Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/vv-PwzapaKEYBrWPq1aAilEeGwU.roa
File:                     vv-PwzapaKEYBrWPq1aAilEeGwU.roa (raw, json)
Hash identifier:          fEUMdnCtkqWyzDMcU+ZtUp3IEaZef9S3+ZcC98hSrvA=
Subject key identifier:   BE:FF:8F:C3:36:A9:68:A1:18:06:B5:8F:AB:56:80:8A:51:1E:1B:05
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       018CC500370B8B95474DF234146D99ADAED2
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/vv-PwzapaKEYBrWPq1aAilEeGwU.roa
Signing time:             Mon 01 Jan 2024 12:29:34 +0000
ROA not before:           Mon 01 Jan 2024 12:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134094
IP address blocks:        89.252.132.0/24 maxlen: 24
                          89.252.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:37:0b:8b:95:47:4d:f2:34:14:6d:99:ad:ae:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  1 12:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beff8fc336a968a11806b58fab56808a511e1b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:27:1b:b4:3a:bb:e2:fd:c4:f0:3a:51:7d:c1:
                    5d:2c:f4:00:25:7c:09:12:3b:b3:b5:4f:e8:43:db:
                    bc:d1:7c:cd:56:53:e7:c7:77:90:fd:7a:77:ad:c3:
                    54:5c:01:36:38:c2:f5:be:25:d0:20:16:92:7d:92:
                    cf:53:f2:b4:33:5c:1d:15:b1:72:b6:11:2f:58:11:
                    07:97:0c:58:55:21:a7:97:d1:14:f2:cd:1a:57:0a:
                    08:5e:bd:25:4d:03:9b:35:55:f2:26:ba:69:8f:5f:
                    31:5e:c4:c2:9a:81:f2:f2:c8:32:13:22:ca:0c:92:
                    48:d5:35:e7:9b:67:5c:62:74:2b:a1:49:e5:57:8d:
                    cf:cc:e9:07:1d:d4:89:cc:9f:ce:d1:ad:bf:79:a3:
                    e3:6f:eb:20:d7:50:ac:18:f0:da:b1:e4:bf:88:54:
                    14:4e:a3:54:bf:5e:08:3d:e7:1e:d8:2e:f8:0a:56:
                    61:1e:50:8f:e6:2d:e6:9f:2b:ce:4e:86:31:4a:bc:
                    a7:10:89:9c:cc:08:e7:7c:5b:48:67:3b:5e:69:e2:
                    a0:31:5c:b5:d8:91:cd:f2:f2:28:40:f9:95:15:d8:
                    51:12:22:3b:51:6f:e1:09:e7:73:41:df:9b:ea:d1:
                    b9:3e:16:0a:f1:8c:cb:e9:21:96:b6:10:79:a0:49:
                    e9:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:FF:8F:C3:36:A9:68:A1:18:06:B5:8F:AB:56:80:8A:51:1E:1B:05
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/vv-PwzapaKEYBrWPq1aAilEeGwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:ba:1d:56:df:a8:a8:90:18:50:dc:a9:3b:0d:8a:f1:a3:84:
         da:bb:b2:18:ce:51:bb:4b:6c:3f:ce:51:89:97:0b:9d:9a:74:
         4d:e3:13:52:6b:01:0b:f1:30:0a:45:21:bb:f2:db:9f:af:5b:
         04:d2:01:a8:5b:1b:bd:1e:df:9d:3c:8b:3e:01:67:a9:42:07:
         fc:b4:a1:63:f6:85:d2:aa:7a:34:24:2e:58:ea:dd:89:51:03:
         b0:d7:03:2c:78:e4:97:4c:69:61:1d:f4:f9:93:49:01:55:42:
         dc:cd:bd:68:fb:a7:5e:7f:b8:a5:66:7b:15:87:17:ca:b9:d3:
         57:79:53:ba:51:25:43:0a:24:f9:13:e8:67:5d:fc:25:91:b9:
         bc:ed:f0:9f:3b:a0:69:ec:1b:27:1f:3c:86:2e:29:c8:e5:46:
         d6:79:ef:ae:0e:7c:07:02:2d:4c:9b:e5:17:5e:b2:41:27:36:
         b2:c6:05:ea:d8:62:a6:15:3f:8b:51:6c:18:85:0f:3f:e8:70:
         61:46:a5:99:8b:b5:96:82:99:3f:e8:f8:10:8a:50:9f:81:da:
         ed:6d:2c:5e:c4:21:1b:f6:d7:14:af:15:80:f2:2c:8e:8f:93:
         96:bd:ca:52:e4:8e:d5:b2:83:bd:bf:bf:02:02:80:6b:5c:62:
         11:fa:b9:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADcLi5VHTfI0FG2Zra7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWZmOGZjMzM2YTk2OGExMTgwNmI1OGZhYjU2ODA4YTUxMWUxYjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCcbtDq74v3E8DpRfcFdLPQAJXwJ
EjuztU/oQ9u80XzNVlPnx3eQ/Xp3rcNUXAE2OML1viXQIBaSfZLPU/K0M1wdFbFy
thEvWBEHlwxYVSGnl9EU8s0aVwoIXr0lTQObNVXyJrppj18xXsTCmoHy8sgyEyLK
DJJI1TXnm2dcYnQroUnlV43PzOkHHdSJzJ/O0a2/eaPjb+sg11CsGPDaseS/iFQU
TqNUv14IPece2C74ClZhHlCP5i3mnyvOToYxSrynEImczAjnfFtIZzteaeKgMVy1
2JHN8vIoQPmVFdhREiI7UW/hCedzQd+b6tG5PhYK8YzL6SGWthB5oEnplwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7/j8M2qWihGAa1j6tWgIpRHhsFMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvdnYtUHd6YXBhS0VZQnJXUHExYUFpbEVlR3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWfyEMA0G
CSqGSIb3DQEBCwUAA4IBAQABuh1W36iokBhQ3Kk7DYrxo4Tau7IYzlG7S2w/zlGJ
lwudmnRN4xNSawEL8TAKRSG78tufr1sE0gGoWxu9Ht+dPIs+AWepQgf8tKFj9oXS
qno0JC5Y6t2JUQOw1wMseOSXTGlhHfT5k0kBVULczb1o+6def7ilZnsVhxfKudNX
eVO6USVDCiT5E+hnXfwlkbm87fCfO6Bp7BsnHzyGLinI5UbWee+uDnwHAi1Mm+UX
XrJBJzayxgXq2GKmFT+LUWwYhQ8/6HBhRqWZi7WWgpk/6PgQilCfgdrtbSxexCEb
9tcUrxWA8iyOj5OWvcpS5I7VsoO9v78CAoBrXGIR+rk7
-----END CERTIFICATE-----