Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/bvd1QkEb9SyVP1-MG1wkMVZ-iKE.roa
File:                     bvd1QkEb9SyVP1-MG1wkMVZ-iKE.roa (raw, json)
Hash identifier:          H7HXfAZbCHLAR5KhYd5VTNdDAtOCH60344oqrEfBcQ8=
Subject key identifier:   6E:F7:75:42:41:1B:F5:2C:95:3F:5F:8C:1B:5C:24:31:56:7E:88:A1
Certificate issuer:       /CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
Certificate serial:       019420D5D4A2AAA8E5577DF05B0BAC4FDDA0
Authority key identifier: EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/bvd1QkEb9SyVP1-MG1wkMVZ-iKE.roa
Signing time:             Wed 01 Jan 2025 07:47:52 +0000
ROA not before:           Wed 01 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209854
IP address blocks:        185.218.220.0/24 maxlen: 24
                          185.218.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d4:a2:aa:a8:e5:57:7d:f0:5b:0b:ac:4f:dd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
        Validity
            Not Before: Jan  1 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ef77542411bf52c953f5f8c1b5c2431567e88a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c3:29:0a:9e:74:ee:eb:f1:4b:46:ec:a5:79:
                    91:53:54:37:2b:ca:79:2c:bd:29:d7:9f:08:b9:00:
                    9d:9b:04:97:be:6d:76:a3:5b:b3:d6:6b:05:26:a0:
                    89:49:d8:6c:2b:72:09:f1:2a:fd:01:b6:b6:59:c2:
                    ac:26:df:f9:cf:ad:22:b5:47:70:ab:15:96:00:85:
                    eb:c0:68:35:f0:ae:38:9b:43:3a:b2:40:0f:a6:ef:
                    c9:19:3c:92:c8:08:1c:53:3a:c0:53:30:d9:ce:ee:
                    56:17:0b:8e:7e:50:37:1d:4e:7d:eb:a5:95:e8:15:
                    2d:e6:56:1f:b7:e1:12:2a:da:7a:90:6d:f9:ee:dc:
                    d3:d4:19:8d:b8:45:9a:ac:cb:33:33:f3:36:4e:c0:
                    f4:1d:03:43:af:5a:ba:c0:ae:6b:5d:b0:54:15:e6:
                    9a:c0:63:e8:f1:88:fa:53:ce:cd:bd:e4:dd:4d:bb:
                    7d:35:81:ab:b1:1e:43:e4:6e:6c:00:72:fe:16:bc:
                    5e:c6:76:fa:4e:25:c9:1f:bc:1d:13:0f:8c:ca:59:
                    ee:7f:e9:0b:3a:58:1d:04:d8:17:9d:40:cf:f6:d1:
                    03:eb:11:f9:69:09:ca:c9:b3:0d:0f:fc:18:7e:5b:
                    cd:bd:8f:53:e2:ab:fa:e8:89:aa:7b:f9:d0:72:85:
                    28:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:F7:75:42:41:1B:F5:2C:95:3F:5F:8C:1B:5C:24:31:56:7E:88:A1
            X509v3 Authority Key Identifier:
                keyid:EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/bvd1QkEb9SyVP1-MG1wkMVZ-iKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:c1:b7:00:54:f1:91:4f:58:4e:71:93:89:96:91:57:92:ce:
         15:ca:11:4d:a0:d2:d6:bd:e2:a8:3f:a6:bd:32:d6:00:94:c7:
         87:88:d8:d2:e1:18:b6:a4:9a:5a:5a:44:6a:4d:05:81:db:fc:
         e2:da:fe:10:18:dd:f2:36:be:2c:26:33:c3:f4:9c:c9:3e:cb:
         4c:6e:41:24:fc:95:a8:d0:43:7d:ba:df:1a:c5:8d:b7:11:7f:
         1a:21:1e:c4:cf:01:c6:cf:ac:bc:4a:37:2f:9b:27:e2:45:13:
         51:fa:88:78:e7:f7:1b:ce:89:78:b9:0f:7d:fe:fe:1d:6a:20:
         bb:83:62:e3:4b:35:ad:fc:22:35:cb:a9:3a:89:22:5a:6a:3e:
         d4:9d:cc:f2:82:7b:28:8d:f1:81:13:e7:2b:f3:30:2b:85:9a:
         8a:e1:a5:94:10:ca:a9:2c:f9:a4:3e:79:83:7a:47:00:24:bd:
         70:81:1e:7c:dc:2e:7c:56:f6:33:72:ef:b2:d3:1b:6e:80:e2:
         aa:a5:f5:74:82:ad:12:76:b8:79:0a:dc:ab:ff:d1:5b:5e:58:
         4d:6e:8b:b5:ab:59:4c:f1:26:4c:03:5e:bb:a2:4c:cd:82:c5:
         1b:13:d2:74:8b:d4:50:17:8f:bd:cc:f6:38:9f:a0:e8:d3:37:
         cb:72:3b:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dSiqqjlV33wWwusT92gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYThkYjNiNTRkMDgxYzMwYmY1MWJkYzdiMTllNGY2NDgw
YjdmNTMwHhcNMjUwMTAxMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWY3NzU0MjQxMWJmNTJjOTUzZjVmOGMxYjVjMjQzMTU2N2U4OGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsMpCp507uvxS0bspXmRU1Q3K8p5
LL0p158IuQCdmwSXvm12o1uz1msFJqCJSdhsK3IJ8Sr9Aba2WcKsJt/5z60itUdw
qxWWAIXrwGg18K44m0M6skAPpu/JGTySyAgcUzrAUzDZzu5WFwuOflA3HU5966WV
6BUt5lYft+ESKtp6kG357tzT1BmNuEWarMszM/M2TsD0HQNDr1q6wK5rXbBUFeaa
wGPo8Yj6U87NveTdTbt9NYGrsR5D5G5sAHL+Frxexnb6TiXJH7wdEw+Mylnuf+kL
OlgdBNgXnUDP9tED6xH5aQnKybMND/wYflvNvY9T4qv66Imqe/nQcoUoVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG73dUJBG/UslT9fjBtcJDFWfoihMB8GA1UdIwQY
MBaAFOuo2ztU0IHDC/Ub3HsZ5PZIC39TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2Yt
ZTlkYzNmMWNmODI0LzEvYnZkMVFrRWI5U3lWUDEtTUcxd2tNVlotaUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2YtZTlkYzNmMWNmODI0
LzEvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudrcMA0G
CSqGSIb3DQEBCwUAA4IBAQBWwbcAVPGRT1hOcZOJlpFXks4VyhFNoNLWveKoP6a9
MtYAlMeHiNjS4Ri2pJpaWkRqTQWB2/zi2v4QGN3yNr4sJjPD9JzJPstMbkEk/JWo
0EN9ut8axY23EX8aIR7EzwHGz6y8SjcvmyfiRRNR+oh45/cbzol4uQ99/v4daiC7
g2LjSzWt/CI1y6k6iSJaaj7UnczygnsojfGBE+cr8zArhZqK4aWUEMqpLPmkPnmD
ekcAJL1wgR583C58VvYzcu+y0xtugOKqpfV0gq0Sdrh5Ctyr/9FbXlhNbou1q1lM
8SZMA167okzNgsUbE9J0i9RQF4+9zPY4n6Do0zfLcjuE
-----END CERTIFICATE-----