Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/cvp0IPpoQiCfYQJcyMBUGkXJRjY.roa
File:                     cvp0IPpoQiCfYQJcyMBUGkXJRjY.roa (raw, json)
Hash identifier:          bwDsvmowsL6cYkvJnGNLPmtUqJmeOemWsDNIEJLQuxo=
Subject key identifier:   72:FA:74:20:FA:68:42:20:9F:61:02:5C:C8:C0:54:1A:45:C9:46:36
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018D0E0CDF5F1E9B0DAF5B9D701C6A1F789F
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/cvp0IPpoQiCfYQJcyMBUGkXJRjY.roa
Signing time:             Mon 15 Jan 2024 16:55:40 +0000
ROA not before:           Mon 15 Jan 2024 16:55:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215738
IP address blocks:        85.202.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0e:0c:df:5f:1e:9b:0d:af:5b:9d:70:1c:6a:1f:78:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan 15 16:55:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72fa7420fa6842209f61025cc8c0541a45c94636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:73:5f:df:0d:9b:c6:f3:09:6a:b7:82:ec:9f:
                    8f:a4:08:84:66:a8:c7:12:9a:f5:0b:09:2d:5b:ec:
                    32:0b:54:55:3b:75:33:99:93:51:4f:4b:77:a8:e4:
                    06:8a:fa:dd:23:2a:21:4f:4e:37:af:cf:95:42:02:
                    2b:0b:81:18:ef:ce:08:48:70:2c:07:bb:66:9c:07:
                    4d:a6:0f:ba:dc:34:d8:31:c9:be:c5:5d:47:0c:76:
                    ca:cc:89:eb:99:61:98:a9:23:60:11:bb:4c:3e:20:
                    a7:da:2f:c6:26:6f:7a:ff:52:ac:cd:6d:82:f7:b0:
                    18:55:5c:3a:bd:a7:9d:9e:15:09:53:bb:fe:8b:8c:
                    39:60:74:d8:90:1a:c7:5b:85:5c:ca:79:df:13:ab:
                    68:50:a4:78:4a:2c:f9:06:7e:f7:ae:e6:55:c4:32:
                    db:21:dc:b0:5d:c9:e2:7e:65:de:d0:b0:bb:98:84:
                    9a:9e:3f:6b:ed:41:33:32:ca:63:57:cc:8e:20:51:
                    94:42:c5:aa:f9:3f:4d:ea:e3:86:1a:a7:bb:f0:ea:
                    43:02:e0:4d:e1:10:45:4a:0f:5a:cc:7d:8d:36:9a:
                    9b:88:c9:fb:ff:73:78:64:85:2d:fd:36:fc:21:ae:
                    7c:09:df:6c:a1:ea:70:ec:42:1d:83:2e:1b:d9:5f:
                    78:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FA:74:20:FA:68:42:20:9F:61:02:5C:C8:C0:54:1A:45:C9:46:36
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/cvp0IPpoQiCfYQJcyMBUGkXJRjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:aa:3f:f1:d1:3f:4a:26:ba:01:bb:b8:e7:a1:7a:26:6a:2c:
         88:93:22:16:17:d5:35:1a:6b:eb:70:92:77:fd:d0:ee:1b:bf:
         43:20:d2:57:9e:57:1a:4d:b9:11:9b:c5:0e:04:0e:04:74:1f:
         8c:5b:79:31:bc:b6:43:31:d3:af:4b:e1:97:d1:15:f5:89:a5:
         e0:a3:6e:90:d8:7c:9b:82:a6:57:53:2f:af:33:55:9e:03:66:
         80:76:ab:5d:d2:9f:17:94:93:69:0d:9a:3d:d5:03:ae:82:b1:
         c7:db:76:83:8a:c8:31:a6:db:70:7a:26:28:e1:73:3d:71:d9:
         13:34:47:ac:ce:d1:1b:ed:5b:8a:d1:eb:da:8e:e7:08:28:e3:
         89:5a:8e:b2:19:43:9b:b3:f1:7e:a9:20:93:0a:61:6a:e0:76:
         18:8b:a1:e4:2a:a6:23:ce:40:13:c5:8b:fc:c6:33:7d:47:2e:
         85:33:ec:b3:39:01:90:c1:62:b4:ae:18:07:89:9d:8d:dd:b8:
         ff:d0:19:11:3a:56:b0:1b:f9:9a:d5:f3:e2:94:94:74:5f:de:
         23:8c:97:2c:8e:60:6c:85:e5:47:a7:05:1a:97:dc:43:51:6e:
         59:9b:17:53:79:81:d8:08:0b:a8:51:35:d9:4f:fd:b5:4d:de:
         f9:1a:9d:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0ODN9fHpsNr1udcBxqH3ifMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTE1MTY1NTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmZhNzQyMGZhNjg0MjIwOWY2MTAyNWNjOGMwNTQxYTQ1Yzk0NjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXNf3w2bxvMJareC7J+PpAiEZqjH
Epr1CwktW+wyC1RVO3UzmZNRT0t3qOQGivrdIyohT043r8+VQgIrC4EY784ISHAs
B7tmnAdNpg+63DTYMcm+xV1HDHbKzInrmWGYqSNgEbtMPiCn2i/GJm96/1KszW2C
97AYVVw6vaednhUJU7v+i4w5YHTYkBrHW4VcynnfE6toUKR4Siz5Bn73ruZVxDLb
IdywXcnifmXe0LC7mISanj9r7UEzMspjV8yOIFGUQsWq+T9N6uOGGqe78OpDAuBN
4RBFSg9azH2NNpqbiMn7/3N4ZIUt/Tb8Ia58Cd9soepw7EIdgy4b2V94jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHL6dCD6aEIgn2ECXMjAVBpFyUY2MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvY3ZwMElQcG9RaUNmWVFKY3lNQlVHa1hKUmpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcqjMA0G
CSqGSIb3DQEBCwUAA4IBAQA1qj/x0T9KJroBu7jnoXomaiyIkyIWF9U1GmvrcJJ3
/dDuG79DINJXnlcaTbkRm8UOBA4EdB+MW3kxvLZDMdOvS+GX0RX1iaXgo26Q2Hyb
gqZXUy+vM1WeA2aAdqtd0p8XlJNpDZo91QOugrHH23aDisgxpttweiYo4XM9cdkT
NEesztEb7VuK0evajucIKOOJWo6yGUObs/F+qSCTCmFq4HYYi6HkKqYjzkATxYv8
xjN9Ry6FM+yzOQGQwWK0rhgHiZ2N3bj/0BkROlawG/ma1fPilJR0X94jjJcsjmBs
heVHpwUal9xDUW5ZmxdTeYHYCAuoUTXZT/21Td75Gp16
-----END CERTIFICATE-----