Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/Al5XA-JtcwQZgxg8lrEchelWFKc.roa
File:                     Al5XA-JtcwQZgxg8lrEchelWFKc.roa (raw, json)
Hash identifier:          awq0OKEpSlRcquvq5uS+1UqeIOS4jFcQD5+W9s9X3Ag=
Subject key identifier:   02:5E:57:03:E2:6D:73:04:19:83:18:3C:96:B1:1C:85:E9:56:14:A7
Certificate issuer:       /CN=6992125e3d53cc481336105483fcff701fda1bb3
Certificate serial:       0196D938575EDA66D010B724FB6D8CB58FEE
Authority key identifier: 69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/Al5XA-JtcwQZgxg8lrEchelWFKc.roa
Signing time:             Fri 16 May 2025 13:11:10 +0000
ROA not before:           Fri 16 May 2025 13:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209761
IP address blocks:        213.226.88.0/22 maxlen: 22
                          213.226.88.0/23 maxlen: 23
                          213.226.90.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d9:38:57:5e:da:66:d0:10:b7:24:fb:6d:8c:b5:8f:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6992125e3d53cc481336105483fcff701fda1bb3
        Validity
            Not Before: May 16 13:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=025e5703e26d73041983183c96b11c85e95614a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e9:8f:e7:d6:76:b3:59:7b:b9:06:3b:16:e9:
                    01:d9:2b:99:56:23:47:b8:a0:be:5c:10:59:f9:a5:
                    1e:1c:7e:74:e2:df:ef:03:4f:ea:be:3f:be:47:79:
                    86:32:ef:4f:77:0d:2b:d7:b0:76:cf:1d:88:ce:18:
                    9d:26:3d:db:83:31:dc:7b:11:6e:95:ee:be:69:e0:
                    82:46:88:4d:6b:fc:3f:f8:e9:fe:45:0d:3a:73:f1:
                    05:7c:40:8d:60:87:19:c7:93:bc:7b:44:9c:69:71:
                    b1:83:b8:74:2b:69:cc:c0:01:5d:f4:39:5a:79:c1:
                    67:e2:2a:3b:3c:0e:3e:32:7d:7c:06:e8:70:5c:f5:
                    c7:2a:e3:b1:6f:d3:f6:b5:81:62:a8:c8:05:b7:66:
                    a0:31:28:22:86:e2:23:9b:da:37:37:03:ec:36:33:
                    30:8d:85:85:1f:4e:42:3b:9e:a3:df:92:da:04:a7:
                    4b:b6:9c:06:4d:89:92:ca:30:cb:1b:bc:cc:66:bc:
                    8b:cc:f4:4c:22:fc:9f:63:85:c4:5c:86:c5:9d:d6:
                    96:bd:29:25:68:17:77:b6:30:43:35:74:e7:6b:d8:
                    15:7b:f8:a9:02:88:c9:a9:30:39:02:8c:73:4a:bd:
                    6c:16:98:14:a6:aa:2a:7c:25:26:f2:fc:ee:8a:e4:
                    a4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:5E:57:03:E2:6D:73:04:19:83:18:3C:96:B1:1C:85:E9:56:14:A7
            X509v3 Authority Key Identifier:
