Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/VejNM3EuJ92N5ByVgfXcUSPauwo.roa
File:                     VejNM3EuJ92N5ByVgfXcUSPauwo.roa (raw, json)
Hash identifier:          7aoWoJ6SPFIWd5nsWtsZyWB1vtnYn2YJ3PozOvjDFRQ=
Subject key identifier:   55:E8:CD:33:71:2E:27:DD:8D:E4:1C:95:81:F5:DC:51:23:DA:BB:0A
Certificate issuer:       /CN=9599b3e782370dc2814f525c1d6ece84d8f70f36
Certificate serial:       01934E34D63BF3E479E69D8893AFBAC4CBDA
Authority key identifier: 95:99:B3:E7:82:37:0D:C2:81:4F:52:5C:1D:6E:CE:84:D8:F7:0F:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lZmz54I3DcKBT1JcHW7OhNj3DzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/VejNM3EuJ92N5ByVgfXcUSPauwo.roa
Signing time:             Thu 21 Nov 2024 10:11:45 +0000
ROA not before:           Thu 21 Nov 2024 10:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204025
IP address blocks:        185.226.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/lZmz54I3DcKBT1JcHW7OhNj3DzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/lZmz54I3DcKBT1JcHW7OhNj3DzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lZmz54I3DcKBT1JcHW7OhNj3DzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:34:d6:3b:f3:e4:79:e6:9d:88:93:af:ba:c4:cb:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9599b3e782370dc2814f525c1d6ece84d8f70f36
        Validity
            Not Before: Nov 21 10:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55e8cd33712e27dd8de41c9581f5dc5123dabb0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:99:28:5c:67:e2:4a:9d:10:5e:25:d3:e3:
                    d6:36:17:0f:5e:7c:00:2c:39:2c:40:88:81:2a:93:
                    47:d4:f0:99:2e:cb:c2:b8:07:ef:bc:21:61:41:69:
                    39:4a:2e:c1:d4:f6:a6:c3:b6:f8:99:0b:63:12:5c:
                    df:3d:ba:61:bb:0e:f3:53:94:4a:d7:d1:7e:19:c1:
                    94:b8:b3:03:97:8d:11:5a:39:36:17:ad:07:f8:33:
                    f0:92:08:84:9f:8b:da:8c:bc:91:ae:02:99:bd:a5:
                    e9:fd:6f:be:d9:31:72:c9:7d:a9:2b:d8:f1:8f:72:
                    63:03:39:b8:3b:07:62:1e:8a:e4:3d:6f:36:4c:6a:
                    00:14:4e:c7:af:70:26:9b:3a:05:73:53:fa:91:2f:
                    38:a9:c3:35:66:f6:23:fd:c8:bb:3a:ba:03:a0:2a:
                    ef:e4:35:df:21:e3:c4:3e:0a:5e:1a:bb:44:cf:47:
                    7e:3b:e2:43:2b:8b:78:b4:17:40:cb:89:cc:d1:37:
                    0d:2b:23:d6:e1:c3:06:ec:96:b3:c7:b6:9e:73:7b:
                    0a:d0:c6:80:e8:a5:e8:14:19:f9:57:fb:41:c3:95:
                    d5:28:74:bb:c2:c7:b0:0e:26:d8:0b:8f:ad:f5:26:
                    c0:d4:9b:6d:8f:cf:55:09:ed:4e:7d:32:b7:e8:cb:
                    a0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:E8:CD:33:71:2E:27:DD:8D:E4:1C:95:81:F5:DC:51:23:DA:BB:0A
            X509v3 Authority Key Identifier:
