Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/858454-a18d-4040-ab3c-ca8fba595d4f/1/JnqW-wWsSqtmrRAX52rymVykelo.roa
File:                     JnqW-wWsSqtmrRAX52rymVykelo.roa (raw, json)
Hash identifier:          abQkRRm5kyNwl/qgM/djUCT0XG/kbmD4uyoSc9njhPI=
Subject key identifier:   26:7A:96:FB:05:AC:4A:AB:66:AD:10:17:E7:6A:F2:99:5C:A4:7A:5A
Certificate issuer:       /CN=46649b57b817ec143ddcb7d7712c22bb1f28ac75
Certificate serial:       018CC7952F87A496933FACF39E6D03CFED46
Authority key identifier: 46:64:9B:57:B8:17:EC:14:3D:DC:B7:D7:71:2C:22:BB:1F:28:AC:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RmSbV7gX7BQ93LfXcSwiux8orHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/858454-a18d-4040-ab3c-ca8fba595d4f/1/JnqW-wWsSqtmrRAX52rymVykelo.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207187
IP address blocks:        185.214.116.0/22 maxlen: 22
                          2a0b:99c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/858454-a18d-4040-ab3c-ca8fba595d4f/1/RmSbV7gX7BQ93LfXcSwiux8orHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/858454-a18d-4040-ab3c-ca8fba595d4f/1/RmSbV7gX7BQ93LfXcSwiux8orHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RmSbV7gX7BQ93LfXcSwiux8orHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2f:87:a4:96:93:3f:ac:f3:9e:6d:03:cf:ed:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46649b57b817ec143ddcb7d7712c22bb1f28ac75
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=267a96fb05ac4aab66ad1017e76af2995ca47a5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:52:b3:92:4b:73:e0:d1:1f:b6:e1:ba:f9:ef:
                    bc:9a:06:dd:a1:ed:b2:19:5d:64:6d:a7:09:e9:ff:
                    61:1e:d0:c2:8d:0d:b9:7a:1a:f5:60:24:7e:42:80:
                    bd:dd:36:84:ae:ae:94:56:89:a3:6e:a4:0e:63:7f:
                    6e:21:53:b1:fa:a3:79:e6:c8:e3:00:1e:ef:ac:c5:
                    e5:49:b8:ca:06:eb:f8:b4:a3:d8:38:d0:70:1d:54:
                    8c:64:40:bf:0d:31:01:36:af:b2:8e:7e:66:ec:03:
                    cd:79:04:ee:5e:2f:94:89:7f:08:be:31:23:45:49:
                    70:0f:45:fb:12:b4:98:5b:30:0a:e0:4c:f3:6c:3c:
                    21:5f:16:ff:dc:6c:19:68:dd:de:6c:b8:4a:ce:e7:
                    1f:1d:43:e7:29:af:90:52:5b:a8:24:e1:80:44:e0:
                    48:3d:d4:4a:93:4c:7b:73:f9:31:e9:67:9d:1a:ba:
                    6d:25:c4:68:2c:8c:80:b0:78:27:9b:42:fe:37:c7:
                    76:2d:e7:ed:02:fb:c2:21:a5:be:29:09:38:5b:a4:
                    16:46:3b:c6:ee:81:bf:e9:2b:43:d0:23:3b:71:ae:
                    6a:91:dd:5f:0e:3e:3d:b4:6d:8d:93:9b:42:81:44:
                    57:ec:5c:c4:75:d4:0b:f9:10:1a:59:24:bf:1b:b2:
                    e6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7A:96:FB:05:AC:4A:AB:66:AD:10:17:E7:6A:F2:99:5C:A4:7A:5A
            X509v3 Authority Key Identifier:
