Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/1VBYGwFuuqZwkirkbCwCeghTmzM.roa
File:                     1VBYGwFuuqZwkirkbCwCeghTmzM.roa (raw, json)
Hash identifier:          naAWt0Vnm9Zfz50WxlVwDqFDYAxil/BDxkCZ/KqN01I=
Subject key identifier:   D5:50:58:1B:01:6E:BA:A6:70:92:2A:E4:6C:2C:02:7A:08:53:9B:33
Certificate issuer:       /CN=afcc1d30edeeab54b5812a990a943e3e8fe8391d
Certificate serial:       018CC8017AB9EA92E04DCA963FECC1E4B840
Authority key identifier: AF:CC:1D:30:ED:EE:AB:54:B5:81:2A:99:0A:94:3E:3E:8F:E8:39:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/1VBYGwFuuqZwkirkbCwCeghTmzM.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199298
IP address blocks:        185.21.220.0/22 maxlen: 22
                          2a00:5c20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7a:b9:ea:92:e0:4d:ca:96:3f:ec:c1:e4:b8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afcc1d30edeeab54b5812a990a943e3e8fe8391d
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d550581b016ebaa670922ae46c2c027a08539b33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:af:c7:10:bc:14:b5:55:11:b5:53:85:eb:fc:
                    4c:ef:b0:6b:84:c8:68:36:1f:92:8b:bd:cc:5a:d3:
                    a5:89:78:72:27:2b:8c:26:e4:75:74:67:60:c1:81:
                    15:6e:b3:ec:fe:09:2a:27:bf:d2:b4:a4:f6:7d:c4:
                    a1:df:b7:ef:33:09:2c:62:14:b7:a7:9f:6b:2b:07:
                    a0:07:03:a8:e7:88:7f:02:1b:dc:9a:09:db:bf:c0:
                    d7:1f:35:82:3e:27:cd:58:83:f7:d7:bd:d2:91:31:
                    70:a3:3e:f9:26:e9:91:94:3f:17:de:60:8b:c3:e8:
                    f6:57:e2:be:7c:f6:c9:8b:d1:fe:e1:7c:d2:58:a0:
                    6a:f1:fe:24:57:92:48:24:17:d0:8f:e9:30:22:8c:
                    80:b5:3a:bc:44:1c:45:07:dc:66:47:af:51:4e:11:
                    10:a5:fa:ce:af:88:13:ba:39:7f:17:13:46:52:c9:
                    59:66:92:a4:22:76:ee:d5:3b:0d:11:be:db:24:d2:
                    cf:eb:73:db:84:4e:d0:7c:b8:e1:33:be:21:d3:19:
                    8f:f8:a6:49:74:8c:16:ef:bf:a8:e8:0a:1a:69:5e:
                    d7:c0:c2:ee:7a:3a:24:1a:4c:c2:a8:34:f9:e7:a0:
                    53:30:54:99:6b:8e:1d:a4:b1:be:ae:aa:bb:83:1d:
                    2e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:50:58:1B:01:6E:BA:A6:70:92:2A:E4:6C:2C:02:7A:08:53:9B:33
            X509v3 Authority Key Identifier:
                keyid:AF:CC:1D:30:ED:EE:AB:54:B5:81:2A:99:0A:94:3E:3E:8F:E8:39:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/1VBYGwFuuqZwkirkbCwCeghTmzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0217c2-7354-4061-9ef7-a220fe6a2a25/1/r8wdMO3uq1S1gSqZCpQ-Po_oOR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.220.0/22
