Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/272d50-7bb3-44b0-8254-fcff9e847ca2/1/W7I8YdrGK8USxroYWsDN27BmPvU.roa
File:                     W7I8YdrGK8USxroYWsDN27BmPvU.roa (raw, json)
Hash identifier:          v1jjtUflVkxp2Zldw0vcFyxD7l3zIkzjC9K3rZkR62o=
Subject key identifier:   5B:B2:3C:61:DA:C6:2B:C5:12:C6:BA:18:5A:C0:CD:DB:B0:66:3E:F5
Certificate issuer:       /CN=ef5e3d6f69fa2b42517911eae569573030799156
Certificate serial:       018CC80196C5CBB7CA42C10D7F822965C449
Authority key identifier: EF:5E:3D:6F:69:FA:2B:42:51:79:11:EA:E5:69:57:30:30:79:91:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7149b2n6K0JReRHq5WlXMDB5kVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/272d50-7bb3-44b0-8254-fcff9e847ca2/1/W7I8YdrGK8USxroYWsDN27BmPvU.roa
Signing time:             Tue 02 Jan 2024 02:29:56 +0000
ROA not before:           Tue 02 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199562
IP address blocks:        185.207.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/272d50-7bb3-44b0-8254-fcff9e847ca2/1/7149b2n6K0JReRHq5WlXMDB5kVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/272d50-7bb3-44b0-8254-fcff9e847ca2/1/7149b2n6K0JReRHq5WlXMDB5kVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7149b2n6K0JReRHq5WlXMDB5kVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:96:c5:cb:b7:ca:42:c1:0d:7f:82:29:65:c4:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef5e3d6f69fa2b42517911eae569573030799156
        Validity
            Not Before: Jan  2 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bb23c61dac62bc512c6ba185ac0cddbb0663ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:19:cc:39:56:cb:c2:50:0f:f1:b6:ca:90:65:
                    ac:26:a3:c6:3b:44:2f:38:be:a0:2c:e8:21:2f:4c:
                    bb:4e:f9:c4:e2:67:de:9a:03:82:4f:65:00:e6:5e:
                    33:e6:a4:63:35:df:cb:f7:18:63:4a:23:c3:d0:79:
                    95:63:35:ed:e9:03:60:b2:fc:a1:73:e2:07:8a:75:
                    b1:ea:6f:88:a4:ab:a1:05:a7:c1:6a:af:88:0c:1d:
                    d2:d4:95:75:d1:8e:43:76:d5:e5:fc:42:6d:bd:73:
                    35:00:53:75:3b:42:22:15:57:a3:dd:8c:4a:05:16:
                    ad:c2:d4:b0:a3:89:45:6e:c4:9a:8c:2c:3b:f0:9b:
                    bd:82:8f:e4:3f:b0:77:40:3d:38:7a:b3:b7:b1:a2:
                    c0:c1:38:b9:c9:a0:60:e2:ab:20:45:dd:b8:be:44:
                    04:1e:02:fe:de:32:70:16:15:0d:c6:38:29:33:75:
                    3d:b6:4e:0e:59:16:bb:06:f9:7d:de:41:7f:aa:61:
                    62:ce:7d:69:62:fa:4e:c4:55:9b:54:dd:e6:35:25:
                    73:d7:0f:3a:04:14:83:57:e6:23:ac:b7:7f:73:4e:
                    56:51:e0:27:dc:01:2a:61:29:4c:6a:af:56:d3:08:
                    fa:de:4e:e7:bf:87:28:b0:64:db:7b:f5:59:28:07:
                    75:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B2:3C:61:DA:C6:2B:C5:12:C6:BA:18:5A:C0:CD:DB:B0:66:3E:F5
            X509v3 Authority Key Identifier:
                keyid:EF:5E:3D:6F:69:FA:2B:42:51:79:11:EA:E5:69:57:30:30:79:91:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7149b2n6K0JReRHq5WlXMDB5kVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/272d50-7bb3-44b0-8254-fcff9e847ca2/1/W7I8YdrGK8USxroYWsDN27BmPvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/272d50-7bb3-44b0-8254-fcff9e847ca2/1/7149b2n6K0JReRHq5WlXMDB5kVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:a6:7d:d5:c8:39:dd:80:8b:30:4d:6b:ee:92:4b:9d:c2:8a:
         b9:f5:de:28:2a:8f:4a:4d:1c:cc:92:b9:61:8d:94:75:a7:fc:
         1f:21:fb:74:2a:3c:56:e3:0b:a0:24:04:5c:fc:9b:91:da:56:
         b3:60:ca:49:a4:37:dc:e7:bd:15:31:bb:06:d8:ef:25:b0:30:
         99:de:63:87:78:65:ba:32:73:9a:02:48:06:75:5e:c4:f7:b1:
         34:eb:04:3c:36:3c:41:ab:8c:d4:6e:ba:55:9f:55:3a:1e:a5:
         d6:97:21:63:1d:91:77:98:47:9f:0b:f9:e3:a4:aa:4e:f9:c3:
         19:df:5e:66:d4:3f:af:d5:5a:89:dd:81:87:36:b2:6b:ae:19:
         a4:13:67:21:6f:23:2d:49:e2:ce:93:8d:77:43:4f:a9:db:77:
         cd:98:0b:21:d1:9c:25:23:c6:d0:29:6b:b5:62:1c:87:fa:40:
         7d:1f:d4:98:cb:9f:e5:06:b3:89:ec:b7:99:79:ff:57:ff:be:
         5b:99:c8:0d:c1:d8:df:b4:ff:80:67:ea:a0:9d:b6:55:b9:9e:
         c0:c4:ee:2e:69:61:a6:e5:0a:c8:25:67:e6:92:f5:7b:e5:8d:
         d3:e8:47:a3:47:3d:f1:c0:52:bf:36:5f:cc:16:cc:dc:29:dd:
         a7:91:19:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZbFy7fKQsENf4IpZcRJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNWUzZDZmNjlmYTJiNDI1MTc5MTFlYWU1Njk1NzMwMzA3
OTkxNTYwHhcNMjQwMTAyMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmIyM2M2MWRhYzYyYmM1MTJjNmJhMTg1YWMwY2RkYmIwNjYzZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphnMOVbLwlAP8bbKkGWsJqPGO0Qv
OL6gLOghL0y7TvnE4mfemgOCT2UA5l4z5qRjNd/L9xhjSiPD0HmVYzXt6QNgsvyh
c+IHinWx6m+IpKuhBafBaq+IDB3S1JV10Y5DdtXl/EJtvXM1AFN1O0IiFVej3YxK
BRatwtSwo4lFbsSajCw78Ju9go/kP7B3QD04erO3saLAwTi5yaBg4qsgRd24vkQE
HgL+3jJwFhUNxjgpM3U9tk4OWRa7Bvl93kF/qmFizn1pYvpOxFWbVN3mNSVz1w86
BBSDV+YjrLd/c05WUeAn3AEqYSlMaq9W0wj63k7nv4cosGTbe/VZKAd1wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuyPGHaxivFEsa6GFrAzduwZj71MB8GA1UdIwQY
MBaAFO9ePW9p+itCUXkR6uVpVzAweZFWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzE0OWIybjZLMEpSZVJIcTVXbFhNREI1a1ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8yNzJkNTAtN2JiMy00NGIwLTgyNTQt
ZmNmZjllODQ3Y2EyLzEvVzdJOFlkckdLOFVTeHJvWVdzRE4yN0JtUHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8yNzJkNTAtN2JiMy00NGIwLTgyNTQtZmNmZjllODQ3Y2Ey
LzEvNzE0OWIybjZLMEpSZVJIcTVXbFhNREI1a1ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc/XMA0G
CSqGSIb3DQEBCwUAA4IBAQCDpn3VyDndgIswTWvukkudwoq59d4oKo9KTRzMkrlh
jZR1p/wfIft0KjxW4wugJARc/JuR2lazYMpJpDfc570VMbsG2O8lsDCZ3mOHeGW6
MnOaAkgGdV7E97E06wQ8NjxBq4zUbrpVn1U6HqXWlyFjHZF3mEefC/njpKpO+cMZ
315m1D+v1VqJ3YGHNrJrrhmkE2chbyMtSeLOk413Q0+p23fNmAsh0ZwlI8bQKWu1
YhyH+kB9H9SYy5/lBrOJ7LeZef9X/75bmcgNwdjftP+AZ+qgnbZVuZ7AxO4uaWGm
5QrIJWfmkvV75Y3T6EejRz3xwFK/Nl/MFszcKd2nkRn8
-----END CERTIFICATE-----