Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/b28d89-b89b-4682-b8c7-7ebb6b9e369d/1/voGC02xq0hViRfKHD8AdYUF1EV4.roa
File:                     voGC02xq0hViRfKHD8AdYUF1EV4.roa (raw, json)
Hash identifier:          cTFx/fJsMsISUlAi9Fl39scNiQjc7DXhWN8RmgCVtXw=
Subject key identifier:   BE:81:82:D3:6C:6A:D2:15:62:45:F2:87:0F:C0:1D:61:41:75:11:5E
Certificate issuer:       /CN=dffc49195a439d5b9d7112b336015eee2c944d89
Certificate serial:       018CC64B62E8E70A09CA17A91F53AC0C482F
Authority key identifier: DF:FC:49:19:5A:43:9D:5B:9D:71:12:B3:36:01:5E:EE:2C:94:4D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_xJGVpDnVudcRKzNgFe7iyUTYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/b28d89-b89b-4682-b8c7-7ebb6b9e369d/1/voGC02xq0hViRfKHD8AdYUF1EV4.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206098
IP address blocks:        185.193.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/b28d89-b89b-4682-b8c7-7ebb6b9e369d/1/3_xJGVpDnVudcRKzNgFe7iyUTYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/b28d89-b89b-4682-b8c7-7ebb6b9e369d/1/3_xJGVpDnVudcRKzNgFe7iyUTYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_xJGVpDnVudcRKzNgFe7iyUTYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:62:e8:e7:0a:09:ca:17:a9:1f:53:ac:0c:48:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dffc49195a439d5b9d7112b336015eee2c944d89
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be8182d36c6ad2156245f2870fc01d614175115e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8d:e4:c4:98:5a:3f:7a:00:6e:52:99:59:5d:
                    ae:f8:74:df:20:f2:fd:d1:80:05:3e:9e:1e:53:5f:
                    c4:a9:81:5e:e7:15:39:62:17:18:af:7b:6b:44:d4:
                    42:fd:c8:93:97:55:8d:c2:b4:58:ba:a7:c9:87:58:
                    2e:28:56:75:90:a0:cf:10:27:58:ff:6c:85:c0:60:
                    ca:e8:61:24:25:d9:b8:38:15:a3:b3:53:47:3d:db:
                    fe:64:ff:9d:dc:68:1d:5a:13:19:d1:90:76:01:8d:
                    d9:64:fd:71:7d:55:ba:05:7f:03:23:7e:03:db:84:
                    f2:ef:13:c2:ba:83:43:83:3d:43:fb:31:af:82:90:
                    27:97:34:5e:6f:49:b6:5f:df:dd:30:d0:95:23:fa:
                    f6:b5:67:b1:b0:cc:b4:82:69:84:32:0f:f1:45:0d:
                    72:cc:fa:89:24:52:9e:b3:0d:6c:6e:83:39:fb:ef:
                    a6:3c:4a:07:19:8c:69:18:0f:13:59:82:c9:b5:d0:
                    46:22:ef:60:75:b2:79:12:05:4b:13:64:37:4f:a6:
                    6e:34:3d:a4:8b:13:c1:20:9b:eb:f2:87:43:90:44:
                    7e:99:fb:93:b8:06:2f:f7:b0:6b:51:81:0e:e0:c1:
                    d1:90:6a:86:88:4e:68:d2:b3:29:78:3f:e5:f7:2f:
                    4a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:81:82:D3:6C:6A:D2:15:62:45:F2:87:0F:C0:1D:61:41:75:11:5E
            X509v3 Authority Key Identifier:
