Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/VWXUtPP-EA7bklFBJKhwAHylxdI.roa
File:                     VWXUtPP-EA7bklFBJKhwAHylxdI.roa (raw, json)
Hash identifier:          uo05tkwCR+OwjX2SQhG6kgZeLpSiB4XzGba/1RV5qI4=
Subject key identifier:   55:65:D4:B4:F3:FE:10:0E:DB:92:51:41:24:A8:70:00:7C:A5:C5:D2
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0196916FE003DF24F57955F473D198F52EAD
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/VWXUtPP-EA7bklFBJKhwAHylxdI.roa
Signing time:             Fri 02 May 2025 14:39:10 +0000
ROA not before:           Fri 02 May 2025 14:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209309
IP address blocks:        88.218.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:6f:e0:03:df:24:f5:79:55:f4:73:d1:98:f5:2e:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: May  2 14:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5565d4b4f3fe100edb92514124a870007ca5c5d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a8:4d:e2:3d:3f:eb:98:1c:bc:4f:3f:37:85:
                    43:73:7b:5d:c7:3e:9d:25:ee:d5:39:db:31:d5:46:
                    74:b2:d8:e6:6f:b3:f0:57:18:de:1c:08:18:df:39:
                    73:87:d9:c5:23:84:be:e7:6d:1b:aa:d5:70:de:f6:
                    a1:11:7b:0e:08:78:ab:fb:f8:ff:0a:c9:2a:20:d2:
                    5b:b7:9c:05:6d:e3:63:84:05:25:64:fd:19:78:b4:
                    5b:93:41:ea:c2:f5:f3:e9:3d:c1:04:45:22:a5:94:
                    97:75:34:dc:f6:81:e9:04:0d:18:37:bc:83:5b:dc:
                    eb:28:c7:b6:9d:12:30:00:0f:b3:2b:e4:41:41:ab:
                    00:a2:36:2f:a7:a0:c5:a7:59:3e:f5:ac:9a:79:52:
                    1f:1d:71:3a:46:0d:9d:da:c3:5e:7f:51:0a:2b:7d:
                    b8:58:3f:1e:06:ba:be:54:74:d5:0c:c9:fd:2a:83:
                    05:42:c6:33:4a:54:7f:f5:5a:ac:b8:8a:d2:8f:d9:
                    1f:a1:16:56:4b:fa:ac:f6:06:e6:6f:4e:21:55:b3:
                    46:58:1d:ba:50:25:4e:c6:3b:30:41:1f:f7:b9:d2:
                    79:24:2b:29:ad:51:87:cf:27:e1:27:ec:3b:f3:50:
                    7f:fd:10:d1:d2:cb:9f:29:75:ef:59:03:93:4d:74:
                    cc:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:65:D4:B4:F3:FE:10:0E:DB:92:51:41:24:A8:70:00:7C:A5:C5:D2
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/VWXUtPP-EA7bklFBJKhwAHylxdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d2:97:23:98:98:dd:76:f4:c4:e6:c9:50:3f:46:59:fe:35:
         7c:82:d5:a3:23:5c:ec:21:46:40:38:e7:22:de:c5:fe:a9:b2:
         ae:ed:88:37:d7:f0:cb:dd:4e:28:72:ac:b5:9b:97:ce:33:5e:
         99:60:99:38:49:0e:fd:a8:bb:b0:68:02:3d:83:93:64:cd:63:
         ee:17:90:ca:6d:91:d4:f1:d2:82:ba:53:7f:77:3f:28:eb:db:
         a5:2c:24:3c:24:c0:17:ee:e3:35:6d:6d:6b:9c:30:b1:a0:59:
         d1:50:69:4e:a3:80:97:69:47:3e:6e:28:a7:ce:7b:0c:d5:3c:
         82:fd:94:6b:14:b2:aa:ed:4a:63:4b:c5:d7:73:1e:d6:97:54:
         95:b2:b6:cc:24:84:18:51:5e:24:5f:64:d3:7b:5c:a1:e5:5f:
         e1:d6:9d:01:0f:b5:7a:a3:28:b7:c2:48:3b:10:37:86:b2:28:
         f0:1a:5c:63:e5:95:61:c0:ed:c0:7e:cc:3d:e0:53:d5:8f:48:
         b5:58:3f:e9:00:98:af:88:76:39:cb:72:9f:8f:76:17:b7:7d:
         d0:1c:e1:cd:39:fb:4a:91:b7:52:3f:df:be:37:18:cb:2a:9f:
         65:7f:8b:c5:27:d5:63:be:ca:11:63:32:30:6b:b2:7b:ce:d6:
         80:24:fa:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaRb+AD3yT1eVX0c9GY9S6tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNTAyMTQzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTY1ZDRiNGYzZmUxMDBlZGI5MjUxNDEyNGE4NzAwMDdjYTVjNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ahN4j0/65gcvE8/N4VDc3tdxz6d
Je7VOdsx1UZ0stjmb7PwVxjeHAgY3zlzh9nFI4S+520bqtVw3vahEXsOCHir+/j/
CskqINJbt5wFbeNjhAUlZP0ZeLRbk0HqwvXz6T3BBEUipZSXdTTc9oHpBA0YN7yD
W9zrKMe2nRIwAA+zK+RBQasAojYvp6DFp1k+9ayaeVIfHXE6Rg2d2sNef1EKK324
WD8eBrq+VHTVDMn9KoMFQsYzSlR/9VqsuIrSj9kfoRZWS/qs9gbmb04hVbNGWB26
UCVOxjswQR/3udJ5JCsprVGHzyfhJ+w781B//RDR0sufKXXvWQOTTXTMnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVl1LTz/hAO25JRQSSocAB8pcXSMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvVldYVXRQUC1FQTdia2xGQkpLaHdBSHlseGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNpAMA0G
CSqGSIb3DQEBCwUAA4IBAQAP0pcjmJjddvTE5slQP0ZZ/jV8gtWjI1zsIUZAOOci
3sX+qbKu7Yg31/DL3U4ocqy1m5fOM16ZYJk4SQ79qLuwaAI9g5NkzWPuF5DKbZHU
8dKCulN/dz8o69ulLCQ8JMAX7uM1bW1rnDCxoFnRUGlOo4CXaUc+biinznsM1TyC
/ZRrFLKq7UpjS8XXcx7Wl1SVsrbMJIQYUV4kX2TTe1yh5V/h1p0BD7V6oyi3wkg7
EDeGsijwGlxj5ZVhwO3Afsw94FPVj0i1WD/pAJiviHY5y3Kfj3YXt33QHOHNOftK
kbdSP9++NxjLKp9lf4vFJ9VjvsoRYzIwa7J7ztaAJPqX
-----END CERTIFICATE-----