Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/21f1ef-d6f5-4ad4-ad11-af4c1de0249d/1/snvGkV4hApMQDyHoYAltIihFWpU.roa
File:                     snvGkV4hApMQDyHoYAltIihFWpU.roa (raw, json)
Hash identifier:          cqd2KeJxmbu+f1Xmp99wTw7VVNCZ7yivx8qU0cNoL/4=
Subject key identifier:   B2:7B:C6:91:5E:21:02:93:10:0F:21:E8:60:09:6D:22:28:45:5A:95
Certificate issuer:       /CN=77c3131201b08679481a03a494a1367cae81ea03
Certificate serial:       018CC725E38CEFCB06BF2A88D91505B707CA
Authority key identifier: 77:C3:13:12:01:B0:86:79:48:1A:03:A4:94:A1:36:7C:AE:81:EA:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8MTEgGwhnlIGgOklKE2fK6B6gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/21f1ef-d6f5-4ad4-ad11-af4c1de0249d/1/snvGkV4hApMQDyHoYAltIihFWpU.roa
Signing time:             Mon 01 Jan 2024 22:29:58 +0000
ROA not before:           Mon 01 Jan 2024 22:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199549
IP address blocks:        185.11.132.0/22 maxlen: 23
                          2a03:7540::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/21f1ef-d6f5-4ad4-ad11-af4c1de0249d/1/d8MTEgGwhnlIGgOklKE2fK6B6gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/21f1ef-d6f5-4ad4-ad11-af4c1de0249d/1/d8MTEgGwhnlIGgOklKE2fK6B6gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8MTEgGwhnlIGgOklKE2fK6B6gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:e3:8c:ef:cb:06:bf:2a:88:d9:15:05:b7:07:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77c3131201b08679481a03a494a1367cae81ea03
        Validity
            Not Before: Jan  1 22:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b27bc6915e210293100f21e860096d2228455a95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2b:ab:4c:9e:2e:3f:65:fd:9a:40:2a:aa:04:
                    fb:3b:b7:49:fe:99:a0:dc:20:cf:00:00:c6:7f:40:
                    fa:1a:b9:b3:3f:ef:ba:83:88:d7:bc:f6:f3:0c:d7:
                    19:6f:55:e7:f0:b7:6c:e6:a8:5a:74:c8:c6:f6:21:
                    83:87:32:eb:46:ab:af:5b:56:ed:48:64:80:9f:22:
                    7d:29:f0:a8:bc:f0:05:29:46:c9:11:78:80:c6:35:
                    01:2b:b0:e7:fe:19:3a:14:81:b2:24:7f:8c:b4:1a:
                    e0:68:1c:d3:de:6b:93:02:89:0a:5d:96:54:5d:ad:
                    8c:84:43:db:a2:4d:19:93:25:ec:4d:aa:17:f9:09:
                    c8:86:cd:23:91:3b:c5:29:2a:12:ef:b6:73:7e:9a:
                    f6:74:20:63:4f:bc:73:88:47:13:d8:ac:61:27:4a:
                    f7:32:91:74:fc:34:51:24:e0:a7:89:ae:4f:a0:a1:
                    91:23:dd:f6:08:d2:39:e8:1f:e4:15:df:f0:3d:15:
                    4a:a4:bc:b6:04:82:fe:bc:40:bd:f0:a2:29:1c:1b:
                    1c:ac:2a:75:6d:a4:f9:87:79:08:07:3b:63:81:19:
                    85:95:42:b1:15:9b:2c:fa:ed:e5:05:ee:13:1f:d0:
                    8f:8f:e4:04:43:c3:a9:2a:9c:29:2a:95:29:d1:fa:
                    b5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:7B:C6:91:5E:21:02:93:10:0F:21:E8:60:09:6D:22:28:45:5A:95
            X509v3 Authority Key Identifier:
                keyid:77:C3:13:12:01:B0:86:79:48:1A:03:A4:94:A1:36:7C:AE:81:EA:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8MTEgGwhnlIGgOklKE2fK6B6gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/21f1ef-d6f5-4ad4-ad11-af4c1de0249d/1/snvGkV4hApMQDyHoYAltIihFWpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/21f1ef-d6f5-4ad4-ad11-af4c1de0249d/1/d8MTEgGwhnlIGgOklKE2fK6B6gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.132.0/22
                IPv6:
                  2a03:7540::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:49:57:8f:f8:51:d6:1a:3c:e8:ed:c4:cd:07:19:71:ee:08:
         77:27:21:02:27:b3:2b:82:76:ca:94:6d:d9:b7:15:34:3c:c0:
         8a:d1:52:cd:6b:86:7f:f2:c5:f9:09:c3:83:03:c2:b2:fe:38:
         2a:23:86:1e:11:60:59:16:54:da:b6:f6:04:57:10:78:c8:b5:
         91:90:25:ad:4a:f6:00:2b:48:b7:91:ba:e9:6c:e0:1d:77:26:
         70:30:24:c6:cc:1e:5e:9f:ec:d4:a2:43:f6:7e:21:be:27:94:
         64:e2:b2:80:e8:78:ce:46:42:54:6b:f4:13:f3:d6:34:28:c5:
         b8:d4:e7:fd:93:75:48:2d:8d:38:ee:cd:d3:76:13:e9:e0:a0:
         ab:78:ec:fd:13:3b:2e:a4:4a:59:09:70:6b:fe:fc:f6:3e:c9:
         f4:cd:73:83:1e:bf:c8:aa:7d:5e:b6:25:92:cb:98:53:dc:70:
         64:d0:77:d0:71:21:be:46:53:76:49:e9:8b:41:40:54:f7:70:
         f1:b9:e3:01:d3:37:1f:ad:2f:73:9a:9f:88:08:89:bb:71:34:
         ed:74:fc:43:91:45:de:09:ff:1b:1d:94:a7:c4:54:d0:63:9e:
         b9:a8:74:5c:11:9d:f3:2d:6d:c1:85:1e:61:d1:49:15:60:b3:
         d2:dd:f6:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJeOM78sGvyqI2RUFtwfKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YzMxMzEyMDFiMDg2Nzk0ODFhMDNhNDk0YTEzNjdjYWU4
MWVhMDMwHhcNMjQwMTAxMjIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjdiYzY5MTVlMjEwMjkzMTAwZjIxZTg2MDA5NmQyMjI4NDU1YTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCurTJ4uP2X9mkAqqgT7O7dJ/pmg
3CDPAADGf0D6GrmzP++6g4jXvPbzDNcZb1Xn8Lds5qhadMjG9iGDhzLrRquvW1bt
SGSAnyJ9KfCovPAFKUbJEXiAxjUBK7Dn/hk6FIGyJH+MtBrgaBzT3muTAokKXZZU
Xa2MhEPbok0ZkyXsTaoX+QnIhs0jkTvFKSoS77Zzfpr2dCBjT7xziEcT2KxhJ0r3
MpF0/DRRJOCnia5PoKGRI932CNI56B/kFd/wPRVKpLy2BIL+vEC98KIpHBscrCp1
baT5h3kIBztjgRmFlUKxFZss+u3lBe4TH9CPj+QEQ8OpKpwpKpUp0fq1nwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLJ7xpFeIQKTEA8h6GAJbSIoRVqVMB8GA1UdIwQY
MBaAFHfDExIBsIZ5SBoDpJShNnyugeoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDhNVEVnR3dobmxJR2dPa2xLRTJmSzZCNmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8yMWYxZWYtZDZmNS00YWQ0LWFkMTEt
YWY0YzFkZTAyNDlkLzEvc252R2tWNGhBcE1RRHlIb1lBbHRJaWhGV3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8yMWYxZWYtZDZmNS00YWQ0LWFkMTEtYWY0YzFkZTAyNDlk
LzEvZDhNVEVnR3dobmxJR2dPa2xLRTJmSzZCNmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQuEMA0E
AgACMAcDBQAqA3VAMA0GCSqGSIb3DQEBCwUAA4IBAQCOSVeP+FHWGjzo7cTNBxlx
7gh3JyECJ7MrgnbKlG3ZtxU0PMCK0VLNa4Z/8sX5CcODA8Ky/jgqI4YeEWBZFlTa
tvYEVxB4yLWRkCWtSvYAK0i3kbrpbOAddyZwMCTGzB5en+zUokP2fiG+J5Rk4rKA
6HjORkJUa/QT89Y0KMW41Of9k3VILY047s3TdhPp4KCreOz9EzsupEpZCXBr/vz2
Psn0zXODHr/Iqn1etiWSy5hT3HBk0HfQcSG+RlN2SemLQUBU93DxueMB0zcfrS9z
mp+ICIm7cTTtdPxDkUXeCf8bHZSnxFTQY565qHRcEZ3zLW3BhR5h0UkVYLPS3fYC
-----END CERTIFICATE-----