Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa
File:                     2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa (raw, json)
Hash identifier:          KF/mOFC5tlDU+RATya1n7B2Fluy2rXuaECxa85X+OK4=
Subject key identifier:   D8:65:5C:DC:24:EA:0C:AC:36:86:25:58:57:E1:3B:8E:10:A3:4F:4B
Certificate issuer:       /CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
Certificate serial:       018CCA2ABEF9973A3CC14C279FAD3104D170
Authority key identifier: 63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa
Signing time:             Tue 02 Jan 2024 12:34:08 +0000
ROA not before:           Tue 02 Jan 2024 12:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8468
IP address blocks:        178.16.224.0/21 maxlen: 21
                          178.16.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:be:f9:97:3a:3c:c1:4c:27:9f:ad:31:04:d1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
        Validity
            Not Before: Jan  2 12:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8655cdc24ea0cac3686255857e13b8e10a34f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2f:9b:e5:d7:ac:10:a0:51:6e:c4:85:e8:c5:
                    61:86:0f:15:49:f1:d2:0d:67:37:b8:61:46:a8:2f:
                    cd:ed:f2:6f:5e:db:a2:60:61:f8:47:86:2c:5c:70:
                    db:1d:07:c9:ae:f5:f2:e2:96:ce:cd:fd:87:cf:fd:
                    c5:91:96:a3:53:c3:00:1b:ad:84:f7:78:25:8a:c0:
                    8d:37:1a:0a:7d:eb:9f:68:3b:5d:d5:f6:85:b2:ea:
                    7d:99:22:80:84:42:54:19:7d:e2:cc:24:65:b1:bb:
                    0c:1e:17:fb:90:81:b2:da:11:09:01:ad:e7:88:0b:
                    0e:f8:fc:a5:d8:d7:a2:b5:af:0b:95:9c:ac:ca:3e:
                    93:9e:82:08:c1:57:5d:bb:17:56:bb:78:fb:b6:a8:
                    69:99:46:fb:4e:95:ae:b2:72:4e:09:8a:df:24:43:
                    40:3a:1f:73:5b:49:26:20:6a:0b:41:95:4b:99:09:
                    37:e3:17:52:98:df:fc:b6:53:59:d3:08:ba:0a:91:
                    8e:35:2d:a6:38:e3:10:13:42:02:b1:aa:a4:ea:31:
                    b2:5d:61:15:6d:40:3b:61:d8:43:d9:00:d2:1b:9e:
                    81:ce:fd:aa:53:c9:10:02:68:1b:79:9b:46:7f:b7:
                    61:f5:e1:b6:0e:0a:dd:64:e5:ea:15:8d:0c:45:08:
                    8e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:65:5C:DC:24:EA:0C:AC:36:86:25:58:57:E1:3B:8E:10:A3:4F:4B
            X509v3 Authority Key Identifier:
                keyid:63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.224.0/21
                  178.16.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:83:b2:d7:b9:a3:c1:ae:b7:fa:45:94:ec:03:cb:83:80:4a:
         be:6d:2e:5b:10:e6:88:a0:0f:8e:06:5e:a8:57:a8:f8:c7:c9:
         2e:d2:71:ae:e7:2c:0b:7f:26:a9:27:69:d9:e2:3e:62:df:b8:
         4d:02:3f:f5:3b:20:db:40:7f:7c:7d:19:92:cf:ca:12:3c:3d:
         98:28:0c:38:4f:7b:6e:21:1b:5a:df:c8:71:44:fc:fd:53:46:
         b8:bd:31:7e:4f:23:6e:eb:3a:88:f9:04:d8:e2:bb:a3:df:eb:
         0e:e1:35:8e:e8:2e:94:ab:9d:4c:5c:88:3d:cf:88:c3:6f:8e:
         a0:d8:1f:51:0e:79:06:e7:e6:9e:7e:8e:fa:ef:63:43:0e:7d:
         34:68:f2:b8:a7:96:c0:5b:58:e4:d0:d9:3d:39:a4:4c:98:93:
         13:03:91:e2:81:d7:d4:8c:74:4e:8d:2f:cb:ed:79:e6:e4:27:
         93:18:6b:12:ce:9e:88:7d:e0:4c:a4:c7:45:d5:07:08:5b:c3:
         59:85:6f:58:cf:3e:c8:8c:b8:d4:c5:e2:e4:ee:3a:87:5e:ec:
         ca:97:ce:01:ca:95:af:7e:80:e5:ab:11:a4:de:c6:43:c2:d8:
         9f:65:4f:90:9b:b3:a2:53:83:80:67:6e:79:f4:d8:c9:6b:38:
         4c:47:f9:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKr75lzo8wUwnn60xBNFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDk1YTRjZWNiZWFmYjNlYWRmNmVkMDM0OWJiMGI5NmRh
NDY0ZWUwHhcNMjQwMTAyMTIzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY1NWNkYzI0ZWEwY2FjMzY4NjI1NTg1N2UxM2I4ZTEwYTM0ZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri+b5desEKBRbsSF6MVhhg8VSfHS
DWc3uGFGqC/N7fJvXtuiYGH4R4YsXHDbHQfJrvXy4pbOzf2Hz/3FkZajU8MAG62E
93glisCNNxoKfeufaDtd1faFsup9mSKAhEJUGX3izCRlsbsMHhf7kIGy2hEJAa3n
iAsO+Pyl2Neita8LlZysyj6TnoIIwVdduxdWu3j7tqhpmUb7TpWusnJOCYrfJENA
Oh9zW0kmIGoLQZVLmQk34xdSmN/8tlNZ0wi6CpGONS2mOOMQE0ICsaqk6jGyXWEV
bUA7YdhD2QDSG56Bzv2qU8kQAmgbeZtGf7dh9eG2DgrdZOXqFY0MRQiO/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNhlXNwk6gysNoYlWFfhO44Qo09LMB8GA1UdIwQY
MBaAFGNJWkzsvq+z6t9u0DSbsLltpGTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMt
MzgyMGY3ZWUyY2I4LzEvMkdWYzNDVHFES3cyaGlWWVYtRTdqaENqVDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMtMzgyMGY3ZWUyY2I4
LzEvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDshDgAwQA
shDtMA0GCSqGSIb3DQEBCwUAA4IBAQDTg7LXuaPBrrf6RZTsA8uDgEq+bS5bEOaI
oA+OBl6oV6j4x8ku0nGu5ywLfyapJ2nZ4j5i37hNAj/1OyDbQH98fRmSz8oSPD2Y
KAw4T3tuIRta38hxRPz9U0a4vTF+TyNu6zqI+QTY4ruj3+sO4TWO6C6Uq51MXIg9
z4jDb46g2B9RDnkG5+aefo7672NDDn00aPK4p5bAW1jk0Nk9OaRMmJMTA5HigdfU
jHROjS/L7Xnm5CeTGGsSzp6IfeBMpMdF1QcIW8NZhW9Yzz7IjLjUxeLk7jqHXuzK
l84BypWvfoDlqxGk3sZDwtifZU+Qm7OiU4OAZ2559NjJazhMR/ni
-----END CERTIFICATE-----