Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/CyfKJlWtfzN3cnDaJ-KcOAI9saA.roa
File:                     CyfKJlWtfzN3cnDaJ-KcOAI9saA.roa (raw, json)
Hash identifier:          qp4OJrcK3KdVfUhZkiOrF99LH4Y6mSKKpAjpgb2jF6s=
Subject key identifier:   0B:27:CA:26:55:AD:7F:33:77:72:70:DA:27:E2:9C:38:02:3D:B1:A0
Certificate issuer:       /CN=49bf32abf77f412c210f409822d1398ec3beda9b
Certificate serial:       018CC4253C5B34809C17232BB44F4900D0B9
Authority key identifier: 49:BF:32:AB:F7:7F:41:2C:21:0F:40:98:22:D1:39:8E:C3:BE:DA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sb8yq_d_QSwhD0CYItE5jsO-2ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/CyfKJlWtfzN3cnDaJ-KcOAI9saA.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205606
IP address blocks:        185.212.142.0/24 maxlen: 24
                          185.212.141.0/24 maxlen: 24
                          185.212.143.0/24 maxlen: 24
                          185.212.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/Sb8yq_d_QSwhD0CYItE5jsO-2ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/Sb8yq_d_QSwhD0CYItE5jsO-2ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sb8yq_d_QSwhD0CYItE5jsO-2ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3c:5b:34:80:9c:17:23:2b:b4:4f:49:00:d0:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bf32abf77f412c210f409822d1398ec3beda9b
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b27ca2655ad7f33777270da27e29c38023db1a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:03:77:1f:f3:f3:8c:3e:26:c0:37:08:03:d5:
                    76:99:c2:9a:fc:c3:99:d1:f9:c1:e5:0d:04:eb:c1:
                    c6:99:6d:46:c6:30:de:88:34:e9:5a:ab:bc:66:ab:
                    fe:e4:58:5b:11:39:d4:00:a8:cd:a5:5a:f5:3a:d5:
                    9b:1c:ab:22:f7:0a:cc:a7:de:82:35:2b:26:30:a2:
                    d9:c6:7d:24:37:0f:78:f7:34:18:51:5b:03:30:83:
                    82:4d:55:4a:9d:d4:5c:0b:e4:bd:db:c3:99:74:5b:
                    9b:17:d4:c6:47:c8:cd:5a:ed:04:9d:0a:14:61:1c:
                    00:4a:b3:21:76:ec:41:95:1b:26:cd:65:ec:64:70:
                    44:60:7a:6a:43:9e:44:91:4d:b3:06:f9:39:23:62:
                    42:33:f3:4c:54:eb:6c:ea:63:bc:59:48:3d:30:cf:
                    af:3e:9d:52:c1:a4:e2:81:42:6d:cf:46:05:7d:06:
                    dd:d1:6a:84:99:32:c8:de:f7:d9:08:e4:d7:e3:a3:
                    d4:fa:1b:43:06:f8:2d:66:7f:6e:22:08:10:dc:f0:
                    17:75:f3:25:50:f0:27:4c:63:3c:6c:5e:49:76:32:
                    2f:58:4f:f9:49:01:40:2f:29:68:49:79:6c:9d:64:
                    67:1f:03:9a:c1:e1:4d:80:56:57:26:5e:b3:6b:c5:
                    28:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:27:CA:26:55:AD:7F:33:77:72:70:DA:27:E2:9C:38:02:3D:B1:A0
            X509v3 Authority Key Identifier:
