Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b2f893-911d-40c0-8ac2-fd3ff35f34a9/1/VstCv-dBL_2wqqM3hYESjVDJ4EA.roa
File:                     VstCv-dBL_2wqqM3hYESjVDJ4EA.roa (raw, json)
Hash identifier:          rC25GS3hnfanQ8DI1X9ZJK2W2XrNu5xwfp7YmonLNxQ=
Subject key identifier:   56:CB:42:BF:E7:41:2F:FD:B0:AA:A3:37:85:81:12:8D:50:C9:E0:40
Certificate issuer:       /CN=5ee4eb9ef8dd3589e232df8fe876f25ce9707a14
Certificate serial:       018CC3490DC44393D677B52F3CE6C16DFBE9
Authority key identifier: 5E:E4:EB:9E:F8:DD:35:89:E2:32:DF:8F:E8:76:F2:5C:E9:70:7A:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuTrnvjdNYniMt-P6HbyXOlwehQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/b2f893-911d-40c0-8ac2-fd3ff35f34a9/1/VstCv-dBL_2wqqM3hYESjVDJ4EA.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35099
IP address blocks:        193.221.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/b2f893-911d-40c0-8ac2-fd3ff35f34a9/1/XuTrnvjdNYniMt-P6HbyXOlwehQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/b2f893-911d-40c0-8ac2-fd3ff35f34a9/1/XuTrnvjdNYniMt-P6HbyXOlwehQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuTrnvjdNYniMt-P6HbyXOlwehQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0d:c4:43:93:d6:77:b5:2f:3c:e6:c1:6d:fb:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee4eb9ef8dd3589e232df8fe876f25ce9707a14
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56cb42bfe7412ffdb0aaa3378581128d50c9e040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:71:94:47:df:de:a0:18:f5:dc:12:68:6f:1d:
                    af:d2:eb:cd:27:90:da:97:98:84:02:5b:58:5b:c3:
                    48:39:af:7b:a4:e2:45:31:ea:49:92:c6:88:67:71:
                    20:d6:a8:51:df:fc:d9:cd:4a:dc:c6:7d:af:91:a0:
                    05:dd:36:ad:8f:c7:fb:f8:2e:e4:23:4a:56:6a:f6:
                    fe:63:17:69:83:01:da:bd:18:80:6d:b3:ca:b7:91:
                    91:95:9e:4c:fb:70:80:36:45:65:8c:6e:88:08:59:
                    92:a5:4b:98:63:cf:7b:11:61:cc:91:e6:d2:f0:0c:
                    1b:ce:be:5e:35:b7:a0:aa:0f:d7:96:bd:b5:3f:af:
                    32:c4:12:45:2f:13:d9:3b:2f:ea:ef:f9:83:70:e8:
                    02:66:9c:86:71:44:ff:7f:eb:76:bb:1e:0c:fa:49:
                    fd:6c:cb:4f:e7:82:08:54:57:51:c4:61:db:c0:dc:
                    af:af:33:07:69:07:a0:1f:34:c3:f0:bf:8b:39:70:
                    73:68:2e:62:fa:3c:21:cd:34:78:c6:f2:05:4d:fc:
                    5a:2f:69:89:4c:fe:ca:56:c3:ba:67:5d:a9:8f:81:
                    c7:99:ce:cc:c9:09:51:66:f9:ae:00:6e:cc:3e:2a:
                    3a:a2:c2:be:7a:0e:d9:a3:77:4f:10:9b:db:aa:9d:
                    0f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:CB:42:BF:E7:41:2F:FD:B0:AA:A3:37:85:81:12:8D:50:C9:E0:40
            X509v3 Authority Key Identifier:
