpRjnwkR1eBDIGBVb998MkK9Cyq8dMYg=
Subject key identifier:   75:BD:58:49:FA:29:BF:44:95:AC:2C:80:C3:08:4A:34:40:B0:07:58
Certificate issuer:       /CN=a088b0547f09fe9224050d70a523da5bedbe0738
Certificate serial:       018DEAE00C8A557974A0B5F39161A51D97F4
Authority key identifier: A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/db1YSfopv0SVrCyAwwhKNECwB1g.roa
Signing time:             Tue 27 Feb 2024 14:02:48 +0000
ROA not before:           Tue 27 Feb 2024 14:02:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215413
IP address blocks:        188.64.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:e0:0c:8a:55:79:74:a0:b5:f3:91:61:a5:1d:97:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a088b0547f09fe9224050d70a523da5bedbe0738
        Validity
            Not Before: Feb 27 14:02:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75bd5849fa29bf4495ac2c80c3084a3440b00758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:56:a8:04:8e:6b:69:84:93:54:62:77:0d:26:
                    e2:b5:ad:1b:8d:d9:19:19:ee:d5:1a:a9:b3:52:b8:
                    dc:5b:bb:e3:77:57:54:be:a1:c7:d9:13:b4:6b:70:
                    8d:90:5b:cd:65:d9:ac:7e:70:ad:e5:cb:ae:72:90:
                    c6:ce:f3:42:4b:5a:14:8f:96:29:a0:da:5e:fb:b6:
                    c9:06:b0:9c:88:3e:43:a6:0d:28:3f:39:51:f8:e3:
                    17:66:b8:fb:a9:a1:60:74:ab:73:35:48:c0:cd:aa:
                    f9:2c:de:0f:09:6e:b8:f9:cc:50:30:61:4f:37:90:
                    f9:67:59:0f:6e:3b:49:31:b5:60:a3:0c:8f:e8:49:
                    24:3c:45:44:98:b1:f3:c6:7a:2d:07:d0:a7:ff:8e:
                    68:c1:7d:4a:d1:67:6f:1e:a5:a2:cb:13:d2:28:a2:
                    46:bd:65:a7:10:db:a5:3b:39:a2:19:b6:78:5e:9e:
                    ca:8f:4f:5f:01:e9:39:5e:49:d8:cf:ac:7d:8b:1b:
                    89:c5:30:c4:ab:0d:21:53:34:9c:88:20:5e:f0:01:
                    c1:f2:12:d0:c0:74:68:34:28:cd:80:61:be:a3:8c:
                    66:4a:f8:16:b1:de:79:37:e6:31:de:6b:d7:26:70:
                    d5:8f:4d:c8:e3:9f:1b:14:71:d9:44:da:76:df:8b:
                    71:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BD:58:49:FA:29:BF:44:95:AC:2C:80:C3:08:4A:34:40:B0:07:58
            X509v3 Authority Key Identifier:
                keyid:A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/db1YSfopv0SVrCyAwwhKNECwB1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:f2:78:2b:b0:6f:af:8a:95:f1:ea:ae:3b:68:97:5c:d6:76:
         6d:7f:63:ae:13:e4:1e:f3:0c:54:6a:8c:46:ee:6e:9b:ab:66:
         15:6f:f5:c8:4b:31:62:2c:84:24:9b:b6:64:3f:3d:04:55:ac:
         37:d1:3d:00:26:5b:4d:0b:dc:f1:c6:12:ad:37:35:60:37:d8:
         52:d9:44:60:af:6c:8f:a1:ac:a3:0b:83:4b:e4:8a:b5:0a:7e:
         53:2d:e9:c9:1a:f5:c5:21:05:b3:3f:7d:f0:2b:ef:f4:e4:58:
         ae:24:bf:bc:89:f9:64:90:bb:70:1a:7f:68:06:3f:19:56:ac:
         84:85:a1:df:7f:47:96:c6:e8:8b:b7:5f:be:74:2e:aa:ca:e1:
         05:91:6d:1f:5f:df:4e:a4:f5:06:36:8c:47:aa:ad:78:62:b1:
         07:91:19:9a:66:64:64:26:98:7a:00:ca:5c:5a:45:8b:a4:9a:
         e4:80:56:9b:8b:15:69:bc:41:99:41:ac:09:9c:25:88:38:33:
         68:3a:e5:42:7c:b6:6d:06:88:41:74:aa:bd:74:ac:39:d8:f1:
         80:63:af:91:05:e2:ea:65:15:84:54:dd:4f:07:be:b0:e2:15:
         9a:3a:72:40:13:5f:55:43:c3:fe:2d:2d:9a:dd:d8:3e:62:ec:
         08:0f:44:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3q4AyKVXl0oLXzkWGlHZf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODhiMDU0N2YwOWZlOTIyNDA1MGQ3MGE1MjNkYTViZWRi
ZTA3MzgwHhcNMjQwMjI3MTQwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJkNTg0OWZhMjliZjQ0OTVhYzJjODBjMzA4NGEzNDQwYjAwNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlaoBI5raYSTVGJ3DSbita0bjdkZ
Ge7VGqmzUrjcW7vjd1dUvqHH2RO0a3CNkFvNZdmsfnCt5cuucpDGzvNCS1oUj5Yp
oNpe+7bJBrCciD5Dpg0oPzlR+OMXZrj7qaFgdKtzNUjAzar5LN4PCW64+cxQMGFP
N5D5Z1kPbjtJMbVgowyP6EkkPEVEmLHzxnotB9Cn/45owX1K0WdvHqWiyxPSKKJG
vWWnENulOzmiGbZ4Xp7Kj09fAek5XknYz6x9ixuJxTDEqw0hUzSciCBe8AHB8hLQ
wHRoNCjNgGG+o4xmSvgWsd55N+Yx3mvXJnDVj03I458bFHHZRNp234txlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHW9WEn6Kb9ElawsgMMISjRAsAdYMB8GA1UdIwQY
MBaAFKCIsFR/Cf6SJAUNcKUj2lvtvgc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMt
ZGY4MmZhODk3MzI2LzEvZGIxWVNmb3B2MFNWckN5QXd3aEtORUN3QjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMtZGY4MmZhODk3MzI2
LzEvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEAhMA0G
CSqGSIb3DQEBCwUAA4IBAQCK8ngrsG+vipXx6q47aJdc1nZtf2OuE+Qe8wxUaoxG
7m6bq2YVb/XISzFiLIQkm7ZkPz0EVaw30T0AJltNC9zxxhKtNzVgN9hS2URgr2yP
oayjC4NL5Iq1Cn5TLenJGvXFIQWzP33wK+/05FiuJL+8iflkkLtwGn9oBj8ZVqyE
haHff0eWxuiLt1++dC6qyuEFkW0fX99OpPUGNoxHqq14YrEHkRmaZmRkJph6AMpc
WkWLpJrkgFabixVpvEGZQawJnCWIODNoOuVCfLZtBohBdKq9dKw52PGAY6+RBeLq
ZRWEVN1PB76w4hWaOnJAE19VQ8P+LS2a3dg+YuwID0TS
-----END CERTIFICATE-----