Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/serVsKNWieP6yN8Y-ONg7CrxF6A.roa
File:                     serVsKNWieP6yN8Y-ONg7CrxF6A.roa (raw, json)
Hash identifier:          /lcW43TLA8dgcT4Met9fuiAYnGg4zAOrNUNf1GBvjzE=
Subject key identifier:   B1:EA:D5:B0:A3:56:89:E3:FA:C8:DF:18:F8:E3:60:EC:2A:F1:17:A0
Certificate issuer:       /CN=991e4b179e0953b9ecc585ad9859a00be3568001
Certificate serial:       018CC6B7C5093126399B7EF4D33FB315A591
Authority key identifier: 99:1E:4B:17:9E:09:53:B9:EC:C5:85:AD:98:59:A0:0B:E3:56:80:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/serVsKNWieP6yN8Y-ONg7CrxF6A.roa
Signing time:             Mon 01 Jan 2024 20:29:41 +0000
ROA not before:           Mon 01 Jan 2024 20:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200094
IP address blocks:        81.21.206.0/24 maxlen: 24
                          185.73.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c5:09:31:26:39:9b:7e:f4:d3:3f:b3:15:a5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=991e4b179e0953b9ecc585ad9859a00be3568001
        Validity
            Not Before: Jan  1 20:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1ead5b0a35689e3fac8df18f8e360ec2af117a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:53:53:b7:e7:7d:19:13:38:53:51:0d:38:6a:
                    49:6c:b0:b3:bf:bf:9f:ce:52:cf:ff:9a:a1:47:1d:
                    21:68:8c:f2:ab:77:76:e1:1d:47:68:24:97:49:28:
                    58:e9:cc:37:99:13:bb:8e:0b:4b:e0:3f:1b:91:8e:
                    c1:c9:47:5e:ba:99:c4:09:ea:13:68:04:fb:2b:22:
                    3d:af:69:05:f8:2f:f7:cf:79:6f:82:dd:01:8c:6d:
                    a4:66:7d:b7:89:ea:4a:0c:0a:75:1e:39:09:ff:35:
                    8c:ad:15:61:c0:b7:f8:c5:99:e9:55:05:9c:1a:f1:
                    d1:23:4c:ec:9c:b8:7c:d7:5e:d7:b6:fa:d1:46:a0:
                    68:94:b7:57:a2:1a:11:9c:7c:fa:da:76:64:a7:a3:
                    7f:90:e2:6d:3f:58:22:d9:75:27:20:db:91:f3:cb:
                    ef:d2:14:4c:e7:67:54:c0:47:53:6e:c8:b0:a2:3e:
                    39:fa:59:8f:cb:f1:dd:c4:ca:c7:79:db:94:ec:ab:
                    fe:80:1b:44:41:14:73:39:a3:14:2d:28:38:82:fd:
                    73:76:51:0a:be:1b:9b:96:17:0b:4c:22:23:57:0f:
                    15:d8:69:af:38:57:26:60:26:5a:d8:39:d9:4f:af:
                    20:29:65:4b:87:b7:96:3b:10:1a:1d:8d:f1:5a:92:
                    15:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:EA:D5:B0:A3:56:89:E3:FA:C8:DF:18:F8:E3:60:EC:2A:F1:17:A0
            X509v3 Authority Key Identifier:
                keyid:99:1E:4B:17:9E:09:53:B9:EC:C5:85:AD:98:59:A0:0B:E3:56:80:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/serVsKNWieP6yN8Y-ONg7CrxF6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.206.0/24
