Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/nvBXaC0oqe8e_d_Qv-cKQe-AEIU.roa
File:                     nvBXaC0oqe8e_d_Qv-cKQe-AEIU.roa (raw, json)
Hash identifier:          t2yeaSYPM/Z4IzHnrRJQ+Sk7zQ7CNTBjpwpG2gYheYQ=
Subject key identifier:   9E:F0:57:68:2D:28:A9:EF:1E:FD:DF:D0:BF:E7:0A:41:EF:80:10:85
Certificate issuer:       /CN=bfd09a87743817c56f8088007a5746eb69ff2e30
Certificate serial:       018CC7936354790ACB36D1F9C2668FF46624
Authority key identifier: BF:D0:9A:87:74:38:17:C5:6F:80:88:00:7A:57:46:EB:69:FF:2E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/nvBXaC0oqe8e_d_Qv-cKQe-AEIU.roa
Signing time:             Tue 02 Jan 2024 00:29:34 +0000
ROA not before:           Tue 02 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5602
IP address blocks:        185.82.224.0/22 maxlen: 22
                          2a05:9540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:63:54:79:0a:cb:36:d1:f9:c2:66:8f:f4:66:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd09a87743817c56f8088007a5746eb69ff2e30
        Validity
            Not Before: Jan  2 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ef057682d28a9ef1efddfd0bfe70a41ef801085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0d:62:5c:7c:6a:58:c1:7d:b3:7a:27:ce:ad:
                    12:7f:31:e4:8b:70:5b:56:f1:fe:23:cb:95:0b:2a:
                    36:bc:9a:7a:65:12:78:1f:44:72:d6:a3:06:ef:6e:
                    07:65:d1:de:39:64:d7:79:fb:9d:d3:66:f0:12:f7:
                    f8:bd:16:b7:71:e1:66:18:ee:04:fd:d1:f1:27:75:
                    1b:f1:7a:21:ed:e4:27:92:fd:11:d7:e0:01:58:e9:
                    d1:05:b7:9b:ad:b2:ae:14:04:d8:33:7f:4f:40:e9:
                    81:80:8c:50:03:5a:a8:e0:0d:9d:ec:03:06:35:04:
                    55:92:0f:b6:a1:86:a4:46:f9:f0:d9:07:7a:14:59:
                    8f:88:92:c3:8d:00:c3:e7:ae:89:83:70:57:bd:d7:
                    4c:0e:23:c5:d2:13:9d:d9:a6:a1:7c:64:77:d0:4f:
                    f5:bf:99:93:3b:91:bd:03:ba:56:9a:7b:c6:02:56:
                    ae:3b:ee:43:36:97:02:1d:d9:6f:b5:bf:3d:e0:8b:
                    74:74:01:84:24:79:dd:88:93:b6:83:bf:90:0a:16:
                    09:b0:96:1c:b3:3c:2b:a7:d6:af:3d:87:eb:17:6b:
                    5f:23:fb:0a:69:7a:d2:92:a1:f1:50:89:1d:49:ff:
                    67:92:d0:52:5a:74:f0:fb:04:70:09:9c:70:d3:4b:
                    a5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F0:57:68:2D:28:A9:EF:1E:FD:DF:D0:BF:E7:0A:41:EF:80:10:85
            X509v3 Authority Key Identifier:
                keyid:BF:D0:9A:87:74:38:17:C5:6F:80:88:00:7A:57:46:EB:69:FF:2E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/nvBXaC0oqe8e_d_Qv-cKQe-AEIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.224.0/22
