Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/5ed5d3-b99c-486b-af9c-7cfd957f08ff/1/2wNW8xa8P7_79vN0O4xf9PgeSi8.roa
File:                     2wNW8xa8P7_79vN0O4xf9PgeSi8.roa (raw, json)
Hash identifier:          jidqeMG4Jvg8CNCQMWn55h5s+owR/kDshV7wQZgn2PU=
Subject key identifier:   DB:03:56:F3:16:BC:3F:BF:FB:F6:F3:74:3B:8C:5F:F4:F8:1E:4A:2F
Certificate issuer:       /CN=6311a9d4c10252fbf73b7165f35acc1dce9f0a93
Certificate serial:       018CC492FA6D880D638C66F154C191540F66
Authority key identifier: 63:11:A9:D4:C1:02:52:FB:F7:3B:71:65:F3:5A:CC:1D:CE:9F:0A:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YxGp1MECUvv3O3Fl81rMHc6fCpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/5ed5d3-b99c-486b-af9c-7cfd957f08ff/1/2wNW8xa8P7_79vN0O4xf9PgeSi8.roa
Signing time:             Mon 01 Jan 2024 10:30:15 +0000
ROA not before:           Mon 01 Jan 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42
IP address blocks:        194.0.17.0/24 maxlen: 24
                          2001:678:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/5ed5d3-b99c-486b-af9c-7cfd957f08ff/1/YxGp1MECUvv3O3Fl81rMHc6fCpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/5ed5d3-b99c-486b-af9c-7cfd957f08ff/1/YxGp1MECUvv3O3Fl81rMHc6fCpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YxGp1MECUvv3O3Fl81rMHc6fCpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fa:6d:88:0d:63:8c:66:f1:54:c1:91:54:0f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6311a9d4c10252fbf73b7165f35acc1dce9f0a93
        Validity
            Not Before: Jan  1 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db0356f316bc3fbffbf6f3743b8c5ff4f81e4a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c8:6e:59:b5:a3:57:54:86:54:f7:52:41:c3:
                    7a:9c:97:54:c1:dc:b3:d0:bd:87:f2:3e:4b:4f:78:
                    b5:ce:33:54:2e:2f:87:28:c3:a8:60:3a:42:10:5f:
                    ec:fd:e4:df:3c:ef:55:8c:e3:35:69:05:87:32:79:
                    53:08:67:9f:09:d8:8f:34:6e:09:38:69:0d:ca:42:
                    e8:92:c3:68:f1:41:9e:13:cc:68:ea:b2:9b:a1:cf:
                    fb:92:ae:65:3b:31:50:3c:38:28:26:18:e1:9c:ca:
                    3d:f1:fd:05:b8:1f:e9:51:4b:05:5a:cd:29:b3:5f:
                    cc:0b:f6:03:2b:30:7f:83:65:38:3f:a5:b3:95:d9:
                    b2:dd:8c:32:15:17:7e:f0:61:62:30:79:53:28:9d:
                    17:f3:6e:da:2f:e3:a8:82:63:67:a3:47:ff:45:7a:
                    c1:ee:95:77:23:76:e6:d6:4c:c5:e5:6d:41:d0:fa:
                    60:6e:a3:1c:4e:0d:d3:42:2c:d2:4a:de:4e:ba:1e:
                    79:aa:ff:c8:ed:06:b6:00:8c:9e:ad:9a:1e:a2:2d:
                    cb:6f:7e:0d:24:01:24:19:31:4a:77:39:c3:da:3d:
                    59:1a:59:62:e4:2b:ed:53:7e:67:92:d7:5a:d2:3d:
                    e8:ba:0e:33:a3:cd:e0:20:0b:05:14:1c:8a:08:f8:
                    73:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:03:56:F3:16:BC:3F:BF:FB:F6:F3:74:3B:8C:5F:F4:F8:1E:4A:2F
            X509v3 Authority Key Identifier:
