Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d7fd2c-95a9-4c09-9e47-827f9648c022/1/BV_2VrsSKFstxNo_ZB7_7vCb3xM.roa
File:                     BV_2VrsSKFstxNo_ZB7_7vCb3xM.roa (raw, json)
Hash identifier:          4xOoriGH0WPMbY1gbOsmXHsb3VRUhmsZwetVXPG0Veg=
Subject key identifier:   05:5F:F6:56:BB:12:28:5B:2D:C4:DA:3F:64:1E:FF:EE:F0:9B:DF:13
Certificate issuer:       /CN=07d64daef339e6fdae644db1b20bbf54e67e5d66
Certificate serial:       018CC493120B72238E12F105940EB4DAD983
Authority key identifier: 07:D6:4D:AE:F3:39:E6:FD:AE:64:4D:B1:B2:0B:BF:54:E6:7E:5D:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9ZNrvM55v2uZE2xsgu_VOZ-XWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d7fd2c-95a9-4c09-9e47-827f9648c022/1/BV_2VrsSKFstxNo_ZB7_7vCb3xM.roa
Signing time:             Mon 01 Jan 2024 10:30:21 +0000
ROA not before:           Mon 01 Jan 2024 10:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48319
IP address blocks:        94.199.32.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d7fd2c-95a9-4c09-9e47-827f9648c022/1/B9ZNrvM55v2uZE2xsgu_VOZ-XWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d7fd2c-95a9-4c09-9e47-827f9648c022/1/B9ZNrvM55v2uZE2xsgu_VOZ-XWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9ZNrvM55v2uZE2xsgu_VOZ-XWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:12:0b:72:23:8e:12:f1:05:94:0e:b4:da:d9:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d64daef339e6fdae644db1b20bbf54e67e5d66
        Validity
            Not Before: Jan  1 10:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=055ff656bb12285b2dc4da3f641effeef09bdf13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:88:a4:10:75:09:9a:c2:95:5e:b1:41:54:c2:
                    68:6f:cf:c7:aa:8d:48:8c:5f:50:50:4c:62:7c:98:
                    1e:99:08:73:47:6d:a1:98:62:37:da:f3:e3:97:67:
                    24:bc:67:2f:03:62:9a:d5:31:0e:37:87:c5:08:b8:
                    e0:43:2e:88:47:d7:13:da:94:57:d9:a9:80:33:1a:
                    98:47:e0:9f:aa:95:41:0e:9b:54:3b:a6:19:e8:cc:
                    32:fb:f0:c7:a9:6e:1b:09:27:aa:3c:ef:f4:af:47:
                    bb:4b:bd:2d:48:8b:ca:77:3e:ef:5f:da:aa:07:4e:
                    b5:38:fc:a3:35:81:b9:90:4d:9d:39:a0:80:71:e9:
                    9c:d2:c1:6f:f0:d2:94:17:e9:9f:63:41:30:b6:d3:
                    0a:79:de:bb:0f:54:b2:5c:51:b9:a6:c3:86:9e:4c:
                    07:33:ee:54:1b:ac:73:58:f4:d6:e7:a7:43:ba:fb:
                    c4:f4:cd:73:72:cc:e4:00:ed:a5:4d:f9:56:61:6d:
                    ec:6b:73:b8:57:75:50:10:8d:b2:22:76:9b:6e:aa:
                    60:b6:57:84:9b:8e:76:05:8b:9a:fa:ba:bd:0d:80:
                    e6:62:39:3d:40:65:87:66:35:0e:c9:45:4e:a2:32:
                    83:de:d3:27:1b:9e:e1:69:56:2a:d1:3f:9e:65:bf:
                    7b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:5F:F6:56:BB:12:28:5B:2D:C4:DA:3F:64:1E:FF:EE:F0:9B:DF:13
            X509v3 Authority Key Identifier:
                keyid:07:D6:4D:AE:F3:39:E6:FD:AE:64:4D:B1:B2:0B:BF:54:E6:7E:5D:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9ZNrvM55v2uZE2xsgu_VOZ-XWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d7fd2c-95a9-4c09-9e47-827f9648c022/1/BV_2VrsSKFstxNo_ZB7_7vCb3xM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d7fd2c-95a9-4c09-9e47-827f9648c022/1/B9ZNrvM55v2uZE2xsgu_VOZ-XWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         89:bc:74:b6:1c:d0:09:c0:b6:ca:ef:8e:15:74:b0:11:8f:df:
         2c:d1:24:e2:26:28:38:5f:39:e8:73:62:8b:3a:e9:cc:d5:55:
         24:c3:9d:26:3e:12:17:e7:e4:ac:4a:4a:e2:e6:6e:de:ba:5e:
         84:05:dd:4d:9c:ca:7c:2e:97:f5:1b:48:54:df:8c:d4:5c:2a:
         59:5c:f0:bc:c8:c1:69:d9:78:d5:51:97:55:5c:6d:f0:92:7b:
         ba:ff:7d:f3:ba:7d:f9:9d:b3:1e:08:9f:58:43:68:74:c8:64:
         03:c4:4e:10:ac:48:39:bd:88:b6:ad:1c:7e:12:6b:f7:64:79:
         81:82:8d:88:b1:71:38:de:90:3c:eb:a0:53:20:41:76:d7:00:
         a1:76:45:30:08:cd:2f:c8:2a:f3:23:d5:9f:7d:63:81:59:78:
         9f:46:0e:e8:8e:3b:3b:ba:a1:a1:2d:5e:b0:9e:78:5e:3e:62:
         ed:c2:b0:87:43:a2:4c:9e:57:f3:8e:1a:2e:aa:f0:64:75:2e:
         24:73:4f:a1:fd:3e:e6:18:ee:69:9c:59:8a:c3:b9:af:7c:45:
         e2:ff:5c:b6:58:4c:b2:1d:56:19:34:5b:04:db:c0:fd:85:be:
         4e:24:37:37:d1:17:8e:08:cd:a1:e7:f4:4f:dc:5d:f4:01:7f:
         7a:f8:84:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxILciOOEvEFlA602tmDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDY0ZGFlZjMzOWU2ZmRhZTY0NGRiMWIyMGJiZjU0ZTY3
ZTVkNjYwHhcNMjQwMTAxMTAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTVmZjY1NmJiMTIyODViMmRjNGRhM2Y2NDFlZmZlZWYwOWJkZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYikEHUJmsKVXrFBVMJob8/Hqo1I
jF9QUExifJgemQhzR22hmGI32vPjl2ckvGcvA2Ka1TEON4fFCLjgQy6IR9cT2pRX
2amAMxqYR+CfqpVBDptUO6YZ6Mwy+/DHqW4bCSeqPO/0r0e7S70tSIvKdz7vX9qq
B061OPyjNYG5kE2dOaCAcemc0sFv8NKUF+mfY0EwttMKed67D1SyXFG5psOGnkwH
M+5UG6xzWPTW56dDuvvE9M1zcszkAO2lTflWYW3sa3O4V3VQEI2yInabbqpgtleE
m452BYua+rq9DYDmYjk9QGWHZjUOyUVOojKD3tMnG57haVYq0T+eZb97zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVf9la7EihbLcTaP2Qe/+7wm98TMB8GA1UdIwQY
MBaAFAfWTa7zOeb9rmRNsbILv1Tmfl1mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlaTnJ2TTU1djJ1WkUyeHNndV9WT1otWFdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kN2ZkMmMtOTVhOS00YzA5LTllNDct
ODI3Zjk2NDhjMDIyLzEvQlZfMlZyc1NLRnN0eE5vX1pCN183dkNiM3hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kN2ZkMmMtOTVhOS00YzA5LTllNDctODI3Zjk2NDhjMDIy
LzEvQjlaTnJ2TTU1djJ1WkUyeHNndV9WT1otWFdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXscgMA0G
CSqGSIb3DQEBCwUAA4IBAQCJvHS2HNAJwLbK744VdLARj98s0STiJig4Xznoc2KL
OunM1VUkw50mPhIX5+SsSkri5m7eul6EBd1NnMp8Lpf1G0hU34zUXCpZXPC8yMFp
2XjVUZdVXG3wknu6/33zun35nbMeCJ9YQ2h0yGQDxE4QrEg5vYi2rRx+Emv3ZHmB
go2IsXE43pA866BTIEF21wChdkUwCM0vyCrzI9WffWOBWXifRg7ojjs7uqGhLV6w
nnhePmLtwrCHQ6JMnlfzjhouqvBkdS4kc0+h/T7mGO5pnFmKw7mvfEXi/1y2WEyy
HVYZNFsE28D9hb5OJDc30ReOCM2h5/RP3F30AX96+IRH
-----END CERTIFICATE-----