Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/tVxR6bnrexxbMKVtuRs7D-1s1MY.roa
File:                     tVxR6bnrexxbMKVtuRs7D-1s1MY.roa (raw, json)
Hash identifier:          M+8a0mVV4BsEY3I8/SQ6ad0BRVBz9lPmLA3BGIXo0mY=
Subject key identifier:   B5:5C:51:E9:B9:EB:7B:1C:5B:30:A5:6D:B9:1B:3B:0F:ED:6C:D4:C6
Certificate issuer:       /CN=c2a29cc518010f7676353ff296644d9bd4a355cb
Certificate serial:       018CD8EFC3835AA91FC964CC405A53F3D26D
Authority key identifier: C2:A2:9C:C5:18:01:0F:76:76:35:3F:F2:96:64:4D:9B:D4:A3:55:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/tVxR6bnrexxbMKVtuRs7D-1s1MY.roa
Signing time:             Fri 05 Jan 2024 09:24:00 +0000
ROA not before:           Fri 05 Jan 2024 09:24:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208145
IP address blocks:        185.227.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d8:ef:c3:83:5a:a9:1f:c9:64:cc:40:5a:53:f3:d2:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2a29cc518010f7676353ff296644d9bd4a355cb
        Validity
            Not Before: Jan  5 09:24:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b55c51e9b9eb7b1c5b30a56db91b3b0fed6cd4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c3:f2:e5:50:c3:94:c8:0c:43:64:00:66:88:
                    e1:be:4e:04:97:00:e3:77:e2:59:e5:1f:bd:b9:fc:
                    1a:2a:69:71:a4:4c:a6:a8:9f:46:3e:9f:dc:42:f3:
                    f0:73:22:99:f5:4e:f1:e3:82:2f:b0:50:c5:68:b9:
                    9c:22:4b:40:d4:62:5d:63:67:48:40:fd:9c:f6:f3:
                    0f:0d:ca:99:b0:b8:cb:a6:b0:7a:d5:0b:41:17:af:
                    2d:2c:50:23:d8:61:be:5b:51:79:2f:19:f9:ca:39:
                    89:e6:d6:5c:37:a8:98:14:8f:4e:93:98:8f:e5:46:
                    40:f8:f5:a4:94:53:7f:b9:3f:93:ee:49:3e:0a:23:
                    48:7f:17:3f:07:c6:ac:3d:07:e4:89:77:4f:61:b6:
                    1a:d1:9c:16:92:ea:5a:29:28:d8:c4:82:cf:8c:79:
                    41:92:11:ed:dc:5c:4c:fb:93:1b:26:c0:54:6a:8e:
                    73:db:9c:dd:6b:6d:72:1a:48:a2:cd:c2:6d:2b:b9:
                    3a:d3:c8:1b:1d:ab:bf:cf:73:ab:62:04:7b:e5:25:
                    40:d9:25:d6:75:64:a0:f5:bf:6d:83:91:46:1b:1e:
                    50:45:f8:50:5f:86:76:3f:ec:c9:81:38:da:52:d3:
                    ab:0f:00:ee:fe:9c:2b:fd:c3:32:3f:f8:29:68:41:
                    64:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:5C:51:E9:B9:EB:7B:1C:5B:30:A5:6D:B9:1B:3B:0F:ED:6C:D4:C6
            X509v3 Authority Key Identifier:
                keyid:C2:A2:9C:C5:18:01:0F:76:76:35:3F:F2:96:64:4D:9B:D4:A3:55:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/tVxR6bnrexxbMKVtuRs7D-1s1MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:90:3b:bf:be:22:28:9b:6f:b6:a7:4f:40:8e:91:6d:36:ac:
