Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/IpTatRxu7R6zk9_dmvUGUQTAjrQ.roa
File:                     IpTatRxu7R6zk9_dmvUGUQTAjrQ.roa (raw, json)
Hash identifier:          nVKSK6f+6nd6aKvM5fJKxYVqJeb3Z9qAv3Wbw3rsgic=
Subject key identifier:   22:94:DA:B5:1C:6E:ED:1E:B3:93:DF:DD:9A:F5:06:51:04:C0:8E:B4
Certificate issuer:       /CN=4d70af1a99886c9101d135f54bd2bdef358b266e
Certificate serial:       018CC7955E7472B28C6AED836D17B77E6D36
Authority key identifier: 4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/IpTatRxu7R6zk9_dmvUGUQTAjrQ.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35222
IP address blocks:        188.215.113.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5e:74:72:b2:8c:6a:ed:83:6d:17:b7:7e:6d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d70af1a99886c9101d135f54bd2bdef358b266e
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2294dab51c6eed1eb393dfdd9af5065104c08eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:91:7d:5d:e1:28:e5:8d:4f:36:49:ef:99:f8:
                    e2:be:19:b5:fd:b1:d8:a4:4e:f6:c4:0e:e2:2d:ec:
                    dc:6e:06:1d:93:bc:24:34:b1:3f:7f:74:3a:37:41:
                    1d:c8:1f:22:8f:bb:50:4f:13:d1:bd:91:1c:21:97:
                    8c:8e:d2:0a:b6:72:9c:06:bb:39:a9:04:65:5c:ed:
                    b2:3d:e6:ed:a4:09:45:b3:51:43:8f:91:cd:fe:c3:
                    85:19:cf:be:88:80:b0:97:55:2d:cb:3b:8e:eb:e5:
                    46:fe:f7:ba:68:30:35:c4:00:27:84:bd:a6:b1:e9:
                    15:b0:ca:d5:41:78:9d:a9:c4:09:a3:46:e4:c3:af:
                    09:c4:6d:51:11:27:c7:4c:e3:2f:db:1c:c9:f3:36:
                    b0:19:aa:9c:d4:18:24:ca:5c:24:0c:54:9d:a3:50:
                    02:ce:dd:87:2e:7c:2b:70:21:06:f5:1a:d8:68:6c:
                    0f:a9:ec:c9:c9:e1:20:49:42:58:43:5e:c2:b2:e2:
                    6d:c5:cb:cd:4a:5b:5d:6e:cf:c4:55:e4:68:1f:54:
                    cd:34:eb:a7:e0:cf:29:e0:96:78:20:af:e8:3a:fb:
                    15:d7:5a:ec:4e:e3:ff:ab:c2:6e:dd:dc:46:10:40:
                    23:65:79:43:62:94:2a:61:18:70:78:f8:04:a4:7a:
                    df:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:94:DA:B5:1C:6E:ED:1E:B3:93:DF:DD:9A:F5:06:51:04:C0:8E:B4
            X509v3 Authority Key Identifier:
                keyid:4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/IpTatRxu7R6zk9_dmvUGUQTAjrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.215.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:d1:28:fe:bd:35:56:f7:6a:9f:12:41:80:4c:3d:4c:74:c9:
         57:19:f6:7e:9c:f6:e8:e2:fe:6b:c4:26:ce:6f:04:a9:45:26:
         f7:ed:07:32:d5:c1:29:5d:98:a4:79:0e:0f:d4:80:d7:d6:4d:
         8b:d9:26:18:82:27:d5:77:31:11:3e:36:41:59:30:f8:66:4f:
         b3:46:fd:31:7d:ed:72:7b:4e:6c:3b:32:92:3a:48:72:37:00:
         b6:39:a9:98:0d:6b:54:02:ee:7b:16:dd:07:a6:44:67:84:ed:
         18:ac:d6:d7:51:2e:1e:52:99:3c:72:ee:80:5e:84:69:8f:ce:
         dc:bc:eb:6f:99:e1:52:e5:f3:74:28:b2:90:e9:40:f7:f1:2f:
         62:51:bf:36:81:62:b2:f5:10:e7:f3:b1:96:42:6b:ea:04:fd:
         77:cd:47:23:2a:8f:9c:ab:ca:d3:fb:5a:53:2f:3d:6e:fc:16:
         b6:b3:ec:f3:ee:fc:eb:27:ad:36:20:42:cb:91:09:24:2d:91:
         b8:a4:fe:fe:a8:5d:fc:f1:eb:c4:9b:d6:c1:b4:2f:8e:0b:02:
         f3:cb:8c:94:cd:95:42:c8:47:ad:b7:10:7e:83:c5:ae:61:6b:
         9e:81:2f:dc:71:d9:21:fd:6a:52:12:5a:8f:44:b0:6f:a8:17:
         54:dc:af:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlV50crKMau2DbRe3fm02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNzBhZjFhOTk4ODZjOTEwMWQxMzVmNTRiZDJiZGVmMzU4
YjI2NmUwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjk0ZGFiNTFjNmVlZDFlYjM5M2RmZGQ5YWY1MDY1MTA0YzA4ZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZF9XeEo5Y1PNknvmfjivhm1/bHY
pE72xA7iLezcbgYdk7wkNLE/f3Q6N0EdyB8ij7tQTxPRvZEcIZeMjtIKtnKcBrs5
qQRlXO2yPebtpAlFs1FDj5HN/sOFGc++iICwl1UtyzuO6+VG/ve6aDA1xAAnhL2m
sekVsMrVQXidqcQJo0bkw68JxG1RESfHTOMv2xzJ8zawGaqc1BgkylwkDFSdo1AC
zt2HLnwrcCEG9RrYaGwPqezJyeEgSUJYQ17CsuJtxcvNSltdbs/EVeRoH1TNNOun
4M8p4JZ4IK/oOvsV11rsTuP/q8Ju3dxGEEAjZXlDYpQqYRhwePgEpHrfkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKU2rUcbu0es5Pf3Zr1BlEEwI60MB8GA1UdIwQY
MBaAFE1wrxqZiGyRAdE19UvSve81iyZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEt
NDYxYWIwZWNlZTAxLzEvSXBUYXRSeHU3UjZ6azlfZG12VUdVUVRBanJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEtNDYxYWIwZWNlZTAx
LzEvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNdxMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ0Sj+vTVW92qfEkGATD1MdMlXGfZ+nPbo4v5rxCbO
bwSpRSb37Qcy1cEpXZikeQ4P1IDX1k2L2SYYgifVdzERPjZBWTD4Zk+zRv0xfe1y
e05sOzKSOkhyNwC2OamYDWtUAu57Ft0HpkRnhO0YrNbXUS4eUpk8cu6AXoRpj87c
vOtvmeFS5fN0KLKQ6UD38S9iUb82gWKy9RDn87GWQmvqBP13zUcjKo+cq8rT+1pT
Lz1u/Ba2s+zz7vzrJ602IELLkQkkLZG4pP7+qF388evEm9bBtC+OCwLzy4yUzZVC
yEettxB+g8WuYWuegS/ccdkh/WpSElqPRLBvqBdU3K+J
-----END CERTIFICATE-----