                keyid:5E:E4:EB:9E:F8:DD:35:89:E2:32:DF:8F:E8:76:F2:5C:E9:70:7A:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuTrnvjdNYniMt-P6HbyXOlwehQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b2f893-911d-40c0-8ac2-fd3ff35f34a9/1/VstCv-dBL_2wqqM3hYESjVDJ4EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b2f893-911d-40c0-8ac2-fd3ff35f34a9/1/XuTrnvjdNYniMt-P6HbyXOlwehQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:63:b3:c1:0b:52:cb:f3:56:e3:f9:8a:0c:95:51:55:78:2a:
         d4:97:98:6d:8b:2f:b2:0f:67:49:0f:52:05:2e:a4:c2:87:47:
         7d:02:16:ef:42:14:8a:48:de:c3:90:99:af:e2:4a:b6:88:b3:
         0d:0b:be:39:07:1d:f9:31:f5:95:81:d0:e5:5f:17:1f:ea:f0:
         fe:79:ac:85:b8:c0:cf:ff:5b:ee:fb:b8:7e:a7:3f:fa:b7:b1:
         1f:a5:25:e7:13:55:77:58:9e:d0:48:01:89:55:e5:3a:dc:55:
         f9:34:99:59:5c:50:ff:85:04:60:7e:39:a5:f8:f0:88:bc:07:
         88:43:f0:4d:97:f3:2d:f0:56:0e:38:39:8b:96:2a:df:a0:3c:
         80:08:08:60:1a:e6:1c:8d:4d:4e:68:c8:7a:5c:20:fb:53:0f:
         1b:ca:b3:a4:31:31:f7:54:85:fe:83:e6:0f:7b:e8:d2:b3:c6:
         50:66:ca:b7:38:4c:4a:d3:80:45:cc:7f:ab:35:a9:17:3f:2c:
         44:cf:cf:32:1d:5b:c4:80:9f:4f:cc:20:98:67:e9:79:62:97:
         92:35:32:07:99:4f:08:23:66:86:ba:1c:5a:01:c1:4d:b6:b1:
         cf:64:bb:30:9c:ca:30:07:f1:cd:3e:0f:19:86:87:2d:5d:c6:
         d1:da:3a:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQ3EQ5PWd7UvPObBbfvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTRlYjllZjhkZDM1ODllMjMyZGY4ZmU4NzZmMjVjZTk3
MDdhMTQwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmNiNDJiZmU3NDEyZmZkYjBhYWEzMzc4NTgxMTI4ZDUwYzllMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3GUR9/eoBj13BJobx2v0uvNJ5Da
l5iEAltYW8NIOa97pOJFMepJksaIZ3Eg1qhR3/zZzUrcxn2vkaAF3Tatj8f7+C7k
I0pWavb+YxdpgwHavRiAbbPKt5GRlZ5M+3CANkVljG6ICFmSpUuYY897EWHMkebS
8Awbzr5eNbegqg/Xlr21P68yxBJFLxPZOy/q7/mDcOgCZpyGcUT/f+t2ux4M+kn9
bMtP54IIVFdRxGHbwNyvrzMHaQegHzTD8L+LOXBzaC5i+jwhzTR4xvIFTfxaL2mJ
TP7KVsO6Z12pj4HHmc7MyQlRZvmuAG7MPio6osK+eg7Zo3dPEJvbqp0PhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbLQr/nQS/9sKqjN4WBEo1QyeBAMB8GA1UdIwQY
MBaAFF7k65743TWJ4jLfj+h28lzpcHoUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVUcm52amROWW5pTXQtUDZIYnlYT2x3ZWhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9iMmY4OTMtOTExZC00MGMwLThhYzIt
ZmQzZmYzNWYzNGE5LzEvVnN0Q3YtZEJMXzJ3cXFNM2hZRVNqVkRKNEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9iMmY4OTMtOTExZC00MGMwLThhYzItZmQzZmYzNWYzNGE5
LzEvWHVUcm52amROWW5pTXQtUDZIYnlYT2x3ZWhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd1zMA0G
CSqGSIb3DQEBCwUAA4IBAQACY7PBC1LL81bj+YoMlVFVeCrUl5htiy+yD2dJD1IF
LqTCh0d9AhbvQhSKSN7DkJmv4kq2iLMNC745Bx35MfWVgdDlXxcf6vD+eayFuMDP
/1vu+7h+pz/6t7EfpSXnE1V3WJ7QSAGJVeU63FX5NJlZXFD/hQRgfjml+PCIvAeI
Q/BNl/Mt8FYOODmLlirfoDyACAhgGuYcjU1OaMh6XCD7Uw8byrOkMTH3VIX+g+YP
e+jSs8ZQZsq3OExK04BFzH+rNakXPyxEz88yHVvEgJ9PzCCYZ+l5YpeSNTIHmU8I
I2aGuhxaAcFNtrHPZLswnMowB/HNPg8ZhoctXcbR2jpp
-----END CERTIFICATE-----