Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tve-Q8TOD2xzsSbkSzdIdSlPx-Y.roa
File:                     tve-Q8TOD2xzsSbkSzdIdSlPx-Y.roa (raw, json)
Hash identifier:          sNFXycuNdPCw0GoN5zkl5dkMgRteXDtLRYD+oxKTd1I=
Subject key identifier:   B6:F7:BE:43:C4:CE:0F:6C:73:B1:26:E4:4B:37:48:75:29:4F:C7:E6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019428248AD346D6B2DE5024C9F542976E6F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tve-Q8TOD2xzsSbkSzdIdSlPx-Y.roa
Signing time:             Thu 02 Jan 2025 17:51:10 +0000
ROA not before:           Thu 02 Jan 2025 17:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52055
IP address blocks:        85.217.149.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:8a:d3:46:d6:b2:de:50:24:c9:f5:42:97:6e:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6f7be43c4ce0f6c73b126e44b374875294fc7e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f5:40:02:a0:7a:6f:aa:aa:b9:c4:01:19:40:
                    6c:d3:2b:85:f4:5b:ab:4f:28:29:d2:e2:52:ee:af:
                    2f:3a:52:78:dd:5d:af:96:52:96:63:ca:d9:bc:13:
                    48:27:df:4e:27:17:5c:45:bf:48:82:c9:d9:19:8a:
                    46:a3:b7:eb:54:f6:91:be:df:a6:54:c0:2a:9c:9e:
                    a5:6d:2b:d4:7c:8a:c7:5a:89:5d:fb:9d:ab:61:02:
                    64:98:34:27:45:37:00:96:97:0b:34:92:af:c0:21:
                    26:3b:f0:1a:45:4f:cf:dc:ee:ed:c7:1e:88:97:53:
                    84:9e:fc:1c:65:0c:ad:56:80:6e:3e:96:5e:d3:35:
                    7f:87:00:db:12:02:7b:be:cb:a6:a6:e8:62:f7:7b:
                    3e:4c:19:ba:0a:a5:c3:c8:47:26:75:a2:cc:6c:6b:
                    59:fa:cb:eb:a3:15:2e:f7:fe:bb:16:d9:cc:71:83:
                    75:79:35:39:99:e0:07:1a:44:5b:78:d1:8d:e7:bb:
                    c2:03:ad:11:8d:74:f3:b8:f8:7d:22:48:92:ed:fa:
                    e7:7e:33:15:98:61:1e:62:49:7d:6d:ac:97:81:90:
                    36:18:db:5c:08:97:da:a7:b9:56:60:37:f6:73:ae:
                    bb:62:ff:30:66:d4:cc:5c:79:40:35:e6:65:55:f5:
                    18:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F7:BE:43:C4:CE:0F:6C:73:B1:26:E4:4B:37:48:75:29:4F:C7:E6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tve-Q8TOD2xzsSbkSzdIdSlPx-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:96:a1:ce:a5:88:ac:bf:4e:08:28:9d:6b:c8:19:c9:ee:1b:
         35:13:9a:dc:71:71:e8:7d:7e:56:7a:19:a0:94:06:c9:a3:a5:
         3f:f7:f5:26:42:41:d5:37:76:bf:30:45:ec:49:5c:47:ae:a8:
         93:00:8a:ab:b6:cc:c6:d7:f6:46:c1:84:4e:5a:3f:0f:2b:2d:
         8a:bd:d1:e5:80:72:a1:50:75:bf:f4:eb:fa:17:66:64:62:a5:
         1c:6f:ce:31:2b:a6:10:c9:0c:2d:16:8f:44:86:2f:1e:a5:75:
         b7:0b:55:3b:3d:58:eb:49:d8:15:30:14:e8:fb:0f:98:45:a7:
         3b:4d:d4:30:f3:9a:5b:ca:39:de:6f:ec:35:21:bc:3c:cf:2d:
         d6:0f:9b:5f:88:3f:73:5a:48:c7:f5:40:c9:d4:a1:e9:2f:3c:
         e6:8d:7d:07:bb:f1:95:3b:a7:31:5c:6f:5c:7d:c5:d5:9e:59:
         92:00:5e:09:f2:c9:ab:aa:d7:06:bc:0a:c5:31:eb:09:69:78:
         d2:8e:f5:ef:b2:22:67:ea:1e:8b:15:50:d6:4a:e7:26:58:f0:
         cb:fd:70:07:a7:07:e9:9c:50:c5:50:58:15:1e:4d:f3:06:6d:
         aa:90:a0:15:87:31:8e:65:b9:a9:b2:9b:c9:42:2a:f0:7a:98:
         43:5a:49:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJIrTRtay3lAkyfVCl25vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY3YmU0M2M0Y2UwZjZjNzNiMTI2ZTQ0YjM3NDg3NTI5NGZjN2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfVAAqB6b6qqucQBGUBs0yuF9Fur
Tygp0uJS7q8vOlJ43V2vllKWY8rZvBNIJ99OJxdcRb9IgsnZGYpGo7frVPaRvt+m
VMAqnJ6lbSvUfIrHWold+52rYQJkmDQnRTcAlpcLNJKvwCEmO/AaRU/P3O7txx6I
l1OEnvwcZQytVoBuPpZe0zV/hwDbEgJ7vsumpuhi93s+TBm6CqXDyEcmdaLMbGtZ
+svroxUu9/67FtnMcYN1eTU5meAHGkRbeNGN57vCA60RjXTzuPh9IkiS7frnfjMV
mGEeYkl9bayXgZA2GNtcCJfap7lWYDf2c667Yv8wZtTMXHlANeZlVfUYkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLb3vkPEzg9sc7Em5Es3SHUpT8fmMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdHZlLVE4VE9EMnh6c1Nia1N6ZElkU2xQeC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdmVMA0G
CSqGSIb3DQEBCwUAA4IBAQAOlqHOpYisv04IKJ1ryBnJ7hs1E5rccXHofX5Wehmg
lAbJo6U/9/UmQkHVN3a/MEXsSVxHrqiTAIqrtszG1/ZGwYROWj8PKy2KvdHlgHKh
UHW/9Ov6F2ZkYqUcb84xK6YQyQwtFo9Ehi8epXW3C1U7PVjrSdgVMBTo+w+YRac7
TdQw85pbyjneb+w1Ibw8zy3WD5tfiD9zWkjH9UDJ1KHpLzzmjX0Hu/GVO6cxXG9c
fcXVnlmSAF4J8smrqtcGvArFMesJaXjSjvXvsiJn6h6LFVDWSucmWPDL/XAHpwfp
nFDFUFgVHk3zBm2qkKAVhzGOZbmpspvJQirwephDWkm1
-----END CERTIFICATE-----