Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/19bd8a-c6f1-42e2-8460-cdab19a3fdeb/1/CBvPXd8nLoqyEbU7A9FiANC3U50.roa
File:                     CBvPXd8nLoqyEbU7A9FiANC3U50.roa (raw, json)
Hash identifier:          HpbvrgjDd2DlSkE1aifhPxK0Je9fTyvzFGYxz98z94k=
Subject key identifier:   08:1B:CF:5D:DF:27:2E:8A:B2:11:B5:3B:03:D1:62:00:D0:B7:53:9D
Certificate issuer:       /CN=e334ec393448d83bf1515f4967a448098e55fb43
Certificate serial:       018CC8DECBD69E0DC7C595B2F4E8C70B7FB2
Authority key identifier: E3:34:EC:39:34:48:D8:3B:F1:51:5F:49:67:A4:48:09:8E:55:FB:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4zTsOTRI2DvxUV9JZ6RICY5V-0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/19bd8a-c6f1-42e2-8460-cdab19a3fdeb/1/CBvPXd8nLoqyEbU7A9FiANC3U50.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62092
IP address blocks:        185.226.164.0/24 maxlen: 24
                          2a0f:d340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/19bd8a-c6f1-42e2-8460-cdab19a3fdeb/1/4zTsOTRI2DvxUV9JZ6RICY5V-0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/19bd8a-c6f1-42e2-8460-cdab19a3fdeb/1/4zTsOTRI2DvxUV9JZ6RICY5V-0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4zTsOTRI2DvxUV9JZ6RICY5V-0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cb:d6:9e:0d:c7:c5:95:b2:f4:e8:c7:0b:7f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e334ec393448d83bf1515f4967a448098e55fb43
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=081bcf5ddf272e8ab211b53b03d16200d0b7539d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:71:57:36:2e:aa:34:8e:53:20:6b:2d:7b:36:
                    16:2c:4f:60:aa:c0:31:31:a6:f1:d2:35:b3:96:37:
                    fb:5a:ea:ea:21:68:35:22:61:bd:e9:53:c7:e8:19:
                    c1:40:e8:a6:ad:f0:58:4e:00:32:f5:97:f3:71:35:
                    a4:59:4f:bb:91:3d:70:6b:44:95:db:6c:5b:45:cd:
                    ed:82:de:86:85:31:86:34:81:c0:71:73:01:8e:62:
                    14:cf:1a:5d:5b:0e:5b:2a:e6:5c:3d:78:5e:f6:61:
                    33:9d:4a:e6:18:7c:c3:cd:eb:20:76:a2:c7:7c:eb:
                    27:4b:be:3c:46:19:7d:c9:cf:4f:76:d8:34:39:35:
                    67:53:3c:89:08:a2:ae:27:15:ee:6a:5e:c9:9a:36:
                    74:8d:4f:20:79:9c:bf:55:40:dd:6f:af:83:d7:eb:
                    2e:2e:e6:35:d0:fc:f5:7a:05:03:75:77:40:d6:3c:
                    d6:59:1a:79:33:2e:79:70:40:ca:3b:76:8f:f7:b2:
                    17:92:71:35:b8:9a:22:6a:6c:04:46:4a:1e:1d:a8:
                    97:d6:7c:f3:57:14:7b:38:26:5a:0d:87:b5:5d:00:
                    55:55:b3:db:5a:c0:92:8d:51:0f:f0:7b:e0:ef:f7:
                    84:25:ac:8a:73:b3:9e:dc:04:75:c7:e9:50:76:9f:
                    27:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:1B:CF:5D:DF:27:2E:8A:B2:11:B5:3B:03:D1:62:00:D0:B7:53:9D
            X509v3 Authority Key Identifier:
                keyid:E3:34:EC:39:34:48:D8:3B:F1:51:5F:49:67:A4:48:09:8E:55:FB:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4zTsOTRI2DvxUV9JZ6RICY5V-0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/19bd8a-c6f1-42e2-8460-cdab19a3fdeb/1/CBvPXd8nLoqyEbU7A9FiANC3U50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/19bd8a-c6f1-42e2-8460-cdab19a3fdeb/1/4zTsOTRI2DvxUV9JZ6RICY5V-0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.164.0/24
                IPv6:
                  2a0f:d340::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:93:68:38:48:81:d8:18:88:7d:ff:1b:98:7a:99:e8:5f:7a:
         1e:1e:89:32:6a:a6:3c:fa:60:b0:69:f8:5d:6b:4c:2e:75:f8:
         d6:1a:34:9e:11:e1:9e:bb:6d:70:5a:d5:21:b8:5c:4a:6b:25:
         a1:42:61:c0:2b:8c:ed:9b:e8:88:c8:57:ab:b7:ab:53:82:fe:
         ea:03:9b:36:d6:ea:3f:dc:c2:6c:8c:8b:4e:26:78:13:29:5f:
         ec:a3:5b:ea:00:77:21:ee:67:da:20:20:af:4a:f3:b0:16:cc:
         4f:0a:cc:85:80:bc:1e:69:3e:42:75:c4:17:27:60:99:1d:7a:
         b0:48:c4:e5:73:66:38:fe:e7:2c:4b:fc:62:fb:c5:d0:12:1b:
         1d:52:3e:8e:6f:7e:cb:2b:00:c4:07:83:48:74:dc:6d:21:ba:
         a0:18:c9:02:b9:9d:3b:e9:b4:22:10:f8:fc:3a:29:c1:cf:3c:
         99:80:52:f9:2a:4b:01:d3:f3:1e:1d:6b:88:a7:03:db:f1:2a:
         c8:22:f6:b8:a4:8c:e4:b1:e3:13:6e:7f:71:ac:e3:c1:7b:6e:
         89:cd:3f:65:9f:7d:76:91:b2:a4:4c:e0:e4:62:4b:f9:47:12:
         35:29:7b:2b:4d:c1:b2:32:e7:49:fc:a4:d0:e3:25:09:f5:74:
         7c:0d:37:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3svWng3HxZWy9OjHC3+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMzRlYzM5MzQ0OGQ4M2JmMTUxNWY0OTY3YTQ0ODA5OGU1
NWZiNDMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFiY2Y1ZGRmMjcyZThhYjIxMWI1M2IwM2QxNjIwMGQwYjc1MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXFXNi6qNI5TIGstezYWLE9gqsAx
Mabx0jWzljf7WurqIWg1ImG96VPH6BnBQOimrfBYTgAy9ZfzcTWkWU+7kT1wa0SV
22xbRc3tgt6GhTGGNIHAcXMBjmIUzxpdWw5bKuZcPXhe9mEznUrmGHzDzesgdqLH
fOsnS748Rhl9yc9Pdtg0OTVnUzyJCKKuJxXual7JmjZ0jU8geZy/VUDdb6+D1+su
LuY10Pz1egUDdXdA1jzWWRp5My55cEDKO3aP97IXknE1uJoiamwERkoeHaiX1nzz
VxR7OCZaDYe1XQBVVbPbWsCSjVEP8Hvg7/eEJayKc7Oe3AR1x+lQdp8nYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAgbz13fJy6KshG1OwPRYgDQt1OdMB8GA1UdIwQY
MBaAFOM07Dk0SNg78VFfSWekSAmOVftDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHpUc09UUkkyRHZ4VVY5Slo2UklDWTVWLTBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8xOWJkOGEtYzZmMS00MmUyLTg0NjAt
Y2RhYjE5YTNmZGViLzEvQ0J2UFhkOG5Mb3F5RWJVN0E5RmlBTkMzVTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8xOWJkOGEtYzZmMS00MmUyLTg0NjAtY2RhYjE5YTNmZGVi
LzEvNHpUc09UUkkyRHZ4VVY5Slo2UklDWTVWLTBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueKkMA0E
AgACMAcDBQMqD9NAMA0GCSqGSIb3DQEBCwUAA4IBAQAUk2g4SIHYGIh9/xuYepno
X3oeHokyaqY8+mCwafhda0wudfjWGjSeEeGeu21wWtUhuFxKayWhQmHAK4ztm+iI
yFert6tTgv7qA5s21uo/3MJsjItOJngTKV/so1vqAHch7mfaICCvSvOwFsxPCsyF
gLweaT5CdcQXJ2CZHXqwSMTlc2Y4/ucsS/xi+8XQEhsdUj6Ob37LKwDEB4NIdNxt
IbqgGMkCuZ076bQiEPj8OinBzzyZgFL5KksB0/MeHWuIpwPb8SrIIva4pIzkseMT
bn9xrOPBe26JzT9ln312kbKkTODkYkv5RxI1KXsrTcGyMudJ/KTQ4yUJ9XR8DTcq
-----END CERTIFICATE-----