Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/6vzcTrlhC6ojZHbLbYiYwAcG8EQ.roa
File:                     6vzcTrlhC6ojZHbLbYiYwAcG8EQ.roa (raw, json)
Hash identifier:          4fTZVD8gHCsAYlEBZdYANrs1WCfVNrjN1bhjKfWYXFk=
Subject key identifier:   EA:FC:DC:4E:B9:61:0B:AA:23:64:76:CB:6D:88:98:C0:07:06:F0:44
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018EEB2AFA8760C25F1F3A5F446348D2E7AF
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/6vzcTrlhC6ojZHbLbYiYwAcG8EQ.roa
Signing time:             Wed 17 Apr 2024 08:27:26 +0000
ROA not before:           Wed 17 Apr 2024 08:27:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.81.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:eb:2a:fa:87:60:c2:5f:1f:3a:5f:44:63:48:d2:e7:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Apr 17 08:27:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eafcdc4eb9610baa236476cb6d8898c00706f044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:64:e7:1f:c3:bc:61:9f:2c:86:c0:ee:73:8c:
                    85:dd:49:9e:6e:c4:6f:2d:5d:41:17:5d:d8:da:ce:
                    f2:9c:e3:d0:52:f0:a4:6a:b8:08:f3:ee:c9:19:25:
                    40:87:4f:8a:58:15:6b:65:81:20:e3:ec:16:e9:4c:
                    31:a3:bd:b7:13:7a:be:13:2d:00:95:99:f7:9a:ca:
                    b8:a8:91:c2:07:95:69:e5:9b:c4:d7:81:59:2a:ce:
                    a8:aa:6d:51:07:a2:c0:0b:bb:03:7f:f3:f6:98:ec:
                    fd:e6:94:c6:0c:4c:e6:10:1d:1a:fa:f8:ed:a7:fe:
                    c8:09:db:1f:f6:6c:2c:41:ff:75:39:81:b7:df:fb:
                    20:54:b1:6c:29:4a:14:33:b0:35:91:b5:6c:43:bc:
                    6d:8b:c9:24:9f:11:b3:a4:d8:e2:ff:25:dd:04:cb:
                    55:60:60:f1:c7:8b:00:ab:b9:b3:12:e7:20:a6:1c:
                    9f:97:d1:55:78:eb:b0:fe:b9:4b:7a:88:c2:b8:fd:
                    e5:e5:e8:3f:d8:ab:0e:69:ca:14:46:91:f7:9e:51:
                    f7:0b:ef:ba:8c:64:ea:8d:2f:ec:08:0a:13:07:82:
                    f2:76:d1:55:31:70:c0:1d:ba:3f:f4:25:be:41:c2:
                    4a:69:4e:08:71:bf:fe:03:20:68:90:44:9d:54:df:
                    6e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:FC:DC:4E:B9:61:0B:AA:23:64:76:CB:6D:88:98:C0:07:06:F0:44
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/6vzcTrlhC6ojZHbLbYiYwAcG8EQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:e7:7e:36:8c:83:6c:2e:fb:2b:42:a1:3f:3f:43:a1:ce:45:
         c2:b5:44:10:a2:3b:54:1f:a5:54:27:d3:1f:6d:03:be:78:48:
         66:c0:52:45:2b:cd:c4:99:63:da:00:5a:70:43:18:0b:ed:a7:
         96:51:d6:e5:bb:7a:3e:bc:6d:74:05:1e:72:63:59:9d:ca:a5:
         a0:33:99:c0:72:0b:7f:e3:70:56:03:f2:37:43:50:f5:5e:d1:
         33:52:0d:4e:43:b7:fe:18:2b:db:46:99:0b:a4:4a:0c:53:40:
         1a:63:e8:a1:45:a2:65:a3:21:45:ec:66:92:74:00:5e:8e:92:
         d9:60:99:09:25:34:c9:19:13:a4:ce:31:02:22:ae:43:bc:7e:
         2a:1a:94:8d:47:ab:26:80:e8:eb:4d:aa:76:b4:04:1b:77:8a:
         32:9e:6e:c0:d5:f4:b8:cf:4c:75:22:73:ae:76:67:75:3c:31:
         32:98:0c:fb:cc:89:be:ab:67:ed:e0:8a:9c:1e:58:89:96:79:
         42:9d:5c:bd:e0:e9:0e:cd:95:12:45:bc:fd:1a:91:c4:a4:4b:
         29:6b:8a:b6:e3:c0:36:90:d0:ee:39:b0:80:db:d4:c2:33:4f:
         d3:31:3d:a7:ab:2f:83:60:72:58:fd:26:c6:0a:64:47:63:53:
         c9:ce:72:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7rKvqHYMJfHzpfRGNI0uevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNDE3MDgyNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWZjZGM0ZWI5NjEwYmFhMjM2NDc2Y2I2ZDg4OThjMDA3MDZmMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWTnH8O8YZ8shsDuc4yF3UmebsRv
LV1BF13Y2s7ynOPQUvCkargI8+7JGSVAh0+KWBVrZYEg4+wW6Uwxo723E3q+Ey0A
lZn3msq4qJHCB5Vp5ZvE14FZKs6oqm1RB6LAC7sDf/P2mOz95pTGDEzmEB0a+vjt
p/7ICdsf9mwsQf91OYG33/sgVLFsKUoUM7A1kbVsQ7xti8kknxGzpNji/yXdBMtV
YGDxx4sAq7mzEucgphyfl9FVeOuw/rlLeojCuP3l5eg/2KsOacoURpH3nlH3C++6
jGTqjS/sCAoTB4LydtFVMXDAHbo/9CW+QcJKaU4Icb/+AyBokESdVN9uyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOr83E65YQuqI2R2y22ImMAHBvBEMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvNnZ6Y1RybGhDNm9qWkhiTGJZaVl3QWNHOEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVEcMA0G
CSqGSIb3DQEBCwUAA4IBAQA25342jINsLvsrQqE/P0OhzkXCtUQQojtUH6VUJ9Mf
bQO+eEhmwFJFK83EmWPaAFpwQxgL7aeWUdblu3o+vG10BR5yY1mdyqWgM5nAcgt/
43BWA/I3Q1D1XtEzUg1OQ7f+GCvbRpkLpEoMU0AaY+ihRaJloyFF7GaSdABejpLZ
YJkJJTTJGROkzjECIq5DvH4qGpSNR6smgOjrTap2tAQbd4oynm7A1fS4z0x1InOu
dmd1PDEymAz7zIm+q2ft4IqcHliJlnlCnVy94OkOzZUSRbz9GpHEpEspa4q248A2
kNDuObCA29TCM0/TMT2nqy+DYHJY/SbGCmRHY1PJznK7
-----END CERTIFICATE-----