Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/vv1NbKm5h11SkYEYomwJNFjYhTU.roa
File:                     vv1NbKm5h11SkYEYomwJNFjYhTU.roa (raw, json)
Hash identifier:          XtzxWqHEgFUFpZbMvhn3QU3NbwcevajlcYCkRup75+g=
Subject key identifier:   BE:FD:4D:6C:A9:B9:87:5D:52:91:81:18:A2:6C:09:34:58:D8:85:35
Certificate issuer:       /CN=215a409d27b9a69346324004694da11beae02dbb
Certificate serial:       018CC3489D8C85562B8B29144767EFAC52D3
Authority key identifier: 21:5A:40:9D:27:B9:A6:93:46:32:40:04:69:4D:A1:1B:EA:E0:2D:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/vv1NbKm5h11SkYEYomwJNFjYhTU.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31037
IP address blocks:        185.134.179.0/24 maxlen: 24
                          185.134.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9d:8c:85:56:2b:8b:29:14:47:67:ef:ac:52:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215a409d27b9a69346324004694da11beae02dbb
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=befd4d6ca9b9875d52918118a26c093458d88535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7c:e3:ca:79:4a:ec:cb:49:4e:7b:00:12:b8:
                    36:a3:75:3d:b7:ac:4d:a0:46:d7:fb:7d:4f:66:c7:
                    ca:90:30:54:de:b7:80:03:2b:13:35:37:68:a4:bc:
                    17:45:13:7f:b9:5c:67:44:66:4f:57:eb:0e:1c:dd:
                    a7:67:b0:81:a9:12:bb:e3:26:f3:8a:85:43:84:6e:
                    c1:fc:64:8b:2d:33:3d:27:ac:e7:15:66:af:b6:6e:
                    2e:2d:ee:1a:24:14:84:89:a3:f2:fa:92:e4:b5:58:
                    15:e6:45:bb:79:0e:33:1e:e2:66:97:30:ce:06:13:
                    93:26:9d:96:23:79:9e:68:5a:c5:b3:b3:d2:ad:4d:
                    3a:6c:a3:63:d2:02:b7:48:59:42:4a:43:27:ca:f1:
                    88:17:90:cd:b9:78:d9:fe:1e:66:7e:c2:0f:a2:5e:
                    82:ab:8c:e3:e4:3a:f9:92:33:68:27:3b:e0:32:e0:
                    98:80:99:cc:04:5d:f5:09:4f:72:dc:cb:c2:cc:61:
                    85:4a:b6:bb:15:e2:7a:66:0a:02:96:d5:77:22:52:
                    f8:9b:31:61:04:de:57:e0:0f:e8:ba:a6:88:e4:7a:
                    d0:f2:ed:f7:01:4c:10:e7:3a:1b:3b:5d:59:f0:4e:
                    fa:9d:d2:c2:52:eb:13:ab:90:95:7f:71:e9:c3:bb:
                    27:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:FD:4D:6C:A9:B9:87:5D:52:91:81:18:A2:6C:09:34:58:D8:85:35
            X509v3 Authority Key Identifier:
                keyid:21:5A:40:9D:27:B9:A6:93:46:32:40:04:69:4D:A1:1B:EA:E0:2D:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/vv1NbKm5h11SkYEYomwJNFjYhTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:5e:ba:2f:69:92:04:a4:28:5b:88:c6:5c:f5:a9:b2:8a:05:
         35:95:1b:d9:46:73:fa:32:4a:9b:0f:6f:41:f4:80:21:15:84:
         9f:6e:88:1e:cc:ed:3b:fb:c0:43:31:d7:bc:dc:7b:a9:2c:8a:
         cb:a8:4c:78:94:03:dc:16:3f:ff:f3:18:1b:a0:93:9d:c7:e4:
         d6:e4:8e:60:fd:95:8e:7d:21:ce:79:2a:e1:55:84:62:c8:43:
         7e:46:62:7d:52:bd:2e:a8:a2:2a:99:f8:ce:f3:93:2a:f8:3d:
         5c:72:98:4f:ef:1e:53:c0:ba:a9:ef:6e:d7:ea:02:13:91:64:
         2e:ee:4b:ba:69:fc:ac:c3:00:fb:85:2f:bb:df:08:c0:25:a1:
         5c:b7:92:88:49:96:d7:13:04:94:6b:70:d7:c7:7d:6c:b0:87:
         c2:08:a1:18:8b:da:f6:77:34:00:c8:d4:d5:f6:b6:d5:97:31:
         45:db:8b:db:ba:ff:06:64:84:40:37:03:83:b7:40:8f:47:8f:
         e3:19:1b:ac:b4:df:34:78:6c:f1:d9:6a:be:c0:de:13:6b:60:
         b5:25:03:07:49:87:a1:af:38:36:9d:6c:34:9f:f4:0d:96:b5:
         1b:e5:d2:f0:6d:05:14:45:10:7d:8f:b8:f6:64:e8:32:7e:c0:
         13:f5:78:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJ2MhVYriykUR2fvrFLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNWE0MDlkMjdiOWE2OTM0NjMyNDAwNDY5NGRhMTFiZWFl
MDJkYmIwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWZkNGQ2Y2E5Yjk4NzVkNTI5MTgxMThhMjZjMDkzNDU4ZDg4NTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonzjynlK7MtJTnsAErg2o3U9t6xN
oEbX+31PZsfKkDBU3reAAysTNTdopLwXRRN/uVxnRGZPV+sOHN2nZ7CBqRK74ybz
ioVDhG7B/GSLLTM9J6znFWavtm4uLe4aJBSEiaPy+pLktVgV5kW7eQ4zHuJmlzDO
BhOTJp2WI3meaFrFs7PSrU06bKNj0gK3SFlCSkMnyvGIF5DNuXjZ/h5mfsIPol6C
q4zj5Dr5kjNoJzvgMuCYgJnMBF31CU9y3MvCzGGFSra7FeJ6ZgoCltV3IlL4mzFh
BN5X4A/ouqaI5HrQ8u33AUwQ5zobO11Z8E76ndLCUusTq5CVf3Hpw7snewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL79TWypuYddUpGBGKJsCTRY2IU1MB8GA1UdIwQY
MBaAFCFaQJ0nuaaTRjJABGlNoRvq4C27MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZwQW5TZTVwcE5HTWtBRWFVMmhHLXJnTGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mMGM5ZTMtMWM0MC00ZjMzLTk1Y2Ut
OThkMmZlZTBmODdhLzEvdnYxTmJLbTVoMTFTa1lFWW9td0pORmpZaFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mMGM5ZTMtMWM0MC00ZjMzLTk1Y2UtOThkMmZlZTBmODdh
LzEvSVZwQW5TZTVwcE5HTWtBRWFVMmhHLXJnTGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYayMA0G
CSqGSIb3DQEBCwUAA4IBAQBJXrovaZIEpChbiMZc9amyigU1lRvZRnP6MkqbD29B
9IAhFYSfbogezO07+8BDMde83HupLIrLqEx4lAPcFj//8xgboJOdx+TW5I5g/ZWO
fSHOeSrhVYRiyEN+RmJ9Ur0uqKIqmfjO85Mq+D1ccphP7x5TwLqp727X6gITkWQu
7ku6afyswwD7hS+73wjAJaFct5KISZbXEwSUa3DXx31ssIfCCKEYi9r2dzQAyNTV
9rbVlzFF24vbuv8GZIRANwODt0CPR4/jGRustN80eGzx2Wq+wN4Ta2C1JQMHSYeh
rzg2nWw0n/QNlrUb5dLwbQUURRB9j7j2ZOgyfsAT9Xgl
-----END CERTIFICATE-----