Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/VgRM7YDk1PRdStctkdKg0-bW_4c.roa
File:                     VgRM7YDk1PRdStctkdKg0-bW_4c.roa (raw, json)
Hash identifier:          BEpYx/Zo++iqeHKfKrC7isVb+7rsQ6gUxA1Mz9WMA4A=
Subject key identifier:   56:04:4C:ED:80:E4:D4:F4:5D:4A:D7:2D:91:D2:A0:D3:E6:D6:FF:87
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F898F494CD149F6840BAD9FA1024EB2
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/VgRM7YDk1PRdStctkdKg0-bW_4c.roa
Signing time:             Wed 27 Mar 2024 10:51:45 +0000
ROA not before:           Wed 27 Mar 2024 10:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        2.22.36.0/22 maxlen: 22
                          2.22.40.0/22 maxlen: 22
                          95.101.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:89:8f:49:4c:d1:49:f6:84:0b:ad:9f:a1:02:4e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 10:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56044ced80e4d4f45d4ad72d91d2a0d3e6d6ff87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a8:4b:41:e1:9e:b1:62:54:7c:77:e4:1c:30:
                    db:5d:ab:67:49:f3:81:d8:b5:6b:b4:3f:1d:6e:d5:
                    c0:ef:e0:39:31:10:df:ec:06:3b:54:df:24:0b:bb:
                    4b:16:a4:3b:cf:9e:66:1a:23:72:25:80:ae:76:43:
                    e2:c2:76:16:9f:cf:19:45:48:37:bc:6c:b5:42:c4:
                    1e:3e:fb:9e:65:c3:0a:75:3c:90:24:4b:8d:de:15:
                    ee:2e:56:22:96:4f:55:08:a5:53:11:56:d1:cf:d5:
                    dd:4a:2b:ff:2b:c6:7e:24:c9:2d:4b:10:73:f9:e8:
                    de:f8:5b:45:4c:50:da:4d:1f:66:6a:2b:ca:f0:e5:
                    9f:63:9f:63:74:17:2e:84:75:5e:63:dd:07:4c:99:
                    ef:01:14:f7:b2:1d:fe:a8:2b:a9:84:5d:fb:5c:e1:
                    2c:a7:c7:f6:89:df:c0:5f:e6:36:3f:6e:0a:32:89:
                    02:34:ab:d2:e7:c0:3e:94:d0:3b:89:cf:5e:08:81:
                    b3:12:44:3e:6e:ad:22:f2:49:9d:22:86:56:99:b4:
                    4c:84:3c:8a:fc:9c:6f:16:ba:f9:7c:ef:53:d0:50:
                    f1:ff:a7:6f:b2:3b:1e:02:b5:f9:e7:25:ac:04:67:
                    01:a8:18:31:a8:6c:20:32:25:7c:32:47:b1:e5:4b:
                    86:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:04:4C:ED:80:E4:D4:F4:5D:4A:D7:2D:91:D2:A0:D3:E6:D6:FF:87
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/VgRM7YDk1PRdStctkdKg0-bW_4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.22.36.0-2.22.43.255
                  95.101.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:2b:ab:ba:31:04:dc:62:ca:05:80:18:9d:ec:0c:a5:c3:e0:
         35:92:f3:19:1c:96:a1:b8:c3:d5:e9:8c:14:0d:af:1e:3c:79:
         68:0a:bf:a8:10:6e:e3:f0:41:56:c0:7d:d8:fa:b1:e8:c4:3f:
         15:5a:09:a1:ff:db:a9:5d:76:33:b4:3d:89:b8:b1:0a:19:51:
         eb:fb:5f:39:25:b3:d7:59:c1:7d:35:a0:46:4e:44:da:be:51:
         37:07:82:56:9a:a7:5a:86:f2:15:51:7e:c6:b5:1c:30:ed:7e:
         5a:e6:ea:9c:a7:31:4a:c5:9f:4b:04:d5:1d:16:51:4f:e3:a2:
         ff:1b:fe:3a:2a:f7:9e:66:8b:98:ab:a1:dc:6e:85:a2:03:97:
         f0:ad:ad:ff:97:0e:93:94:62:54:2b:3b:0c:31:f3:7f:8d:50:
         44:b3:92:b9:c1:38:68:28:c5:3b:b6:ab:b8:4e:c1:35:77:51:
         01:d3:c9:41:63:e2:a7:53:d5:ed:7e:ec:65:0e:bc:b6:a5:83:
         15:75:90:08:7e:92:7b:04:34:39:8e:27:bc:a2:5b:58:7d:18:
         cf:5f:43:ba:b4:d6:5d:24:ea:50:a1:f0:25:d1:62:9a:ac:b3:
         f0:b8:7b:7d:04:45:64:23:a9:56:f3:ba:be:de:dd:9d:f1:fd:
         e9:f2:d6:8d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY5/iY9JTNFJ9oQLrZ+hAk6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTA1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjA0NGNlZDgwZTRkNGY0NWQ0YWQ3MmQ5MWQyYTBkM2U2ZDZmZjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKhLQeGesWJUfHfkHDDbXatnSfOB
2LVrtD8dbtXA7+A5MRDf7AY7VN8kC7tLFqQ7z55mGiNyJYCudkPiwnYWn88ZRUg3
vGy1QsQePvueZcMKdTyQJEuN3hXuLlYilk9VCKVTEVbRz9XdSiv/K8Z+JMktSxBz
+eje+FtFTFDaTR9maivK8OWfY59jdBcuhHVeY90HTJnvART3sh3+qCuphF37XOEs
p8f2id/AX+Y2P24KMokCNKvS58A+lNA7ic9eCIGzEkQ+bq0i8kmdIoZWmbRMhDyK
/JxvFrr5fO9T0FDx/6dvsjseArX55yWsBGcBqBgxqGwgMiV8Mkex5UuGwwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFYETO2A5NT0XUrXLZHSoNPm1v+HMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvVmdSTTdZRGsxUFJkU3RjdGtkS2cwLWJXXzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAICFiQD
BAICFigDBABfZYUwDQYJKoZIhvcNAQELBQADggEBAAMrq7oxBNxiygWAGJ3sDKXD
4DWS8xkclqG4w9XpjBQNrx48eWgKv6gQbuPwQVbAfdj6sejEPxVaCaH/26lddjO0
PYm4sQoZUev7Xzkls9dZwX01oEZORNq+UTcHglaap1qG8hVRfsa1HDDtflrm6pyn
MUrFn0sE1R0WUU/jov8b/joq955mi5irodxuhaIDl/Ctrf+XDpOUYlQrOwwx83+N
UESzkrnBOGgoxTu2q7hOwTV3UQHTyUFj4qdT1e1+7GUOvLalgxV1kAh+knsENDmO
J7yiW1h9GM9fQ7q01l0k6lCh8CXRYpqss/C4e30ERWQjqVbzur7e3Z3x/eny1o0=
-----END CERTIFICATE-----