                keyid:49:BF:32:AB:F7:7F:41:2C:21:0F:40:98:22:D1:39:8E:C3:BE:DA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sb8yq_d_QSwhD0CYItE5jsO-2ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/CyfKJlWtfzN3cnDaJ-KcOAI9saA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/Sb8yq_d_QSwhD0CYItE5jsO-2ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:41:4b:e4:e4:76:53:3b:6a:fa:6d:33:c7:c7:b9:f6:aa:e6:
         08:ca:5b:3d:7b:cc:9b:f0:80:d0:d7:35:1c:6e:3f:6d:06:2f:
         c8:bc:14:db:34:54:57:2f:44:0d:c2:1d:f9:67:a5:88:2b:72:
         9f:db:c0:38:8a:7b:00:3f:25:81:92:4f:51:dd:8b:4d:c0:35:
         1a:6f:46:5f:b9:ee:69:8e:41:65:bf:66:69:aa:c9:46:94:23:
         48:40:3a:fa:0c:bc:12:07:c9:67:51:18:d5:ca:66:a3:8a:00:
         1c:97:5e:7b:b2:8c:27:47:c3:01:56:b4:9f:ba:fc:b9:c5:58:
         b7:f9:8e:d9:fc:29:43:27:62:9d:6a:69:ed:fd:10:b8:7c:e5:
         62:84:0f:46:aa:b0:a1:5f:ca:d8:93:dc:7a:79:ca:1d:a8:48:
         a3:61:5b:d5:4d:a9:eb:1c:47:8c:27:24:1b:39:ef:b5:0e:18:
         37:a9:9b:5f:2e:8c:a4:6c:16:6f:e0:75:5f:2a:b1:5e:1e:23:
         17:83:06:9f:15:4a:af:40:f5:37:db:d6:a7:b5:52:a4:ca:95:
         d7:b6:3b:cf:23:c4:1e:33:66:ef:de:04:93:fe:75:06:4c:46:
         f5:14:2b:c9:6b:a3:75:94:e0:57:8a:f5:3a:71:60:c8:1c:d9:
         8f:72:bc:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTxbNICcFyMrtE9JANC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YmYzMmFiZjc3ZjQxMmMyMTBmNDA5ODIyZDEzOThlYzNi
ZWRhOWIwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjI3Y2EyNjU1YWQ3ZjMzNzc3MjcwZGEyN2UyOWMzODAyM2RiMWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6AN3H/PzjD4mwDcIA9V2mcKa/MOZ
0fnB5Q0E68HGmW1GxjDeiDTpWqu8Zqv+5FhbETnUAKjNpVr1OtWbHKsi9wrMp96C
NSsmMKLZxn0kNw949zQYUVsDMIOCTVVKndRcC+S928OZdFubF9TGR8jNWu0EnQoU
YRwASrMhduxBlRsmzWXsZHBEYHpqQ55EkU2zBvk5I2JCM/NMVOts6mO8WUg9MM+v
Pp1SwaTigUJtz0YFfQbd0WqEmTLI3vfZCOTX46PU+htDBvgtZn9uIggQ3PAXdfMl
UPAnTGM8bF5JdjIvWE/5SQFALyloSXlsnWRnHwOaweFNgFZXJl6za8UoKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsnyiZVrX8zd3Jw2ifinDgCPbGgMB8GA1UdIwQY
MBaAFEm/Mqv3f0EsIQ9AmCLROY7DvtqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2I4eXFfZF9RU3doRDBDWUl0RTVqc08tMnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi83M2NkZDAtMDY0OS00ZmU5LTk5NzEt
MGJlNjMzN2JmNmI2LzEvQ3lmS0psV3Rmek4zY25EYUotS2NPQUk5c2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi83M2NkZDAtMDY0OS00ZmU5LTk5NzEtMGJlNjMzN2JmNmI2
LzEvU2I4eXFfZF9RU3doRDBDWUl0RTVqc08tMnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudSMMA0G
CSqGSIb3DQEBCwUAA4IBAQAzQUvk5HZTO2r6bTPHx7n2quYIyls9e8yb8IDQ1zUc
bj9tBi/IvBTbNFRXL0QNwh35Z6WIK3Kf28A4insAPyWBkk9R3YtNwDUab0Zfue5p
jkFlv2ZpqslGlCNIQDr6DLwSB8lnURjVymajigAcl157sownR8MBVrSfuvy5xVi3
+Y7Z/ClDJ2Kdamnt/RC4fOVihA9GqrChX8rYk9x6ecodqEijYVvVTanrHEeMJyQb
Oe+1Dhg3qZtfLoykbBZv4HVfKrFeHiMXgwafFUqvQPU329antVKkypXXtjvPI8Qe
M2bv3gST/nUGTEb1FCvJa6N1lOBXivU6cWDIHNmPcryO
-----END CERTIFICATE-----