Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/2b7cd1-49b6-4921-a5e1-61f91ededf0a/1/cv_nz9IZ39juFqt_K98CcklwoHk.roa
File:                     cv_nz9IZ39juFqt_K98CcklwoHk.roa (raw, json)
Hash identifier:          AlNAPIGLSpXdtJi/Ood3Gpa/88hBSWo0C77IfOcabmw=
Subject key identifier:   72:FF:E7:CF:D2:19:DF:D8:EE:16:AB:7F:2B:DF:02:72:49:70:A0:79
Certificate issuer:       /CN=6c890ef6a88ab33fa5a206760768dd3251c238af
Certificate serial:       01921520E53D38EC73F4F14F5B82F5971FA5
Authority key identifier: 6C:89:0E:F6:A8:8A:B3:3F:A5:A2:06:76:07:68:DD:32:51:C2:38:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bIkO9qiKsz-logZ2B2jdMlHCOK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/2b7cd1-49b6-4921-a5e1-61f91ededf0a/1/cv_nz9IZ39juFqt_K98CcklwoHk.roa
Signing time:             Sat 21 Sep 2024 15:08:50 +0000
ROA not before:           Sat 21 Sep 2024 15:08:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41652
IP address blocks:        185.212.224.0/22 maxlen: 22
                          2a0b:7cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/2b7cd1-49b6-4921-a5e1-61f91ededf0a/1/bIkO9qiKsz-logZ2B2jdMlHCOK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/2b7cd1-49b6-4921-a5e1-61f91ededf0a/1/bIkO9qiKsz-logZ2B2jdMlHCOK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bIkO9qiKsz-logZ2B2jdMlHCOK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 06:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:15:20:e5:3d:38:ec:73:f4:f1:4f:5b:82:f5:97:1f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c890ef6a88ab33fa5a206760768dd3251c238af
        Validity
            Not Before: Sep 21 15:08:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72ffe7cfd219dfd8ee16ab7f2bdf02724970a079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a5:3f:57:cb:0f:fe:31:38:c6:35:fb:2f:0b:
                    80:ea:75:55:5a:d2:ad:d1:a3:85:5c:27:58:0f:de:
                    f0:5a:59:7e:67:a1:39:f7:1d:a2:7d:80:ea:80:12:
                    b6:3c:73:6a:b9:76:c8:30:5c:8e:00:b6:b3:7e:29:
                    92:78:c6:f8:d8:fa:8a:7d:e1:75:58:cf:83:c4:5c:
                    b0:80:48:f7:44:7e:be:ba:70:fc:85:aa:ac:a6:5b:
                    55:b6:91:bd:d5:79:f9:12:c3:a1:3e:48:1a:d5:f0:
                    a7:c5:bc:0a:13:69:88:12:4e:d2:f6:63:80:bf:d0:
                    7b:c6:e7:1d:5b:dc:be:e2:8b:f4:4d:c1:c8:a5:6b:
                    19:a4:a6:77:92:1a:5e:58:11:b0:2e:c8:b2:8b:bf:
                    6b:f4:ac:e1:ed:87:82:f0:fb:36:d4:d5:be:4a:73:
                    ba:64:3e:66:b7:66:80:d9:d5:5e:54:93:b4:98:01:
                    c7:f1:9f:b7:8e:83:fe:33:be:8d:62:b2:be:74:64:
                    c0:9d:08:52:cf:55:a9:b4:65:09:ba:49:3d:6a:60:
                    70:5c:24:a1:eb:62:b4:b3:8c:08:34:57:ee:0a:ad:
                    24:8c:72:c8:e5:ec:7f:13:d6:af:3f:7d:6e:48:de:
                    2c:2e:5c:98:f7:f3:49:88:8e:62:b3:c5:72:b9:b7:
                    b6:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FF:E7:CF:D2:19:DF:D8:EE:16:AB:7F:2B:DF:02:72:49:70:A0:79
            X509v3 Authority Key Identifier:
                keyid:6C:89:0E:F6:A8:8A:B3:3F:A5:A2:06:76:07:68:DD:32:51:C2:38:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bIkO9qiKsz-logZ2B2jdMlHCOK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/2b7cd1-49b6-4921-a5e1-61f91ededf0a/1/cv_nz9IZ39juFqt_K98CcklwoHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/2b7cd1-49b6-4921-a5e1-61f91ededf0a/1/bIkO9qiKsz-logZ2B2jdMlHCOK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.224.0/22
                IPv6:
                  2a0b:7cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:b0:7d:95:4d:40:b7:40:bd:f7:ce:f0:e4:68:57:97:11:4c:
         7e:ba:a4:ac:ac:15:64:8e:d5:9a:88:fa:9a:35:54:59:15:da:
         21:46:cd:0c:15:d2:e4:67:b2:73:17:16:58:bd:52:e4:9f:bb:
         42:1d:a6:70:e9:50:fa:bf:7d:7d:82:c2:dd:1e:ab:e4:d6:f0:
         7b:cf:2c:f8:fd:7d:23:42:bc:67:d9:f9:38:53:b4:b3:fe:62:
         20:a2:fe:ce:61:17:8c:dc:33:30:cc:7b:2a:55:51:77:9c:ba:
         83:45:bf:e3:27:60:c8:51:7d:53:fd:ed:61:f6:91:f8:5c:a5:
         f0:1b:b9:9f:b5:16:f7:50:95:35:b1:66:cb:ed:31:ca:ac:33:
         6b:5d:69:61:64:31:b0:17:e5:0d:b2:84:dd:2f:1d:ef:f6:9d:
         ef:34:1e:a2:e2:cf:30:39:de:3d:c7:f3:97:2c:9d:09:ef:87:
         65:ad:2b:77:77:96:37:fa:e5:00:74:43:7c:df:8b:eb:cb:9c:
         44:44:39:ae:5f:de:49:eb:16:43:30:5c:cd:02:2e:02:b5:7e:
         86:54:94:97:41:b6:e7:9d:63:de:aa:01:d1:14:ca:73:d0:ed:
         4d:73:80:c4:82:8f:65:2a:bd:ce:3f:76:59:ee:2e:d4:c5:8d:
         05:03:5b:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZIVIOU9OOxz9PFPW4L1lx+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjODkwZWY2YTg4YWIzM2ZhNWEyMDY3NjA3NjhkZDMyNTFj
MjM4YWYwHhcNMjQwOTIxMTUwODUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmZmZTdjZmQyMTlkZmQ4ZWUxNmFiN2YyYmRmMDI3MjQ5NzBhMDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKU/V8sP/jE4xjX7LwuA6nVVWtKt
0aOFXCdYD97wWll+Z6E59x2ifYDqgBK2PHNquXbIMFyOALazfimSeMb42PqKfeF1
WM+DxFywgEj3RH6+unD8haqspltVtpG91Xn5EsOhPkga1fCnxbwKE2mIEk7S9mOA
v9B7xucdW9y+4ov0TcHIpWsZpKZ3khpeWBGwLsiyi79r9Kzh7YeC8Ps21NW+SnO6
ZD5mt2aA2dVeVJO0mAHH8Z+3joP+M76NYrK+dGTAnQhSz1WptGUJukk9amBwXCSh
62K0s4wINFfuCq0kjHLI5ex/E9avP31uSN4sLlyY9/NJiI5is8Vyube2kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHL/58/SGd/Y7harfyvfAnJJcKB5MB8GA1UdIwQY
MBaAFGyJDvaoirM/paIGdgdo3TJRwjivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklrTzlxaUtzei1sb2daMkIyamRNbEhDT0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8yYjdjZDEtNDliNi00OTIxLWE1ZTEt
NjFmOTFlZGVkZjBhLzEvY3Zfbno5SVozOWp1RnF0X0s5OENja2x3b0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8yYjdjZDEtNDliNi00OTIxLWE1ZTEtNjFmOTFlZGVkZjBh
LzEvYklrTzlxaUtzei1sb2daMkIyamRNbEhDT0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudTgMA0E
AgACMAcDBQMqC3zAMA0GCSqGSIb3DQEBCwUAA4IBAQAgsH2VTUC3QL33zvDkaFeX
EUx+uqSsrBVkjtWaiPqaNVRZFdohRs0MFdLkZ7JzFxZYvVLkn7tCHaZw6VD6v319
gsLdHqvk1vB7zyz4/X0jQrxn2fk4U7Sz/mIgov7OYReM3DMwzHsqVVF3nLqDRb/j
J2DIUX1T/e1h9pH4XKXwG7mftRb3UJU1sWbL7THKrDNrXWlhZDGwF+UNsoTdLx3v
9p3vNB6i4s8wOd49x/OXLJ0J74dlrSt3d5Y3+uUAdEN834vry5xERDmuX95J6xZD
MFzNAi4CtX6GVJSXQbbnnWPeqgHRFMpz0O1Nc4DEgo9lKr3OP3ZZ7i7UxY0FA1sy
-----END CERTIFICATE-----