Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/zOtV_DK1xosq3MHE9pYKpzb-774.roa
File:                     zOtV_DK1xosq3MHE9pYKpzb-774.roa (raw, json)
Hash identifier:          +Vo8INTXMDNLEWtasKobgv8wqkDrL0yERi/1m3dU5mw=
Subject key identifier:   CC:EB:55:FC:32:B5:C6:8B:2A:DC:C1:C4:F6:96:0A:A7:36:FE:EF:BE
Certificate issuer:       /CN=e19cbb88d2b1a896658506778662e75c732a67e7
Certificate serial:       018E751BE1683D812D389180F7F8781D2FDE
Authority key identifier: E1:9C:BB:88:D2:B1:A8:96:65:85:06:77:86:62:E7:5C:73:2A:67:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/zOtV_DK1xosq3MHE9pYKpzb-774.roa
Signing time:             Mon 25 Mar 2024 10:15:45 +0000
ROA not before:           Mon 25 Mar 2024 10:15:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59659
IP address blocks:        185.220.88.0/22 maxlen: 22
                          2a07:c9c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:1b:e1:68:3d:81:2d:38:91:80:f7:f8:78:1d:2f:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e19cbb88d2b1a896658506778662e75c732a67e7
        Validity
            Not Before: Mar 25 10:15:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cceb55fc32b5c68b2adcc1c4f6960aa736feefbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:30:f0:ab:c4:af:f6:bd:68:8e:ed:6c:c3:9e:
                    b5:49:ac:bd:9c:85:9a:fd:83:e2:6e:e7:2f:63:42:
                    69:01:fe:9c:21:7c:8e:ad:4a:0d:ca:2f:74:88:b6:
                    57:0a:66:36:ef:59:6c:e7:7a:33:78:dd:cb:ca:e9:
                    b0:c0:5f:3f:e8:a2:7b:ca:88:b6:09:15:e7:43:f6:
                    29:cb:49:30:66:94:e9:66:10:f5:cc:ae:20:c0:f9:
                    a9:0f:60:e8:c0:b6:6f:a5:67:0d:2e:0f:54:9f:70:
                    8d:5f:a9:6e:5d:4b:52:55:b8:20:ec:20:7c:06:0a:
                    8d:7b:cf:94:82:d8:2a:20:42:d4:61:d3:ec:1a:c6:
                    14:e6:86:00:52:ea:19:9b:be:8a:9a:17:4d:e5:26:
                    c3:c5:f4:15:a4:4b:1e:53:bd:62:2f:7a:f2:ec:86:
                    c4:5d:dc:2c:d4:3f:aa:3d:9a:93:d7:36:34:0e:90:
                    2c:13:97:ff:97:24:09:88:c9:b5:a6:0c:6d:5e:71:
                    8d:83:4c:6e:4c:c1:bb:22:5f:63:91:2d:60:85:3c:
                    88:8e:fb:35:61:49:20:c8:45:30:a5:16:3b:59:40:
                    78:68:24:2f:57:b2:b4:81:0a:50:79:41:27:0b:fe:
                    92:47:48:69:9b:df:2c:34:c3:b1:84:31:2f:ea:c1:
                    05:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EB:55:FC:32:B5:C6:8B:2A:DC:C1:C4:F6:96:0A:A7:36:FE:EF:BE
            X509v3 Authority Key Identifier:
                keyid:E1:9C:BB:88:D2:B1:A8:96:65:85:06:77:86:62:E7:5C:73:2A:67:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/zOtV_DK1xosq3MHE9pYKpzb-774.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.88.0/22
