Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/Mn2xhKE-2Pb-73H7TTZXNgyrysA.roa
File:                     Mn2xhKE-2Pb-73H7TTZXNgyrysA.roa (raw, json)
Hash identifier:          IYPvGvOP3Hl7DOEW3p83WuNgIyIRVBF5o7PxYk1KZ6Q=
Subject key identifier:   32:7D:B1:84:A1:3E:D8:F6:FE:EF:71:FB:4D:36:57:36:0C:AB:CA:C0
Certificate issuer:       /CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
Certificate serial:       018CCA9A0399D53BB379E14A6083AEDF9A4F
Authority key identifier: B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/Mn2xhKE-2Pb-73H7TTZXNgyrysA.roa
Signing time:             Tue 02 Jan 2024 14:35:40 +0000
ROA not before:           Tue 02 Jan 2024 14:35:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62216
IP address blocks:        95.174.80.0/21 maxlen: 21
                          185.144.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:03:99:d5:3b:b3:79:e1:4a:60:83:ae:df:9a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
        Validity
            Not Before: Jan  2 14:35:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=327db184a13ed8f6feef71fb4d3657360cabcac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:cb:fc:65:9d:1b:74:f4:8e:ec:6c:59:30:84:
                    3f:39:fc:93:b6:bd:58:7f:22:f3:47:6a:9c:f0:3a:
                    6a:56:88:4a:8f:cc:c2:7a:48:2e:a5:33:e0:25:05:
                    03:d3:bd:aa:cb:99:c0:03:17:a8:e9:cf:06:b9:a6:
                    0a:f2:15:19:3f:76:ee:b6:58:75:1c:29:1c:c4:ba:
                    6a:5a:bb:90:a5:1d:a6:c7:7b:e3:be:34:67:88:3f:
                    db:0c:a9:df:9a:70:ec:fb:6f:cd:85:19:22:ee:85:
                    1a:80:85:ef:86:52:5a:6c:2b:ab:df:85:19:20:9a:
                    0b:32:8c:8c:04:3e:27:05:91:c2:81:c4:ee:eb:fd:
                    d6:cd:2b:76:c1:13:9b:ef:67:20:6f:c6:ad:97:f7:
                    41:1a:47:6f:b9:d8:80:b3:ff:31:3d:5d:b6:6e:fd:
                    9e:ca:69:ec:92:e0:a6:48:c6:74:05:a3:78:14:44:
                    d4:2e:7c:fa:94:d6:9d:e4:bd:9e:3b:cb:68:8e:40:
                    7a:06:d4:fb:f2:4f:e6:fa:61:ed:59:29:51:1b:c5:
                    71:b8:36:10:bd:27:62:73:63:18:9d:78:51:4d:e1:
                    a7:b2:b1:8b:c1:1e:e7:3d:ec:6f:f0:42:7a:8b:1e:
                    c2:93:00:10:2d:37:f4:e2:4d:d5:88:06:38:d7:eb:
                    2c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7D:B1:84:A1:3E:D8:F6:FE:EF:71:FB:4D:36:57:36:0C:AB:CA:C0
            X509v3 Authority Key Identifier:
                keyid:B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/Mn2xhKE-2Pb-73H7TTZXNgyrysA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.174.80.0/21
                  185.144.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:c4:ee:05:f0:b8:f5:2e:a8:37:c3:bb:84:02:cd:ec:e2:0e:
         cd:be:b5:8f:e9:f8:24:59:36:2e:51:5b:18:76:c6:4e:f1:e0:
         23:d6:5b:b1:86:78:d7:ed:17:d0:e3:82:43:7b:9d:3d:59:c9:
         c5:e2:10:4c:34:e7:9f:a0:14:c6:13:73:f8:70:ab:ea:2d:aa:
         cc:4e:0c:c1:6f:0e:65:ab:9e:96:b6:5c:74:17:ce:b0:f9:75:
         7a:a0:b5:6a:13:81:70:f2:40:51:00:ae:cd:d0:c6:dd:b9:a9:
         6f:57:36:78:31:f1:e4:60:da:e1:06:e5:34:2c:de:39:d7:86:
         fb:bd:c5:99:b9:8d:ad:e6:5a:19:89:3b:07:23:ed:cb:08:6e:
         6a:3e:18:eb:57:c4:1a:0e:ba:46:95:eb:73:0b:64:34:04:b9:
         36:a5:f3:4a:a6:18:33:c3:18:3e:3e:ea:d2:35:1a:61:83:6b:
         af:c4:d0:0b:2a:98:e3:41:6c:55:15:1f:5f:bb:aa:1c:09:06:
         9b:ad:f2:a1:34:ec:f7:b7:4b:a3:20:52:25:78:80:f5:1e:01:
         04:24:c5:2a:0d:3a:6f:d2:19:80:10:e7:52:2f:04:22:bd:91:
         1b:06:82:e6:7c:81:2f:b5:f4:4a:63:53:13:d9:19:a4:23:1a:
         11:7a:77:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmgOZ1TuzeeFKYIOu35pPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZmZlZTdkYmY3ZjQ1NjZlYTllMzA1NDZiMmMyYTJlNzMz
NmYyZjQwHhcNMjQwMTAyMTQzNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjdkYjE4NGExM2VkOGY2ZmVlZjcxZmI0ZDM2NTczNjBjYWJjYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsv8ZZ0bdPSO7GxZMIQ/OfyTtr1Y
fyLzR2qc8DpqVohKj8zCekgupTPgJQUD072qy5nAAxeo6c8GuaYK8hUZP3butlh1
HCkcxLpqWruQpR2mx3vjvjRniD/bDKnfmnDs+2/NhRki7oUagIXvhlJabCur34UZ
IJoLMoyMBD4nBZHCgcTu6/3WzSt2wROb72cgb8atl/dBGkdvudiAs/8xPV22bv2e
ymnskuCmSMZ0BaN4FETULnz6lNad5L2eO8tojkB6BtT78k/m+mHtWSlRG8VxuDYQ
vSdic2MYnXhRTeGnsrGLwR7nPexv8EJ6ix7CkwAQLTf04k3ViAY41+ss3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDJ9sYShPtj2/u9x+002VzYMq8rAMB8GA1UdIwQY
MBaAFLH/7n2/f0Vm6p4wVGssKi5zNvL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUt
N2Y1Zjc4MzQ2ZDZmLzEvTW4yeGhLRS0yUGItNzNIN1RUWlhOZ3lyeXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUtN2Y1Zjc4MzQ2ZDZm
LzEvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX65QAwQC
uZAQMA0GCSqGSIb3DQEBCwUAA4IBAQBnxO4F8Lj1Lqg3w7uEAs3s4g7NvrWP6fgk
WTYuUVsYdsZO8eAj1luxhnjX7RfQ44JDe509WcnF4hBMNOefoBTGE3P4cKvqLarM
TgzBbw5lq56Wtlx0F86w+XV6oLVqE4Fw8kBRAK7N0MbdualvVzZ4MfHkYNrhBuU0
LN4514b7vcWZuY2t5loZiTsHI+3LCG5qPhjrV8QaDrpGletzC2Q0BLk2pfNKphgz
wxg+PurSNRphg2uvxNALKpjjQWxVFR9fu6ocCQabrfKhNOz3t0ujIFIleID1HgEE
JMUqDTpv0hmAEOdSLwQivZEbBoLmfIEvtfRKY1MT2RmkIxoRenc/
-----END CERTIFICATE-----