Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/VyPYm1URyKBFbzmD-t4F8CsfLWU.roa
File:                     VyPYm1URyKBFbzmD-t4F8CsfLWU.roa (raw, json)
Hash identifier:          hv4G0HOjy3ChN68G5DFRNjGaZc0ZFeHK/d/4UqN+IKo=
Subject key identifier:   57:23:D8:9B:55:11:C8:A0:45:6F:39:83:FA:DE:05:F0:2B:1F:2D:65
Certificate issuer:       /CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
Certificate serial:       018CC6B8EE5843EEA37B8E460466913CB325
Authority key identifier: 8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/VyPYm1URyKBFbzmD-t4F8CsfLWU.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207207
IP address blocks:        185.32.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ee:58:43:ee:a3:7b:8e:46:04:66:91:3c:b3:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5723d89b5511c8a0456f3983fade05f02b1f2d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:78:c6:ff:04:86:83:dd:f1:7e:34:6e:7b:08:
                    60:41:3f:02:48:91:51:8d:aa:16:fd:02:b3:f3:fe:
                    ea:9d:29:3b:e3:77:1d:86:1b:73:91:5f:fb:4e:9b:
                    ef:97:36:9b:8a:a7:f3:d1:03:05:61:41:0d:08:ba:
                    ef:f6:de:4b:75:e4:fa:68:99:fb:6b:e5:5e:73:08:
                    da:50:e6:96:3f:7f:89:de:4c:af:86:38:36:c8:85:
                    fb:8d:83:2f:9c:88:25:e3:44:e2:3b:d1:c6:bb:a6:
                    66:26:b7:4b:2b:3a:5f:b3:96:b7:cd:89:bf:82:09:
                    7f:62:43:ce:66:a3:ec:95:26:7a:21:52:77:69:2c:
                    e7:6a:49:61:95:fb:47:3d:b8:5c:93:c3:09:f1:ef:
                    05:73:2e:f2:09:90:91:af:fd:d9:99:ed:d0:19:c1:
                    ed:af:77:03:68:49:5f:59:3c:a4:99:3a:ed:49:9d:
                    0d:e2:e0:b7:96:0e:01:cd:b3:31:5d:2b:1d:8e:c8:
                    8e:60:f9:43:5b:93:b2:1c:1a:cc:d8:99:a6:24:eb:
                    ff:21:8e:d5:d0:0b:a1:c1:a6:f3:e7:ee:74:b5:ee:
                    26:7d:a3:88:f0:f0:11:e5:a4:d4:2a:bf:2a:1d:b9:
                    e7:05:25:19:33:85:d4:21:61:b7:58:e8:6f:fa:19:
                    ca:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:23:D8:9B:55:11:C8:A0:45:6F:39:83:FA:DE:05:F0:2B:1F:2D:65
            X509v3 Authority Key Identifier:
                keyid:8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/VyPYm1URyKBFbzmD-t4F8CsfLWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:92:16:14:92:3d:58:1e:e9:0e:cd:1f:9f:1a:02:b8:89:0e:
         5b:f5:fc:92:6f:da:37:59:d3:e2:81:68:3e:7d:ee:4d:98:34:
         a0:d5:47:a1:88:2b:f3:ba:ab:2b:bd:d0:1e:75:7a:e4:a9:6a:
         14:6e:ce:25:8f:ef:57:71:0c:4d:1c:3c:c5:01:67:67:e3:cc:
         7e:df:77:a4:3c:b3:6f:65:2b:9b:2c:2d:a7:b9:5c:c3:f3:f6:
         fd:6d:b4:77:0c:5d:9d:dd:29:9f:22:a7:7e:e4:d6:cc:d7:f9:
         4a:2c:fa:74:0c:82:30:ec:51:69:c7:c7:b2:0e:0e:8b:aa:3e:
         be:0c:d4:00:49:a5:45:ec:2e:7d:c9:2b:a4:80:fa:78:14:00:
         2a:9b:ba:05:05:04:f5:cd:04:27:c9:b2:7b:17:d4:6e:52:ec:
         99:d3:b7:52:23:d6:60:ea:6a:2b:eb:c3:af:e9:04:ac:e3:42:
         00:f3:ab:2f:4b:d1:3f:cf:ba:4e:1a:62:78:e8:99:0a:12:0b:
         ae:b6:db:e7:b5:5b:36:62:78:a7:11:00:86:f8:ab:68:73:61:
         3c:b5:7a:da:67:35:35:17:9a:a2:7c:ce:81:fa:85:5b:90:52:
         e5:f5:13:17:50:d2:96:0f:a6:81:37:a1:ef:87:5b:20:07:d6:
         18:83:82:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuO5YQ+6je45GBGaRPLMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQ0MDRlNWY4YTRiMTE3YWU0NGU3M2Q1M2M0NGVjZGQ1
NzgzNDIwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzIzZDg5YjU1MTFjOGEwNDU2ZjM5ODNmYWRlMDVmMDJiMWYyZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHjG/wSGg93xfjRuewhgQT8CSJFR
jaoW/QKz8/7qnSk743cdhhtzkV/7Tpvvlzabiqfz0QMFYUENCLrv9t5LdeT6aJn7
a+VecwjaUOaWP3+J3kyvhjg2yIX7jYMvnIgl40TiO9HGu6ZmJrdLKzpfs5a3zYm/
ggl/YkPOZqPslSZ6IVJ3aSznaklhlftHPbhck8MJ8e8Fcy7yCZCRr/3Zme3QGcHt
r3cDaElfWTykmTrtSZ0N4uC3lg4BzbMxXSsdjsiOYPlDW5OyHBrM2JmmJOv/IY7V
0Auhwabz5+50te4mfaOI8PAR5aTUKr8qHbnnBSUZM4XUIWG3WOhv+hnK1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcj2JtVEcigRW85g/reBfArHy1lMB8GA1UdIwQY
MBaAFI2EQE5fiksReuROc9U8ROzdV4NCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjkt
MmNkOThlZTUzNTY5LzEvVnlQWW0xVVJ5S0JGYnptRC10NEY4Q3NmTFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjktMmNkOThlZTUzNTY5
LzEvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSC6MA0G
CSqGSIb3DQEBCwUAA4IBAQBYkhYUkj1YHukOzR+fGgK4iQ5b9fySb9o3WdPigWg+
fe5NmDSg1UehiCvzuqsrvdAedXrkqWoUbs4lj+9XcQxNHDzFAWdn48x+33ekPLNv
ZSubLC2nuVzD8/b9bbR3DF2d3SmfIqd+5NbM1/lKLPp0DIIw7FFpx8eyDg6Lqj6+
DNQASaVF7C59ySukgPp4FAAqm7oFBQT1zQQnybJ7F9RuUuyZ07dSI9Zg6mor68Ov
6QSs40IA86svS9E/z7pOGmJ46JkKEguuttvntVs2YninEQCG+Ktoc2E8tXraZzU1
F5qifM6B+oVbkFLl9RMXUNKWD6aBN6Hvh1sgB9YYg4Lh
-----END CERTIFICATE-----