Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/DIvBgZwS0Tso3aVf8EICkFleMLM.roa
File:                     DIvBgZwS0Tso3aVf8EICkFleMLM.roa (raw, json)
Hash identifier:          uFxBmENfxdwwVihL06QRGFulr8RLsRLP+PeZmW4yvHM=
Subject key identifier:   0C:8B:C1:81:9C:12:D1:3B:28:DD:A5:5F:F0:42:02:90:59:5E:30:B3
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       01965A5483ED9E78B68F2F4B86EBDEDCFEC1
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/DIvBgZwS0Tso3aVf8EICkFleMLM.roa
Signing time:             Mon 21 Apr 2025 21:50:10 +0000
ROA not before:           Mon 21 Apr 2025 21:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211486
IP address blocks:        88.210.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5a:54:83:ed:9e:78:b6:8f:2f:4b:86:eb:de:dc:fe:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Apr 21 21:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c8bc1819c12d13b28dda55ff0420290595e30b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7e:a4:fa:da:5e:ed:46:2c:23:3b:d4:c0:ff:
                    21:d1:f4:3a:6b:9e:73:a0:f7:56:e9:f7:26:8e:72:
                    a8:02:3c:46:b2:ad:5c:f7:b7:4c:b5:0f:3d:59:48:
                    ee:d0:0f:5e:8e:31:f5:7b:6c:78:fd:6e:36:47:c6:
                    2a:1c:ee:4f:b7:72:be:7b:87:df:a4:dd:52:e8:e5:
                    9f:71:8f:f1:c5:59:79:fc:a4:15:ab:ce:52:68:7c:
                    3c:f1:59:8a:61:76:ac:3f:fd:0d:dd:25:ec:87:1f:
                    c1:87:ba:a6:e7:6d:d9:e9:91:d7:18:9f:8b:23:0f:
                    c2:e0:db:35:59:bf:be:a3:6e:7b:ab:fb:54:a5:44:
                    ca:1d:85:67:57:f9:66:d6:21:4a:dc:78:56:e1:6e:
                    f5:67:b0:08:b8:38:cc:a9:38:56:59:5d:65:da:3f:
                    b2:59:3a:ed:20:43:de:95:84:6b:1e:c9:a5:f4:db:
                    f1:75:8a:71:5e:ca:0e:16:12:ab:4e:8d:86:58:f4:
                    b0:66:4f:6c:b7:ba:d3:ba:1b:ff:9d:e0:d1:d7:f5:
                    56:38:9c:62:13:9c:86:b2:52:e7:e1:14:56:b5:3d:
                    f0:b3:a6:60:86:04:ad:1a:4a:1e:3b:b5:73:ea:8d:
                    b4:93:05:9a:b7:40:e6:50:ba:0d:c2:cc:f6:63:4b:
                    7b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:8B:C1:81:9C:12:D1:3B:28:DD:A5:5F:F0:42:02:90:59:5E:30:B3
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/DIvBgZwS0Tso3aVf8EICkFleMLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.210.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:30:6f:b4:90:36:39:ec:ba:7c:24:3b:ca:16:63:af:7c:83:
         7d:5b:30:90:e2:60:7b:5d:8e:5e:5a:e2:95:0c:1f:e8:fe:a1:
         fe:fa:f0:2e:ca:67:00:fd:47:f8:14:52:bb:6f:4b:ec:b9:f7:
         66:7c:60:71:53:0e:92:a1:bb:e1:61:80:47:f7:91:5c:57:d6:
         66:51:cf:1b:25:dc:a3:cd:64:5a:96:a0:9c:87:ec:e9:09:8d:
         fc:c0:3b:8e:25:9d:84:e0:0a:65:53:12:b8:b5:7c:7c:08:2b:
         e1:30:fd:9e:80:a1:14:16:47:a2:6c:f0:f5:fe:3b:66:21:25:
         8c:a4:c3:2f:99:4f:21:1e:c1:01:5e:73:6d:51:3e:c6:24:f3:
         ca:61:f0:7c:8b:cb:c7:97:5f:6c:51:ec:ea:57:c2:3b:73:a0:
         74:b8:a0:04:a4:69:d3:2a:60:c3:52:52:1e:87:85:7d:4e:7a:
         2a:4d:4a:42:bb:9b:f9:bf:eb:f7:21:31:fb:ff:b5:67:e6:cb:
         92:f8:2c:a1:b3:9d:c0:db:6f:db:82:54:42:7d:7e:04:12:ba:
         b1:1a:51:f6:8c:ab:d4:93:35:82:4b:25:a9:6e:38:de:08:e2:
         7b:55:ce:3c:cc:43:ab:42:5e:d4:02:a1:f6:c4:4b:93:83:84:
         6d:11:f6:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZaVIPtnni2jy9Lhuve3P7BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjUwNDIxMjE1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzhiYzE4MTljMTJkMTNiMjhkZGE1NWZmMDQyMDI5MDU5NWUzMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH6k+tpe7UYsIzvUwP8h0fQ6a55z
oPdW6fcmjnKoAjxGsq1c97dMtQ89WUju0A9ejjH1e2x4/W42R8YqHO5Pt3K+e4ff
pN1S6OWfcY/xxVl5/KQVq85SaHw88VmKYXasP/0N3SXshx/Bh7qm523Z6ZHXGJ+L
Iw/C4Ns1Wb++o257q/tUpUTKHYVnV/lm1iFK3HhW4W71Z7AIuDjMqThWWV1l2j+y
WTrtIEPelYRrHsml9NvxdYpxXsoOFhKrTo2GWPSwZk9st7rTuhv/neDR1/VWOJxi
E5yGslLn4RRWtT3ws6ZghgStGkoeO7Vz6o20kwWat0DmULoNwsz2Y0t7KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyLwYGcEtE7KN2lX/BCApBZXjCzMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvREl2Qmdad1MwVHNvM2FWZjhFSUNrRmxlTUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNI+MA0G
CSqGSIb3DQEBCwUAA4IBAQAKMG+0kDY57Lp8JDvKFmOvfIN9WzCQ4mB7XY5eWuKV
DB/o/qH++vAuymcA/Uf4FFK7b0vsufdmfGBxUw6SobvhYYBH95FcV9ZmUc8bJdyj
zWRalqCch+zpCY38wDuOJZ2E4AplUxK4tXx8CCvhMP2egKEUFkeibPD1/jtmISWM
pMMvmU8hHsEBXnNtUT7GJPPKYfB8i8vHl19sUezqV8I7c6B0uKAEpGnTKmDDUlIe
h4V9TnoqTUpCu5v5v+v3ITH7/7Vn5suS+Cyhs53A22/bglRCfX4EErqxGlH2jKvU
kzWCSyWpbjjeCOJ7Vc48zEOrQl7UAqH2xEuTg4RtEfb2
-----END CERTIFICATE-----