Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6cvgWqZQ01Mvvw9ihergq1KpGIs.roa
File:                     6cvgWqZQ01Mvvw9ihergq1KpGIs.roa (raw, json)
Hash identifier:          ynJTfz6IGSLgPiM4clnPGfPylk3a1JJzz2ju2/4/q4Q=
Subject key identifier:   E9:CB:E0:5A:A6:50:D3:53:2F:BF:0F:62:85:EA:E0:AB:52:A9:18:8B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E7CD56C96F4DBF641E51A7A4EF5D2BFCC
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6cvgWqZQ01Mvvw9ihergq1KpGIs.roa
Signing time:             Tue 26 Mar 2024 22:15:45 +0000
ROA not before:           Tue 26 Mar 2024 22:15:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215235
IP address blocks:        185.254.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7c:d5:6c:96:f4:db:f6:41:e5:1a:7a:4e:f5:d2:bf:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 26 22:15:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9cbe05aa650d3532fbf0f6285eae0ab52a9188b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:47:9a:f3:e9:ec:5f:24:c5:01:08:55:40:2e:
                    4a:31:71:66:a3:b6:48:87:22:78:bc:cc:20:29:5e:
                    5f:85:44:68:21:0a:29:5a:86:36:25:b1:2f:0f:d7:
                    d1:7b:f4:cf:8f:1d:95:b4:59:da:a3:9b:e9:11:f5:
                    eb:5b:97:f8:45:1d:6e:d5:2e:67:bd:0f:23:74:bf:
                    df:48:fc:e0:c3:93:0e:ce:0d:49:2f:80:f4:75:24:
                    03:71:5f:4d:58:83:48:3b:5a:c9:e8:34:e2:12:6a:
                    99:85:58:63:7e:ea:13:60:b3:ae:95:48:91:22:e7:
                    79:ff:31:81:2f:e8:3c:f0:11:4e:e1:84:ce:e8:be:
                    fd:88:d8:ef:32:d7:83:b2:32:c9:95:cc:41:88:6a:
                    5e:aa:8c:ce:c6:e6:5e:5b:4b:02:0a:f6:6e:38:7f:
                    99:1e:62:7b:e5:12:d2:50:5f:33:e7:ea:1d:b1:80:
                    18:1c:b6:51:a2:9e:fd:af:54:71:dc:07:fa:5f:83:
                    bc:92:11:fc:0a:1d:10:f4:f0:79:78:33:89:65:c5:
                    b3:ba:dc:46:ea:dd:e6:b7:cd:2a:f0:b8:69:17:af:
                    57:b0:16:cc:c5:c7:28:73:c0:dd:9c:0e:ac:5e:1a:
                    37:ba:49:8f:1f:ca:a4:a1:d1:fc:92:38:dc:16:16:
                    4b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:CB:E0:5A:A6:50:D3:53:2F:BF:0F:62:85:EA:E0:AB:52:A9:18:8B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6cvgWqZQ01Mvvw9ihergq1KpGIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:1c:7f:95:30:7b:1e:25:56:cc:36:85:8d:ae:1f:25:97:df:
         e0:24:ac:88:99:6b:7c:2a:a0:3f:84:64:0a:e8:68:20:3b:75:
         1b:0a:ef:d2:ae:ad:10:f3:be:b7:c5:d7:1a:1e:01:3c:a0:f0:
         bb:d5:84:82:26:42:1d:a6:1e:67:95:79:04:0e:05:21:e3:91:
         92:f4:a1:d8:2b:11:90:04:f2:63:0a:31:8b:dc:e3:83:76:ef:
         a2:f9:1b:cf:68:cb:3d:ee:db:76:d1:26:b8:59:4e:9d:ef:30:
         63:de:dc:a2:5b:b2:0e:77:29:dc:15:95:c6:46:3c:e1:fc:e1:
         37:cf:7b:62:11:c1:10:5d:99:be:8d:92:30:bb:94:cc:a9:b9:
         d6:08:39:14:4e:d9:04:bb:ce:3e:24:03:bb:72:bc:cb:92:8a:
         1a:87:78:00:41:55:bf:25:28:0e:e6:11:9e:14:4b:cd:62:a3:
         30:8c:6d:3d:89:16:97:01:4e:ce:d8:c8:d1:e8:10:74:3f:f3:
         cc:89:99:ac:91:95:ce:12:00:55:5d:3e:1a:64:df:62:84:f8:
         b4:d7:d0:c8:d5:e5:28:fe:62:c5:ed:b5:c6:67:06:3e:4e:e5:
         97:f6:5a:1d:28:5b:fe:8d:2c:8a:be:2b:7c:36:05:60:9b:27:
         50:62:d7:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY581WyW9Nv2QeUaek710r/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzI2MjIxNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWNiZTA1YWE2NTBkMzUzMmZiZjBmNjI4NWVhZTBhYjUyYTkxODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEea8+nsXyTFAQhVQC5KMXFmo7ZI
hyJ4vMwgKV5fhURoIQopWoY2JbEvD9fRe/TPjx2VtFnao5vpEfXrW5f4RR1u1S5n
vQ8jdL/fSPzgw5MOzg1JL4D0dSQDcV9NWINIO1rJ6DTiEmqZhVhjfuoTYLOulUiR
Iud5/zGBL+g88BFO4YTO6L79iNjvMteDsjLJlcxBiGpeqozOxuZeW0sCCvZuOH+Z
HmJ75RLSUF8z5+odsYAYHLZRop79r1Rx3Af6X4O8khH8Ch0Q9PB5eDOJZcWzutxG
6t3mt80q8LhpF69XsBbMxccoc8DdnA6sXho3ukmPH8qkodH8kjjcFhZLGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnL4FqmUNNTL78PYoXq4KtSqRiLMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNmN2Z1dxWlEwMU12dnc5aWhlcmdxMUtwR0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf6dMA0G
CSqGSIb3DQEBCwUAA4IBAQADHH+VMHseJVbMNoWNrh8ll9/gJKyImWt8KqA/hGQK
6GggO3UbCu/Srq0Q8763xdcaHgE8oPC71YSCJkIdph5nlXkEDgUh45GS9KHYKxGQ
BPJjCjGL3OODdu+i+RvPaMs97tt20Sa4WU6d7zBj3tyiW7IOdyncFZXGRjzh/OE3
z3tiEcEQXZm+jZIwu5TMqbnWCDkUTtkEu84+JAO7crzLkooah3gAQVW/JSgO5hGe
FEvNYqMwjG09iRaXAU7O2MjR6BB0P/PMiZmskZXOEgBVXT4aZN9ihPi019DI1eUo
/mLF7bXGZwY+TuWX9lodKFv+jSyKvit8NgVgmydQYtfi
-----END CERTIFICATE-----