Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/veSV3VL2_vB3MHgKwnK8sN3c36Y.roa
File:                     veSV3VL2_vB3MHgKwnK8sN3c36Y.roa (raw, json)
Hash identifier:          2b2cQBhBYwJq+s/lUrb78ls6c9Hq+/gfzUbPbAUFDzc=
Subject key identifier:   BD:E4:95:DD:52:F6:FE:F0:77:30:78:0A:C2:72:BC:B0:DD:DC:DF:A6
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649CED023F500735914A09029920A3D
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/veSV3VL2_vB3MHgKwnK8sN3c36Y.roa
Signing time:             Mon 01 Jan 2024 18:29:35 +0000
ROA not before:           Mon 01 Jan 2024 18:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        89.185.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ce:d0:23:f5:00:73:59:14:a0:90:29:92:0a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bde495dd52f6fef07730780ac272bcb0dddcdfa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a5:c6:74:5a:89:d7:19:af:53:3b:dc:53:2c:
                    19:ad:2d:57:d6:7b:e5:3c:d7:66:6a:b3:30:f7:aa:
                    38:b1:49:cc:70:7d:08:58:ae:aa:4a:4e:51:ad:71:
                    e6:a9:4b:80:2e:cd:a0:60:96:75:76:06:c0:06:fd:
                    3f:2c:f5:01:44:94:d0:90:72:4f:d0:2b:bc:cb:52:
                    f8:29:8d:1a:ef:c3:db:76:82:75:6e:ee:b8:df:cb:
                    49:c7:c8:67:83:a2:14:7c:1b:63:67:75:e0:0c:b9:
                    69:fe:11:10:e9:f0:3b:99:08:8d:05:a8:51:25:34:
                    74:98:74:1d:cb:97:01:a8:a8:bc:ec:9f:70:fd:18:
                    85:12:02:83:db:ae:6f:0c:fe:f2:a0:53:e4:5d:6c:
                    e1:07:2c:1d:47:0b:61:48:09:cb:59:db:9f:41:4c:
                    d1:fe:bd:69:42:ca:8c:40:ee:8d:b7:8c:33:92:de:
                    0d:5c:e2:bd:bf:13:9f:d0:e7:3a:66:9f:63:6c:f7:
                    2e:9e:1c:1e:89:bd:6e:dd:d1:ca:7e:e9:a7:2b:e1:
                    35:cd:62:18:94:96:2c:77:c8:e5:46:7e:50:6d:42:
                    ca:76:ca:5f:99:ca:1e:0b:6f:91:25:20:47:8d:d1:
                    4a:86:c5:10:8b:50:6a:3f:0e:7d:d1:61:ca:2a:ac:
                    14:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E4:95:DD:52:F6:FE:F0:77:30:78:0A:C2:72:BC:B0:DD:DC:DF:A6
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/veSV3VL2_vB3MHgKwnK8sN3c36Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e9:b5:c8:87:47:49:68:ca:56:49:5e:e6:e0:a9:50:54:8c:
         a7:7d:81:c4:51:3f:a5:ba:f5:21:3c:83:9a:0f:f6:a7:62:28:
         3f:dd:2f:23:fd:52:95:eb:b4:c8:89:eb:56:65:83:b3:c7:c7:
         35:2e:d9:c3:82:11:8b:49:ff:a0:d7:08:f4:c4:e9:a7:17:e6:
         6f:e9:16:a7:86:91:21:83:08:99:06:4f:40:df:92:41:82:db:
         66:e4:f5:82:2b:ba:ea:ff:da:e8:6a:a1:36:3c:43:ea:4c:6e:
         f0:cb:78:8a:34:78:f7:58:15:fb:b8:15:73:f5:f3:00:4e:17:
         5c:c1:72:61:a6:66:21:f7:43:ee:97:53:4f:ee:ca:b3:86:5f:
         f1:b8:ba:7b:71:1d:c9:35:89:98:43:12:a9:05:7c:03:36:29:
         e9:12:58:c0:8a:36:3b:c4:3c:4f:36:7b:35:e0:88:0b:07:76:
         c6:cc:e3:06:79:9e:79:03:0f:ac:cd:03:4d:6f:99:f9:66:30:
         4c:f5:c2:5f:52:95:d0:45:28:05:84:9e:93:c1:2b:f2:ba:d6:
         1f:15:81:58:55:32:88:d7:03:8b:96:d8:34:6a:45:30:39:6e:
         d9:eb:c1:df:15:c8:07:55:96:b0:51:1b:d3:37:f8:89:f5:fa:
         7c:09:e5:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSc7QI/UAc1kUoJApkgo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGU0OTVkZDUyZjZmZWYwNzczMDc4MGFjMjcyYmNiMGRkZGNkZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6XGdFqJ1xmvUzvcUywZrS1X1nvl
PNdmarMw96o4sUnMcH0IWK6qSk5RrXHmqUuALs2gYJZ1dgbABv0/LPUBRJTQkHJP
0Cu8y1L4KY0a78PbdoJ1bu6438tJx8hng6IUfBtjZ3XgDLlp/hEQ6fA7mQiNBahR
JTR0mHQdy5cBqKi87J9w/RiFEgKD265vDP7yoFPkXWzhBywdRwthSAnLWdufQUzR
/r1pQsqMQO6Nt4wzkt4NXOK9vxOf0Oc6Zp9jbPcunhweib1u3dHKfumnK+E1zWIY
lJYsd8jlRn5QbULKdspfmcoeC2+RJSBHjdFKhsUQi1BqPw590WHKKqwUcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3kld1S9v7wdzB4CsJyvLDd3N+mMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvdmVTVjNWTDJfdkIzTUhnS3duSzhzTjNjMzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbkXMA0G
CSqGSIb3DQEBCwUAA4IBAQCN6bXIh0dJaMpWSV7m4KlQVIynfYHEUT+luvUhPIOa
D/anYig/3S8j/VKV67TIietWZYOzx8c1LtnDghGLSf+g1wj0xOmnF+Zv6RanhpEh
gwiZBk9A35JBgttm5PWCK7rq/9roaqE2PEPqTG7wy3iKNHj3WBX7uBVz9fMAThdc
wXJhpmYh90Pul1NP7sqzhl/xuLp7cR3JNYmYQxKpBXwDNinpEljAijY7xDxPNns1
4IgLB3bGzOMGeZ55Aw+szQNNb5n5ZjBM9cJfUpXQRSgFhJ6TwSvyutYfFYFYVTKI
1wOLltg0akUwOW7Z68HfFcgHVZawURvTN/iJ9fp8CeVP
-----END CERTIFICATE-----