Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/vMgElrF3per81ODeRpu7Vx6j5yQ.roa
File:                     vMgElrF3per81ODeRpu7Vx6j5yQ.roa (raw, json)
Hash identifier:          4YwzhaUSKuWuYv4BRVPJbYpN2wlcMgYgpwv42pVzYFE=
Subject key identifier:   BC:C8:04:96:B1:77:A5:EA:FC:D4:E0:DE:46:9B:BB:57:1E:A3:E7:24
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       018CC56E1D31F4CF1DB1499128FAB8221731
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/vMgElrF3per81ODeRpu7Vx6j5yQ.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211239
IP address blocks:        213.169.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1d:31:f4:cf:1d:b1:49:91:28:fa:b8:22:17:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcc80496b177a5eafcd4e0de469bbb571ea3e724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a7:05:80:28:07:cb:38:03:d5:9f:a9:c4:18:
                    c7:bd:c1:d5:fe:c7:77:e6:85:77:4a:c2:77:e1:95:
                    78:53:48:85:65:33:59:40:2b:cf:6b:da:46:38:10:
                    54:61:17:c5:6b:9d:1c:ce:55:21:70:32:41:c8:85:
                    6e:fa:4c:ef:b7:31:cd:2e:14:83:8f:01:aa:2a:ce:
                    d4:42:7f:6f:db:d8:b4:8f:83:f6:37:70:c9:79:58:
                    4c:d4:e6:d7:19:7c:30:29:f9:02:93:18:c3:db:00:
                    b5:36:0a:a5:4a:87:1d:41:bd:8b:50:db:35:bb:44:
                    aa:5b:25:1b:e4:42:98:c1:c8:8a:33:56:39:ca:f9:
                    f4:a8:5b:46:69:db:c0:30:01:ee:a5:83:f7:9c:87:
                    4c:b2:7e:12:7b:49:8c:5c:54:3d:0c:b3:a8:ba:7b:
                    eb:af:de:9d:03:d7:ac:8f:e8:f0:2f:39:f6:b2:3c:
                    42:03:56:53:9e:51:2c:f1:11:f7:a8:5c:f8:38:61:
                    49:89:78:8c:d0:d0:84:fd:ab:bc:f7:bb:ac:cf:b5:
                    c4:ea:9c:fa:c3:a0:98:21:58:a7:2d:93:5f:cc:a8:
                    04:14:ca:23:bd:ff:2f:e8:e5:5e:81:f3:68:7a:0d:
                    5e:16:91:11:eb:4a:d8:90:0c:76:a1:9d:c6:51:f2:
                    03:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C8:04:96:B1:77:A5:EA:FC:D4:E0:DE:46:9B:BB:57:1E:A3:E7:24
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/vMgElrF3per81ODeRpu7Vx6j5yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.169.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:56:94:ea:ab:a2:87:e4:35:8c:e1:fb:33:8d:ce:a8:b3:91:
         34:cd:7c:3d:47:3f:37:62:a4:14:3c:3d:54:0c:3c:c8:9c:ea:
         45:8f:fa:6b:32:83:1f:10:78:cd:8c:61:8e:ce:0a:4c:71:fe:
         de:65:68:3a:e6:12:2d:34:e8:14:45:4a:a6:f5:8b:12:65:8a:
         33:22:9d:b1:1f:3a:ab:f0:94:bc:64:a3:83:12:f7:d3:cb:03:
         76:d3:e8:c2:fb:33:9f:9c:5a:2e:7e:b6:ab:f8:94:e0:03:5c:
         21:14:fd:85:65:0a:0d:01:2e:a0:a3:2a:54:0e:96:d0:e1:61:
         8d:b7:09:4e:1b:63:61:98:5c:24:c0:ea:8c:99:a6:4e:ca:48:
         00:32:fe:8b:f8:cf:30:66:34:59:61:a2:81:36:7b:4f:cf:0d:
         87:33:43:91:cd:a9:0c:12:38:67:70:c6:04:2e:9d:13:47:6e:
         d4:45:29:25:cd:ac:a7:10:24:19:54:a9:4f:eb:31:5b:88:5b:
         fd:64:2d:2f:7d:2d:31:96:0f:f2:98:cd:2c:c5:ae:49:5a:a4:
         71:25:d3:5a:19:98:18:d5:e2:56:f8:2e:a8:f1:a9:e5:f0:0f:
         73:95:8c:71:c6:0d:d0:53:01:d4:72:d9:67:b7:1e:e0:84:c7:
         bc:b9:08:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh0x9M8dsUmRKPq4IhcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNDQyOTdlOTI3MWM2ZWRmMDY0OTE1ZjYxODBhZTEyNjkw
ZGRhOGIwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2M4MDQ5NmIxNzdhNWVhZmNkNGUwZGU0NjliYmI1NzFlYTNlNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6cFgCgHyzgD1Z+pxBjHvcHV/sd3
5oV3SsJ34ZV4U0iFZTNZQCvPa9pGOBBUYRfFa50czlUhcDJByIVu+kzvtzHNLhSD
jwGqKs7UQn9v29i0j4P2N3DJeVhM1ObXGXwwKfkCkxjD2wC1NgqlSocdQb2LUNs1
u0SqWyUb5EKYwciKM1Y5yvn0qFtGadvAMAHupYP3nIdMsn4Se0mMXFQ9DLOounvr
r96dA9esj+jwLzn2sjxCA1ZTnlEs8RH3qFz4OGFJiXiM0NCE/au897usz7XE6pz6
w6CYIVinLZNfzKgEFMojvf8v6OVegfNoeg1eFpER60rYkAx2oZ3GUfIDNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzIBJaxd6Xq/NTg3kabu1ceo+ckMB8GA1UdIwQY
MBaAFPxEKX6Sccbt8GSRX2GArhJpDdqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUt
YWUwN2YzMmU0MTAyLzEvdk1nRWxyRjNwZXI4MU9EZVJwdTdWeDZqNXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUtYWUwN2YzMmU0MTAy
LzEvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1amcMA0G
CSqGSIb3DQEBCwUAA4IBAQBmVpTqq6KH5DWM4fszjc6os5E0zXw9Rz83YqQUPD1U
DDzInOpFj/prMoMfEHjNjGGOzgpMcf7eZWg65hItNOgURUqm9YsSZYozIp2xHzqr
8JS8ZKODEvfTywN20+jC+zOfnFoufrar+JTgA1whFP2FZQoNAS6goypUDpbQ4WGN
twlOG2NhmFwkwOqMmaZOykgAMv6L+M8wZjRZYaKBNntPzw2HM0ORzakMEjhncMYE
Lp0TR27URSklzaynECQZVKlP6zFbiFv9ZC0vfS0xlg/ymM0sxa5JWqRxJdNaGZgY
1eJW+C6o8anl8A9zlYxxxg3QUwHUctlntx7ghMe8uQji
-----END CERTIFICATE-----