                IPv6:
                  2a00:5c20::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:21:33:70:ac:b0:41:91:c3:49:3f:81:4c:d1:a4:8b:fd:04:
         32:9d:8d:a5:f7:72:b9:92:19:30:bb:08:51:b8:e8:1f:81:8f:
         bb:c6:df:5f:21:b7:55:f6:9a:39:02:59:7a:81:53:32:73:d1:
         ef:c0:59:80:89:13:a4:32:1d:16:72:92:56:15:81:bb:a7:e3:
         d6:5d:c4:56:ed:0a:97:1b:6a:5c:1f:83:1b:ef:f3:cf:cf:b4:
         97:a0:3c:d6:60:47:1e:cf:8b:f8:28:b3:5d:d4:28:90:d7:59:
         aa:3a:d2:be:b3:41:bc:1f:d5:88:4a:28:6b:cd:ec:aa:6b:c1:
         09:af:6e:ed:ec:3a:00:ac:bb:01:2a:d4:7a:bc:0d:95:20:65:
         e8:b3:43:2f:86:f7:35:d7:c0:83:4f:83:fc:18:ea:64:4b:85:
         46:3f:87:a5:8e:95:71:14:50:ea:6c:f0:96:55:32:e1:79:b5:
         e9:69:32:ef:08:8b:bf:90:29:c1:10:f0:8a:21:95:e6:7f:d1:
         a0:e1:ca:ff:96:0b:38:10:5c:6f:65:71:40:e6:3d:1f:92:cb:
         49:26:8b:88:ec:6e:52:91:90:eb:f7:57:31:82:4b:74:62:12:
         38:0e:45:27:68:a1:3b:12:69:f6:14:c4:5f:fe:a7:ed:c5:22:
         90:85:10:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAXq56pLgTcqWP+zB5LhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmY2MxZDMwZWRlZWFiNTRiNTgxMmE5OTBhOTQzZTNlOGZl
ODM5MWQwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTUwNTgxYjAxNmViYWE2NzA5MjJhZTQ2YzJjMDI3YTA4NTM5YjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16/HELwUtVURtVOF6/xM77BrhMho
Nh+Si73MWtOliXhyJyuMJuR1dGdgwYEVbrPs/gkqJ7/StKT2fcSh37fvMwksYhS3
p59rKwegBwOo54h/Ahvcmgnbv8DXHzWCPifNWIP3173SkTFwoz75JumRlD8X3mCL
w+j2V+K+fPbJi9H+4XzSWKBq8f4kV5JIJBfQj+kwIoyAtTq8RBxFB9xmR69RThEQ
pfrOr4gTujl/FxNGUslZZpKkInbu1TsNEb7bJNLP63PbhE7QfLjhM74h0xmP+KZJ
dIwW77+o6AoaaV7XwMLuejokGkzCqDT556BTMFSZa44dpLG+rqq7gx0uDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNVQWBsBbrqmcJIq5GwsAnoIU5szMB8GA1UdIwQY
MBaAFK/MHTDt7qtUtYEqmQqUPj6P6DkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjh3ZE1PM3VxMVMxZ1NxWkNwUS1Qb19vT1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wMjE3YzItNzM1NC00MDYxLTllZjct
YTIyMGZlNmEyYTI1LzEvMVZCWUd3RnV1cVp3a2lya2JDd0NlZ2hUbXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wMjE3YzItNzM1NC00MDYxLTllZjctYTIyMGZlNmEyYTI1
LzEvcjh3ZE1PM3VxMVMxZ1NxWkNwUS1Qb19vT1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRXcMA0E
AgACMAcDBQAqAFwgMA0GCSqGSIb3DQEBCwUAA4IBAQAKITNwrLBBkcNJP4FM0aSL
/QQynY2l93K5khkwuwhRuOgfgY+7xt9fIbdV9po5All6gVMyc9HvwFmAiROkMh0W
cpJWFYG7p+PWXcRW7QqXG2pcH4Mb7/PPz7SXoDzWYEcez4v4KLNd1CiQ11mqOtK+
s0G8H9WISihrzeyqa8EJr27t7DoArLsBKtR6vA2VIGXos0Mvhvc118CDT4P8GOpk
S4VGP4eljpVxFFDqbPCWVTLhebXpaTLvCIu/kCnBEPCKIZXmf9Gg4cr/lgs4EFxv
ZXFA5j0fkstJJouI7G5SkZDr91cxgkt0YhI4DkUnaKE7Emn2FMRf/qftxSKQhRDR
-----END CERTIFICATE-----