Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/3cb4d6-f32c-4130-ae0e-badbe840977e/1/2z6LsI_o5WA-wjlHEyLVyaANZLc.roa
File:                     2z6LsI_o5WA-wjlHEyLVyaANZLc.roa (raw, json)
Hash identifier:          WBT4La052LS/qP/I1oFySnJ0P6GzL7y/IXa9qAn6xAw=
Subject key identifier:   DB:3E:8B:B0:8F:E8:E5:60:3E:C2:39:47:13:22:D5:C9:A0:0D:64:B7
Certificate issuer:       /CN=1f67cf1ca2dea32fcd9702dd2510eb6bf2b68610
Certificate serial:       0191236C48ABA87E996062DD8B43AA873BB6
Authority key identifier: 1F:67:CF:1C:A2:DE:A3:2F:CD:97:02:DD:25:10:EB:6B:F2:B6:86:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2fPHKLeoy_NlwLdJRDra_K2hhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/3cb4d6-f32c-4130-ae0e-badbe840977e/1/2z6LsI_o5WA-wjlHEyLVyaANZLc.roa
Signing time:             Mon 05 Aug 2024 16:43:04 +0000
ROA not before:           Mon 05 Aug 2024 16:43:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394456
IP address blocks:        185.83.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/3cb4d6-f32c-4130-ae0e-badbe840977e/1/H2fPHKLeoy_NlwLdJRDra_K2hhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/3cb4d6-f32c-4130-ae0e-badbe840977e/1/H2fPHKLeoy_NlwLdJRDra_K2hhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2fPHKLeoy_NlwLdJRDra_K2hhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:23:6c:48:ab:a8:7e:99:60:62:dd:8b:43:aa:87:3b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f67cf1ca2dea32fcd9702dd2510eb6bf2b68610
        Validity
            Not Before: Aug  5 16:43:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db3e8bb08fe8e5603ec239471322d5c9a00d64b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:23:f6:5c:7a:3e:2c:2c:31:a9:98:3a:7d:43:
                    bb:c6:5d:02:38:fd:f8:c5:8c:18:42:38:b1:1d:6a:
                    33:88:1b:13:b9:c9:0c:29:2b:68:2f:65:ed:3f:74:
                    32:a4:41:01:0a:57:98:70:de:06:f3:6e:d3:1e:cb:
                    5a:53:6d:22:7f:c5:e8:22:49:e0:8f:a1:1a:e8:a4:
                    06:be:e9:df:ee:ef:ac:37:1d:73:eb:ea:dc:fc:ba:
                    77:48:58:04:74:5c:68:e4:9e:29:4b:8b:60:ae:89:
                    0e:a0:4f:9a:de:a4:48:04:12:77:54:3b:3e:8f:24:
                    5c:f7:e4:c2:0b:77:e2:bf:6a:c6:c3:d5:9c:5a:7b:
                    61:d9:10:f7:66:ca:d4:80:c1:8c:0b:bc:13:e8:de:
                    b8:2f:ff:71:31:a3:97:df:d1:57:b5:b8:b0:a3:d8:
                    74:99:7a:b7:50:10:91:0e:df:42:a7:15:42:77:66:
                    89:91:ab:21:3e:25:03:c2:79:77:4d:69:50:c6:d1:
                    49:69:e6:e7:85:93:8c:f6:5b:b4:89:ab:26:ff:f0:
                    f5:5d:b3:72:21:8d:46:a9:b5:33:16:e4:6f:3f:bf:
                    68:57:e5:33:d2:c3:aa:45:06:b1:92:df:a7:a6:1f:
                    06:81:62:fa:b4:1f:80:c6:3d:78:12:be:ce:b7:f8:
                    37:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3E:8B:B0:8F:E8:E5:60:3E:C2:39:47:13:22:D5:C9:A0:0D:64:B7
            X509v3 Authority Key Identifier:
