Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/F-Xx3vyPK6Zuw2ickEOsmn77QZ0.roa
File:                     F-Xx3vyPK6Zuw2ickEOsmn77QZ0.roa (raw, json)
Hash identifier:          TfUjlNMx1vYLh3UKPXaRyW/cNRHghaWp6CGNxQmhNw0=
Subject key identifier:   17:E5:F1:DE:FC:8F:2B:A6:6E:C3:68:9C:90:43:AC:9A:7E:FB:41:9D
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D65580EBB6B20A6D9EAD6010407EB4
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/F-Xx3vyPK6Zuw2ickEOsmn77QZ0.roa
Signing time:             Wed 01 Jan 2025 07:48:24 +0000
ROA not before:           Wed 01 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6762
IP address blocks:        88.135.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:55:80:eb:b6:b2:0a:6d:9e:ad:60:10:40:7e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17e5f1defc8f2ba66ec3689c9043ac9a7efb419d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:34:f1:63:d7:5f:a7:8c:cd:dd:77:23:d8:bd:
                    23:14:fe:d5:ce:d8:eb:16:fb:93:2b:86:16:57:de:
                    f4:dd:af:47:d6:da:73:95:8f:9c:b0:13:5c:84:49:
                    24:b2:32:88:34:1e:a0:e0:28:15:d7:ac:49:af:7f:
                    74:8d:43:47:44:90:32:b8:7a:66:33:2f:8d:2b:dd:
                    af:88:3c:8f:ab:27:b7:f8:2b:83:ab:90:0e:ef:47:
                    d7:93:6f:e3:3a:80:cf:dc:ea:bf:01:66:fa:bd:86:
                    a8:9d:93:3b:ab:ac:1a:7e:2c:14:2b:5c:bf:da:02:
                    b4:1e:04:42:49:8d:c2:ab:0d:a0:bf:c3:17:8f:c7:
                    a8:78:10:d7:25:cd:b3:f4:20:21:8f:98:a1:3b:fb:
                    b2:8b:c2:f0:1a:fe:6e:41:43:36:29:d5:11:aa:88:
                    e1:ee:dc:82:25:3b:80:f1:32:18:57:05:3b:bb:cb:
                    68:4a:22:84:62:4f:ae:6a:fb:e0:f3:85:25:cb:3d:
                    9c:12:fa:0c:ab:58:99:7c:59:92:59:ce:d9:f1:aa:
                    7b:92:35:7e:25:4e:0b:69:57:24:67:f1:ee:5e:29:
                    df:ec:ba:ed:ac:a3:ad:f3:2e:5d:65:42:f0:e7:9e:
                    8d:fd:39:35:c5:bb:30:98:68:42:57:fd:79:21:26:
                    62:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:E5:F1:DE:FC:8F:2B:A6:6E:C3:68:9C:90:43:AC:9A:7E:FB:41:9D
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/F-Xx3vyPK6Zuw2ickEOsmn77QZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f4:6a:f1:5f:bb:f4:d9:17:30:ef:4f:79:d9:bd:41:24:e2:
         cf:04:8e:b7:d4:17:03:fb:f7:cd:ba:fe:9e:af:25:3a:58:62:
         bc:9e:52:7e:24:ad:13:85:37:2b:6d:59:90:8a:a8:96:a3:0f:
         9b:59:dd:ab:fe:8b:33:29:c7:ce:5e:27:6f:fb:a8:52:e9:82:
         68:7c:bc:e8:6e:58:e9:47:23:fd:26:85:e8:29:b5:86:01:81:
         9a:33:a9:c1:ac:67:fa:f5:1f:22:91:44:55:b4:ab:4a:7b:3e:
         7a:74:96:0c:7f:84:a8:c6:54:30:73:c0:0a:09:8a:ae:6e:6f:
         f7:3c:6b:b0:d4:36:7a:33:cc:cd:c0:31:ff:80:f7:f7:13:4a:
         88:a8:c6:24:91:46:3e:03:66:59:e4:34:da:be:65:53:19:c7:
         fb:42:c4:e4:5b:e8:cc:67:b6:8b:bb:52:09:f2:be:72:ec:dd:
         43:5f:65:a4:81:ea:bd:15:c8:80:6b:22:9e:5f:39:87:9b:5c:
         06:c3:51:c0:de:67:53:6a:3d:2c:1a:76:5e:65:e5:87:f2:21:
         d6:43:4d:58:91:b4:04:d9:45:fc:57:55:55:12:4d:3f:05:1e:
         91:ee:1c:9b:9d:16:84:f4:23:af:57:c1:27:25:91:cf:8f:79:
         d7:33:f4:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lWA67ayCm2erWAQQH60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2U1ZjFkZWZjOGYyYmE2NmVjMzY4OWM5MDQzYWM5YTdlZmI0MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTTxY9dfp4zN3Xcj2L0jFP7Vztjr
FvuTK4YWV9703a9H1tpzlY+csBNchEkksjKINB6g4CgV16xJr390jUNHRJAyuHpm
My+NK92viDyPqye3+CuDq5AO70fXk2/jOoDP3Oq/AWb6vYaonZM7q6wafiwUK1y/
2gK0HgRCSY3Cqw2gv8MXj8eoeBDXJc2z9CAhj5ihO/uyi8LwGv5uQUM2KdURqojh
7tyCJTuA8TIYVwU7u8toSiKEYk+uavvg84Ulyz2cEvoMq1iZfFmSWc7Z8ap7kjV+
JU4LaVckZ/HuXinf7LrtrKOt8y5dZULw556N/Tk1xbswmGhCV/15ISZiPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfl8d78jyumbsNonJBDrJp++0GdMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvRi1YeDN2eVBLNlp1dzJpY2tFT3Ntbjc3UVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWIdiMA0G
CSqGSIb3DQEBCwUAA4IBAQB99GrxX7v02Rcw70952b1BJOLPBI631BcD+/fNuv6e
ryU6WGK8nlJ+JK0ThTcrbVmQiqiWow+bWd2r/oszKcfOXidv+6hS6YJofLzobljp
RyP9JoXoKbWGAYGaM6nBrGf69R8ikURVtKtKez56dJYMf4SoxlQwc8AKCYqubm/3
PGuw1DZ6M8zNwDH/gPf3E0qIqMYkkUY+A2ZZ5DTavmVTGcf7QsTkW+jMZ7aLu1IJ
8r5y7N1DX2Wkgeq9FciAayKeXzmHm1wGw1HA3mdTaj0sGnZeZeWH8iHWQ01YkbQE
2UX8V1VVEk0/BR6R7hybnRaE9COvV8EnJZHPj3nXM/QM
-----END CERTIFICATE-----