Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/XchJTxbWg0w9fUCmhJjgV8lmu0g.roa
File:                     XchJTxbWg0w9fUCmhJjgV8lmu0g.roa (raw, json)
Hash identifier:          xq8SC8VKHv5ZM38yhHwJiLX1R79LOWn1TifpfrOJuYw=
Subject key identifier:   5D:C8:49:4F:16:D6:83:4C:3D:7D:40:A6:84:98:E0:57:C9:66:BB:48
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F441B0F1FD348E83751ED0D903542
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/XchJTxbWg0w9fUCmhJjgV8lmu0g.roa
Signing time:             Tue 02 Jan 2024 04:29:44 +0000
ROA not before:           Tue 02 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62816
IP address blocks:        2.56.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:44:1b:0f:1f:d3:48:e8:37:51:ed:0d:90:35:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dc8494f16d6834c3d7d40a68498e057c966bb48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1c:fa:af:e4:e5:9e:6a:54:32:6d:08:c0:1e:
                    3b:29:dd:e2:bd:d1:13:3d:04:20:e8:1f:65:59:3b:
                    30:52:7c:d9:ac:9b:2f:c0:99:b0:12:4e:d3:7b:43:
                    e1:07:88:6c:25:10:78:03:57:78:a6:c5:7c:1e:60:
                    ee:51:cc:4c:67:4e:22:53:e4:aa:56:96:d1:fc:12:
                    91:ec:d7:a1:f4:b4:82:35:b1:a8:cd:40:4b:0c:43:
                    0c:aa:4e:b7:5e:51:b7:e5:cd:37:21:d6:51:16:b2:
                    df:e6:7c:ab:0f:81:82:ff:1e:12:ec:f8:e0:3e:f1:
                    0b:2a:1e:74:80:0c:88:2a:d5:b9:d1:37:f9:5d:c1:
                    8e:aa:58:8c:27:c3:85:1b:b9:01:98:1c:e7:37:f0:
                    6b:a9:d8:e5:57:a0:c8:91:3a:40:0e:cf:b5:05:d1:
                    94:b7:d2:0e:ea:62:f8:98:5d:3a:9b:21:58:8f:e0:
                    f9:58:cc:1f:64:5b:8f:d8:5e:b6:42:24:b7:33:58:
                    4c:8b:75:0c:da:34:f2:a9:d4:f0:ed:6d:11:0b:fc:
                    b1:56:0e:f2:e1:c2:69:7a:07:ce:db:fe:61:56:4e:
                    90:df:13:df:bc:05:f4:54:32:78:03:b8:20:07:5b:
                    19:97:08:e3:94:49:74:1a:b8:cb:4a:ee:26:c7:4c:
                    54:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C8:49:4F:16:D6:83:4C:3D:7D:40:A6:84:98:E0:57:C9:66:BB:48
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/XchJTxbWg0w9fUCmhJjgV8lmu0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ec:e1:08:55:32:30:5c:7a:2e:36:64:30:c0:c1:59:30:0e:
         ad:5f:0a:79:59:ae:3a:d4:bc:a8:74:29:04:21:0a:62:21:5e:
         ae:17:b8:ea:a1:32:a9:7c:d4:4f:1e:5a:aa:97:ad:aa:ec:bf:
         af:e0:0f:8a:d4:b2:69:6c:3a:f7:c1:ff:0e:32:7f:dc:b5:85:
         43:0b:e8:1d:fd:aa:c4:75:a7:52:e1:b6:96:63:be:f0:14:63:
         eb:17:c2:9e:55:6e:16:c1:5d:4a:09:dc:62:f6:eb:7b:e7:18:
         e0:6b:df:07:89:ca:c2:de:8c:ba:e3:b0:04:e1:0b:78:42:68:
         22:6b:a5:87:5b:0a:d5:ea:cd:52:ba:c4:f9:8a:0e:42:92:b0:
         58:b3:5e:38:b5:ea:5d:f6:a0:f7:51:70:34:24:18:43:93:23:
         b7:50:cd:7d:c6:04:87:82:e8:b4:5b:48:0a:52:c2:90:19:5d:
         65:d6:f3:16:73:ab:b5:31:60:f0:25:52:38:09:df:14:a3:a7:
         c4:a8:cd:71:92:49:33:22:9a:b8:fb:6f:20:62:c1:2d:5b:19:
         a6:f5:66:b5:c4:dd:53:c5:40:ae:01:21:ad:ae:78:ba:7f:31:
         b7:84:75:d9:ce:56:ff:1a:e2:39:bb:fb:7a:d2:b1:f6:f3:e5:
         67:b2:4f:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0QbDx/TSOg3Ue0NkDVCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGM4NDk0ZjE2ZDY4MzRjM2Q3ZDQwYTY4NDk4ZTA1N2M5NjZiYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRz6r+TlnmpUMm0IwB47Kd3ivdET
PQQg6B9lWTswUnzZrJsvwJmwEk7Te0PhB4hsJRB4A1d4psV8HmDuUcxMZ04iU+Sq
VpbR/BKR7Neh9LSCNbGozUBLDEMMqk63XlG35c03IdZRFrLf5nyrD4GC/x4S7Pjg
PvELKh50gAyIKtW50Tf5XcGOqliMJ8OFG7kBmBznN/BrqdjlV6DIkTpADs+1BdGU
t9IO6mL4mF06myFYj+D5WMwfZFuP2F62QiS3M1hMi3UM2jTyqdTw7W0RC/yxVg7y
4cJpegfO2/5hVk6Q3xPfvAX0VDJ4A7ggB1sZlwjjlEl0GrjLSu4mx0xUrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3ISU8W1oNMPX1ApoSY4FfJZrtIMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvWGNoSlR4YldnMHc5ZlVDbWhKamdWOGxtdTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhuMA0G
CSqGSIb3DQEBCwUAA4IBAQAD7OEIVTIwXHouNmQwwMFZMA6tXwp5Wa461LyodCkE
IQpiIV6uF7jqoTKpfNRPHlqql62q7L+v4A+K1LJpbDr3wf8OMn/ctYVDC+gd/arE
dadS4baWY77wFGPrF8KeVW4WwV1KCdxi9ut75xjga98HicrC3oy647AE4Qt4Qmgi
a6WHWwrV6s1SusT5ig5CkrBYs144tepd9qD3UXA0JBhDkyO3UM19xgSHgui0W0gK
UsKQGV1l1vMWc6u1MWDwJVI4Cd8Uo6fEqM1xkkkzIpq4+28gYsEtWxmm9Wa1xN1T
xUCuASGtrni6fzG3hHXZzlb/GuI5u/t60rH28+Vnsk+X
-----END CERTIFICATE-----