Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/9YV5KUlneSD8JtXB8YgIiYggsvw.roa
File:                     9YV5KUlneSD8JtXB8YgIiYggsvw.roa (raw, json)
Hash identifier:          AYr3p1wIpBXEdFUuPIqlP/k9BtunMGRTa039LGu6mY8=
Subject key identifier:   F5:85:79:29:49:67:79:20:FC:26:D5:C1:F1:88:08:89:88:20:B2:FC
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018F4E753AEF12C890FB9693BDF703976519
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/9YV5KUlneSD8JtXB8YgIiYggsvw.roa
Signing time:             Mon 06 May 2024 15:10:56 +0000
ROA not before:           Mon 06 May 2024 15:10:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215590
IP address blocks:        185.221.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4e:75:3a:ef:12:c8:90:fb:96:93:bd:f7:03:97:65:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: May  6 15:10:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f585792949677920fc26d5c1f18808898820b2fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c6:97:36:a3:5d:c5:0e:75:fc:2a:65:de:ee:
                    73:be:f4:13:d8:02:41:48:e2:d9:de:2c:c6:87:e0:
                    13:4a:fe:98:da:26:89:48:0f:1a:35:9b:38:2f:94:
                    0e:21:b9:ad:45:26:53:a9:dc:d1:de:f5:0d:01:51:
                    9d:00:f5:28:ed:75:6a:0b:0a:db:97:10:6d:a7:be:
                    fe:d3:61:b5:e1:fe:98:4a:51:5e:d9:a8:94:5b:47:
                    42:d9:37:52:ac:39:8a:91:e0:00:d9:37:f4:52:0e:
                    68:f4:18:2b:51:39:48:0c:22:0b:25:b8:38:38:54:
                    42:73:56:9d:f1:1f:5f:53:44:da:be:a9:e4:50:02:
                    b4:ac:5d:7c:25:42:77:ca:9b:3b:85:f8:05:ea:7d:
                    cf:4b:a8:6a:fa:5b:e9:fb:47:3a:e1:b7:fb:42:3f:
                    0a:0d:b5:db:2f:39:c4:0e:7b:0b:58:ac:cd:13:cb:
                    d2:8f:06:ae:38:7e:5a:26:3e:f4:1a:22:47:6b:4a:
                    ab:4e:1d:24:89:8c:fd:40:1f:67:6d:db:ff:1d:5d:
                    ab:ba:1f:22:c5:ac:2f:42:81:b4:a0:b2:36:d2:2e:
                    24:57:c9:2c:6d:e0:df:94:c7:e6:62:41:bd:cb:c8:
                    4d:85:43:51:b3:9b:e5:f3:7f:b5:e3:23:31:bb:91:
                    22:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:85:79:29:49:67:79:20:FC:26:D5:C1:F1:88:08:89:88:20:B2:FC
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/9YV5KUlneSD8JtXB8YgIiYggsvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:c1:46:62:db:9a:d2:1e:69:ba:87:0b:4c:3e:f2:2d:e0:e1:
         90:9c:65:91:58:cd:50:71:b0:71:54:27:08:59:cf:6a:b9:6c:
         ba:06:8c:65:62:e1:69:dd:5a:c3:fe:55:8f:13:e9:21:1d:6a:
         fb:d2:d3:ec:b2:50:e9:38:f8:19:da:ff:a7:2d:1c:12:30:5e:
         bd:56:9b:ce:02:f2:10:39:dd:d7:39:2a:2e:0a:d4:09:b2:65:
         76:9f:44:4c:98:e4:e4:53:18:e6:eb:0f:56:09:a1:b3:1b:d2:
         15:65:a8:a4:ab:59:a5:6a:cb:84:53:d1:e5:fa:02:9b:9b:2d:
         cd:a4:3e:f2:91:f4:c9:47:a6:e9:32:c9:11:7e:e4:c8:b2:20:
         53:21:99:f4:d8:75:2a:5c:af:99:36:f8:fe:5a:28:f1:74:50:
         6f:06:d7:f0:b4:69:e2:3e:25:91:cc:49:e6:3b:80:85:b2:66:
         ee:97:f2:d5:b1:14:98:54:65:6c:75:f4:1d:b7:50:9a:20:1f:
         9d:79:23:6b:ae:1c:74:d0:c9:02:98:54:26:95:b1:fa:4a:52:
         ab:4f:3c:e5:03:b6:b0:f9:31:d6:dd:0c:76:8a:90:44:fc:2e:
         60:1e:1d:34:ea:f5:76:5d:e1:c2:13:6c:77:f6:7d:a6:3c:e8:
         75:6c:62:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9OdTrvEsiQ+5aTvfcDl2UZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwNTA2MTUxMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTg1NzkyOTQ5Njc3OTIwZmMyNmQ1YzFmMTg4MDg4OTg4MjBiMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8aXNqNdxQ51/Cpl3u5zvvQT2AJB
SOLZ3izGh+ATSv6Y2iaJSA8aNZs4L5QOIbmtRSZTqdzR3vUNAVGdAPUo7XVqCwrb
lxBtp77+02G14f6YSlFe2aiUW0dC2TdSrDmKkeAA2Tf0Ug5o9BgrUTlIDCILJbg4
OFRCc1ad8R9fU0TavqnkUAK0rF18JUJ3yps7hfgF6n3PS6hq+lvp+0c64bf7Qj8K
DbXbLznEDnsLWKzNE8vSjwauOH5aJj70GiJHa0qrTh0kiYz9QB9nbdv/HV2ruh8i
xawvQoG0oLI20i4kV8ksbeDflMfmYkG9y8hNhUNRs5vl83+14yMxu5EiyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWFeSlJZ3kg/CbVwfGICImIILL8MB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvOVlWNUtVbG5lU0Q4SnRYQjhZZ0lpWWdnc3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3FMA0G
CSqGSIb3DQEBCwUAA4IBAQAbwUZi25rSHmm6hwtMPvIt4OGQnGWRWM1QcbBxVCcI
Wc9quWy6BoxlYuFp3VrD/lWPE+khHWr70tPsslDpOPgZ2v+nLRwSMF69VpvOAvIQ
Od3XOSouCtQJsmV2n0RMmOTkUxjm6w9WCaGzG9IVZaikq1mlasuEU9Hl+gKbmy3N
pD7ykfTJR6bpMskRfuTIsiBTIZn02HUqXK+ZNvj+WijxdFBvBtfwtGniPiWRzEnm
O4CFsmbul/LVsRSYVGVsdfQdt1CaIB+deSNrrhx00MkCmFQmlbH6SlKrTzzlA7aw
+THW3Qx2ipBE/C5gHh006vV2XeHCE2x39n2mPOh1bGIm
-----END CERTIFICATE-----