Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/df0e11-593a-4ee4-8dcf-ab3081b2aba4/1/2gO1X5wEbzSpziPdD3JyuEYxRKg.roa
File:                     2gO1X5wEbzSpziPdD3JyuEYxRKg.roa (raw, json)
Hash identifier:          T/fHWYUJQ2ILmKKRcWaEyDC3L+72Aj2sT9BkPzh15fQ=
Subject key identifier:   DA:03:B5:5F:9C:04:6F:34:A9:CE:23:DD:0F:72:72:B8:46:31:44:A8
Certificate issuer:       /CN=77c6fb655461d73fcf21e8612c318706a089a5c2
Certificate serial:       018DB527823CEE93237BB5490F1286453999
Authority key identifier: 77:C6:FB:65:54:61:D7:3F:CF:21:E8:61:2C:31:87:06:A0:89:A5:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8b7ZVRh1z_PIehhLDGHBqCJpcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/df0e11-593a-4ee4-8dcf-ab3081b2aba4/1/2gO1X5wEbzSpziPdD3JyuEYxRKg.roa
Signing time:             Sat 17 Feb 2024 03:41:21 +0000
ROA not before:           Sat 17 Feb 2024 03:41:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206893
IP address blocks:        185.172.228.0/24 maxlen: 24
                          185.172.229.0/24 maxlen: 24
                          185.172.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/df0e11-593a-4ee4-8dcf-ab3081b2aba4/1/d8b7ZVRh1z_PIehhLDGHBqCJpcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/df0e11-593a-4ee4-8dcf-ab3081b2aba4/1/d8b7ZVRh1z_PIehhLDGHBqCJpcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8b7ZVRh1z_PIehhLDGHBqCJpcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 11:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b5:27:82:3c:ee:93:23:7b:b5:49:0f:12:86:45:39:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77c6fb655461d73fcf21e8612c318706a089a5c2
        Validity
            Not Before: Feb 17 03:41:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da03b55f9c046f34a9ce23dd0f7272b8463144a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c7:d7:99:d1:af:45:4d:c3:78:d2:da:5b:a8:
                    32:cf:69:73:c0:78:fc:6c:e0:9d:6a:ee:95:6f:6f:
                    7f:f1:d6:c9:d7:a6:7b:47:62:ea:8b:1f:7e:19:b0:
                    f7:e4:88:a6:be:99:bc:87:9f:39:fe:6f:95:ea:a0:
                    ae:1c:8e:b1:97:65:20:2a:c5:b5:92:93:0e:ce:f2:
                    1a:1e:c1:5e:b6:74:13:f7:e7:b8:ee:d7:7c:bd:6c:
                    56:cf:cc:82:e5:5a:c5:25:f0:eb:b6:25:5d:fe:22:
                    ce:36:ad:7f:d5:14:8c:91:f1:2f:aa:4e:3c:48:cc:
                    c4:6d:66:ef:73:d7:eb:61:78:50:ca:0c:c7:3b:7b:
                    a1:72:0e:c5:4c:88:37:6b:93:88:97:1f:39:6c:4e:
                    a8:4d:bd:c8:f2:68:c2:17:ce:1f:4f:b4:f6:39:db:
                    82:d7:bc:5b:02:83:76:03:78:89:80:24:17:67:66:
                    91:06:f4:df:37:be:7b:3b:dd:17:51:18:3e:82:c8:
                    46:ba:5c:58:ad:01:34:4c:93:15:81:a4:24:ee:ec:
                    7b:85:03:48:1d:19:63:6c:5a:6a:ce:1c:7f:c8:a0:
                    21:db:72:dc:06:aa:50:75:57:df:7c:a3:69:0c:2b:
                    b2:64:6d:0b:56:a6:03:b2:5d:80:28:43:28:4c:70:
                    50:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:03:B5:5F:9C:04:6F:34:A9:CE:23:DD:0F:72:72:B8:46:31:44:A8
            X509v3 Authority Key Identifier:
                keyid:77:C6:FB:65:54:61:D7:3F:CF:21:E8:61:2C:31:87:06:A0:89:A5:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8b7ZVRh1z_PIehhLDGHBqCJpcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/df0e11-593a-4ee4-8dcf-ab3081b2aba4/1/2gO1X5wEbzSpziPdD3JyuEYxRKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/df0e11-593a-4ee4-8dcf-ab3081b2aba4/1/d8b7ZVRh1z_PIehhLDGHBqCJpcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.228.0-185.172.230.255

    Signature Algorithm: sha256WithRSAEncryption
         5d:42:b5:bd:8f:67:bf:28:b8:a7:dd:77:c0:ef:1c:2d:09:50:
         bf:0d:bc:11:6c:ef:5a:3f:28:43:35:69:48:6e:0b:b0:d7:a5:
         1d:10:b4:c2:8c:43:03:a8:7e:4b:f9:ca:2d:97:95:42:29:98:
         7c:0d:8f:b4:30:f4:6d:01:a1:4a:9a:e5:55:21:bd:09:dc:f2:
         e7:ec:c1:5d:21:8e:3c:92:8f:5e:3d:7e:dc:b1:5c:b4:b6:56:
         6a:dd:4f:e9:8f:62:47:0a:12:21:b5:6f:65:10:9d:1d:74:28:
         ab:71:ed:39:86:c5:c9:18:a6:39:07:f4:9e:bf:ad:eb:b3:a1:
         3b:0d:f3:d6:86:b9:c3:24:22:94:22:9d:40:06:96:9d:8b:fa:
         3e:3a:17:22:0a:a0:34:68:c4:ca:b6:7c:af:14:81:79:50:3b:
         b0:83:26:17:04:f6:8d:41:23:16:93:a4:bf:a2:21:08:d6:33:
         e9:19:bc:fb:ab:17:e0:6b:bb:a0:26:79:a8:d1:d8:3a:c5:12:
         8b:54:a4:40:5f:17:f2:21:d6:d7:e2:77:bd:4a:8c:0c:bc:09:
         06:a4:83:cd:56:d0:24:f4:d8:15:d3:d4:26:71:93:9b:d6:b7:
         24:d3:f1:9d:90:fc:7f:98:89:b1:94:ba:03:2f:8f:db:d6:1f:
         53:2e:05:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY21J4I87pMje7VJDxKGRTmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YzZmYjY1NTQ2MWQ3M2ZjZjIxZTg2MTJjMzE4NzA2YTA4
OWE1YzIwHhcNMjQwMjE3MDM0MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTAzYjU1ZjljMDQ2ZjM0YTljZTIzZGQwZjcyNzJiODQ2MzE0NGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMfXmdGvRU3DeNLaW6gyz2lzwHj8
bOCdau6Vb29/8dbJ16Z7R2Lqix9+GbD35Iimvpm8h585/m+V6qCuHI6xl2UgKsW1
kpMOzvIaHsFetnQT9+e47td8vWxWz8yC5VrFJfDrtiVd/iLONq1/1RSMkfEvqk48
SMzEbWbvc9frYXhQygzHO3uhcg7FTIg3a5OIlx85bE6oTb3I8mjCF84fT7T2OduC
17xbAoN2A3iJgCQXZ2aRBvTfN757O90XURg+gshGulxYrQE0TJMVgaQk7ux7hQNI
HRljbFpqzhx/yKAh23LcBqpQdVfffKNpDCuyZG0LVqYDsl2AKEMoTHBQRQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNoDtV+cBG80qc4j3Q9ycrhGMUSoMB8GA1UdIwQY
MBaAFHfG+2VUYdc/zyHoYSwxhwagiaXCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDhiN1pWUmgxel9QSWVoaExER0hCcUNKcGNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZjBlMTEtNTkzYS00ZWU0LThkY2Yt
YWIzMDgxYjJhYmE0LzEvMmdPMVg1d0VielNwemlQZEQzSnl1RVl4UktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZjBlMTEtNTkzYS00ZWU0LThkY2YtYWIzMDgxYjJhYmE0
LzEvZDhiN1pWUmgxel9QSWVoaExER0hCcUNKcGNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5rOQD
BAC5rOYwDQYJKoZIhvcNAQELBQADggEBAF1Ctb2PZ78ouKfdd8DvHC0JUL8NvBFs
71o/KEM1aUhuC7DXpR0QtMKMQwOofkv5yi2XlUIpmHwNj7Qw9G0BoUqa5VUhvQnc
8ufswV0hjjySj149ftyxXLS2VmrdT+mPYkcKEiG1b2UQnR10KKtx7TmGxckYpjkH
9J6/reuzoTsN89aGucMkIpQinUAGlp2L+j46FyIKoDRoxMq2fK8UgXlQO7CDJhcE
9o1BIxaTpL+iIQjWM+kZvPurF+Bru6AmeajR2DrFEotUpEBfF/Ih1tfid71KjAy8
CQakg81W0CT02BXT1CZxk5vWtyTT8Z2Q/H+YibGUugMvj9vWH1MuBY4=
-----END CERTIFICATE-----