Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/k2Wpn9kGwXJlitjGh_D-HLL7BaQ.roa
File:                     k2Wpn9kGwXJlitjGh_D-HLL7BaQ.roa (raw, json)
Hash identifier:          u+LGrIaiQPRn8OQtMKTEvyMQjl3AzmBJJTfVfEcVF/E=
Subject key identifier:   93:65:A9:9F:D9:06:C1:72:65:8A:D8:C6:87:F0:FE:1C:B2:FB:05:A4
Certificate issuer:       /CN=5813e26d71ac5b6a601156d90ce0dccec5986243
Certificate serial:       018F335E97F67CCCB848F2587FAE44895CE5
Authority key identifier: 58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/k2Wpn9kGwXJlitjGh_D-HLL7BaQ.roa
Signing time:             Wed 01 May 2024 08:56:28 +0000
ROA not before:           Wed 01 May 2024 08:56:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212150
IP address blocks:        185.224.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 14:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:5e:97:f6:7c:cc:b8:48:f2:58:7f:ae:44:89:5c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5813e26d71ac5b6a601156d90ce0dccec5986243
        Validity
            Not Before: May  1 08:56:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9365a99fd906c172658ad8c687f0fe1cb2fb05a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:dd:09:5b:80:68:01:a4:84:39:09:a7:44:1d:
                    af:cd:d1:fb:c5:69:19:c6:8a:d7:ce:ff:bc:21:08:
                    32:72:9f:32:fb:62:3e:26:7c:61:5f:bd:2b:4f:3b:
                    ba:a3:88:70:bb:20:8d:90:25:7a:8f:32:b7:fb:67:
                    ec:a6:c4:c8:f6:bb:0c:6c:36:66:dc:8c:23:57:27:
                    b8:41:75:fc:61:f1:c8:61:a4:29:05:1e:9b:f5:05:
                    01:01:87:c1:3c:77:0a:fd:26:38:b1:af:e4:8b:f2:
                    3a:cb:fa:55:c2:a6:ce:ed:1c:0b:f2:e0:74:7c:2b:
                    1e:6a:f8:69:f9:12:b6:1e:61:db:7f:4f:a1:25:2d:
                    55:48:12:99:c4:94:53:4f:6a:a9:49:4e:9b:b0:55:
                    67:b4:fe:4e:2a:21:01:a7:f0:b4:b4:09:97:96:1e:
                    20:a1:20:96:75:93:ef:3f:92:bd:bb:ab:4e:8e:b5:
                    79:c6:70:18:d7:60:48:28:c1:fb:8b:88:d7:7a:19:
                    dd:4d:21:70:0c:2c:61:3b:b6:aa:14:7b:a5:57:8a:
                    8f:20:22:06:46:93:b2:88:79:0b:49:f6:94:1d:77:
                    0a:69:99:38:de:3d:bd:e5:3a:52:5b:97:0c:14:cb:
                    79:66:0e:5c:67:51:07:e7:7c:a8:ed:1a:ff:d9:75:
                    21:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:65:A9:9F:D9:06:C1:72:65:8A:D8:C6:87:F0:FE:1C:B2:FB:05:A4
            X509v3 Authority Key Identifier:
                keyid:58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/k2Wpn9kGwXJlitjGh_D-HLL7BaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:f6:c0:2b:09:92:41:ab:eb:f9:a3:b0:fc:53:d0:85:4f:cd:
         00:01:c6:6f:ba:45:2d:a8:77:fa:d3:1e:b6:c5:41:93:05:c7:
         29:97:bb:ce:2b:ff:01:52:71:a4:56:d0:00:e0:1e:fd:75:56:
         15:d6:7f:0d:6c:6b:9e:63:87:b3:7f:7a:37:74:4d:e9:98:bb:
         e4:10:11:fd:4a:10:f3:c9:81:95:e8:cb:21:fb:d1:a8:23:15:
         61:9c:9f:9d:c9:26:76:6c:15:a5:2a:69:74:63:b9:62:2c:4b:
         c7:87:da:23:18:06:d2:d1:72:47:65:16:01:b8:08:0c:f6:58:
         07:9d:10:1e:d0:82:d8:91:e9:62:5f:17:51:2a:22:72:76:78:
         53:5c:e1:1b:29:01:7b:7f:3c:2e:da:ea:ae:aa:32:8b:27:ae:
         6e:da:6d:20:75:4c:b7:0f:d4:6c:99:45:4a:24:47:ae:22:7c:
         ba:83:c8:03:7c:46:52:98:c0:e8:cb:67:cc:c5:bb:af:80:7f:
         24:d1:06:1f:39:66:72:6f:ff:57:e8:77:c7:e5:72:dc:bf:df:
         51:a4:9f:a9:73:b1:51:51:1e:78:24:b4:91:e1:ac:0c:fa:da:
         44:7a:6f:ae:80:f7:7f:be:72:51:37:81:d0:b2:47:c1:4b:85:
         6b:64:2f:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8zXpf2fMy4SPJYf65EiVzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTNlMjZkNzFhYzViNmE2MDExNTZkOTBjZTBkY2NlYzU5
ODYyNDMwHhcNMjQwNTAxMDg1NjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzY1YTk5ZmQ5MDZjMTcyNjU4YWQ4YzY4N2YwZmUxY2IyZmIwNWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhd0JW4BoAaSEOQmnRB2vzdH7xWkZ
xorXzv+8IQgycp8y+2I+JnxhX70rTzu6o4hwuyCNkCV6jzK3+2fspsTI9rsMbDZm
3IwjVye4QXX8YfHIYaQpBR6b9QUBAYfBPHcK/SY4sa/ki/I6y/pVwqbO7RwL8uB0
fCseavhp+RK2HmHbf0+hJS1VSBKZxJRTT2qpSU6bsFVntP5OKiEBp/C0tAmXlh4g
oSCWdZPvP5K9u6tOjrV5xnAY12BIKMH7i4jXehndTSFwDCxhO7aqFHulV4qPICIG
RpOyiHkLSfaUHXcKaZk43j295TpSW5cMFMt5Zg5cZ1EH53yo7Rr/2XUh9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNlqZ/ZBsFyZYrYxofw/hyy+wWkMB8GA1UdIwQY
MBaAFFgT4m1xrFtqYBFW2Qzg3M7FmGJDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3Nzgt
MDZkZjFkYzAzMzY3LzEvazJXcG45a0d3WEpsaXRqR2hfRC1ITEw3QmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3NzgtMDZkZjFkYzAzMzY3
LzEvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueACMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ9sArCZJBq+v5o7D8U9CFT80AAcZvukUtqHf60x62
xUGTBccpl7vOK/8BUnGkVtAA4B79dVYV1n8NbGueY4ezf3o3dE3pmLvkEBH9ShDz
yYGV6Msh+9GoIxVhnJ+dySZ2bBWlKml0Y7liLEvHh9ojGAbS0XJHZRYBuAgM9lgH
nRAe0ILYkeliXxdRKiJydnhTXOEbKQF7fzwu2uquqjKLJ65u2m0gdUy3D9RsmUVK
JEeuIny6g8gDfEZSmMDoy2fMxbuvgH8k0QYfOWZyb/9X6HfH5XLcv99RpJ+pc7FR
UR54JLSR4awM+tpEem+ugPd/vnJRN4HQskfBS4VrZC/K
-----END CERTIFICATE-----