Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/MkwBB19vG-MOekoScpRbz90D72k.roa
File:                     MkwBB19vG-MOekoScpRbz90D72k.roa (raw, json)
Hash identifier:          LlbEl1R2T1PS9iRDkPUktW0uZir2fng2kQJ++xx1Mes=
Subject key identifier:   32:4C:01:07:5F:6F:1B:E3:0E:7A:4A:12:72:94:5B:CF:DD:03:EF:69
Certificate issuer:       /CN=ef477ca3b449bbc41247e8c921e4c8dabfc1afae
Certificate serial:       018CC56EEE48583274E26439955EE61775C7
Authority key identifier: EF:47:7C:A3:B4:49:BB:C4:12:47:E8:C9:21:E4:C8:DA:BF:C1:AF:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/MkwBB19vG-MOekoScpRbz90D72k.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16245
IP address blocks:        193.17.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 23:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ee:48:58:32:74:e2:64:39:95:5e:e6:17:75:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef477ca3b449bbc41247e8c921e4c8dabfc1afae
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=324c01075f6f1be30e7a4a1272945bcfdd03ef69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:46:99:71:c3:3c:f6:22:38:e6:ba:3f:db:47:
                    73:c0:d7:b0:2a:be:e2:89:6f:4f:c2:eb:1f:49:bc:
                    89:48:bb:7e:0f:92:dd:49:e9:94:70:e8:fe:f6:3b:
                    07:f9:89:8a:e6:25:45:63:7b:db:70:61:10:6a:80:
                    b3:61:25:32:0f:2e:6d:5f:c9:74:a2:21:e5:6c:e9:
                    81:d7:0c:52:bb:9b:a4:74:db:92:f7:84:2c:6c:8e:
                    08:95:f1:85:6b:13:27:6f:6b:a1:6e:77:c8:43:8e:
                    8d:7f:e4:ce:b0:e9:f6:9f:05:06:36:4e:13:e0:bc:
                    22:4b:d2:13:c3:a3:18:f5:1e:88:8c:bb:6c:23:04:
                    5e:ca:6a:6c:48:ae:e5:be:80:34:56:6c:47:f6:99:
                    f4:05:92:15:b0:99:e9:16:08:d9:fc:1d:24:df:3e:
                    05:6f:ff:76:f2:b7:39:37:8c:a7:7d:7c:23:61:9e:
                    c1:03:40:cb:d8:f0:d6:46:91:11:4c:00:e8:54:49:
                    9b:7f:15:fc:4f:eb:83:be:e1:4c:70:35:65:17:35:
                    3f:fb:d0:68:90:e2:48:d3:de:7b:d3:d4:a9:8b:d1:
                    2b:fd:71:82:13:5b:0c:92:c4:41:fb:13:50:65:84:
                    66:f4:4d:6c:48:24:68:98:29:c0:c2:a9:a1:4d:71:
                    3b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4C:01:07:5F:6F:1B:E3:0E:7A:4A:12:72:94:5B:CF:DD:03:EF:69
            X509v3 Authority Key Identifier:
                keyid:EF:47:7C:A3:B4:49:BB:C4:12:47:E8:C9:21:E4:C8:DA:BF:C1:AF:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/70d8o7RJu8QSR-jJIeTI2r_Br64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/MkwBB19vG-MOekoScpRbz90D72k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f1eea2-9582-4a65-b5be-603aa1f209d8/1/70d8o7RJu8QSR-jJIeTI2r_Br64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:8a:ec:3d:7e:73:a5:7c:38:bb:31:f3:54:b3:72:60:b9:63:
         1a:d3:6a:58:39:9d:7f:8e:9d:ef:cf:1d:7e:9f:a9:f2:2b:84:
         0a:04:fd:10:14:b5:46:21:da:5c:1b:46:c1:3f:01:57:c1:60:
         a2:49:57:1d:a3:46:c9:89:57:1f:5d:d5:0a:81:4d:d2:42:4d:
         82:f4:f8:15:23:f7:d1:be:13:2e:30:dd:da:26:7f:3e:21:1c:
         59:69:4b:e6:e0:3d:f6:1f:f1:ee:56:89:dd:21:b6:3c:59:00:
         cb:f7:c6:3c:af:ff:b6:da:ee:39:4f:e3:3c:70:1f:4e:50:a8:
         0f:87:9f:84:66:1f:2b:0c:ff:b8:4e:3a:99:74:39:a3:b4:0f:
         03:68:e9:c7:e9:96:1a:96:2f:5f:dc:3c:13:da:90:a7:23:2b:
         fc:e7:53:7b:dd:24:14:0a:d6:33:13:d4:5e:bb:ea:41:65:ea:
         37:54:18:7d:9d:94:3e:65:80:02:d2:c2:9a:ce:bb:81:a3:cd:
         b3:fd:f9:69:e8:44:95:11:5c:16:91:e5:51:f9:08:e7:a2:cf:
         d4:aa:5f:3d:a8:b9:9e:42:2f:88:55:d8:39:dc:fd:28:bd:99:
         76:65:f4:e9:7b:6f:a7:7a:1a:c4:65:f3:90:7b:a1:eb:05:43:
         41:58:fb:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbu5IWDJ04mQ5lV7mF3XHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNDc3Y2EzYjQ0OWJiYzQxMjQ3ZThjOTIxZTRjOGRhYmZj
MWFmYWUwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjRjMDEwNzVmNmYxYmUzMGU3YTRhMTI3Mjk0NWJjZmRkMDNlZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkaZccM89iI45ro/20dzwNewKr7i
iW9PwusfSbyJSLt+D5LdSemUcOj+9jsH+YmK5iVFY3vbcGEQaoCzYSUyDy5tX8l0
oiHlbOmB1wxSu5ukdNuS94QsbI4IlfGFaxMnb2uhbnfIQ46Nf+TOsOn2nwUGNk4T
4LwiS9ITw6MY9R6IjLtsIwReympsSK7lvoA0VmxH9pn0BZIVsJnpFgjZ/B0k3z4F
b/928rc5N4ynfXwjYZ7BA0DL2PDWRpERTADoVEmbfxX8T+uDvuFMcDVlFzU/+9Bo
kOJI095709Spi9Er/XGCE1sMksRB+xNQZYRm9E1sSCRomCnAwqmhTXE7dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJMAQdfbxvjDnpKEnKUW8/dA+9pMB8GA1UdIwQY
MBaAFO9HfKO0SbvEEkfoySHkyNq/wa+uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzBkOG83Ukp1OFFTUi1qSkllVEkycl9CcjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9mMWVlYTItOTU4Mi00YTY1LWI1YmUt
NjAzYWExZjIwOWQ4LzEvTWt3QkIxOXZHLU1PZWtvU2NwUmJ6OTBENzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9mMWVlYTItOTU4Mi00YTY1LWI1YmUtNjAzYWExZjIwOWQ4
LzEvNzBkOG83Ukp1OFFTUi1qSkllVEkycl9CcjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHOMA0G
CSqGSIb3DQEBCwUAA4IBAQBpiuw9fnOlfDi7MfNUs3JguWMa02pYOZ1/jp3vzx1+
n6nyK4QKBP0QFLVGIdpcG0bBPwFXwWCiSVcdo0bJiVcfXdUKgU3SQk2C9PgVI/fR
vhMuMN3aJn8+IRxZaUvm4D32H/HuVondIbY8WQDL98Y8r/+22u45T+M8cB9OUKgP
h5+EZh8rDP+4TjqZdDmjtA8DaOnH6ZYali9f3DwT2pCnIyv851N73SQUCtYzE9Re
u+pBZeo3VBh9nZQ+ZYAC0sKazruBo82z/flp6ESVEVwWkeVR+Qjnos/Uql89qLme
Qi+IVdg53P0ovZl2ZfTpe2+nehrEZfOQe6HrBUNBWPtK
-----END CERTIFICATE-----