Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/1kNXoCP0JpSEionRQVeogyUM4Ro.roa
File:                     1kNXoCP0JpSEionRQVeogyUM4Ro.roa (raw, json)
Hash identifier:          Ybt34o1d7WukXvxq9YeWEsaaBEDzKg1hp+YcHPZeBU8=
Subject key identifier:   D6:43:57:A0:23:F4:26:94:84:8A:89:D1:41:57:A8:83:25:0C:E1:1A
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       018DC106397354C635B324A0EBB0186D87E1
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/1kNXoCP0JpSEionRQVeogyUM4Ro.roa
Signing time:             Mon 19 Feb 2024 11:00:27 +0000
ROA not before:           Mon 19 Feb 2024 11:00:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215467
IP address blocks:        88.218.206.0/24 maxlen: 24
                          2a09:b280:fe00::/48 maxlen: 48
                          2a09:b280:fe01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:06:39:73:54:c6:35:b3:24:a0:eb:b0:18:6d:87:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Feb 19 11:00:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d64357a023f42694848a89d14157a883250ce11a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:60:32:17:1f:21:3d:dd:4f:da:ee:78:1c:76:
                    44:fc:e5:43:43:d9:36:d9:ce:d7:dd:c4:8a:ab:4f:
                    19:39:a2:02:b4:a8:a5:24:01:6f:dd:cb:c0:1e:9b:
                    e3:90:1a:0b:48:58:72:f1:fd:65:1f:4b:72:92:aa:
                    33:e3:6a:2c:03:51:7b:0e:a6:8a:77:36:53:8a:99:
                    e0:f1:b6:ac:4a:1f:48:f3:38:a2:41:e6:a0:79:ee:
                    9c:f8:63:ce:e0:83:5f:ee:d6:41:11:c2:f6:a2:7e:
                    e6:f3:38:b4:05:66:16:e9:a1:ae:d4:3e:91:9d:19:
                    0a:78:87:40:dd:09:f3:d5:3f:11:3a:61:3a:5e:32:
                    b8:03:5f:27:03:5a:34:66:49:2e:ba:98:8b:b7:6f:
                    8d:b9:da:7d:19:0d:06:67:06:f8:0b:17:b1:76:2f:
                    d5:82:86:29:25:3e:2e:fd:6d:13:cd:31:94:53:f7:
                    25:8d:2d:96:fa:7a:7c:8b:0c:69:7d:6e:9f:b1:84:
                    97:70:e6:69:6b:21:fa:8b:af:83:1e:d7:c4:dc:78:
                    d2:4e:03:a7:1d:e5:b1:7a:44:03:77:ed:60:cf:52:
                    8f:6b:ad:f2:f0:bf:eb:bb:a9:6d:f8:a8:46:8a:e6:
                    66:ea:1a:85:e1:4a:61:e2:f6:c0:a6:0d:46:f9:22:
                    e0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:43:57:A0:23:F4:26:94:84:8A:89:D1:41:57:A8:83:25:0C:E1:1A
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/1kNXoCP0JpSEionRQVeogyUM4Ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.206.0/24
                IPv6:
                  2a09:b280:fe00::/47

    Signature Algorithm: sha256WithRSAEncryption
         5e:42:42:93:77:61:7c:f2:fe:cf:01:57:98:7d:46:7b:51:ad:
         aa:a0:2d:4f:bb:17:a7:a9:e2:70:47:10:fe:82:58:e9:bf:b3:
         9e:25:68:5f:15:22:19:e4:78:88:14:0d:8d:98:af:ab:9f:8f:
         16:29:7c:40:bb:71:b7:30:43:82:79:ab:f9:7d:39:b1:26:f9:
         17:7d:aa:72:69:9e:c5:e3:a0:cd:24:8b:f8:a3:6f:e2:55:e9:
         93:e9:4e:e1:8b:65:19:18:aa:63:a3:f1:81:8b:5a:b5:b5:1a:
         4c:41:7a:d4:da:b4:49:68:ed:98:e8:de:04:dd:65:a5:c0:6e:
         8b:f0:23:b7:1e:b9:30:84:8d:6c:9f:59:3e:0c:c6:3c:89:b5:
         e9:55:7d:46:83:77:3f:e8:a7:52:8b:1e:43:30:fb:67:a5:7f:
         08:59:ac:39:04:67:4a:f6:c2:4c:2c:c1:54:25:df:88:83:d4:
         fa:2e:6b:e4:11:5e:2a:62:e0:1c:11:7f:58:59:2c:fd:47:8b:
         df:58:b7:ff:5e:b3:62:f7:ec:6b:95:72:b4:57:d2:ee:d5:4b:
         ea:58:7b:69:6e:9f:0c:ed:94:22:c8:f6:8a:4b:25:63:1c:a7:
         2e:ae:22:e7:63:81:13:d6:0e:28:9a:ac:44:a9:5b:d4:95:fe:
         1b:7d:01:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3BBjlzVMY1sySg67AYbYfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjQwMjE5MTEwMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQzNTdhMDIzZjQyNjk0ODQ4YTg5ZDE0MTU3YTg4MzI1MGNlMTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2AyFx8hPd1P2u54HHZE/OVDQ9k2
2c7X3cSKq08ZOaICtKilJAFv3cvAHpvjkBoLSFhy8f1lH0tykqoz42osA1F7DqaK
dzZTipng8basSh9I8ziiQeagee6c+GPO4INf7tZBEcL2on7m8zi0BWYW6aGu1D6R
nRkKeIdA3Qnz1T8ROmE6XjK4A18nA1o0ZkkuupiLt2+Nudp9GQ0GZwb4Cxexdi/V
goYpJT4u/W0TzTGUU/cljS2W+np8iwxpfW6fsYSXcOZpayH6i6+DHtfE3HjSTgOn
HeWxekQDd+1gz1KPa63y8L/ru6lt+KhGiuZm6hqF4Uph4vbApg1G+SLgvwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNZDV6Aj9CaUhIqJ0UFXqIMlDOEaMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvMWtOWG9DUDBKcFNFaW9uUlFWZW9neVVNNFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWNrOMA8E
AgACMAkDBwEqCbKA/gAwDQYJKoZIhvcNAQELBQADggEBAF5CQpN3YXzy/s8BV5h9
RntRraqgLU+7F6ep4nBHEP6CWOm/s54laF8VIhnkeIgUDY2Yr6ufjxYpfEC7cbcw
Q4J5q/l9ObEm+Rd9qnJpnsXjoM0ki/ijb+JV6ZPpTuGLZRkYqmOj8YGLWrW1GkxB
etTatElo7Zjo3gTdZaXAbovwI7ceuTCEjWyfWT4MxjyJtelVfUaDdz/op1KLHkMw
+2elfwhZrDkEZ0r2wkwswVQl34iD1Poua+QRXipi4BwRf1hZLP1Hi99Yt/9es2L3
7GuVcrRX0u7VS+pYe2lunwztlCLI9opLJWMcpy6uIudjgRPWDiiarESpW9SV/ht9
AcM=
-----END CERTIFICATE-----