Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/BV19u6PVqvy9UlacF5tJKHOvINA.roa
File:                     BV19u6PVqvy9UlacF5tJKHOvINA.roa (raw, json)
Hash identifier:          1eHdiHK7shpDxj8IzEV0xU2NAsx+SZSwhgV8bC6c7QE=
Subject key identifier:   05:5D:7D:BB:A3:D5:AA:FC:BD:52:56:9C:17:9B:49:28:73:AF:20:D0
Certificate issuer:       /CN=7e904bd71d6fe74a67168fd913e828722755b494
Certificate serial:       018CC493546A854993A2F80C43D6682ABB9F
Authority key identifier: 7E:90:4B:D7:1D:6F:E7:4A:67:16:8F:D9:13:E8:28:72:27:55:B4:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fpBL1x1v50pnFo_ZE-gocidVtJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/BV19u6PVqvy9UlacF5tJKHOvINA.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62159
IP address blocks:        185.133.56.0/22 maxlen: 24
                          2a06:e3c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/fpBL1x1v50pnFo_ZE-gocidVtJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/fpBL1x1v50pnFo_ZE-gocidVtJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fpBL1x1v50pnFo_ZE-gocidVtJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:54:6a:85:49:93:a2:f8:0c:43:d6:68:2a:bb:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e904bd71d6fe74a67168fd913e828722755b494
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=055d7dbba3d5aafcbd52569c179b492873af20d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:19:69:70:7f:a9:f6:7b:e0:27:35:b1:16:7b:
                    97:77:61:f4:f9:d3:6b:78:6c:09:9b:6d:22:ed:00:
                    5c:ef:f3:62:9c:c5:0c:5e:c6:91:30:85:4c:94:70:
                    e7:13:48:b1:03:d0:94:75:89:6c:e8:4e:94:a4:01:
                    5a:39:c9:6e:d2:6b:c4:d2:df:92:d9:25:ef:84:90:
                    df:91:e7:7c:79:c3:da:5c:38:06:52:a7:ba:ee:df:
                    1b:d1:40:3a:04:86:0e:4b:29:b3:2b:fe:ad:57:cc:
                    64:a6:1d:98:a1:56:67:2d:5d:bc:b4:2b:6f:65:39:
                    fc:50:00:c8:5a:9f:ec:14:43:62:63:19:b2:52:00:
                    30:b2:a5:3e:dc:5c:92:83:9b:2d:99:55:34:31:15:
                    12:c2:d9:79:d8:2d:ff:e7:4f:8e:0f:11:81:ec:33:
                    42:c8:3c:c6:5b:e6:d1:42:98:f5:1e:90:5c:73:c2:
                    65:57:78:1f:39:9f:0c:3c:4c:93:b5:ff:27:5f:2c:
                    c8:56:55:19:87:5e:7d:4c:1e:15:9c:ed:3e:12:73:
                    e3:87:0b:b7:23:11:7f:25:30:be:3e:5f:4b:28:a3:
                    2d:05:3c:ef:a7:98:bb:6a:00:89:a3:a0:02:a3:13:
                    c9:cd:fc:18:ab:da:ac:f0:0e:f9:3b:ab:64:80:81:
                    43:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:5D:7D:BB:A3:D5:AA:FC:BD:52:56:9C:17:9B:49:28:73:AF:20:D0
            X509v3 Authority Key Identifier:
                keyid:7E:90:4B:D7:1D:6F:E7:4A:67:16:8F:D9:13:E8:28:72:27:55:B4:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fpBL1x1v50pnFo_ZE-gocidVtJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/BV19u6PVqvy9UlacF5tJKHOvINA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/fpBL1x1v50pnFo_ZE-gocidVtJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.56.0/22
                IPv6:
                  2a06:e3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:90:d5:c7:8d:75:c9:be:f8:1e:c0:69:2e:f2:84:09:3a:cb:
         30:13:44:a2:4c:32:38:1b:79:a3:69:f3:2e:f4:47:a9:85:e3:
         ee:f5:f0:54:29:24:53:87:70:5b:d9:8c:96:40:22:bd:bd:81:
         1b:d9:c1:32:6c:7a:e4:61:9f:6b:2e:34:cf:78:91:e8:8a:d0:
         8d:5f:70:b2:e8:c4:b4:fc:f3:d0:66:5f:e7:0a:13:4a:bd:1f:
         c5:d7:84:11:2f:9c:d5:a4:8c:ec:23:4d:39:36:95:03:b1:aa:
         38:30:f0:ac:6d:92:86:dd:79:52:b4:53:4b:d7:97:b1:47:1a:
         69:ed:14:1e:72:9b:65:57:8f:67:7b:3f:17:ce:5b:c7:de:08:
         1c:c6:55:87:73:74:51:6e:c2:8c:22:77:d5:db:bf:7c:96:9e:
         6c:1d:1d:1d:00:d3:b6:e3:ed:64:2f:ed:f2:d5:de:12:26:43:
         8e:01:40:bd:7c:8e:74:02:95:34:88:13:ba:37:bc:6e:09:2e:
         3f:9b:54:1b:d5:5b:56:ce:7e:7e:e9:8f:43:7b:35:3f:5b:ec:
         fc:cc:9f:b2:36:3f:ff:ce:91:cf:6a:0f:c3:cf:10:65:51:3e:
         49:c2:00:b3:d1:d4:08:42:80:5f:1a:ad:0f:9d:75:02:64:dc:
         63:32:86:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk1RqhUmTovgMQ9ZoKrufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlOTA0YmQ3MWQ2ZmU3NGE2NzE2OGZkOTEzZTgyODcyMjc1
NWI0OTQwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTVkN2RiYmEzZDVhYWZjYmQ1MjU2OWMxNzliNDkyODczYWYyMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5RlpcH+p9nvgJzWxFnuXd2H0+dNr
eGwJm20i7QBc7/NinMUMXsaRMIVMlHDnE0ixA9CUdYls6E6UpAFaOclu0mvE0t+S
2SXvhJDfked8ecPaXDgGUqe67t8b0UA6BIYOSymzK/6tV8xkph2YoVZnLV28tCtv
ZTn8UADIWp/sFENiYxmyUgAwsqU+3FySg5stmVU0MRUSwtl52C3/50+ODxGB7DNC
yDzGW+bRQpj1HpBcc8JlV3gfOZ8MPEyTtf8nXyzIVlUZh159TB4VnO0+EnPjhwu3
IxF/JTC+Pl9LKKMtBTzvp5i7agCJo6ACoxPJzfwYq9qs8A75O6tkgIFDqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAVdfbuj1ar8vVJWnBebSShzryDQMB8GA1UdIwQY
MBaAFH6QS9cdb+dKZxaP2RPoKHInVbSUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnBCTDF4MXY1MHBuRm9fWkUtZ29jaWRWdEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yZjEyNjQtMjNlOC00MmUwLTgzNjQt
NGYzODJjYmI1OWYyLzEvQlYxOXU2UFZxdnk5VWxhY0Y1dEpLSE92SU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yZjEyNjQtMjNlOC00MmUwLTgzNjQtNGYzODJjYmI1OWYy
LzEvZnBCTDF4MXY1MHBuRm9fWkUtZ29jaWRWdEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYU4MA0E
AgACMAcDBQMqBuPAMA0GCSqGSIb3DQEBCwUAA4IBAQBIkNXHjXXJvvgewGku8oQJ
OsswE0SiTDI4G3mjafMu9EephePu9fBUKSRTh3Bb2YyWQCK9vYEb2cEybHrkYZ9r
LjTPeJHoitCNX3Cy6MS0/PPQZl/nChNKvR/F14QRL5zVpIzsI005NpUDsao4MPCs
bZKG3XlStFNL15exRxpp7RQecptlV49nez8XzlvH3ggcxlWHc3RRbsKMInfV2798
lp5sHR0dANO24+1kL+3y1d4SJkOOAUC9fI50ApU0iBO6N7xuCS4/m1Qb1VtWzn5+
6Y9DezU/W+z8zJ+yNj//zpHPag/DzxBlUT5JwgCz0dQIQoBfGq0PnXUCZNxjMoZh
-----END CERTIFICATE-----