Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/2be009-1ef1-4d57-8f01-7e184b070bbd/1/vny5SSGFLkgks6jrW-yr8ubc0Y8.roa
File:                     vny5SSGFLkgks6jrW-yr8ubc0Y8.roa (raw, json)
Hash identifier:          ePhFxYPBduxM1ShYSm/8SZvyNFN3mfM+BwXSPMZGmH4=
Subject key identifier:   BE:7C:B9:49:21:85:2E:48:24:B3:A8:EB:5B:EC:AB:F2:E6:DC:D1:8F
Certificate issuer:       /CN=ce46ea629afb0c2d54200b5a65727be18cbb45a4
Certificate serial:       018CC9BCB599CF93E5268179C399C111E7F3
Authority key identifier: CE:46:EA:62:9A:FB:0C:2D:54:20:0B:5A:65:72:7B:E1:8C:BB:45:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zkbqYpr7DC1UIAtaZXJ74Yy7RaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/2be009-1ef1-4d57-8f01-7e184b070bbd/1/vny5SSGFLkgks6jrW-yr8ubc0Y8.roa
Signing time:             Tue 02 Jan 2024 10:33:56 +0000
ROA not before:           Tue 02 Jan 2024 10:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206854
IP address blocks:        185.172.214.0/24 maxlen: 24
                          185.172.215.0/24 maxlen: 24
                          185.172.213.0/24 maxlen: 24
                          185.172.212.0/24 maxlen: 24
                          185.172.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/2be009-1ef1-4d57-8f01-7e184b070bbd/1/zkbqYpr7DC1UIAtaZXJ74Yy7RaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/2be009-1ef1-4d57-8f01-7e184b070bbd/1/zkbqYpr7DC1UIAtaZXJ74Yy7RaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zkbqYpr7DC1UIAtaZXJ74Yy7RaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b5:99:cf:93:e5:26:81:79:c3:99:c1:11:e7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce46ea629afb0c2d54200b5a65727be18cbb45a4
        Validity
            Not Before: Jan  2 10:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be7cb94921852e4824b3a8eb5becabf2e6dcd18f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cd:51:c1:9b:18:65:d0:ff:15:82:e7:bc:f1:
                    a5:fb:1d:17:bc:77:e6:2d:cc:c4:5e:9c:9b:ef:5a:
                    4a:54:3a:29:7c:4c:2c:2b:6c:87:ed:be:46:aa:4e:
                    c1:da:a6:1d:cc:fc:59:8b:91:0c:92:52:10:30:3b:
                    37:91:b1:fa:76:df:a5:4c:62:7d:49:29:55:f9:53:
                    e7:80:66:cb:03:21:16:0b:ae:c6:ea:d8:cb:fb:32:
                    54:5b:27:ba:6e:23:76:5d:68:57:69:c5:5d:9e:0a:
                    cb:8f:ae:f5:1d:97:4e:30:cf:84:4c:6f:d9:aa:25:
                    a3:c5:c6:d2:d1:6d:85:e4:c5:03:79:ab:11:df:a0:
                    ed:38:36:33:f7:01:92:c0:29:d8:b0:d9:18:fc:c1:
                    30:2b:59:23:dc:01:2d:49:8e:e6:98:f8:b4:ba:99:
                    f5:27:9d:44:89:af:31:5f:5c:94:38:a2:4d:6c:2d:
                    fe:a0:96:7a:b8:3b:65:15:52:88:b0:cc:4e:92:91:
                    e2:0b:1f:b3:ed:fc:a2:cf:54:ad:c8:1b:94:4a:13:
                    ea:a9:60:90:1b:8f:d4:7d:ec:e1:a5:73:bb:a5:36:
                    f1:4b:b6:bf:a2:74:f4:97:a0:32:45:04:e3:56:40:
                    0c:e7:cc:de:28:b1:73:5e:a2:d9:6f:4e:44:0d:ae:
                    05:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:7C:B9:49:21:85:2E:48:24:B3:A8:EB:5B:EC:AB:F2:E6:DC:D1:8F