                keyid:63:11:A9:D4:C1:02:52:FB:F7:3B:71:65:F3:5A:CC:1D:CE:9F:0A:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YxGp1MECUvv3O3Fl81rMHc6fCpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/5ed5d3-b99c-486b-af9c-7cfd957f08ff/1/2wNW8xa8P7_79vN0O4xf9PgeSi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/5ed5d3-b99c-486b-af9c-7cfd957f08ff/1/YxGp1MECUvv3O3Fl81rMHc6fCpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.17.0/24
                IPv6:
                  2001:678:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:13:8f:ff:88:a3:a7:1e:b5:57:86:ca:d6:07:f2:49:6e:7d:
         3c:5d:c2:d2:c8:ed:c7:a5:7a:23:a4:0a:20:24:c6:bd:e1:05:
         1c:77:a6:62:b3:1c:94:69:70:e3:7f:e4:f0:b5:c2:bb:20:07:
         00:21:02:11:39:38:45:08:9d:10:f9:87:71:09:ad:91:3c:97:
         dc:f7:3d:08:d5:60:a4:f4:41:94:d8:87:03:4b:bb:32:ec:ab:
         3e:68:04:22:d0:2c:e5:91:80:31:b9:c7:56:be:4b:d4:9f:69:
         06:13:25:45:f3:8e:37:cf:48:3d:5a:f0:ae:6d:95:ef:15:dc:
         af:33:d1:29:0a:81:85:24:24:bf:2f:2c:81:71:4a:ab:54:8e:
         5d:cf:78:e3:31:14:4d:36:c8:6b:88:e1:72:e4:e6:91:1a:b7:
         06:be:84:9e:36:62:cc:77:a8:34:7a:fb:8e:cb:b0:e5:25:f0:
         01:c3:03:1b:60:81:8c:eb:87:35:c9:0b:62:4d:79:6e:9d:8f:
         5c:61:89:77:2c:57:35:3c:a0:e6:a7:3d:b5:94:91:c5:71:ec:
         be:6a:71:2c:af:94:6c:6a:81:e4:6d:aa:b9:ef:43:3f:e0:2f:
         85:1f:a9:c6:89:30:ae:68:83:c0:c7:c1:17:f9:23:58:43:9a:
         f2:7a:e5:14
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEkvptiA1jjGbxVMGRVA9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMTFhOWQ0YzEwMjUyZmJmNzNiNzE2NWYzNWFjYzFkY2U5
ZjBhOTMwHhcNMjQwMTAxMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjAzNTZmMzE2YmMzZmJmZmJmNmYzNzQzYjhjNWZmNGY4MWU0YTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsshuWbWjV1SGVPdSQcN6nJdUwdyz
0L2H8j5LT3i1zjNULi+HKMOoYDpCEF/s/eTfPO9VjOM1aQWHMnlTCGefCdiPNG4J
OGkNykLoksNo8UGeE8xo6rKboc/7kq5lOzFQPDgoJhjhnMo98f0FuB/pUUsFWs0p
s1/MC/YDKzB/g2U4P6Wzldmy3YwyFRd+8GFiMHlTKJ0X827aL+OogmNno0f/RXrB
7pV3I3bm1kzF5W1B0PpgbqMcTg3TQizSSt5Ouh55qv/I7Qa2AIyerZoeoi3Lb34N
JAEkGTFKdznD2j1ZGlli5CvtU35nktda0j3oug4zo83gIAsFFByKCPhzdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNsDVvMWvD+/+/bzdDuMX/T4HkovMB8GA1UdIwQY
MBaAFGMRqdTBAlL79ztxZfNazB3OnwqTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXhHcDFNRUNVdnYzTzNGbDgxck1IYzZmQ3BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS81ZWQ1ZDMtYjk5Yy00ODZiLWFmOWMt
N2NmZDk1N2YwOGZmLzEvMndOVzh4YThQN183OXZOME80eGY5UGdlU2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS81ZWQ1ZDMtYjk5Yy00ODZiLWFmOWMtN2NmZDk1N2YwOGZm
LzEvWXhHcDFNRUNVdnYzTzNGbDgxck1IYzZmQ3BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgARMA8E
AgACMAkDBwAgAQZ4AAMwDQYJKoZIhvcNAQELBQADggEBAKUTj/+Io6cetVeGytYH
8klufTxdwtLI7celeiOkCiAkxr3hBRx3pmKzHJRpcON/5PC1wrsgBwAhAhE5OEUI
nRD5h3EJrZE8l9z3PQjVYKT0QZTYhwNLuzLsqz5oBCLQLOWRgDG5x1a+S9SfaQYT
JUXzjjfPSD1a8K5tle8V3K8z0SkKgYUkJL8vLIFxSqtUjl3PeOMxFE02yGuI4XLk
5pEatwa+hJ42Ysx3qDR6+47LsOUl8AHDAxtggYzrhzXJC2JNeW6dj1xhiXcsVzU8
oOanPbWUkcVx7L5qcSyvlGxqgeRtqrnvQz/gL4UfqcaJMK5og8DHwRf5I1hDmvJ6
5RQ=
-----END CERTIFICATE-----