                keyid:DF:FC:49:19:5A:43:9D:5B:9D:71:12:B3:36:01:5E:EE:2C:94:4D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_xJGVpDnVudcRKzNgFe7iyUTYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/b28d89-b89b-4682-b8c7-7ebb6b9e369d/1/voGC02xq0hViRfKHD8AdYUF1EV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/b28d89-b89b-4682-b8c7-7ebb6b9e369d/1/3_xJGVpDnVudcRKzNgFe7iyUTYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:19:22:3d:85:f0:b8:89:e2:eb:29:f1:92:b7:d7:8e:3e:d2:
         2b:e6:84:c8:df:32:5c:13:22:74:94:24:35:3c:e5:05:cf:24:
         74:e7:3c:db:47:49:5a:27:a0:7d:19:ad:f6:f3:8f:ad:c9:09:
         d9:27:50:76:c2:95:5c:3a:d4:65:24:e0:9f:ab:00:1e:e0:c0:
         22:43:8b:81:a4:03:61:45:fd:76:9a:1a:d6:52:89:c8:1e:64:
         be:f6:f3:bb:3b:e6:60:13:de:ed:01:64:2e:98:22:42:29:13:
         6d:31:95:64:0d:82:50:13:29:8f:bd:bd:92:5f:71:76:28:cf:
         c9:e2:8b:ff:04:2a:70:12:61:70:e1:e0:5d:4a:f7:28:bc:87:
         04:2d:c3:a6:44:4e:c0:e2:65:2a:56:a4:f5:37:80:3b:98:85:
         4e:82:d8:5b:b2:e7:35:54:f3:6d:05:3a:45:16:c3:2a:07:00:
         fd:af:18:3f:74:ba:02:26:d8:2a:04:c1:13:e8:29:0d:dd:fa:
         e0:71:22:2f:d9:17:2a:14:e4:da:08:c4:2c:be:e1:df:8a:27:
         8f:50:6b:d2:ec:d9:0b:7d:26:59:f9:11:fc:ff:48:48:f5:25:
         5a:18:f9:6b:50:da:99:1a:b4:38:de:17:7a:1c:68:2b:66:f6:
         1a:3b:a0:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2Lo5woJyhepH1OsDEgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZmM0OTE5NWE0MzlkNWI5ZDcxMTJiMzM2MDE1ZWVlMmM5
NDRkODkwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTgxODJkMzZjNmFkMjE1NjI0NWYyODcwZmMwMWQ2MTQxNzUxMTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArI3kxJhaP3oAblKZWV2u+HTfIPL9
0YAFPp4eU1/EqYFe5xU5YhcYr3trRNRC/ciTl1WNwrRYuqfJh1guKFZ1kKDPECdY
/2yFwGDK6GEkJdm4OBWjs1NHPdv+ZP+d3GgdWhMZ0ZB2AY3ZZP1xfVW6BX8DI34D
24Ty7xPCuoNDgz1D+zGvgpAnlzReb0m2X9/dMNCVI/r2tWexsMy0gmmEMg/xRQ1y
zPqJJFKesw1sboM5+++mPEoHGYxpGA8TWYLJtdBGIu9gdbJ5EgVLE2Q3T6ZuND2k
ixPBIJvr8odDkER+mfuTuAYv97BrUYEO4MHRkGqGiE5o0rMpeD/l9y9KywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6BgtNsatIVYkXyhw/AHWFBdRFeMB8GA1UdIwQY
MBaAFN/8SRlaQ51bnXESszYBXu4slE2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM194SkdWcERuVnVkY1JLek5nRmU3aXlVVFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9iMjhkODktYjg5Yi00NjgyLWI4Yzct
N2ViYjZiOWUzNjlkLzEvdm9HQzAyeHEwaFZpUmZLSEQ4QWRZVUYxRVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9iMjhkODktYjg5Yi00NjgyLWI4YzctN2ViYjZiOWUzNjlk
LzEvM194SkdWcERuVnVkY1JLek5nRmU3aXlVVFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucE6MA0G
CSqGSIb3DQEBCwUAA4IBAQBcGSI9hfC4ieLrKfGSt9eOPtIr5oTI3zJcEyJ0lCQ1
POUFzyR05zzbR0laJ6B9Ga3284+tyQnZJ1B2wpVcOtRlJOCfqwAe4MAiQ4uBpANh
Rf12mhrWUonIHmS+9vO7O+ZgE97tAWQumCJCKRNtMZVkDYJQEymPvb2SX3F2KM/J
4ov/BCpwEmFw4eBdSvcovIcELcOmRE7A4mUqVqT1N4A7mIVOgthbsuc1VPNtBTpF
FsMqBwD9rxg/dLoCJtgqBMET6CkN3frgcSIv2RcqFOTaCMQsvuHfiiePUGvS7NkL
fSZZ+RH8/0hI9SVaGPlrUNqZGrQ43hd6HGgrZvYaO6D3
-----END CERTIFICATE-----