            X509v3 Authority Key Identifier:
                keyid:CE:46:EA:62:9A:FB:0C:2D:54:20:0B:5A:65:72:7B:E1:8C:BB:45:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zkbqYpr7DC1UIAtaZXJ74Yy7RaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2be009-1ef1-4d57-8f01-7e184b070bbd/1/vny5SSGFLkgks6jrW-yr8ubc0Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2be009-1ef1-4d57-8f01-7e184b070bbd/1/zkbqYpr7DC1UIAtaZXJ74Yy7RaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:8b:79:6a:e9:a4:9d:70:57:2f:3f:e1:0e:e9:07:46:59:ab:
         74:59:34:3a:fb:bd:de:62:ba:2d:55:13:88:ff:4d:7e:4a:6a:
         47:34:e2:92:e1:6a:41:3a:48:b1:c1:2e:74:b4:7c:03:98:bc:
         c7:46:63:9e:8c:97:fa:2d:fd:65:f4:d8:79:c4:82:3e:42:9d:
         1f:77:46:cf:b7:22:3f:1f:2a:8a:64:6a:37:03:f8:05:c3:c7:
         55:f4:9d:72:23:46:ba:1c:54:bc:36:4d:cd:97:0d:8c:49:55:
         55:47:6a:b2:a6:56:f9:06:71:87:af:93:57:77:42:35:c3:52:
         75:7c:2e:6d:c6:32:9a:34:ab:18:4a:93:c7:e6:91:a9:bd:18:
         d1:bc:10:30:70:6c:f0:c9:82:08:b5:b0:d1:a4:60:69:01:2e:
         3f:6f:88:18:84:81:cf:c2:f4:62:d6:2a:41:60:9b:6c:19:38:
         f4:1f:a2:f6:b2:96:22:9a:da:e8:54:db:4a:f7:3d:6a:75:35:
         26:59:8d:c6:f4:fd:b1:40:81:78:31:61:c1:bc:98:40:ca:9f:
         48:0e:61:18:fe:a0:8c:37:57:bd:66:d5:de:ca:37:62:f6:c4:
         95:9f:0e:eb:30:10:c4:fa:fc:9c:36:02:a2:44:1c:e3:40:f0:
         99:4a:68:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvLWZz5PlJoF5w5nBEefzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNDZlYTYyOWFmYjBjMmQ1NDIwMGI1YTY1NzI3YmUxOGNi
YjQ1YTQwHhcNMjQwMTAyMTAzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTdjYjk0OTIxODUyZTQ4MjRiM2E4ZWI1YmVjYWJmMmU2ZGNkMThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc1RwZsYZdD/FYLnvPGl+x0XvHfm
LczEXpyb71pKVDopfEwsK2yH7b5Gqk7B2qYdzPxZi5EMklIQMDs3kbH6dt+lTGJ9
SSlV+VPngGbLAyEWC67G6tjL+zJUWye6biN2XWhXacVdngrLj671HZdOMM+ETG/Z
qiWjxcbS0W2F5MUDeasR36DtODYz9wGSwCnYsNkY/MEwK1kj3AEtSY7mmPi0upn1
J51Eia8xX1yUOKJNbC3+oJZ6uDtlFVKIsMxOkpHiCx+z7fyiz1StyBuUShPqqWCQ
G4/UfezhpXO7pTbxS7a/onT0l6AyRQTjVkAM58zeKLFzXqLZb05EDa4FYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL58uUkhhS5IJLOo61vsq/Lm3NGPMB8GA1UdIwQY
MBaAFM5G6mKa+wwtVCALWmVye+GMu0WkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemticVlwcjdEQzFVSUF0YVpYSjc0WXk3UmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yYmUwMDktMWVmMS00ZDU3LThmMDEt
N2UxODRiMDcwYmJkLzEvdm55NVNTR0ZMa2drczZqclcteXI4dWJjMFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yYmUwMDktMWVmMS00ZDU3LThmMDEtN2UxODRiMDcwYmJk
LzEvemticVlwcjdEQzFVSUF0YVpYSjc0WXk3UmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuazUMA0G
CSqGSIb3DQEBCwUAA4IBAQAvi3lq6aSdcFcvP+EO6QdGWat0WTQ6+73eYrotVROI
/01+SmpHNOKS4WpBOkixwS50tHwDmLzHRmOejJf6Lf1l9Nh5xII+Qp0fd0bPtyI/
HyqKZGo3A/gFw8dV9J1yI0a6HFS8Nk3Nlw2MSVVVR2qyplb5BnGHr5NXd0I1w1J1
fC5txjKaNKsYSpPH5pGpvRjRvBAwcGzwyYIItbDRpGBpAS4/b4gYhIHPwvRi1ipB
YJtsGTj0H6L2spYimtroVNtK9z1qdTUmWY3G9P2xQIF4MWHBvJhAyp9IDmEY/qCM
N1e9ZtXeyjdi9sSVnw7rMBDE+vycNgKiRBzjQPCZSmht
-----END CERTIFICATE-----