Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5da15a-97a0-4a77-9bca-64a715a5f69b/1/VM0I6erBLNxMNLJxZWPG5VOcRg8.roa
File:                     VM0I6erBLNxMNLJxZWPG5VOcRg8.roa (raw, json)
Hash identifier:          KnelRYEtRD1772lOpbE+dkS2hrFm+vLF9kbD3TBfvdI=
Subject key identifier:   54:CD:08:E9:EA:C1:2C:DC:4C:34:B2:71:65:63:C6:E5:53:9C:46:0F
Certificate issuer:       /CN=c9dd42243197864bb4816461d4d0653ab0ba32ba
Certificate serial:       018CC64B37C96084B5EE33AB008DA5276CD6
Authority key identifier: C9:DD:42:24:31:97:86:4B:B4:81:64:61:D4:D0:65:3A:B0:BA:32:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yd1CJDGXhku0gWRh1NBlOrC6Mro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/5da15a-97a0-4a77-9bca-64a715a5f69b/1/VM0I6erBLNxMNLJxZWPG5VOcRg8.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198725
IP address blocks:        185.21.196.0/22 maxlen: 22
                          91.220.201.0/24 maxlen: 24
                          2a02:c280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/5da15a-97a0-4a77-9bca-64a715a5f69b/1/yd1CJDGXhku0gWRh1NBlOrC6Mro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/5da15a-97a0-4a77-9bca-64a715a5f69b/1/yd1CJDGXhku0gWRh1NBlOrC6Mro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yd1CJDGXhku0gWRh1NBlOrC6Mro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:37:c9:60:84:b5:ee:33:ab:00:8d:a5:27:6c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9dd42243197864bb4816461d4d0653ab0ba32ba
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54cd08e9eac12cdc4c34b2716563c6e5539c460f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:e9:f0:f1:98:a5:eb:89:96:89:fa:20:98:a7:
                    4e:e4:85:b1:ec:65:62:0f:71:4a:b9:b1:51:66:27:
                    8e:3d:7e:a4:6e:ca:c0:b2:46:2a:9b:94:f0:60:90:
                    b2:61:41:dd:57:1a:53:42:2b:58:57:a8:92:d4:ae:
                    fe:b0:40:91:58:71:51:0b:1d:73:68:c4:a1:71:d4:
                    6c:d4:85:50:1a:76:63:1d:4a:64:c0:f5:22:4d:33:
                    56:ba:25:0f:7e:63:08:0e:a9:f9:de:b1:1d:ed:e2:
                    ea:e4:51:56:92:61:b9:e8:3b:49:d8:ce:a3:3a:3b:
                    8c:2f:92:00:12:b9:7d:2c:12:1c:91:ad:cf:02:d5:
                    d1:a4:90:fd:9f:1f:31:c9:c5:1f:e3:7b:84:ed:dc:
                    0c:08:e5:f4:4b:e1:26:cb:c8:d2:10:43:47:d7:84:
                    04:d0:b1:46:16:e3:b2:46:d7:40:d7:b6:e3:0b:60:
                    86:71:b6:93:4a:bc:0d:13:1c:4d:21:09:f7:0b:fe:
                    25:88:9f:cd:b7:7a:a1:b9:87:f1:3d:3f:3b:fd:63:
                    21:60:e6:b6:da:d1:7c:e1:f3:59:09:aa:e1:b5:cd:
                    03:60:a4:2d:fb:95:be:4e:03:d4:80:ec:a6:a1:1f:
                    8d:ec:ef:9c:46:f1:d2:b7:36:b7:1c:ad:d6:75:90:
                    d2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CD:08:E9:EA:C1:2C:DC:4C:34:B2:71:65:63:C6:E5:53:9C:46:0F
            X509v3 Authority Key Identifier:
                keyid:C9:DD:42:24:31:97:86:4B:B4:81:64:61:D4:D0:65:3A:B0:BA:32:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yd1CJDGXhku0gWRh1NBlOrC6Mro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5da15a-97a0-4a77-9bca-64a715a5f69b/1/VM0I6erBLNxMNLJxZWPG5VOcRg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5da15a-97a0-4a77-9bca-64a715a5f69b/1/yd1CJDGXhku0gWRh1NBlOrC6Mro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.201.0/24
                  185.21.196.0/22
                IPv6:
                  2a02:c280::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:0f:3b:8a:25:70:44:1a:f8:7d:86:70:32:d9:83:1f:ad:71:
         d2:f9:87:ef:ea:82:ef:0f:10:c3:bc:dd:da:5c:e0:6f:88:49:
         90:01:e7:62:08:84:0e:26:b8:9d:10:2f:18:d5:79:18:88:10:
         2c:27:82:94:b8:25:cb:90:97:73:84:cb:87:90:88:0e:93:21:
         64:af:ff:9c:de:8d:56:e8:e5:b2:a9:45:83:60:ea:61:4e:c9:
         fe:77:47:83:a6:cf:d1:8c:19:a3:1d:fd:29:53:68:82:90:81:
         0f:a3:40:4e:9d:ac:19:5a:55:3a:8e:bf:af:33:22:2d:bb:e8:
         83:d3:de:96:58:e4:19:2e:7b:7c:51:8e:79:6c:fc:21:bc:44:
         3f:20:ed:59:6c:5d:a2:dd:bb:d0:aa:42:f9:49:67:ca:df:cb:
         31:3c:ba:09:7c:5a:63:e0:21:35:c3:f5:e3:89:e9:dd:41:05:
         21:60:19:b6:37:4b:24:dd:3d:2b:76:27:b2:6f:b4:e3:bc:11:
         bc:90:c5:53:eb:02:df:3d:69:30:af:cc:8e:e3:f0:0a:14:ec:
         0f:05:88:f2:f1:4c:1d:e8:ff:d3:6b:c6:b1:3d:07:99:f3:74:
         6c:cd:6a:7f:4d:63:f0:cf:6f:fa:13:95:6d:60:a8:fd:83:22:
         66:93:5e:9b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSzfJYIS17jOrAI2lJ2zWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZGQ0MjI0MzE5Nzg2NGJiNDgxNjQ2MWQ0ZDA2NTNhYjBi
YTMyYmEwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGNkMDhlOWVhYzEyY2RjNGMzNGIyNzE2NTYzYzZlNTUzOWM0NjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9enw8Zil64mWifogmKdO5IWx7GVi
D3FKubFRZieOPX6kbsrAskYqm5TwYJCyYUHdVxpTQitYV6iS1K7+sECRWHFRCx1z
aMShcdRs1IVQGnZjHUpkwPUiTTNWuiUPfmMIDqn53rEd7eLq5FFWkmG56DtJ2M6j
OjuML5IAErl9LBIcka3PAtXRpJD9nx8xycUf43uE7dwMCOX0S+Emy8jSEENH14QE
0LFGFuOyRtdA17bjC2CGcbaTSrwNExxNIQn3C/4liJ/Nt3qhuYfxPT87/WMhYOa2
2tF84fNZCarhtc0DYKQt+5W+TgPUgOymoR+N7O+cRvHStza3HK3WdZDSCQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFTNCOnqwSzcTDSycWVjxuVTnEYPMB8GA1UdIwQY
MBaAFMndQiQxl4ZLtIFkYdTQZTqwujK6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWQxQ0pER1hoa3UwZ1dSaDFOQmxPckM2TXJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81ZGExNWEtOTdhMC00YTc3LTliY2Et
NjRhNzE1YTVmNjliLzEvVk0wSTZlckJMTnhNTkxKeFpXUEc1Vk9jUmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81ZGExNWEtOTdhMC00YTc3LTliY2EtNjRhNzE1YTVmNjli
LzEveWQxQ0pER1hoa3UwZ1dSaDFOQmxPckM2TXJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9zJAwQC
uRXEMA0EAgACMAcDBQMqAsKAMA0GCSqGSIb3DQEBCwUAA4IBAQBNDzuKJXBEGvh9
hnAy2YMfrXHS+Yfv6oLvDxDDvN3aXOBviEmQAediCIQOJridEC8Y1XkYiBAsJ4KU
uCXLkJdzhMuHkIgOkyFkr/+c3o1W6OWyqUWDYOphTsn+d0eDps/RjBmjHf0pU2iC
kIEPo0BOnawZWlU6jr+vMyItu+iD096WWOQZLnt8UY55bPwhvEQ/IO1ZbF2i3bvQ
qkL5SWfK38sxPLoJfFpj4CE1w/XjiendQQUhYBm2N0sk3T0rdieyb7TjvBG8kMVT
6wLfPWkwr8yO4/AKFOwPBYjy8Uwd6P/Ta8axPQeZ83RszWp/TWPwz2/6E5VtYKj9
gyJmk16b
-----END CERTIFICATE-----