Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ovJXIsCP84Pn-omXnyT7-05mgaA.roa
File:                     ovJXIsCP84Pn-omXnyT7-05mgaA.roa (raw, json)
Hash identifier:          /uhn9WE5eOOQt4QUO9IbACaVj0kt16/MoRGZTAAC6uY=
Subject key identifier:   A2:F2:57:22:C0:8F:F3:83:E7:FA:89:97:9F:24:FB:FB:4E:66:81:A0
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018ED23E6076848491158D4993649DE97D3A
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ovJXIsCP84Pn-omXnyT7-05mgaA.roa
Signing time:             Fri 12 Apr 2024 12:18:06 +0000
ROA not before:           Fri 12 Apr 2024 12:18:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        85.92.115.0/24 maxlen: 24
                          160.238.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:3e:60:76:84:84:91:15:8d:49:93:64:9d:e9:7d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Apr 12 12:18:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2f25722c08ff383e7fa89979f24fbfb4e6681a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b0:03:8b:ee:b6:f6:5d:a0:8c:84:6f:03:da:
                    10:03:14:d9:f9:e5:08:c1:c2:16:c6:58:21:18:ee:
                    b7:fd:58:a9:81:69:9d:9c:8f:ed:23:c9:a7:fc:71:
                    7d:77:f5:ca:2b:58:b2:d1:81:39:11:98:64:a3:b1:
                    35:9e:65:1f:f3:54:42:27:df:24:4f:d4:d2:ae:38:
                    bb:4b:9d:fd:ea:4b:0e:39:86:ba:65:90:78:db:5e:
                    84:58:a5:9d:76:60:f9:d9:94:b9:c1:9e:29:d1:05:
                    9b:4c:55:e2:4b:7b:2e:54:a3:26:1a:66:4f:7f:94:
                    38:6b:27:9d:f0:bb:59:36:94:f2:49:4c:d5:34:3b:
                    3f:90:19:d0:0a:85:4e:d2:d2:ee:27:5b:65:e3:a1:
                    32:b9:80:58:d4:80:a1:1d:3f:d9:32:66:9a:6c:8d:
                    1f:81:d8:4b:e4:13:16:02:52:03:d3:31:0c:18:f5:
                    19:a5:8c:b0:25:3a:96:2b:9e:49:f0:f0:8f:f1:5d:
                    c0:da:33:1a:0f:f5:59:40:80:21:bf:01:65:d7:6a:
                    40:e4:bb:e8:87:4a:d2:aa:57:ec:e7:cd:d0:4a:9e:
                    28:b6:88:a7:21:c2:06:e9:93:ce:93:1c:f8:89:1b:
                    f4:c7:e3:68:b7:dc:8a:ea:9e:8c:ae:d0:8e:d7:65:
                    86:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F2:57:22:C0:8F:F3:83:E7:FA:89:97:9F:24:FB:FB:4E:66:81:A0
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ovJXIsCP84Pn-omXnyT7-05mgaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.92.115.0/24
                  160.238.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:2a:6b:e8:bc:f7:89:8b:74:1b:cd:e9:e7:c9:33:ef:e0:9c:
         51:dd:c3:ac:31:8c:b3:3e:e0:b6:a4:d4:0e:e1:1c:9f:4d:43:
         c1:d9:c8:8c:09:4d:db:e6:d9:70:68:c1:23:5f:bb:9f:3f:5b:
         d3:1a:eb:66:67:1a:4f:05:2a:3c:ab:49:84:f9:09:c8:37:91:
         69:40:82:dd:1a:fd:6a:99:6d:3a:62:bc:46:8d:66:91:eb:2e:
         0c:87:58:27:f3:63:cc:be:f6:29:88:56:78:31:55:d2:9f:43:
         ed:b1:3d:75:ac:19:6c:9b:e0:40:e4:e5:a6:ae:0f:3e:f2:7d:
         dd:f8:f1:f6:f5:9f:97:ce:39:f7:cd:83:e1:41:ad:2e:0a:45:
         6a:ab:f8:de:cc:f9:58:4f:0d:97:28:15:9c:f3:e2:d3:ac:58:
         08:3e:ad:14:57:92:89:73:17:f0:40:d9:5e:1a:e1:38:2a:28:
         39:55:14:31:fa:b3:d7:5a:62:c3:71:50:ff:a5:0c:ef:ec:c2:
         4c:64:f5:4b:6d:6f:0d:93:19:18:9e:b8:a1:ea:20:4a:12:df:
         4c:93:bd:8c:79:40:6e:1b:d5:5d:7e:5f:5b:24:28:fc:b7:70:
         da:0c:a3:a5:6d:ba:dd:45:c9:4c:3e:50:c2:8b:b4:78:66:54:
         04:ba:14:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7SPmB2hISRFY1Jk2Sd6X06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwNDEyMTIxODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmYyNTcyMmMwOGZmMzgzZTdmYTg5OTc5ZjI0ZmJmYjRlNjY4MWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLADi+629l2gjIRvA9oQAxTZ+eUI
wcIWxlghGO63/VipgWmdnI/tI8mn/HF9d/XKK1iy0YE5EZhko7E1nmUf81RCJ98k
T9TSrji7S5396ksOOYa6ZZB4216EWKWddmD52ZS5wZ4p0QWbTFXiS3suVKMmGmZP
f5Q4ayed8LtZNpTySUzVNDs/kBnQCoVO0tLuJ1tl46EyuYBY1IChHT/ZMmaabI0f
gdhL5BMWAlID0zEMGPUZpYywJTqWK55J8PCP8V3A2jMaD/VZQIAhvwFl12pA5Lvo
h0rSqlfs583QSp4otoinIcIG6ZPOkxz4iRv0x+Not9yK6p6MrtCO12WGqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKLyVyLAj/OD5/qJl58k+/tOZoGgMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvb3ZKWElzQ1A4NFBuLW9tWG55VDctMDVtZ2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVVxzAwQA
oO5CMA0GCSqGSIb3DQEBCwUAA4IBAQAlKmvovPeJi3QbzennyTPv4JxR3cOsMYyz
PuC2pNQO4RyfTUPB2ciMCU3b5tlwaMEjX7ufP1vTGutmZxpPBSo8q0mE+QnIN5Fp
QILdGv1qmW06YrxGjWaR6y4Mh1gn82PMvvYpiFZ4MVXSn0PtsT11rBlsm+BA5OWm
rg8+8n3d+PH29Z+Xzjn3zYPhQa0uCkVqq/jezPlYTw2XKBWc8+LTrFgIPq0UV5KJ
cxfwQNleGuE4Kig5VRQx+rPXWmLDcVD/pQzv7MJMZPVLbW8NkxkYnrih6iBKEt9M
k72MeUBuG9Vdfl9bJCj8t3DaDKOlbbrdRclMPlDCi7R4ZlQEuhRO
-----END CERTIFICATE-----