Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/88rIdR3WD5LTJxbtFscLFLdSKMg.roa
File:                     88rIdR3WD5LTJxbtFscLFLdSKMg.roa (raw, json)
Hash identifier:          cTg6E7XxoscC8lxsOTsgmOE5ihQfypYzK7ccZmlb1sU=
Subject key identifier:   F3:CA:C8:75:1D:D6:0F:92:D3:27:16:ED:16:C7:0B:14:B7:52:28:C8
Certificate issuer:       /CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
Certificate serial:       0192E0011ABFA8E41A842F83BF65FDD9998B
Authority key identifier: 51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/88rIdR3WD5LTJxbtFscLFLdSKMg.roa
Signing time:             Thu 31 Oct 2024 00:37:01 +0000
ROA not before:           Thu 31 Oct 2024 00:37:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213948
IP address blocks:        2a13:cc82:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e0:01:1a:bf:a8:e4:1a:84:2f:83:bf:65:fd:d9:99:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
        Validity
            Not Before: Oct 31 00:37:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3cac8751dd60f92d32716ed16c70b14b75228c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:95:c0:e8:05:f9:b1:3e:a7:1c:b1:29:5c:44:
                    84:0c:8c:a6:aa:6a:bb:68:44:b6:d3:2e:cb:65:56:
                    c6:5d:c2:58:89:7d:85:f2:ac:f6:1b:bc:d8:62:a3:
                    45:a1:06:d6:88:f8:b8:0a:33:4e:72:3d:32:27:51:
                    5d:cb:a0:38:fe:26:ea:eb:f3:5a:df:83:c2:f1:3f:
                    05:2a:6e:19:ed:92:07:2a:36:00:04:f3:0a:be:21:
                    a2:a9:52:e5:df:6c:9f:c8:72:5d:26:aa:93:7f:5d:
                    f5:90:08:85:6b:56:bc:70:6e:62:d7:ae:7b:15:2f:
                    88:b8:96:ed:59:34:e1:64:52:da:a1:38:e2:83:01:
                    3f:3e:8f:f0:78:dc:5e:c3:b1:c9:b8:90:aa:e9:0c:
                    a4:68:e7:5d:e4:92:aa:ae:a2:60:60:06:39:20:88:
                    50:44:a4:23:62:86:de:ae:a1:c0:89:04:d5:1a:9f:
                    52:2e:6f:4f:e6:37:2b:da:aa:e0:27:20:ca:2a:4e:
                    48:1e:65:01:80:12:7d:fe:58:8e:ff:8d:65:b7:09:
                    52:26:cb:18:3e:09:1a:9e:0e:9f:e0:6e:90:25:9d:
                    f9:ff:a5:69:da:57:ca:b5:45:7a:fc:80:f8:10:55:
                    03:69:2d:21:72:09:f6:67:00:06:8e:9b:23:47:d4:
                    1e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CA:C8:75:1D:D6:0F:92:D3:27:16:ED:16:C7:0B:14:B7:52:28:C8
            X509v3 Authority Key Identifier:
                keyid:51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/88rIdR3WD5LTJxbtFscLFLdSKMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cc82:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:7a:b8:62:b4:2d:8d:8b:ae:d0:5b:1b:ab:e0:30:04:d6:47:
         27:fe:7f:d3:02:c7:04:e3:65:4d:80:02:e8:5f:13:5f:4a:ad:
         5b:9f:c0:0c:76:b0:2c:4a:4f:04:f4:5d:7b:44:0a:20:4c:03:
         31:e4:65:ab:a2:a3:28:4b:3d:76:8c:5f:90:6e:a5:29:32:1c:
         d3:0b:2f:32:b4:52:2c:80:66:8f:02:a4:34:90:2f:36:36:bc:
         9e:1e:75:97:9e:9e:76:73:50:78:dc:8e:93:8e:c1:4b:ba:dd:
         5c:25:15:57:52:67:b9:99:1b:4f:71:09:33:e7:43:a1:34:f5:
         e4:7e:22:95:4d:48:5c:d6:3a:cd:a8:63:db:5c:d7:e4:b2:a4:
         ca:ec:65:bd:8b:c7:f7:16:01:18:cc:13:3d:7b:3e:82:47:3b:
         da:b3:57:20:81:0c:09:c7:16:ef:2a:a2:8e:16:1d:dd:b0:09:
         20:43:7b:c1:79:90:56:b7:86:08:55:5a:d9:2d:b6:84:22:f4:
         a2:05:31:cb:1c:97:83:21:9b:7c:18:02:e2:bb:dc:74:2f:47:
         86:4e:0e:db:ab:17:6a:f7:c5:5d:77:19:d0:0a:f5:0b:53:73:
         dc:73:e8:3f:af:96:7a:7f:bd:6e:c0:b2:6c:4f:57:ee:57:b2:
         11:95:33:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZLgARq/qOQahC+Dv2X92ZmLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxN2EwYzk2ODQyYmFmYzlmNjMwYmExNGI4M2VhNzliZDEy
YTUzYjkwHhcNMjQxMDMxMDAzNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2NhYzg3NTFkZDYwZjkyZDMyNzE2ZWQxNmM3MGIxNGI3NTIyOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZXA6AX5sT6nHLEpXESEDIymqmq7
aES20y7LZVbGXcJYiX2F8qz2G7zYYqNFoQbWiPi4CjNOcj0yJ1Fdy6A4/ibq6/Na
34PC8T8FKm4Z7ZIHKjYABPMKviGiqVLl32yfyHJdJqqTf131kAiFa1a8cG5i1657
FS+IuJbtWTThZFLaoTjigwE/Po/weNxew7HJuJCq6QykaOdd5JKqrqJgYAY5IIhQ
RKQjYoberqHAiQTVGp9SLm9P5jcr2qrgJyDKKk5IHmUBgBJ9/liO/41ltwlSJssY
Pgkang6f4G6QJZ35/6Vp2lfKtUV6/ID4EFUDaS0hcgn2ZwAGjpsjR9QeDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPPKyHUd1g+S0ycW7RbHCxS3UijIMB8GA1UdIwQY
MBaAFFF6DJaEK6/J9jC6FLg+p5vRKlO5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMt
YjBlYjY3MTVlMGFmLzEvODhySWRSM1dENUxUSnhidEZzY0xGTGRTS01nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMtYjBlYjY3MTVlMGFm
LzEvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPMggAD
MA0GCSqGSIb3DQEBCwUAA4IBAQCQerhitC2Ni67QWxur4DAE1kcn/n/TAscE42VN
gALoXxNfSq1bn8AMdrAsSk8E9F17RAogTAMx5GWroqMoSz12jF+QbqUpMhzTCy8y
tFIsgGaPAqQ0kC82NryeHnWXnp52c1B43I6TjsFLut1cJRVXUme5mRtPcQkz50Oh
NPXkfiKVTUhc1jrNqGPbXNfksqTK7GW9i8f3FgEYzBM9ez6CRzvas1cggQwJxxbv
KqKOFh3dsAkgQ3vBeZBWt4YIVVrZLbaEIvSiBTHLHJeDIZt8GALiu9x0L0eGTg7b
qxdq98VddxnQCvULU3Pcc+g/r5Z6f71uwLJsT1fuV7IRlTPR
-----END CERTIFICATE-----