                  185.73.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:ec:17:a6:d7:9a:a7:0c:8a:be:24:05:06:a9:4a:2d:29:a3:
         6e:9b:41:68:12:a4:2f:6f:3c:74:d8:b1:f7:83:45:43:ed:26:
         0d:ff:0b:da:e7:24:de:07:78:eb:08:43:8e:73:66:79:c6:1e:
         79:be:8e:7b:3c:24:27:c6:dc:cf:9b:7a:43:93:48:8d:d2:d6:
         5e:d7:25:22:f0:9e:a5:58:3a:07:ad:2d:8b:44:9b:1a:50:56:
         6f:45:65:c7:be:77:28:56:16:a7:13:1b:b2:a3:5d:09:65:64:
         81:3a:0e:fa:85:93:5d:96:66:04:6f:86:55:0a:31:0f:b6:07:
         cb:61:29:9b:0e:29:85:ee:ad:78:c5:b4:16:71:0e:98:3c:5f:
         1e:31:d5:52:90:ed:3d:25:ee:e4:ff:be:af:b1:77:82:40:38:
         4d:8f:58:a1:dc:82:2c:11:40:ea:0a:f8:d5:99:72:78:c3:b3:
         3d:93:f9:d7:9e:50:e6:fe:e9:f3:db:7a:49:36:ff:86:43:00:
         d5:7d:3b:51:7d:f5:b2:48:0e:bf:31:06:f5:de:e7:e3:51:64:
         85:91:a6:aa:1e:10:73:d0:54:54:c5:ff:89:38:13:67:fc:91:
         7c:27:3b:a3:98:2d:f0:f5:14:9c:e8:6c:19:b5:c1:36:25:7b:
         87:5b:d1:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt8UJMSY5m3700z+zFaWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MWU0YjE3OWUwOTUzYjllY2M1ODVhZDk4NTlhMDBiZTM1
NjgwMDEwHhcNMjQwMTAxMjAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWVhZDViMGEzNTY4OWUzZmFjOGRmMThmOGUzNjBlYzJhZjExN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFNTt+d9GRM4U1ENOGpJbLCzv7+f
zlLP/5qhRx0haIzyq3d24R1HaCSXSShY6cw3mRO7jgtL4D8bkY7ByUdeupnECeoT
aAT7KyI9r2kF+C/3z3lvgt0BjG2kZn23iepKDAp1HjkJ/zWMrRVhwLf4xZnpVQWc
GvHRI0zsnLh8117XtvrRRqBolLdXohoRnHz62nZkp6N/kOJtP1gi2XUnINuR88vv
0hRM52dUwEdTbsiwoj45+lmPy/HdxMrHeduU7Kv+gBtEQRRzOaMULSg4gv1zdlEK
vhublhcLTCIjVw8V2GmvOFcmYCZa2DnZT68gKWVLh7eWOxAaHY3xWpIV8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHq1bCjVonj+sjfGPjjYOwq8RegMB8GA1UdIwQY
MBaAFJkeSxeeCVO57MWFrZhZoAvjVoABMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVI1TEY1NEpVN25zeFlXdG1GbWdDLU5XZ0FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iZmRkYTktMjc0Mi00YjJmLTg1YjYt
ZWY5Yzk1Mjc2OTMyLzEvc2VyVnNLTldpZVA2eU44WS1PTmc3Q3J4RjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iZmRkYTktMjc0Mi00YjJmLTg1YjYtZWY5Yzk1Mjc2OTMy
LzEvbVI1TEY1NEpVN25zeFlXdG1GbWdDLU5XZ0FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAURXOAwQC
uUk8MA0GCSqGSIb3DQEBCwUAA4IBAQAR7Bem15qnDIq+JAUGqUotKaNum0FoEqQv
bzx02LH3g0VD7SYN/wva5yTeB3jrCEOOc2Z5xh55vo57PCQnxtzPm3pDk0iN0tZe
1yUi8J6lWDoHrS2LRJsaUFZvRWXHvncoVhanExuyo10JZWSBOg76hZNdlmYEb4ZV
CjEPtgfLYSmbDimF7q14xbQWcQ6YPF8eMdVSkO09Je7k/76vsXeCQDhNj1ih3IIs
EUDqCvjVmXJ4w7M9k/nXnlDm/unz23pJNv+GQwDVfTtRffWySA6/MQb13ufjUWSF
kaaqHhBz0FRUxf+JOBNn/JF8JzujmC3w9RSc6GwZtcE2JXuHW9HE
-----END CERTIFICATE-----