                keyid:46:64:9B:57:B8:17:EC:14:3D:DC:B7:D7:71:2C:22:BB:1F:28:AC:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RmSbV7gX7BQ93LfXcSwiux8orHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/858454-a18d-4040-ab3c-ca8fba595d4f/1/JnqW-wWsSqtmrRAX52rymVykelo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/858454-a18d-4040-ab3c-ca8fba595d4f/1/RmSbV7gX7BQ93LfXcSwiux8orHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.116.0/22
                IPv6:
                  2a0b:99c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:e9:b3:89:fb:a2:58:d2:1b:7d:1b:4e:df:54:36:6d:01:0f:
         08:8d:6d:c4:09:ad:75:d2:7b:30:64:a5:52:50:ff:99:14:a3:
         0f:3c:c2:a2:2e:a1:85:da:39:30:76:15:71:ed:74:6a:06:72:
         88:08:83:ec:f2:99:4a:5c:2f:e8:be:e5:48:be:82:d2:10:b0:
         55:80:99:53:57:27:f1:a6:f2:48:1e:d6:9f:6b:da:f3:62:5b:
         01:9e:2b:d3:b1:2e:c8:fa:d8:2c:8f:cd:04:5c:4b:b6:ab:56:
         ba:ba:00:72:3f:35:e1:dd:5b:cf:28:1f:58:e8:dd:47:37:a5:
         dd:e3:79:0c:d0:38:07:24:78:c6:a9:6b:2b:b9:01:4b:ec:7f:
         1b:ad:91:0d:a1:86:f0:a2:d4:34:28:1f:fb:59:5f:6a:73:f6:
         7d:50:87:77:be:b8:57:93:bf:ba:21:4a:41:d7:2e:c8:24:bf:
         6e:e4:b0:0a:b3:9d:f0:93:56:47:a7:b7:d7:78:b9:20:d9:ac:
         8e:c2:6c:b3:19:8e:16:77:c9:e7:be:db:e3:0e:3b:1c:c6:7f:
         aa:34:69:2c:56:07:72:98:c1:c5:27:19:bb:98:4e:21:d9:d6:
         54:b6:04:19:1b:da:0b:3b:5a:b5:1d:1f:a2:a9:d2:2e:09:bf:
         4c:10:cf:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlS+HpJaTP6zznm0Dz+1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NjQ5YjU3YjgxN2VjMTQzZGRjYjdkNzcxMmMyMmJiMWYy
OGFjNzUwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdhOTZmYjA1YWM0YWFiNjZhZDEwMTdlNzZhZjI5OTVjYTQ3YTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4FKzkktz4NEftuG6+e+8mgbdoe2y
GV1kbacJ6f9hHtDCjQ25ehr1YCR+QoC93TaErq6UVomjbqQOY39uIVOx+qN55sjj
AB7vrMXlSbjKBuv4tKPYONBwHVSMZEC/DTEBNq+yjn5m7APNeQTuXi+UiX8IvjEj
RUlwD0X7ErSYWzAK4EzzbDwhXxb/3GwZaN3ebLhKzucfHUPnKa+QUluoJOGAROBI
PdRKk0x7c/kx6WedGrptJcRoLIyAsHgnm0L+N8d2LeftAvvCIaW+KQk4W6QWRjvG
7oG/6StD0CM7ca5qkd1fDj49tG2Nk5tCgURX7FzEddQL+RAaWSS/G7LmaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCZ6lvsFrEqrZq0QF+dq8plcpHpaMB8GA1UdIwQY
MBaAFEZkm1e4F+wUPdy313EsIrsfKKx1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm1TYlY3Z1g3QlE5M0xmWGNTd2l1eDhvckhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84NTg0NTQtYTE4ZC00MDQwLWFiM2Mt
Y2E4ZmJhNTk1ZDRmLzEvSm5xVy13V3NTcXRtclJBWDUycnltVnlrZWxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84NTg0NTQtYTE4ZC00MDQwLWFiM2MtY2E4ZmJhNTk1ZDRm
LzEvUm1TYlY3Z1g3QlE5M0xmWGNTd2l1eDhvckhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudZ0MA0E
AgACMAcDBQMqC5nAMA0GCSqGSIb3DQEBCwUAA4IBAQBk6bOJ+6JY0ht9G07fVDZt
AQ8IjW3ECa110nswZKVSUP+ZFKMPPMKiLqGF2jkwdhVx7XRqBnKICIPs8plKXC/o
vuVIvoLSELBVgJlTVyfxpvJIHtafa9rzYlsBnivTsS7I+tgsj80EXEu2q1a6ugBy
PzXh3VvPKB9Y6N1HN6Xd43kM0DgHJHjGqWsruQFL7H8brZENoYbwotQ0KB/7WV9q
c/Z9UId3vrhXk7+6IUpB1y7IJL9u5LAKs53wk1ZHp7fXeLkg2ayOwmyzGY4Wd8nn
vtvjDjscxn+qNGksVgdymMHFJxm7mE4h2dZUtgQZG9oLO1q1HR+iqdIuCb9MEM8N
-----END CERTIFICATE-----