         49:c5:ab:9a:d3:4b:86:a9:4f:d8:14:8d:b4:47:17:f4:5d:b3:
         2b:bb:aa:29:10:35:cd:43:1b:7f:81:5f:60:45:c0:8e:94:4b:
         a7:bb:89:5c:c1:a9:2a:2f:2b:7e:31:9b:40:4b:53:4a:65:b0:
         17:c7:22:2b:14:b8:29:bf:dc:54:b9:bf:43:ac:b4:ba:b0:5b:
         e5:00:b9:67:41:59:5e:3a:a9:7b:b9:a2:8a:d2:93:af:ae:fe:
         25:8e:6d:fa:f9:45:ea:f0:91:11:56:5d:b5:d7:75:b0:ea:e7:
         03:fc:74:1d:b4:2e:9b:2a:fe:c1:6e:f5:53:62:e2:d4:a0:80:
         d6:f7:1e:6f:d0:84:35:f6:64:98:73:9d:1d:49:d7:13:c4:c1:
         e9:ea:a5:2d:c9:9d:a5:3a:57:4a:cc:cb:c9:f4:1a:49:1d:e2:
         8e:02:1e:37:00:e8:55:a0:8b:b1:d3:a6:3b:ef:55:e1:0b:61:
         eb:86:90:49:0a:25:f5:58:0d:6c:6f:c4:46:81:a4:2c:aa:13:
         a1:91:ac:d4:88:de:02:16:11:97:a2:c9:d1:f6:1a:b1:69:d4:
         94:a3:eb:b9:9f:da:1c:e2:8b:73:f3:d9:28:70:9b:55:58:36:
         05:d9:1b:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzY78ODWqkfyWTMQFpT89JtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYTI5Y2M1MTgwMTBmNzY3NjM1M2ZmMjk2NjQ0ZDliZDRh
MzU1Y2IwHhcNMjQwMTA1MDkyNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTVjNTFlOWI5ZWI3YjFjNWIzMGE1NmRiOTFiM2IwZmVkNmNkNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMPy5VDDlMgMQ2QAZojhvk4ElwDj
d+JZ5R+9ufwaKmlxpEymqJ9GPp/cQvPwcyKZ9U7x44IvsFDFaLmcIktA1GJdY2dI
QP2c9vMPDcqZsLjLprB61QtBF68tLFAj2GG+W1F5Lxn5yjmJ5tZcN6iYFI9Ok5iP
5UZA+PWklFN/uT+T7kk+CiNIfxc/B8asPQfkiXdPYbYa0ZwWkupaKSjYxILPjHlB
khHt3FxM+5MbJsBUao5z25zda21yGkiizcJtK7k608gbHau/z3OrYgR75SVA2SXW
dWSg9b9tg5FGGx5QRfhQX4Z2P+zJgTjaUtOrDwDu/pwr/cMyP/gpaEFkfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVcUem563scWzClbbkbOw/tbNTGMB8GA1UdIwQY
MBaAFMKinMUYAQ92djU/8pZkTZvUo1XLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3FLY3hSZ0JEM1oyTlRfeWxtUk5tOVNqVmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zOWVkZTEtYmZlMS00NzJlLTg3NGMt
N2MxZjBjZGZjZTc3LzEvdFZ4UjZibnJleHhiTUtWdHVSczdELTFzMU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zOWVkZTEtYmZlMS00NzJlLTg3NGMtN2MxZjBjZGZjZTc3
LzEvd3FLY3hSZ0JEM1oyTlRfeWxtUk5tOVNqVmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueO+MA0G
CSqGSIb3DQEBCwUAA4IBAQB5kDu/viIom2+2p09AjpFtNqxJxaua00uGqU/YFI20
Rxf0XbMru6opEDXNQxt/gV9gRcCOlEunu4lcwakqLyt+MZtAS1NKZbAXxyIrFLgp
v9xUub9DrLS6sFvlALlnQVleOql7uaKK0pOvrv4ljm36+UXq8JERVl2113Ww6ucD
/HQdtC6bKv7BbvVTYuLUoIDW9x5v0IQ19mSYc50dSdcTxMHp6qUtyZ2lOldKzMvJ
9BpJHeKOAh43AOhVoIux06Y771XhC2HrhpBJCiX1WA1sb8RGgaQsqhOhkazUiN4C
FhGXosnR9hqxadSUo+u5n9oc4otz89kocJtVWDYF2Rtp
-----END CERTIFICATE-----