Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/i9DQ_ehQGK2G0JOGkm-5UQ4QRnM.roa
File:                     i9DQ_ehQGK2G0JOGkm-5UQ4QRnM.roa (raw, json)
Hash identifier:          Z+RgGR5FT52zh9qeGhbOxt6CxeBCrsk1sH7jphtY7Vs=
Subject key identifier:   8B:D0:D0:FD:E8:50:18:AD:86:D0:93:86:92:6F:B9:51:0E:10:46:73
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6C16B99C5224BA085575B2C753CE0
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/i9DQ_ehQGK2G0JOGkm-5UQ4QRnM.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        88.209.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 08:39:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c1:6b:99:c5:22:4b:a0:85:57:5b:2c:75:3c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bd0d0fde85018ad86d09386926fb9510e104673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:82:29:a4:f2:72:d2:89:4d:4c:7a:51:ca:bf:
                    f4:45:56:ec:c5:72:01:fd:8b:54:2d:8c:de:3f:6c:
                    b8:4d:09:2a:0b:a5:e1:49:f2:c0:0a:4d:ed:15:71:
                    16:1e:64:25:c5:f4:2d:e9:f2:5d:2d:2c:81:d1:b3:
                    ce:b9:19:5b:69:ce:2e:6f:44:00:32:87:9c:10:b1:
                    b9:58:5d:1f:49:5e:45:01:27:68:fb:aa:30:b3:36:
                    f2:c9:ec:93:e2:4a:f4:8c:e0:79:4b:47:32:a5:58:
                    c6:31:d6:8c:cf:9d:25:8f:db:e7:be:35:9b:f4:c1:
                    7b:8e:c8:3a:83:16:1f:84:36:19:6c:18:e7:74:63:
                    9c:66:5a:3e:5f:5f:1d:96:b3:f1:8e:75:36:e0:b1:
                    8a:98:8c:e2:d5:9a:cf:30:0b:6b:cf:44:37:2f:fd:
                    e9:11:3d:e2:7f:07:5b:d1:e9:da:84:21:90:27:f9:
                    12:01:5e:a6:bc:68:a4:3b:09:e3:90:7c:b0:11:3a:
                    5b:17:16:02:87:4c:2d:c9:6c:b6:5b:bb:fc:48:c5:
                    23:4e:c1:a1:e2:58:6d:0f:ce:c5:66:20:0d:89:94:
                    48:77:44:04:6c:b3:35:dd:8c:c4:7e:98:6b:c3:54:
                    17:e8:9f:1c:06:23:3a:8f:20:ad:b1:14:b7:97:98:
                    07:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D0:D0:FD:E8:50:18:AD:86:D0:93:86:92:6F:B9:51:0E:10:46:73
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/i9DQ_ehQGK2G0JOGkm-5UQ4QRnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:80:57:9b:68:f4:2b:41:00:b3:50:8c:fd:cc:9d:76:f5:de:
         e7:27:96:f7:6b:4d:04:82:c6:d6:08:f1:a7:05:83:12:27:ea:
         45:48:5d:2b:31:64:04:07:04:72:08:b4:1e:85:b9:26:8e:36:
         2b:66:55:a1:97:53:33:d4:4a:39:ce:8e:52:a5:d8:28:5d:13:
         f8:73:1d:e8:b1:ae:c5:0e:97:ec:25:1e:c7:9d:e6:aa:30:90:
         80:f1:66:af:99:81:96:e0:96:e3:49:69:16:cc:c4:96:a2:54:
         b0:98:fd:e8:7b:1e:05:1b:c6:18:c8:b8:38:6a:c7:80:3d:5d:
         af:68:7a:1f:6d:e5:c9:72:03:c8:14:98:7b:eb:1b:07:42:05:
         bc:c3:4f:e3:cd:81:6a:d3:57:39:8f:65:91:54:ac:b4:8d:7b:
         74:1a:35:06:98:63:3b:b7:c9:17:26:98:7e:2c:fe:a3:ba:10:
         a2:ac:a8:41:2f:1d:e7:24:25:d8:2f:2e:72:0c:b7:53:d0:08:
         26:7f:e9:c4:40:1e:69:1f:18:9f:77:7d:5a:20:62:2e:6b:be:
         cc:f5:3e:b6:f6:a5:a7:81:14:05:6d:f2:57:bd:b6:ad:a0:66:
         5d:2a:c4:5f:45:5f:ff:82:c0:52:4e:48:17:4c:80:f5:cd:9a:
         5c:11:42:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsFrmcUiS6CFV1ssdTzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmQwZDBmZGU4NTAxOGFkODZkMDkzODY5MjZmYjk1MTBlMTA0NjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoIppPJy0olNTHpRyr/0RVbsxXIB
/YtULYzeP2y4TQkqC6XhSfLACk3tFXEWHmQlxfQt6fJdLSyB0bPOuRlbac4ub0QA
MoecELG5WF0fSV5FASdo+6owszbyyeyT4kr0jOB5S0cypVjGMdaMz50lj9vnvjWb
9MF7jsg6gxYfhDYZbBjndGOcZlo+X18dlrPxjnU24LGKmIzi1ZrPMAtrz0Q3L/3p
ET3ifwdb0enahCGQJ/kSAV6mvGikOwnjkHywETpbFxYCh0wtyWy2W7v8SMUjTsGh
4lhtD87FZiANiZRId0QEbLM13YzEfphrw1QX6J8cBiM6jyCtsRS3l5gHLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvQ0P3oUBithtCThpJvuVEOEEZzMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvaTlEUV9laFFHSzJHMEpPR2ttLTVVUTRRUm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNH9MA0G
CSqGSIb3DQEBCwUAA4IBAQBlgFebaPQrQQCzUIz9zJ129d7nJ5b3a00EgsbWCPGn
BYMSJ+pFSF0rMWQEBwRyCLQehbkmjjYrZlWhl1Mz1Eo5zo5SpdgoXRP4cx3osa7F
DpfsJR7HneaqMJCA8WavmYGW4JbjSWkWzMSWolSwmP3oex4FG8YYyLg4aseAPV2v
aHofbeXJcgPIFJh76xsHQgW8w0/jzYFq01c5j2WRVKy0jXt0GjUGmGM7t8kXJph+
LP6juhCirKhBLx3nJCXYLy5yDLdT0Agmf+nEQB5pHxifd31aIGIua77M9T629qWn
gRQFbfJXvbatoGZdKsRfRV//gsBSTkgXTID1zZpcEUL5
-----END CERTIFICATE-----