                keyid:95:99:B3:E7:82:37:0D:C2:81:4F:52:5C:1D:6E:CE:84:D8:F7:0F:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lZmz54I3DcKBT1JcHW7OhNj3DzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/VejNM3EuJ92N5ByVgfXcUSPauwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/lZmz54I3DcKBT1JcHW7OhNj3DzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:69:b9:be:9e:57:9f:ba:55:be:25:b5:8c:7f:d2:90:d4:ac:
         8f:ef:33:c4:79:80:fc:39:0a:a8:b9:14:95:2b:c5:e9:53:62:
         95:b1:2a:72:e5:d4:f5:5f:0e:9f:2f:7e:27:a0:4f:f4:ae:95:
         2d:ed:62:5b:dd:28:ae:35:73:11:90:aa:cb:cc:0b:17:64:66:
         95:b3:c6:73:df:c2:2e:4e:43:ed:bd:f1:ba:b4:af:6b:37:0f:
         15:3d:af:58:bf:85:41:59:bd:7c:3b:73:51:ee:d0:8d:76:73:
         2f:91:15:57:26:94:df:7e:c5:ef:af:e4:fa:60:d0:d8:21:df:
         dc:98:13:73:52:3a:61:e5:b9:b3:1d:ad:ee:c2:d4:19:a1:95:
         0e:37:15:21:14:d5:d0:1e:ed:1a:cc:0e:c0:0c:b3:6a:f5:0c:
         56:f0:e8:b1:bc:08:b5:86:83:46:72:81:61:60:f4:c3:18:71:
         b5:2e:f0:9c:64:cb:ab:01:10:8b:c8:7d:d5:0b:d8:08:17:91:
         d7:b9:21:c2:cb:b1:5f:81:9c:0c:c6:3e:4f:31:1b:7f:6b:f9:
         2b:c2:25:41:fa:d9:11:bf:e2:c7:d4:03:fd:32:d7:25:08:48:
         03:39:3f:cd:19:f1:c8:d8:c8:9e:2a:4c:70:6b:5f:d7:51:40:
         11:c2:48:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNONNY78+R55p2Ik6+6xMvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1OTliM2U3ODIzNzBkYzI4MTRmNTI1YzFkNmVjZTg0ZDhm
NzBmMzYwHhcNMjQxMTIxMTAxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWU4Y2QzMzcxMmUyN2RkOGRlNDFjOTU4MWY1ZGM1MTIzZGFiYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3aZKFxn4kqdEF4l0+PWNhcPXnwA
LDksQIiBKpNH1PCZLsvCuAfvvCFhQWk5Si7B1Pamw7b4mQtjElzfPbphuw7zU5RK
19F+GcGUuLMDl40RWjk2F60H+DPwkgiEn4vajLyRrgKZvaXp/W++2TFyyX2pK9jx
j3JjAzm4OwdiHorkPW82TGoAFE7Hr3AmmzoFc1P6kS84qcM1ZvYj/ci7OroDoCrv
5DXfIePEPgpeGrtEz0d+O+JDK4t4tBdAy4nM0TcNKyPW4cMG7Jazx7aec3sK0MaA
6KXoFBn5V/tBw5XVKHS7wsewDibYC4+t9SbA1Jttj89VCe1OfTK36MugZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXozTNxLifdjeQclYH13FEj2rsKMB8GA1UdIwQY
MBaAFJWZs+eCNw3CgU9SXB1uzoTY9w82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFptejU0STNEY0tCVDFKY0hXN09oTmozRHpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi80MGExMDItZWZjZC00ZmQyLTkzNzMt
ZDA2YWE1MThhYTZkLzEvVmVqTk0zRXVKOTJONUJ5VmdmWGNVU1BhdXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi80MGExMDItZWZjZC00ZmQyLTkzNzMtZDA2YWE1MThhYTZk
LzEvbFptejU0STNEY0tCVDFKY0hXN09oTmozRHpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueIUMA0G
CSqGSIb3DQEBCwUAA4IBAQCpabm+nlefulW+JbWMf9KQ1KyP7zPEeYD8OQqouRSV
K8XpU2KVsSpy5dT1Xw6fL34noE/0rpUt7WJb3SiuNXMRkKrLzAsXZGaVs8Zz38Iu
TkPtvfG6tK9rNw8VPa9Yv4VBWb18O3NR7tCNdnMvkRVXJpTffsXvr+T6YNDYId/c
mBNzUjph5bmzHa3uwtQZoZUONxUhFNXQHu0azA7ADLNq9QxW8OixvAi1hoNGcoFh
YPTDGHG1LvCcZMurARCLyH3VC9gIF5HXuSHCy7FfgZwMxj5PMRt/a/krwiVB+tkR
v+LH1AP9MtclCEgDOT/NGfHI2MieKkxwa1/XUUARwkgN
-----END CERTIFICATE-----