Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VwqI8jZnNSyvFydNc8TV_1LviK0.roa
File:                     VwqI8jZnNSyvFydNc8TV_1LviK0.roa (raw, json)
Hash identifier:          AsI7u/8gPEaZYvkevuHlzO+zlSHLwei6jVwrdUC7RR8=
Subject key identifier:   57:0A:88:F2:36:67:35:2C:AF:17:27:4D:73:C4:D5:FF:52:EF:88:AD
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018DF9834E2F6AB5FD98AEADAF8FCD01A663
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VwqI8jZnNSyvFydNc8TV_1LviK0.roa
Signing time:             Fri 01 Mar 2024 10:15:48 +0000
ROA not before:           Fri 01 Mar 2024 10:15:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        185.214.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 01:57:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:83:4e:2f:6a:b5:fd:98:ae:ad:af:8f:cd:01:a6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar  1 10:15:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=570a88f23667352caf17274d73c4d5ff52ef88ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e3:22:5b:be:01:b8:ba:db:f9:aa:9b:fa:ec:
                    3e:d9:06:ee:fb:41:9e:c0:d5:40:84:fa:38:f3:5e:
                    e7:df:f6:97:fa:44:2c:9d:c1:87:94:76:40:f2:0e:
                    98:6d:0b:40:cb:b3:8b:67:5f:95:14:b9:a7:76:5d:
                    fe:e2:40:50:2c:66:46:68:ce:0e:90:70:e8:48:d8:
                    af:81:4e:cf:9b:68:16:39:e2:4d:6b:17:0e:7d:af:
                    90:e2:12:f7:65:c1:37:ee:d7:1c:bf:68:74:08:1d:
                    db:a2:0a:0e:6e:fe:00:be:4a:2f:04:27:e8:f5:4f:
                    60:94:42:e5:e9:d6:87:e0:41:38:90:f9:c6:f2:4f:
                    65:8b:89:e4:c8:0c:64:ef:2f:dd:1d:15:e7:d7:bb:
                    2c:fb:1a:da:fe:80:ef:4e:84:28:da:dc:fa:bb:a0:
                    36:f0:24:c2:ea:e3:07:ca:65:71:7d:75:91:02:cb:
                    48:2c:a5:d2:49:01:d2:78:0a:7b:a7:f4:20:07:53:
                    97:3f:71:42:f6:aa:d6:3a:23:d6:8f:09:ec:46:39:
                    84:ae:d0:c6:bb:ac:8d:b7:27:29:50:a4:23:8e:80:
                    82:9a:28:0c:10:30:ea:27:85:9e:70:70:7b:fe:eb:
                    51:92:24:c3:ea:28:c6:43:4d:d6:33:4b:f9:c6:00:
                    7b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:0A:88:F2:36:67:35:2C:AF:17:27:4D:73:C4:D5:FF:52:EF:88:AD
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VwqI8jZnNSyvFydNc8TV_1LviK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:35:54:70:42:7b:d4:ad:3e:09:8a:13:79:5c:15:b0:66:fe:
         4f:fc:e1:76:7c:0c:5a:10:57:5a:c9:86:b6:7b:68:64:f4:f7:
         16:82:7e:af:30:66:60:84:44:29:14:83:99:a2:eb:4a:ef:77:
         92:3a:f9:29:f6:9e:92:b4:c2:eb:5a:35:6e:cd:06:33:e0:08:
         f5:e5:a5:95:11:8e:e8:26:a0:75:3f:2e:3d:45:40:77:12:8e:
         14:09:21:c1:11:ac:5f:f3:af:fa:ee:b8:36:80:1f:6c:2a:8d:
         33:90:e8:f7:e5:a1:22:9c:fe:d1:96:b1:89:e1:48:f9:25:43:
         9d:c3:74:9d:a9:0d:4f:7e:d1:57:53:01:14:21:d8:95:79:1d:
         07:a8:0c:e4:aa:dd:79:a1:13:60:b0:8e:fb:46:6d:fb:96:08:
         24:71:74:0c:03:b5:9f:27:91:0f:f1:fd:40:72:35:b4:4e:04:
         9c:a8:e8:61:27:c5:5b:40:6a:ba:80:04:22:7e:ea:8b:67:f6:
         6a:4b:42:41:62:6c:8d:63:26:a3:6d:d8:fb:cc:42:27:a3:35:
         af:b7:bc:43:7c:c4:19:b5:e3:fc:d5:8c:ad:eb:9f:4f:a8:74:
         7e:00:e4:e1:73:c0:5c:d5:e9:50:35:25:6a:e0:c4:80:75:0e:
         02:98:ac:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY35g04varX9mK6tr4/NAaZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzAxMTAxNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzBhODhmMjM2NjczNTJjYWYxNzI3NGQ3M2M0ZDVmZjUyZWY4OGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+MiW74BuLrb+aqb+uw+2Qbu+0Ge
wNVAhPo4817n3/aX+kQsncGHlHZA8g6YbQtAy7OLZ1+VFLmndl3+4kBQLGZGaM4O
kHDoSNivgU7Pm2gWOeJNaxcOfa+Q4hL3ZcE37tccv2h0CB3bogoObv4AvkovBCfo
9U9glELl6daH4EE4kPnG8k9li4nkyAxk7y/dHRXn17ss+xra/oDvToQo2tz6u6A2
8CTC6uMHymVxfXWRAstILKXSSQHSeAp7p/QgB1OXP3FC9qrWOiPWjwnsRjmErtDG
u6yNtycpUKQjjoCCmigMEDDqJ4WecHB7/utRkiTD6ijGQ03WM0v5xgB7LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcKiPI2ZzUsrxcnTXPE1f9S74itMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvVndxSThqWm5OU3l2RnlkTmM4VFZfMUx2aUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZlMA0G
CSqGSIb3DQEBCwUAA4IBAQC7NVRwQnvUrT4JihN5XBWwZv5P/OF2fAxaEFdayYa2
e2hk9PcWgn6vMGZghEQpFIOZoutK73eSOvkp9p6StMLrWjVuzQYz4Aj15aWVEY7o
JqB1Py49RUB3Eo4UCSHBEaxf86/67rg2gB9sKo0zkOj35aEinP7RlrGJ4Uj5JUOd
w3SdqQ1PftFXUwEUIdiVeR0HqAzkqt15oRNgsI77Rm37lggkcXQMA7WfJ5EP8f1A
cjW0TgScqOhhJ8VbQGq6gAQifuqLZ/ZqS0JBYmyNYyajbdj7zEInozWvt7xDfMQZ
teP81Yyt659PqHR+AOThc8Bc1elQNSVq4MSAdQ4CmKxS
-----END CERTIFICATE-----