Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/TVlYzO7iFrFR7ikbMWSWbdaXcGw.roa
File:                     TVlYzO7iFrFR7ikbMWSWbdaXcGw.roa (raw, json)
Hash identifier:          MLAwG29bhYYYWSABqQxjddnibiRarsIbXFU5jo3pXzA=
Subject key identifier:   4D:59:58:CC:EE:E2:16:B1:51:EE:29:1B:31:64:96:6D:D6:97:70:6C
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6B587AA0C85CC1112E88328968136
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/TVlYzO7iFrFR7ikbMWSWbdaXcGw.roa
Signing time:             Mon 01 Jan 2024 06:29:40 +0000
ROA not before:           Mon 01 Jan 2024 06:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        88.209.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b5:87:aa:0c:85:cc:11:12:e8:83:28:96:81:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d5958cceee216b151ee291b3164966dd697706c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:99:8e:98:e7:24:66:4e:75:7b:eb:8f:40:48:
                    48:17:f1:3f:d7:7c:3b:ae:88:02:08:92:64:6b:71:
                    55:23:38:c0:f6:5b:98:0a:dd:33:31:fb:9c:db:34:
                    64:3d:11:ea:23:32:33:fe:a6:22:f1:fc:7f:5f:83:
                    69:c2:86:c4:05:91:de:52:04:ce:8f:b2:b5:8e:87:
                    9d:dd:3f:41:17:09:e3:4b:be:b2:55:95:b8:98:e1:
                    dd:1c:56:5a:69:a0:d8:df:54:a0:a0:57:b5:b6:f8:
                    25:72:06:ef:ac:12:73:fa:87:e9:6f:d5:65:ca:b7:
                    dd:e2:f4:50:99:ac:ab:7d:a8:25:77:b5:da:e2:69:
                    12:36:af:94:79:a4:67:d7:42:5e:5c:ac:c6:cb:07:
                    50:bc:a4:a1:91:dd:f3:72:36:9e:a8:7f:4d:e4:ae:
                    f3:0e:60:97:4b:fb:e2:77:27:e5:a0:61:de:38:a0:
                    49:bb:fc:de:50:39:19:b2:71:79:52:af:39:9f:1a:
                    b3:9a:95:3f:85:9d:96:6d:db:9b:87:85:bb:49:8b:
                    60:2b:ee:01:5a:f2:e2:06:11:60:4c:fe:ed:8b:73:
                    65:bd:0d:6c:d3:04:70:ce:88:a9:37:25:ab:56:dd:
                    34:c6:d0:65:a1:f1:8a:85:d2:5b:e3:50:8f:f6:d5:
                    80:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:59:58:CC:EE:E2:16:B1:51:EE:29:1B:31:64:96:6D:D6:97:70:6C
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/TVlYzO7iFrFR7ikbMWSWbdaXcGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:e6:d0:cc:ab:64:29:5a:6b:97:5d:a1:04:4d:cb:7a:c9:bc:
         49:d2:95:86:06:ca:ed:da:39:da:b2:28:d8:18:7d:65:d4:ef:
         73:77:5c:7f:d5:3d:08:18:16:11:0e:99:84:a9:43:fb:ec:3c:
         c8:dc:f2:e5:26:5a:e6:9f:d4:fc:ea:12:40:e9:bf:63:5e:b0:
         a2:2e:63:5e:5c:41:68:aa:86:9a:c4:95:58:0e:86:86:30:bc:
         53:d8:8e:b2:7c:b8:3b:7f:ae:e1:d8:fe:58:31:c3:d9:4d:a8:
         65:88:38:42:b3:f3:9c:49:5b:d5:16:32:b3:62:88:ba:70:db:
         1f:a3:7c:d3:5e:64:45:1a:6d:b1:18:ff:c5:6c:b9:c7:ea:94:
         dc:5b:eb:25:25:dd:9b:12:7f:fb:1e:f7:a4:11:ed:c7:1c:07:
         30:1d:1b:50:7a:d5:d1:5b:16:1b:59:17:0e:4c:d2:44:bc:9c:
         cd:9b:df:21:4e:5a:f3:7d:07:68:60:ff:46:5b:1f:82:13:33:
         54:9b:ed:44:a2:6e:e1:3b:ad:c8:9d:db:55:1e:3e:74:b5:99:
         08:04:33:b1:3b:09:6e:b7:b3:d0:4b:8b:cc:65:f7:2f:ee:50:
         92:aa:d7:97:7c:46:35:06:19:40:65:ba:65:42:e8:52:93:f7:
         f4:3f:79:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrWHqgyFzBES6IMoloE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU5NThjY2VlZTIxNmIxNTFlZTI5MWIzMTY0OTY2ZGQ2OTc3MDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpmOmOckZk51e+uPQEhIF/E/13w7
rogCCJJka3FVIzjA9luYCt0zMfuc2zRkPRHqIzIz/qYi8fx/X4NpwobEBZHeUgTO
j7K1joed3T9BFwnjS76yVZW4mOHdHFZaaaDY31SgoFe1tvglcgbvrBJz+ofpb9Vl
yrfd4vRQmayrfagld7Xa4mkSNq+UeaRn10JeXKzGywdQvKShkd3zcjaeqH9N5K7z
DmCXS/vidyfloGHeOKBJu/zeUDkZsnF5Uq85nxqzmpU/hZ2Wbdubh4W7SYtgK+4B
WvLiBhFgTP7ti3NlvQ1s0wRwzoipNyWrVt00xtBlofGKhdJb41CP9tWA2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1ZWMzu4haxUe4pGzFklm3Wl3BsMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVFZsWXpPN2lGckZSN2lrYk1XU1diZGFYY0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNHwMA0G
CSqGSIb3DQEBCwUAA4IBAQAG5tDMq2QpWmuXXaEETct6ybxJ0pWGBsrt2jnasijY
GH1l1O9zd1x/1T0IGBYRDpmEqUP77DzI3PLlJlrmn9T86hJA6b9jXrCiLmNeXEFo
qoaaxJVYDoaGMLxT2I6yfLg7f67h2P5YMcPZTahliDhCs/OcSVvVFjKzYoi6cNsf
o3zTXmRFGm2xGP/FbLnH6pTcW+slJd2bEn/7HvekEe3HHAcwHRtQetXRWxYbWRcO
TNJEvJzNm98hTlrzfQdoYP9GWx+CEzNUm+1Eom7hO63IndtVHj50tZkIBDOxOwlu
t7PQS4vMZfcv7lCSqteXfEY1BhlAZbplQuhSk/f0P3lo
-----END CERTIFICATE-----