                keyid:1F:67:CF:1C:A2:DE:A3:2F:CD:97:02:DD:25:10:EB:6B:F2:B6:86:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2fPHKLeoy_NlwLdJRDra_K2hhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3cb4d6-f32c-4130-ae0e-badbe840977e/1/2z6LsI_o5WA-wjlHEyLVyaANZLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3cb4d6-f32c-4130-ae0e-badbe840977e/1/H2fPHKLeoy_NlwLdJRDra_K2hhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:14:22:c5:d3:b7:d9:7b:c7:80:20:a8:f2:47:8f:d3:d7:fa:
         25:95:2d:07:4c:a1:cd:33:4b:93:0f:50:1f:11:04:49:91:3f:
         99:dc:26:33:47:21:46:f6:12:7d:62:9d:b1:07:ed:d8:cd:da:
         56:cf:3f:eb:51:59:21:f9:c7:9c:36:a9:37:35:ec:8a:ea:05:
         a8:b3:72:cf:51:0a:6c:c4:ae:c9:94:55:db:ec:50:0c:79:00:
         2e:39:2f:d7:74:9a:4f:d0:86:93:87:72:ad:08:bc:42:d6:5f:
         26:8e:77:b8:c7:bd:a9:78:8e:45:71:1f:11:0b:d8:d5:0d:e5:
         4c:e7:b1:2b:a0:d2:4b:47:25:2e:3e:d4:cf:27:b8:7a:92:10:
         8f:99:76:21:83:4e:60:d0:3c:70:25:6d:e2:0c:4b:54:a6:7e:
         38:e4:30:df:1f:49:6f:1c:59:6e:b7:a8:73:70:03:a0:30:72:
         e7:9d:eb:36:df:73:83:4d:f3:af:74:4a:d0:76:d8:b3:b4:e6:
         10:9a:97:7c:30:86:7c:e1:c3:22:74:3e:79:9e:6a:4a:54:b2:
         22:84:76:62:2c:90:d3:32:66:ca:8b:3c:a2:98:06:ab:cd:16:
         05:5d:b4:64:e6:d7:a6:9c:f5:c7:76:3f:15:24:fc:ca:c0:45:
         9b:83:3e:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEjbEirqH6ZYGLdi0Oqhzu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjdjZjFjYTJkZWEzMmZjZDk3MDJkZDI1MTBlYjZiZjJi
Njg2MTAwHhcNMjQwODA1MTY0MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNlOGJiMDhmZThlNTYwM2VjMjM5NDcxMzIyZDVjOWEwMGQ2NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyP2XHo+LCwxqZg6fUO7xl0COP34
xYwYQjixHWoziBsTuckMKStoL2XtP3QypEEBCleYcN4G827THstaU20if8XoIkng
j6Ea6KQGvunf7u+sNx1z6+rc/Lp3SFgEdFxo5J4pS4tgrokOoE+a3qRIBBJ3VDs+
jyRc9+TCC3fiv2rGw9WcWnth2RD3ZsrUgMGMC7wT6N64L/9xMaOX39FXtbiwo9h0
mXq3UBCRDt9CpxVCd2aJkashPiUDwnl3TWlQxtFJaebnhZOM9lu0iasm//D1XbNy
IY1GqbUzFuRvP79oV+Uz0sOqRQaxkt+nph8GgWL6tB+Axj14Er7Ot/g3gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs+i7CP6OVgPsI5RxMi1cmgDWS3MB8GA1UdIwQY
MBaAFB9nzxyi3qMvzZcC3SUQ62vytoYQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJmUEhLTGVveV9ObHdMZEpSRHJhX0syaGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zY2I0ZDYtZjMyYy00MTMwLWFlMGUt
YmFkYmU4NDA5NzdlLzEvMno2THNJX281V0Etd2psSEV5TFZ5YUFOWkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zY2I0ZDYtZjMyYy00MTMwLWFlMGUtYmFkYmU4NDA5Nzdl
LzEvSDJmUEhLTGVveV9ObHdMZEpSRHJhX0syaGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVPWMA0G
CSqGSIb3DQEBCwUAA4IBAQDLFCLF07fZe8eAIKjyR4/T1/ollS0HTKHNM0uTD1Af
EQRJkT+Z3CYzRyFG9hJ9Yp2xB+3YzdpWzz/rUVkh+cecNqk3NeyK6gWos3LPUQps
xK7JlFXb7FAMeQAuOS/XdJpP0IaTh3KtCLxC1l8mjne4x72peI5FcR8RC9jVDeVM
57EroNJLRyUuPtTPJ7h6khCPmXYhg05g0DxwJW3iDEtUpn445DDfH0lvHFlut6hz
cAOgMHLnnes233ODTfOvdErQdtiztOYQmpd8MIZ84cMidD55nmpKVLIihHZiLJDT
MmbKizyimAarzRYFXbRk5temnPXHdj8VJPzKwEWbgz4z
-----END CERTIFICATE-----