Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rmo13AJJDF-BtjluribLOJFTz3Y.roa
File:                     rmo13AJJDF-BtjluribLOJFTz3Y.roa (raw, json)
Hash identifier:          Cv/X1+Qghd4HTcTzm7TxufQhGYdJh+3cmGpBY3SQnpU=
Subject key identifier:   AE:6A:35:DC:02:49:0C:5F:81:B6:39:6E:AE:26:CB:38:91:53:CF:76
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6BEE6A7F618AC27A077CC5BE281AD
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rmo13AJJDF-BtjluribLOJFTz3Y.roa
Signing time:             Mon 01 Jan 2024 06:29:42 +0000
ROA not before:           Mon 01 Jan 2024 06:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200010
IP address blocks:        88.209.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:be:e6:a7:f6:18:ac:27:a0:77:cc:5b:e2:81:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae6a35dc02490c5f81b6396eae26cb389153cf76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e8:a2:65:99:58:c5:d4:bf:df:23:ef:ee:e7:
                    d7:0e:87:b8:9b:1f:f1:5a:8f:a8:18:d0:47:1f:f9:
                    75:81:b9:85:e2:63:2b:28:1e:13:c6:1f:40:91:a1:
                    f9:e0:0c:19:fb:0e:7f:ab:b6:be:8c:c2:06:39:d5:
                    0f:e2:ae:3d:26:fc:8f:e1:58:64:22:fe:76:3b:12:
                    be:83:57:4c:8c:d6:f4:6b:95:8f:eb:1c:4b:a6:9a:
                    34:c6:76:44:20:89:cc:ff:39:ac:d8:a3:b8:d7:3b:
                    ba:03:65:0b:e7:0c:26:76:93:f7:5a:97:4f:c2:75:
                    e8:a1:da:f3:94:c3:b4:a9:20:d4:55:4f:dc:23:1a:
                    dd:6c:9d:15:33:bf:e3:bd:66:5a:8c:dd:74:5f:1a:
                    f9:b7:66:2e:0d:27:17:c8:41:91:75:64:e3:0b:e2:
                    42:0f:e4:e0:2d:6e:09:a6:a1:34:b3:5d:e4:e6:4d:
                    2b:1f:d0:18:ee:ec:71:bf:76:de:db:dc:25:f4:b9:
                    48:29:66:ce:62:cb:ee:91:4d:d1:de:3f:f2:a7:e3:
                    f8:d6:72:1f:de:ea:96:ed:2b:7a:a9:ec:22:8c:49:
                    d1:e3:e2:9d:5e:a8:77:e7:e7:38:e3:a3:b8:9d:b0:
                    05:06:67:f6:7f:07:91:c6:e0:92:c5:a4:74:2c:c8:
                    af:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:6A:35:DC:02:49:0C:5F:81:B6:39:6E:AE:26:CB:38:91:53:CF:76
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rmo13AJJDF-BtjluribLOJFTz3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:e4:9d:27:b9:5f:5e:02:79:7c:65:1e:4d:03:fc:cb:9c:f3:
         40:40:b1:c3:ff:3f:e7:f5:32:9d:98:05:41:6c:74:8d:eb:b1:
         aa:8d:c7:27:d7:97:2b:69:df:ed:86:3b:90:64:2a:e1:02:e3:
         74:6f:2a:b4:90:5c:84:0f:72:af:48:3e:45:ba:c0:43:37:7b:
         56:03:8b:b9:c0:d1:4a:77:ba:ca:6c:ea:85:68:15:13:f9:16:
         cd:07:c8:04:f9:a9:40:b5:f3:a9:b5:6c:72:dd:ec:47:10:50:
         e8:07:cd:ec:f6:65:6b:81:e2:85:01:ba:ad:1d:62:f3:a9:67:
         c0:b5:a4:ab:97:39:a7:f9:ce:f5:08:16:9d:8b:3a:fe:f9:bc:
         06:dc:b8:f2:ea:f2:d4:df:13:d3:20:d1:ba:e5:e1:10:0e:5d:
         93:6b:a3:ac:97:15:8f:61:32:4e:ae:e3:54:c6:1d:f8:29:ea:
         ca:16:7f:2a:77:5e:b1:be:8b:ea:ba:47:a7:43:c0:70:2c:aa:
         d1:9d:ba:9c:15:c3:e7:4d:0a:c4:04:de:3e:03:b9:bf:6d:6a:
         d4:4e:b4:69:3a:38:2e:af:61:3d:c3:ad:21:5d:e6:c7:dd:10:
         04:a2:c6:0b:cc:0b:24:5b:4d:13:d8:ac:85:c2:83:e3:b6:c7:
         53:33:37:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtr7mp/YYrCegd8xb4oGtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTZhMzVkYzAyNDkwYzVmODFiNjM5NmVhZTI2Y2IzODkxNTNjZjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOiiZZlYxdS/3yPv7ufXDoe4mx/x
Wo+oGNBHH/l1gbmF4mMrKB4Txh9AkaH54AwZ+w5/q7a+jMIGOdUP4q49JvyP4Vhk
Iv52OxK+g1dMjNb0a5WP6xxLppo0xnZEIInM/zms2KO41zu6A2UL5wwmdpP3WpdP
wnXoodrzlMO0qSDUVU/cIxrdbJ0VM7/jvWZajN10Xxr5t2YuDScXyEGRdWTjC+JC
D+TgLW4JpqE0s13k5k0rH9AY7uxxv3be29wl9LlIKWbOYsvukU3R3j/yp+P41nIf
3uqW7St6qewijEnR4+KdXqh35+c446O4nbAFBmf2fweRxuCSxaR0LMivTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5qNdwCSQxfgbY5bq4myziRU892MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcm1vMTNBSkpERi1CdGpsdXJpYkxPSkZUejNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHHMA0G
CSqGSIb3DQEBCwUAA4IBAQBY5J0nuV9eAnl8ZR5NA/zLnPNAQLHD/z/n9TKdmAVB
bHSN67Gqjccn15crad/thjuQZCrhAuN0byq0kFyED3KvSD5FusBDN3tWA4u5wNFK
d7rKbOqFaBUT+RbNB8gE+alAtfOptWxy3exHEFDoB83s9mVrgeKFAbqtHWLzqWfA
taSrlzmn+c71CBadizr++bwG3Ljy6vLU3xPTING65eEQDl2Ta6OslxWPYTJOruNU
xh34KerKFn8qd16xvovqukenQ8BwLKrRnbqcFcPnTQrEBN4+A7m/bWrUTrRpOjgu
r2E9w60hXebH3RAEosYLzAskW00T2KyFwoPjtsdTMzfC
-----END CERTIFICATE-----