Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zTtRvwmwWXjwB_er0GN8H_Wnd18.roa
File:                     zTtRvwmwWXjwB_er0GN8H_Wnd18.roa (raw, json)
Hash identifier:          XzYZeKgz2TQZ4DRlejY02I1XQf1hkwUDpgPdv07qxSg=
Subject key identifier:   CD:3B:51:BF:09:B0:59:78:F0:07:F7:AB:D0:63:7C:1F:F5:A7:77:5F
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01928B481DCC08335DC7F077B5D24156FAB9
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zTtRvwmwWXjwB_er0GN8H_Wnd18.roa
Signing time:             Mon 14 Oct 2024 13:46:52 +0000
ROA not before:           Mon 14 Oct 2024 13:46:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215071
IP address blocks:        88.151.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8b:48:1d:cc:08:33:5d:c7:f0:77:b5:d2:41:56:fa:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 14 13:46:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd3b51bf09b05978f007f7abd0637c1ff5a7775f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7a:45:b0:99:56:bc:9e:b4:e6:6e:e4:91:53:
                    c8:11:c5:11:1e:6e:34:cb:f9:b4:72:07:0b:c5:ee:
                    cf:92:3e:53:8b:46:f6:84:61:dc:6f:6d:71:a7:4a:
                    5e:4f:b7:dc:ef:5b:8a:c8:92:49:57:46:56:6d:67:
                    fc:20:09:72:81:2b:03:c4:6f:60:b5:4f:2f:ae:72:
                    37:1d:8e:18:ef:69:c6:bc:da:61:6f:63:fa:d9:88:
                    75:cb:8d:99:9b:2b:66:e0:68:7e:ba:9a:07:1f:57:
                    03:35:04:8c:76:e6:9b:63:a5:64:ab:8e:f5:76:c7:
                    80:59:51:af:a4:7d:e9:6d:3f:24:8b:d0:30:c4:18:
                    5d:5a:97:45:4d:9e:ca:d2:36:2b:db:50:63:ef:bc:
                    1a:37:3a:fe:5d:53:4a:fd:f5:05:60:53:f8:5c:0f:
                    05:56:83:58:dd:dc:13:b9:df:93:63:46:e3:ec:96:
                    97:9a:1d:c6:ca:f4:b7:a0:e3:df:53:0e:c4:88:68:
                    70:57:08:5f:81:d7:2b:6a:dd:d9:55:a5:e9:d0:7f:
                    a6:e4:60:06:e4:16:89:89:fe:3f:fb:98:da:c5:d7:
                    2b:ef:bc:0b:94:04:48:22:1d:3d:d1:83:cb:b5:ad:
                    89:b1:48:31:c7:ed:02:37:72:16:bf:c4:32:84:46:
                    b0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:3B:51:BF:09:B0:59:78:F0:07:F7:AB:D0:63:7C:1F:F5:A7:77:5F
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zTtRvwmwWXjwB_er0GN8H_Wnd18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:88:ca:2c:ef:44:ff:dc:fc:af:77:53:f4:86:78:2b:38:84:
         bd:ca:be:ca:b7:73:36:0f:f6:41:02:d4:53:5c:9d:49:86:96:
         11:02:ac:c0:bc:10:c5:c2:fc:a2:3c:87:e6:f4:2c:f9:b4:4a:
         82:fa:78:17:f1:38:50:d6:c2:fe:0b:b0:b9:47:6f:ed:e1:48:
         5d:86:3e:da:f9:13:51:ec:ff:5b:88:c8:69:a6:83:50:5a:ab:
         00:54:49:09:e7:3c:d0:52:4a:98:d6:63:43:ee:70:9e:ff:a4:
         12:d6:51:92:d9:1d:a4:c3:a4:4e:95:76:a5:e8:b2:46:4a:55:
         2b:66:63:4b:4a:d2:e4:b1:c9:2b:b8:43:33:d0:ed:2d:e0:79:
         94:1f:9e:0b:42:81:26:18:16:1f:c9:61:9c:f4:4e:24:41:59:
         eb:82:32:b7:cd:62:5f:71:75:a7:c5:14:dd:e6:f6:b6:0e:6c:
         20:78:77:c3:2c:51:c8:af:52:35:90:2f:b7:ce:c1:34:d8:69:
         6b:2e:5e:4f:08:08:e9:ab:21:90:19:ae:45:0d:ed:cd:37:e7:
         8f:82:35:66:94:d3:82:7c:55:0a:e0:ae:69:16:35:82:ce:7a:
         17:55:5d:9a:ba:95:18:1f:47:7d:33:92:4c:40:2f:d9:25:20:
         f2:e2:09:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKLSB3MCDNdx/B3tdJBVvq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQxMDE0MTM0NjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDNiNTFiZjA5YjA1OTc4ZjAwN2Y3YWJkMDYzN2MxZmY1YTc3NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnpFsJlWvJ605m7kkVPIEcURHm40
y/m0cgcLxe7Pkj5Ti0b2hGHcb21xp0peT7fc71uKyJJJV0ZWbWf8IAlygSsDxG9g
tU8vrnI3HY4Y72nGvNphb2P62Yh1y42Zmytm4Gh+upoHH1cDNQSMduabY6Vkq471
dseAWVGvpH3pbT8ki9AwxBhdWpdFTZ7K0jYr21Bj77waNzr+XVNK/fUFYFP4XA8F
VoNY3dwTud+TY0bj7JaXmh3GyvS3oOPfUw7EiGhwVwhfgdcrat3ZVaXp0H+m5GAG
5BaJif4/+5jaxdcr77wLlARIIh090YPLta2JsUgxx+0CN3IWv8QyhEawbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM07Ub8JsFl48Af3q9BjfB/1p3dfMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvelR0UnZ3bXdXWGp3Ql9lcjBHTjhIX1duZDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJc7MA0G
CSqGSIb3DQEBCwUAA4IBAQAqiMos70T/3Pyvd1P0hngrOIS9yr7Kt3M2D/ZBAtRT
XJ1JhpYRAqzAvBDFwvyiPIfm9Cz5tEqC+ngX8ThQ1sL+C7C5R2/t4Uhdhj7a+RNR
7P9biMhppoNQWqsAVEkJ5zzQUkqY1mND7nCe/6QS1lGS2R2kw6ROlXal6LJGSlUr
ZmNLStLksckruEMz0O0t4HmUH54LQoEmGBYfyWGc9E4kQVnrgjK3zWJfcXWnxRTd
5va2DmwgeHfDLFHIr1I1kC+3zsE02GlrLl5PCAjpqyGQGa5FDe3NN+ePgjVmlNOC
fFUK4K5pFjWCznoXVV2aupUYH0d9M5JMQC/ZJSDy4gnW
-----END CERTIFICATE-----