                IPv6:
                  2a05:9540::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:3e:64:67:16:dd:10:9d:0d:6f:29:af:f5:20:45:ae:4a:c8:
         d4:2c:8b:5b:f2:75:96:1f:a9:10:74:b5:72:77:8a:a1:21:cc:
         05:ad:7a:c6:d4:06:84:2d:4f:3c:40:66:90:a5:32:04:5c:31:
         e4:f0:63:3e:a8:47:c6:ea:0b:45:da:e4:28:6e:78:eb:47:7b:
         8e:2b:90:15:90:92:41:4a:6e:43:64:f5:0b:a2:51:8f:fd:e5:
         3f:29:e1:63:62:f4:6e:cc:fa:3d:71:18:07:a2:22:a5:5b:5b:
         64:dd:b4:7c:ef:52:d4:81:c2:c5:58:c3:6f:15:e5:64:9f:6a:
         7e:7a:67:49:54:bd:86:e2:11:28:88:ec:c9:82:7f:da:9b:f9:
         b2:88:30:79:3c:14:5c:67:92:f6:c0:42:32:27:99:2f:6c:36:
         c5:6b:81:9a:f0:8f:01:0b:ce:5e:71:c4:e0:b6:77:5f:f3:8b:
         ed:e1:41:e9:9f:a1:b6:d8:cb:18:6e:78:d0:78:b6:f9:58:0a:
         87:cf:99:67:4e:6f:70:1e:08:2b:bc:12:56:11:a2:f9:ca:8f:
         16:24:16:19:d5:fb:cf:ab:f8:f8:f4:f3:bd:e8:64:45:2d:d6:
         af:63:f1:59:8a:ca:43:12:37:59:f6:46:ce:ea:25:b2:aa:7c:
         9c:2a:58:4a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk2NUeQrLNtH5wmaP9GYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA5YTg3NzQzODE3YzU2ZjgwODgwMDdhNTc0NmViNjlm
ZjJlMzAwHhcNMjQwMTAyMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWYwNTc2ODJkMjhhOWVmMWVmZGRmZDBiZmU3MGE0MWVmODAxMDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw1iXHxqWMF9s3onzq0SfzHki3Bb
VvH+I8uVCyo2vJp6ZRJ4H0Ry1qMG724HZdHeOWTXefud02bwEvf4vRa3ceFmGO4E
/dHxJ3Ub8Xoh7eQnkv0R1+ABWOnRBbebrbKuFATYM39PQOmBgIxQA1qo4A2d7AMG
NQRVkg+2oYakRvnw2Qd6FFmPiJLDjQDD566Jg3BXvddMDiPF0hOd2aahfGR30E/1
v5mTO5G9A7pWmnvGAlauO+5DNpcCHdlvtb894It0dAGEJHndiJO2g7+QChYJsJYc
szwrp9avPYfrF2tfI/sKaXrSkqHxUIkdSf9nktBSWnTw+wRwCZxw00ulwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ7wV2gtKKnvHv3f0L/nCkHvgBCFMB8GA1UdIwQY
MBaAFL/Qmod0OBfFb4CIAHpXRutp/y4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlDYWgzUTRGOFZ2Z0lnQWVsZEc2Mm5fTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wOTI1NzAtNTEyYS00NGZhLWE0ZmUt
ZGJjYThjMzFlYmM4LzEvbnZCWGFDMG9xZThlX2RfUXYtY0tRZS1BRUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wOTI1NzAtNTEyYS00NGZhLWE0ZmUtZGJjYThjMzFlYmM4
LzEvdjlDYWgzUTRGOFZ2Z0lnQWVsZEc2Mm5fTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVLgMA0E
AgACMAcDBQMqBZVAMA0GCSqGSIb3DQEBCwUAA4IBAQB7PmRnFt0QnQ1vKa/1IEWu
SsjULItb8nWWH6kQdLVyd4qhIcwFrXrG1AaELU88QGaQpTIEXDHk8GM+qEfG6gtF
2uQobnjrR3uOK5AVkJJBSm5DZPULolGP/eU/KeFjYvRuzPo9cRgHoiKlW1tk3bR8
71LUgcLFWMNvFeVkn2p+emdJVL2G4hEoiOzJgn/am/myiDB5PBRcZ5L2wEIyJ5kv
bDbFa4Ga8I8BC85eccTgtndf84vt4UHpn6G22MsYbnjQeLb5WAqHz5lnTm9wHggr
vBJWEaL5yo8WJBYZ1fvPq/j49PO96GRFLdavY/FZispDEjdZ9kbO6iWyqnycKlhK
-----END CERTIFICATE-----