                keyid:69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/Al5XA-JtcwQZgxg8lrEchelWFKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:3e:a2:20:f7:8e:55:e7:b2:1f:97:21:52:6a:3d:87:aa:f5:
         35:76:5a:d4:ce:70:86:d2:07:75:77:9d:1e:60:fa:6c:c4:a3:
         de:6d:91:af:ee:67:04:ee:4c:54:71:59:22:7e:c3:0c:0a:cb:
         14:f1:9d:a3:8c:1e:f9:0e:2e:23:71:92:ae:7b:3a:d6:53:72:
         b2:1d:ec:db:d2:73:6b:c3:ea:d2:bb:1a:dd:f1:af:e8:f2:bd:
         e4:d8:24:a3:19:d6:26:4a:fe:52:73:f7:2d:18:08:0d:00:36:
         52:d2:6b:e9:10:d6:de:cc:9a:fb:3b:9b:fd:4d:07:4e:1b:06:
         4b:0d:65:5e:9d:fa:78:f0:6d:b6:1c:90:ae:1f:a0:4f:9e:b5:
         d7:ef:15:4c:59:5f:e7:99:61:f9:19:10:0e:10:8e:69:99:f9:
         fd:f1:87:0e:74:be:75:9a:e3:21:5b:3d:bc:b1:a3:bf:5c:b9:
         ec:fe:e5:91:ec:24:34:86:8e:fe:0b:2c:7c:10:48:44:1c:97:
         51:29:d9:a1:aa:70:9f:6e:61:6c:fa:27:e5:5b:0d:e7:67:b2:
         2f:da:d3:a0:7a:6b:c0:af:d7:a4:b6:5f:b5:22:ec:d3:5b:1c:
         b7:52:7b:a5:b4:2b:30:64:d4:8f:6d:58:07:39:77:c4:61:35:
         fb:f6:1d:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbZOFde2mbQELck+22MtY/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTIxMjVlM2Q1M2NjNDgxMzM2MTA1NDgzZmNmZjcwMWZk
YTFiYjMwHhcNMjUwNTE2MTMxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjVlNTcwM2UyNmQ3MzA0MTk4MzE4M2M5NmIxMWM4NWU5NTYxNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsemP59Z2s1l7uQY7FukB2SuZViNH
uKC+XBBZ+aUeHH504t/vA0/qvj++R3mGMu9Pdw0r17B2zx2IzhidJj3bgzHcexFu
le6+aeCCRohNa/w/+On+RQ06c/EFfECNYIcZx5O8e0ScaXGxg7h0K2nMwAFd9Dla
ecFn4io7PA4+Mn18BuhwXPXHKuOxb9P2tYFiqMgFt2agMSgihuIjm9o3NwPsNjMw
jYWFH05CO56j35LaBKdLtpwGTYmSyjDLG7zMZryLzPRMIvyfY4XEXIbFndaWvSkl
aBd3tjBDNXTna9gVe/ipAojJqTA5AoxzSr1sFpgUpqoqfCUm8vzuiuSkdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJeVwPibXMEGYMYPJaxHIXpVhSnMB8GA1UdIwQY
MBaAFGmSEl49U8xIEzYQVIP8/3Af2huzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpJU1hqMVR6RWdUTmhCVWdfel9jQl9hRzdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy80YWM5NTctNDE4My00OWYzLWJmYmUt
ODM3YzVlMTJiZDA0LzEvQWw1WEEtSnRjd1FaZ3hnOGxyRWNoZWxXRktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy80YWM5NTctNDE4My00OWYzLWJmYmUtODM3YzVlMTJiZDA0
LzEvYVpJU1hqMVR6RWdUTmhCVWdfel9jQl9hRzdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1eJYMA0G
CSqGSIb3DQEBCwUAA4IBAQAVPqIg945V57IflyFSaj2HqvU1dlrUznCG0gd1d50e
YPpsxKPebZGv7mcE7kxUcVkifsMMCssU8Z2jjB75Di4jcZKuezrWU3KyHezb0nNr
w+rSuxrd8a/o8r3k2CSjGdYmSv5Sc/ctGAgNADZS0mvpENbezJr7O5v9TQdOGwZL
DWVenfp48G22HJCuH6BPnrXX7xVMWV/nmWH5GRAOEI5pmfn98YcOdL51muMhWz28
saO/XLns/uWR7CQ0ho7+Cyx8EEhEHJdRKdmhqnCfbmFs+iflWw3nZ7Iv2tOgemvA
r9ektl+1IuzTWxy3UnultCswZNSPbVgHOXfEYTX79h08
-----END CERTIFICATE-----