Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/wp9K61d8US_z9eOzLYlHBqeH1W8.roa
File:                     wp9K61d8US_z9eOzLYlHBqeH1W8.roa (raw, json)
Hash identifier:          3JoMXsjdoFnV+7KPgP8eik0lZMQTTuf6udwSvSPCpEs=
Subject key identifier:   C2:9F:4A:EB:57:7C:51:2F:F3:F5:E3:B3:2D:89:47:06:A7:87:D5:6F
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0197A587F605B5153A86BE8C1FA50C4769C9
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/wp9K61d8US_z9eOzLYlHBqeH1W8.roa
Signing time:             Wed 25 Jun 2025 05:20:40 +0000
ROA not before:           Wed 25 Jun 2025 05:20:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        88.223.168.0/24 maxlen: 24
                          88.223.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a5:87:f6:05:b5:15:3a:86:be:8c:1f:a5:0c:47:69:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jun 25 05:20:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c29f4aeb577c512ff3f5e3b32d894706a787d56f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2b:27:19:c0:68:de:a2:54:d2:c9:33:46:ea:
                    a2:34:2d:3c:3d:e4:2c:0d:c1:e1:2b:07:96:f9:00:
                    e4:00:65:c1:82:49:e0:1f:01:09:00:40:37:a5:b7:
                    c9:70:c8:b5:eb:31:4f:80:65:ff:58:5b:f2:1a:fd:
                    7c:09:77:da:34:7f:15:8c:96:df:82:d1:07:dc:36:
                    ef:62:8a:91:e3:e3:e4:4d:7b:9c:fa:9f:e2:f5:0d:
                    6e:80:51:bc:71:f7:22:03:a8:99:ea:12:82:7c:11:
                    51:6b:40:c8:38:5e:0d:d7:ce:21:f4:90:d1:f4:3c:
                    e8:03:7d:92:5e:89:5a:04:03:1e:60:da:ab:02:a7:
                    50:68:78:c9:27:75:76:a7:88:a0:48:87:7a:56:3b:
                    45:ae:fb:db:a2:2a:14:3b:38:e8:65:79:b6:4b:62:
                    db:c5:61:4b:81:fb:13:3a:16:a9:72:0b:0b:ca:6a:
                    f8:ac:a4:42:b3:e9:0f:45:e0:47:4a:a9:46:78:2a:
                    f9:89:c0:fc:b1:3b:e6:b3:d9:fb:46:14:8f:bd:33:
                    6d:f0:33:71:03:99:c3:c9:e9:f8:4c:ba:96:a6:a8:
                    b6:02:5d:da:56:2b:d4:3d:2b:9c:2d:b4:c1:de:5c:
                    ab:cb:6d:00:66:94:10:fa:1f:ef:fd:4b:64:7c:3a:
                    ae:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:9F:4A:EB:57:7C:51:2F:F3:F5:E3:B3:2D:89:47:06:A7:87:D5:6F
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/wp9K61d8US_z9eOzLYlHBqeH1W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.223.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:40:48:d5:00:b7:c4:84:b6:57:38:29:1e:b3:b6:dc:7a:f8:
         11:71:10:18:0f:bb:8c:88:19:97:40:77:66:8f:d9:b5:7b:b0:
         b5:4d:08:47:52:8f:d8:38:9f:83:9c:2a:35:1c:1e:3d:1e:86:
         c7:d3:88:93:15:c6:5d:25:af:7e:c2:19:8a:a6:be:fc:47:7c:
         0b:59:94:63:bf:3d:e3:13:90:b5:0d:b6:51:a6:71:2d:69:62:
         23:5a:91:15:65:fc:27:bd:d9:37:7d:c3:02:a1:35:77:02:08:
         c4:6c:14:18:d2:43:19:c0:dc:d0:35:72:9f:e8:93:93:87:88:
         69:d7:dc:86:c7:39:b6:96:5c:1e:3e:ff:26:dc:7d:a3:75:ad:
         58:87:bc:3a:64:af:85:56:fe:c7:38:ba:74:3b:99:ef:40:31:
         42:ac:4a:fb:dd:35:37:34:79:41:99:00:a3:57:a8:4a:62:00:
         b6:5b:0f:83:fa:a0:a5:f6:a7:98:94:81:28:0a:d4:3d:79:76:
         19:23:e4:22:0f:0e:7e:4b:45:19:9e:28:53:30:24:dc:cf:bb:
         cf:00:cd:38:0a:6c:0d:22:37:53:d6:90:38:cf:20:22:ff:87:
         de:52:fe:f1:03:cd:79:b9:aa:38:8a:95:a7:ea:43:cf:a8:78:
         a0:b7:c4:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZelh/YFtRU6hr6MH6UMR2nJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwNjI1MDUyMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjlmNGFlYjU3N2M1MTJmZjNmNWUzYjMyZDg5NDcwNmE3ODdkNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArisnGcBo3qJU0skzRuqiNC08PeQs
DcHhKweW+QDkAGXBgkngHwEJAEA3pbfJcMi16zFPgGX/WFvyGv18CXfaNH8VjJbf
gtEH3DbvYoqR4+PkTXuc+p/i9Q1ugFG8cfciA6iZ6hKCfBFRa0DIOF4N184h9JDR
9DzoA32SXolaBAMeYNqrAqdQaHjJJ3V2p4igSId6VjtFrvvboioUOzjoZXm2S2Lb
xWFLgfsTOhapcgsLymr4rKRCs+kPReBHSqlGeCr5icD8sTvms9n7RhSPvTNt8DNx
A5nDyen4TLqWpqi2Al3aVivUPSucLbTB3lyry20AZpQQ+h/v/UtkfDquoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKfSutXfFEv8/Xjsy2JRwanh9VvMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvd3A5SzYxZDhVU196OWVPekxZbEhCcWVIMVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWN+oMA0G
CSqGSIb3DQEBCwUAA4IBAQAcQEjVALfEhLZXOCkes7bcevgRcRAYD7uMiBmXQHdm
j9m1e7C1TQhHUo/YOJ+DnCo1HB49HobH04iTFcZdJa9+whmKpr78R3wLWZRjvz3j
E5C1DbZRpnEtaWIjWpEVZfwnvdk3fcMCoTV3AgjEbBQY0kMZwNzQNXKf6JOTh4hp
19yGxzm2llwePv8m3H2jda1Yh7w6ZK+FVv7HOLp0O5nvQDFCrEr73TU3NHlBmQCj
V6hKYgC2Ww+D+qCl9qeYlIEoCtQ9eXYZI+QiDw5+S0UZnihTMCTcz7vPAM04CmwN
IjdT1pA4zyAi/4feUv7xA815uao4ipWn6kPPqHigt8RR
-----END CERTIFICATE-----