Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/iD_88y6pMmOYnc30jtDwiVj-rF0.roa
File:                     iD_88y6pMmOYnc30jtDwiVj-rF0.roa (raw, json)
Hash identifier:          ygWlZS/lLba0oCyAoa9nCXTrJirV5tnqR6+wDy7ThtM=
Subject key identifier:   88:3F:FC:F3:2E:A9:32:63:98:9D:CD:F4:8E:D0:F0:89:58:FE:AC:5D
Certificate issuer:       /CN=c9b232958097b5863eafd047bb315171eaa01fb7
Certificate serial:       018CC56EBC12FE0D80358B67F51E0FD6F4CF
Authority key identifier: C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/iD_88y6pMmOYnc30jtDwiVj-rF0.roa
Signing time:             Mon 01 Jan 2024 14:30:17 +0000
ROA not before:           Mon 01 Jan 2024 14:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202842
IP address blocks:        95.128.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:bc:12:fe:0d:80:35:8b:67:f5:1e:0f:d6:f4:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b232958097b5863eafd047bb315171eaa01fb7
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=883ffcf32ea93263989dcdf48ed0f08958feac5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9b:03:fc:38:0c:ff:5b:9d:da:78:42:6c:df:
                    2c:08:8c:fa:2d:cb:de:d8:70:5e:5d:e8:a1:e8:55:
                    11:bd:90:d7:51:9e:62:e0:0d:a7:5e:2e:2f:3b:2d:
                    d3:16:55:12:55:48:40:0e:b8:ea:c4:66:76:02:5b:
                    ec:15:99:36:17:d9:cf:d1:07:61:74:0f:7f:2a:21:
                    be:0f:b6:3c:f8:71:05:f0:39:39:e5:4b:23:99:78:
                    42:fb:0e:83:a1:02:c7:cf:bf:56:96:64:76:5e:cd:
                    43:7e:0d:a4:95:8f:9d:74:d5:a3:1f:5c:35:58:f8:
                    c7:7e:d1:01:99:ad:d7:9a:3e:58:f8:e4:6b:f3:d6:
                    80:c4:72:2d:dc:78:21:74:e7:f2:da:02:6f:9b:6e:
                    85:44:67:50:bd:29:d3:f8:79:07:37:b6:4c:11:dc:
                    d9:99:d1:0d:a3:0a:30:cb:b6:91:73:c9:e6:60:ac:
                    55:9a:78:13:7d:e5:64:61:cd:97:37:de:34:88:bf:
                    fd:1c:28:ec:0b:fc:e8:fd:a2:21:cc:bb:37:4a:4b:
                    80:23:f4:07:3a:2f:21:6f:0f:9d:cc:59:5a:0d:3a:
                    dc:8f:a3:54:d6:6d:e9:db:0d:28:cc:b4:51:18:4a:
                    ba:d7:ed:6a:f2:de:c3:9d:fd:d4:5f:79:40:47:8f:
                    34:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:3F:FC:F3:2E:A9:32:63:98:9D:CD:F4:8E:D0:F0:89:58:FE:AC:5D
            X509v3 Authority Key Identifier:
                keyid:C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/iD_88y6pMmOYnc30jtDwiVj-rF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:fa:7c:8a:f1:e7:f3:45:27:04:e5:a4:a0:bb:99:06:e6:d3:
         0c:0f:32:62:3b:f3:04:91:dd:0a:f9:e2:4a:46:b8:43:ed:d3:
         ea:cf:41:51:0e:c4:69:d6:18:83:4f:35:d2:70:82:40:d7:4f:
         6f:5c:97:5c:0e:2c:26:c0:55:e2:02:22:b2:fe:5e:14:41:d7:
         13:b0:3f:4b:85:55:fb:23:9f:53:9e:9e:1b:bc:2c:f1:03:0a:
         f9:78:6b:3e:29:a4:ce:c6:7a:bf:43:dc:57:dd:4d:69:a1:49:
         2f:96:62:55:b8:c1:c8:eb:ea:b7:b1:6c:d0:d0:ae:52:c6:84:
         bb:80:4f:0b:2b:0e:4b:11:3c:05:ed:c8:74:a7:f0:5d:2e:b4:
         6a:2d:af:dc:f4:61:d2:54:c6:e8:9d:fe:7a:2d:de:fb:8f:dd:
         e2:88:20:e4:aa:b0:8c:fe:d1:3a:76:92:57:e8:dd:63:e5:56:
         0c:d8:7a:a4:b0:68:a6:65:7d:01:d7:b6:91:b1:f0:42:91:a0:
         1b:32:9f:69:ba:74:73:05:03:30:4c:53:ad:25:0b:97:e6:ed:
         cc:28:18:c6:8a:e1:6c:cb:01:9c:38:4d:0a:6f:52:58:e3:f9:
         77:2b:71:19:15:f6:6d:5d:06:ad:76:51:b8:12:cd:82:ee:7c:
         80:26:75:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrwS/g2ANYtn9R4P1vTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjIzMjk1ODA5N2I1ODYzZWFmZDA0N2JiMzE1MTcxZWFh
MDFmYjcwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODNmZmNmMzJlYTkzMjYzOTg5ZGNkZjQ4ZWQwZjA4OTU4ZmVhYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpsD/DgM/1ud2nhCbN8sCIz6Lcve
2HBeXeih6FURvZDXUZ5i4A2nXi4vOy3TFlUSVUhADrjqxGZ2AlvsFZk2F9nP0Qdh
dA9/KiG+D7Y8+HEF8Dk55UsjmXhC+w6DoQLHz79WlmR2Xs1Dfg2klY+ddNWjH1w1
WPjHftEBma3Xmj5Y+ORr89aAxHIt3HghdOfy2gJvm26FRGdQvSnT+HkHN7ZMEdzZ
mdENowowy7aRc8nmYKxVmngTfeVkYc2XN940iL/9HCjsC/zo/aIhzLs3SkuAI/QH
Oi8hbw+dzFlaDTrcj6NU1m3p2w0ozLRRGEq61+1q8t7Dnf3UX3lAR4805QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIg//PMuqTJjmJ3N9I7Q8IlY/qxdMB8GA1UdIwQY
MBaAFMmyMpWAl7WGPq/QR7sxUXHqoB+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUt
MDdiN2ZlZjA4NThmLzEvaURfODh5NnBNbU9ZbmMzMGp0RHdpVmotckYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUtMDdiN2ZlZjA4NThm
LzEveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CuMA0G
CSqGSIb3DQEBCwUAA4IBAQAC+nyK8efzRScE5aSgu5kG5tMMDzJiO/MEkd0K+eJK
RrhD7dPqz0FRDsRp1hiDTzXScIJA109vXJdcDiwmwFXiAiKy/l4UQdcTsD9LhVX7
I59Tnp4bvCzxAwr5eGs+KaTOxnq/Q9xX3U1poUkvlmJVuMHI6+q3sWzQ0K5SxoS7
gE8LKw5LETwF7ch0p/BdLrRqLa/c9GHSVMbonf56Ld77j93iiCDkqrCM/tE6dpJX
6N1j5VYM2HqksGimZX0B17aRsfBCkaAbMp9punRzBQMwTFOtJQuX5u3MKBjGiuFs
ywGcOE0Kb1JY4/l3K3EZFfZtXQatdlG4Es2C7nyAJnWD
-----END CERTIFICATE-----