Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/SvEUB98x0jaYRoER9u2-_05yNCA.roa
File:                     SvEUB98x0jaYRoER9u2-_05yNCA.roa (raw, json)
Hash identifier:          yeYfFPZiq75/ZnPZQx4bcaLK5xn5FoFMhYUIznmyZgE=
Subject key identifier:   4A:F1:14:07:DF:31:D2:36:98:46:81:11:F6:ED:BE:FF:4E:72:34:20
Certificate issuer:       /CN=e1e8b7cab521e88e8022a36424544185538a7b33
Certificate serial:       018F347299FE4410C7A06BC9EEDE0CC38B2E
Authority key identifier: E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/SvEUB98x0jaYRoER9u2-_05yNCA.roa
Signing time:             Wed 01 May 2024 13:57:56 +0000
ROA not before:           Wed 01 May 2024 13:57:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52209
IP address blocks:        185.154.190.0/24 maxlen: 24
                          2a13:1640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:34:72:99:fe:44:10:c7:a0:6b:c9:ee:de:0c:c3:8b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1e8b7cab521e88e8022a36424544185538a7b33
        Validity
            Not Before: May  1 13:57:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4af11407df31d23698468111f6edbeff4e723420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cd:16:cc:42:36:49:85:7e:31:de:a9:d5:ae:
                    a5:f7:7b:15:29:0c:1c:82:f2:64:64:2e:78:1c:94:
                    60:15:c3:3f:35:ae:b0:29:d3:95:67:e9:90:b2:e4:
                    7e:cf:8b:97:a0:4a:ca:c6:12:fa:1b:92:11:28:40:
                    fe:a9:6a:25:2d:4a:f0:6d:03:6a:a7:9a:8e:8c:42:
                    e7:d9:a2:f7:a3:e6:4e:24:94:16:ea:cd:37:fb:28:
                    bb:8b:d0:0a:d0:db:bc:f1:ef:cc:cc:0a:87:65:e7:
                    2f:4d:2b:f3:3e:73:1f:a8:6f:83:9d:38:d9:ea:31:
                    83:61:f3:f8:dd:da:86:fc:6a:e1:6f:fe:4a:a8:75:
                    63:4e:84:4e:b0:32:59:a0:6c:91:06:51:a9:2d:e7:
                    31:ca:88:74:7c:15:be:93:01:49:4d:47:82:c8:d4:
                    5d:4a:e1:8e:45:e1:6a:31:9e:4c:cb:ba:ee:e0:d5:
                    d7:d9:ad:3b:1d:f8:5b:0f:e3:89:6b:54:da:8d:19:
                    65:e5:b0:05:d1:7e:08:b6:53:95:89:c7:4e:93:e7:
                    a6:8a:b0:50:4a:f5:ed:62:75:54:67:25:1c:ee:3a:
                    06:96:ad:c6:16:c6:ae:39:33:8c:bc:e5:7b:e7:69:
                    12:23:8b:6d:fc:41:5a:8d:04:16:2c:ff:9b:d8:bc:
                    66:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:F1:14:07:DF:31:D2:36:98:46:81:11:F6:ED:BE:FF:4E:72:34:20
            X509v3 Authority Key Identifier:
                keyid:E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/SvEUB98x0jaYRoER9u2-_05yNCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.190.0/24
                IPv6:
                  2a13:1640::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:d5:f8:af:e6:b1:dd:62:dd:fc:73:8e:30:42:a3:f2:8f:f2:
         cf:c6:8c:7f:df:a6:a9:2c:02:10:de:fb:e5:33:07:8e:46:f6:
         92:60:d7:05:72:81:b1:26:10:a1:75:e3:dc:d5:4c:3d:e1:d0:
         28:40:8a:0c:a0:2e:d1:9f:81:14:c6:d1:ac:c8:93:74:05:d5:
         75:bc:08:d9:b9:c8:3b:27:5d:4e:a8:c5:9c:ef:4c:50:f5:f2:
         05:8f:55:bd:45:b8:8d:65:b6:d2:a3:36:69:2a:6a:16:f1:65:
         96:46:89:e9:16:2f:92:fc:c3:18:70:82:58:63:0a:27:27:a6:
         22:97:54:4c:42:5d:c9:77:e8:64:68:13:18:95:9a:d9:89:04:
         b5:84:fa:ec:e4:30:73:e8:e5:83:d6:56:62:9b:c0:b7:68:be:
         bc:99:b1:7e:1d:58:75:d3:2f:f0:61:30:6d:a3:d7:43:19:76:
         2e:24:d2:9a:79:52:12:24:6b:54:53:91:6e:3f:c7:24:8b:09:
         38:55:de:02:7d:d3:7a:c2:3a:4a:a2:fc:26:22:fd:fc:ba:a5:
         87:b2:1e:46:a8:90:2f:81:92:91:13:3c:5c:ab:4d:78:19:41:
         c7:14:d9:a4:bc:fb:3c:4a:e6:c7:dc:8e:9d:41:56:de:8d:08:
         25:0f:85:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY80cpn+RBDHoGvJ7t4Mw4suMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZThiN2NhYjUyMWU4OGU4MDIyYTM2NDI0NTQ0MTg1NTM4
YTdiMzMwHhcNMjQwNTAxMTM1NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWYxMTQwN2RmMzFkMjM2OTg0NjgxMTFmNmVkYmVmZjRlNzIzNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt80WzEI2SYV+Md6p1a6l93sVKQwc
gvJkZC54HJRgFcM/Na6wKdOVZ+mQsuR+z4uXoErKxhL6G5IRKED+qWolLUrwbQNq
p5qOjELn2aL3o+ZOJJQW6s03+yi7i9AK0Nu88e/MzAqHZecvTSvzPnMfqG+DnTjZ
6jGDYfP43dqG/Grhb/5KqHVjToROsDJZoGyRBlGpLecxyoh0fBW+kwFJTUeCyNRd
SuGOReFqMZ5My7ru4NXX2a07HfhbD+OJa1TajRll5bAF0X4ItlOVicdOk+emirBQ
SvXtYnVUZyUc7joGlq3GFsauOTOMvOV752kSI4tt/EFajQQWLP+b2LxmCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFErxFAffMdI2mEaBEfbtvv9OcjQgMB8GA1UdIwQY
MBaAFOHot8q1IeiOgCKjZCRUQYVTinszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYt
MjFjNTg0NzBiOGQyLzEvU3ZFVUI5OHgwamFZUm9FUjl1Mi1fMDV5TkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYtMjFjNTg0NzBiOGQy
LzEvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZq+MA0E
AgACMAcDBQMqExZAMA0GCSqGSIb3DQEBCwUAA4IBAQBP1fiv5rHdYt38c44wQqPy
j/LPxox/36apLAIQ3vvlMweORvaSYNcFcoGxJhChdePc1Uw94dAoQIoMoC7Rn4EU
xtGsyJN0BdV1vAjZucg7J11OqMWc70xQ9fIFj1W9RbiNZbbSozZpKmoW8WWWRonp
Fi+S/MMYcIJYYwonJ6Yil1RMQl3Jd+hkaBMYlZrZiQS1hPrs5DBz6OWD1lZim8C3
aL68mbF+HVh10y/wYTBto9dDGXYuJNKaeVISJGtUU5FuP8ckiwk4Vd4CfdN6wjpK
ovwmIv38uqWHsh5GqJAvgZKREzxcq014GUHHFNmkvPs8SubH3I6dQVbejQglD4VP
-----END CERTIFICATE-----