                IPv6:
                  2a07:c9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:58:24:3b:e7:1c:7a:e8:d8:4f:a5:12:5d:fc:9c:cb:5e:17:
         45:b6:bd:79:eb:4d:90:c9:09:30:c0:13:a2:d7:0c:7b:79:82:
         ee:b9:6c:f9:6a:1c:fe:b9:50:68:de:50:6b:c7:64:0a:6c:d0:
         4e:1b:68:0c:1f:40:b0:ef:6a:91:c4:84:37:7b:7d:80:e3:aa:
         5b:dd:9e:d7:93:0a:27:3b:16:b6:cd:0f:39:e4:2c:15:30:51:
         c4:ae:66:73:1f:6a:ee:54:d8:4f:34:60:9c:5d:fb:dc:23:f4:
         d2:58:4e:ae:2b:06:f9:b2:a9:bf:53:fc:99:d1:d7:e8:b7:80:
         97:37:e6:c6:ed:bf:16:9d:bc:d6:a7:c8:04:a2:e4:eb:87:57:
         97:8f:ef:f7:b1:b7:6c:97:8e:3a:97:c6:17:1c:e8:80:cc:de:
         2f:76:a9:c8:5d:00:7d:89:79:db:42:68:e0:29:6e:cf:06:46:
         1f:53:85:db:53:ba:22:30:fe:a6:09:ed:93:f4:37:c2:60:d1:
         ba:f4:0e:1f:c8:90:44:d7:a5:66:be:d0:b7:db:09:0a:a2:d8:
         ca:5d:3b:5e:cc:68:24:94:21:c3:8c:19:74:7c:99:1c:8e:07:
         89:1c:fe:c3:62:79:35:ea:a3:f6:1b:cb:83:d7:8f:e6:9f:9d:
         e1:34:0a:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY51G+FoPYEtOJGA9/h4HS/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxOWNiYjg4ZDJiMWE4OTY2NTg1MDY3Nzg2NjJlNzVjNzMy
YTY3ZTcwHhcNMjQwMzI1MTAxNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2ViNTVmYzMyYjVjNjhiMmFkY2MxYzRmNjk2MGFhNzM2ZmVlZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjDwq8Sv9r1oju1sw561Say9nIWa
/YPibucvY0JpAf6cIXyOrUoNyi90iLZXCmY271ls53ozeN3LyumwwF8/6KJ7yoi2
CRXnQ/Ypy0kwZpTpZhD1zK4gwPmpD2DowLZvpWcNLg9Un3CNX6luXUtSVbgg7CB8
BgqNe8+UgtgqIELUYdPsGsYU5oYAUuoZm76KmhdN5SbDxfQVpEseU71iL3ry7IbE
Xdws1D+qPZqT1zY0DpAsE5f/lyQJiMm1pgxtXnGNg0xuTMG7Il9jkS1ghTyIjvs1
YUkgyEUwpRY7WUB4aCQvV7K0gQpQeUEnC/6SR0hpm98sNMOxhDEv6sEFGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMzrVfwytcaLKtzBxPaWCqc2/u++MB8GA1UdIwQY
MBaAFOGcu4jSsaiWZYUGd4Zi51xzKmfnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFp5N2lOS3hxSlpsaFFaM2htTG5YSE1xWi1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hZDEyMTYtYjcxZC00NTU3LWEwODYt
ZWZlYTYzZDA2ZjgwLzEvek90Vl9ESzF4b3NxM01IRTlwWUtwemItNzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hZDEyMTYtYjcxZC00NTU3LWEwODYtZWZlYTYzZDA2Zjgw
LzEvNFp5N2lOS3hxSlpsaFFaM2htTG5YSE1xWi1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudxYMA0E
AgACMAcDBQMqB8nAMA0GCSqGSIb3DQEBCwUAA4IBAQBvWCQ75xx66NhPpRJd/JzL
XhdFtr15602QyQkwwBOi1wx7eYLuuWz5ahz+uVBo3lBrx2QKbNBOG2gMH0Cw72qR
xIQ3e32A46pb3Z7XkwonOxa2zQ855CwVMFHErmZzH2ruVNhPNGCcXfvcI/TSWE6u
Kwb5sqm/U/yZ0dfot4CXN+bG7b8WnbzWp8gEouTrh1eXj+/3sbdsl446l8YXHOiA
zN4vdqnIXQB9iXnbQmjgKW7PBkYfU4XbU7oiMP6mCe2T9DfCYNG69A4fyJBE16Vm
vtC32wkKotjKXTtezGgklCHDjBl0fJkcjgeJHP7DYnk16qP2G8uD14/mn53hNAoA
-----END CERTIFICATE-----