Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/mYNoys889JEKo9j4oNdbRCLL9Zk.roa
File:                     mYNoys889JEKo9j4oNdbRCLL9Zk.roa (raw, json)
Hash identifier:          ZoVXON/ZR01LA7q9fnPxWvUyfhqGTxcjz/v5GxIUwf0=
Subject key identifier:   99:83:68:CA:CF:3C:F4:91:0A:A3:D8:F8:A0:D7:5B:44:22:CB:F5:99
Certificate issuer:       /CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
Certificate serial:       0194839941040B5C8637DD18878803ECBF7C
Authority key identifier: 4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/mYNoys889JEKo9j4oNdbRCLL9Zk.roa
Signing time:             Mon 20 Jan 2025 12:04:06 +0000
ROA not before:           Mon 20 Jan 2025 12:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        85.234.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:99:41:04:0b:5c:86:37:dd:18:87:88:03:ec:bf:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
        Validity
            Not Before: Jan 20 12:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=998368cacf3cf4910aa3d8f8a0d75b4422cbf599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:82:fa:6b:c0:e8:b9:86:f8:f3:bf:58:c7:83:
                    4b:70:b7:c3:61:5c:0a:42:2c:17:15:35:06:48:a5:
                    ca:a2:39:f4:4e:bc:63:04:70:b1:03:88:a3:f5:08:
                    ba:5c:8b:60:59:73:eb:2b:71:f2:9e:ff:02:17:9b:
                    00:d5:b3:aa:32:57:18:82:e3:76:18:85:6c:25:f2:
                    e4:73:50:d3:ba:66:55:94:77:1a:08:d2:bc:15:86:
                    24:46:47:98:bb:12:30:09:d8:c3:84:c1:c8:60:77:
                    74:9a:90:3d:40:f8:b1:83:bd:7c:bc:2d:8f:6c:78:
                    63:4f:06:e0:81:93:0a:c7:0e:da:f9:af:c8:40:c1:
                    02:35:84:45:25:47:4d:25:24:86:fe:74:d5:ad:9e:
                    77:44:ce:94:c2:e2:77:cf:62:48:d7:93:3d:0f:94:
                    fe:44:bf:c5:4b:b7:7e:34:ac:92:2a:10:54:6a:36:
                    92:bb:64:c4:62:5a:9e:08:02:b1:c6:09:43:1c:78:
                    1b:2f:9a:7c:95:fa:6a:19:17:b6:9d:b8:86:26:95:
                    ec:15:f0:6e:33:ff:17:95:55:6d:41:95:92:d7:01:
                    4e:0e:a9:2e:de:d5:0e:9d:7f:f7:ea:9b:f8:21:61:
                    ff:a1:6f:07:46:26:59:1f:a5:95:62:5e:c2:b1:3d:
                    59:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:83:68:CA:CF:3C:F4:91:0A:A3:D8:F8:A0:D7:5B:44:22:CB:F5:99
            X509v3 Authority Key Identifier:
                keyid:4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/mYNoys889JEKo9j4oNdbRCLL9Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.234.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:b1:de:b8:19:e3:b0:4a:44:3e:c9:1b:bd:e7:65:92:b4:5d:
         c9:06:91:df:c1:24:28:f8:5e:ec:7c:7e:72:6b:22:60:e6:af:
         2b:a7:d6:90:90:23:72:f4:8d:24:e2:11:1c:83:74:9d:bb:c8:
         9e:d9:c4:3b:64:cb:f9:53:b6:9a:92:ce:9b:f4:3d:4a:2a:12:
         af:6b:38:1e:86:ac:a3:30:ad:ff:a9:61:c7:34:0b:4d:04:e8:
         39:48:c4:b4:df:7e:6a:a9:4f:a6:51:fe:66:56:78:83:d5:39:
         07:16:53:3b:7b:8e:c1:e5:f9:52:97:5e:76:73:07:1b:9e:06:
         27:58:05:c2:a7:45:f2:c9:1a:7c:ae:6a:6a:d8:71:4b:db:43:
         62:17:97:84:41:3a:7c:1e:ec:b8:21:8d:02:e4:1a:fa:7d:d7:
         f9:d8:d7:4a:84:c9:b5:df:75:2b:78:75:80:b1:1a:c3:ea:af:
         91:05:77:fd:26:66:6c:d0:42:46:72:cb:5e:4e:a8:7c:fa:4a:
         bc:2a:ac:5f:50:fd:9d:d0:74:59:9a:04:d0:4c:d4:1f:7b:33:
         48:73:83:0c:0c:27:0c:98:2a:d4:d2:7f:bf:c9:c3:70:1a:5b:
         9b:12:1f:b2:8e:aa:75:2f:64:c7:4e:90:d0:30:f1:d3:7b:30:
         0f:8f:09:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSDmUEEC1yGN90Yh4gD7L98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMmI4OWMzYzU3YTNlMjk2YWE0MDYxZTk2Mjg0MGJlN2Fl
OGYwMTgwHhcNMjUwMTIwMTIwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTgzNjhjYWNmM2NmNDkxMGFhM2Q4ZjhhMGQ3NWI0NDIyY2JmNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4L6a8DouYb4879Yx4NLcLfDYVwK
QiwXFTUGSKXKojn0TrxjBHCxA4ij9Qi6XItgWXPrK3Hynv8CF5sA1bOqMlcYguN2
GIVsJfLkc1DTumZVlHcaCNK8FYYkRkeYuxIwCdjDhMHIYHd0mpA9QPixg718vC2P
bHhjTwbggZMKxw7a+a/IQMECNYRFJUdNJSSG/nTVrZ53RM6UwuJ3z2JI15M9D5T+
RL/FS7d+NKySKhBUajaSu2TEYlqeCAKxxglDHHgbL5p8lfpqGRe2nbiGJpXsFfBu
M/8XlVVtQZWS1wFODqku3tUOnX/36pv4IWH/oW8HRiZZH6WVYl7CsT1ZRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmDaMrPPPSRCqPY+KDXW0Qiy/WZMB8GA1UdIwQY
MBaAFEwricPFej4paqQGHpYoQL566PAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEN1Snc4VjZQaWxxcEFZZWxpaEF2bnJvOEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni83MjE1NWEtZDEwOS00YzJkLWI5NzQt
MTEyOGU1Y2U2YTViLzEvbVlOb3lzODg5SkVLbzlqNG9OZGJSQ0xMOVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni83MjE1NWEtZDEwOS00YzJkLWI5NzQtMTEyOGU1Y2U2YTVi
LzEvVEN1Snc4VjZQaWxxcEFZZWxpaEF2bnJvOEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVepkMA0G
CSqGSIb3DQEBCwUAA4IBAQCEsd64GeOwSkQ+yRu952WStF3JBpHfwSQo+F7sfH5y
ayJg5q8rp9aQkCNy9I0k4hEcg3Sdu8ie2cQ7ZMv5U7aaks6b9D1KKhKvazgehqyj
MK3/qWHHNAtNBOg5SMS0335qqU+mUf5mVniD1TkHFlM7e47B5flSl152cwcbngYn
WAXCp0XyyRp8rmpq2HFL20NiF5eEQTp8Huy4IY0C5Br6fdf52NdKhMm133UreHWA
sRrD6q+RBXf9JmZs0EJGcsteTqh8+kq8KqxfUP2d0HRZmgTQTNQfezNIc4MMDCcM
mCrU0n+/ycNwGlubEh+yjqp1L2THTpDQMPHTezAPjwmP
-----END CERTIFICATE-----