Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/2nqd4RFqDQ9TrR7LdpoSTfswsfc.roa
File:                     2nqd4RFqDQ9TrR7LdpoSTfswsfc.roa (raw, json)
Hash identifier:          0je7mWEdNOit7ie/nqrK1epS9L0XeAGzBs3YWVE54yE=
Subject key identifier:   DA:7A:9D:E1:11:6A:0D:0F:53:AD:1E:CB:76:9A:12:4D:FB:30:B1:F7
Certificate issuer:       /CN=c25cb7132c19f7d51f002ed4ad811aecf5b20f57
Certificate serial:       018CC86F04F87BCBC476C2F13D4DC61A6AB8
Authority key identifier: C2:5C:B7:13:2C:19:F7:D5:1F:00:2E:D4:AD:81:1A:EC:F5:B2:0F:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/2nqd4RFqDQ9TrR7LdpoSTfswsfc.roa
Signing time:             Tue 02 Jan 2024 04:29:28 +0000
ROA not before:           Tue 02 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49699
IP address blocks:        193.68.112.0/24 maxlen: 24
                          193.68.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:04:f8:7b:cb:c4:76:c2:f1:3d:4d:c6:1a:6a:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c25cb7132c19f7d51f002ed4ad811aecf5b20f57
        Validity
            Not Before: Jan  2 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da7a9de1116a0d0f53ad1ecb769a124dfb30b1f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:83:e8:9f:c9:41:7f:21:82:f7:9a:62:78:19:
                    a1:5a:e3:e8:c9:44:06:65:c3:0a:bb:33:3b:12:6c:
                    3b:71:49:a0:35:d2:dc:1a:4e:28:48:9f:15:9c:ac:
                    7d:cf:73:e1:e7:21:9c:ae:95:0f:a3:f2:95:4f:6e:
                    0e:3f:41:52:6e:94:ed:bc:38:b1:c2:39:53:58:46:
                    3c:c9:50:cd:5f:c4:94:e7:90:4e:2b:59:48:92:ff:
                    ca:6f:4a:f5:b5:99:59:b7:c0:c8:7b:bc:69:29:0f:
                    a7:17:f9:fb:a2:f5:5e:f9:07:67:c7:29:90:02:53:
                    9d:b0:d5:ff:3e:38:dd:38:fa:81:10:a2:dd:69:39:
                    fa:e2:ca:de:42:f3:f0:ee:74:f0:06:dc:06:1b:79:
                    bd:40:b7:59:c3:72:9d:9d:c1:9c:71:5a:c0:48:c2:
                    74:75:7e:fc:3c:a3:af:fd:c2:d2:d8:c1:d1:a2:7d:
                    d0:a9:dd:57:66:0a:99:0b:1c:42:d8:1c:01:fb:1a:
                    7d:6d:f5:a8:da:d2:26:51:bd:8f:a5:14:ea:84:cb:
                    6a:5b:1f:75:82:4b:9b:14:d1:3a:3f:e0:7a:e9:76:
                    d0:7a:22:26:b3:2d:ec:92:d0:58:ed:8c:40:a5:3d:
                    43:c7:cd:ca:2c:2c:c4:a8:56:6a:8d:0d:60:a5:78:
                    55:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7A:9D:E1:11:6A:0D:0F:53:AD:1E:CB:76:9A:12:4D:FB:30:B1:F7
            X509v3 Authority Key Identifier:
                keyid:C2:5C:B7:13:2C:19:F7:D5:1F:00:2E:D4:AD:81:1A:EC:F5:B2:0F:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/2nqd4RFqDQ9TrR7LdpoSTfswsfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.68.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:e9:14:ec:1b:e3:8b:cf:56:cc:13:c8:0f:ab:05:bf:da:7a:
         3a:f4:e7:7d:97:f5:fd:27:ef:f9:53:92:51:c6:57:4d:78:15:
         21:60:fa:c4:d9:dc:a6:28:b3:d8:30:2a:cb:6f:aa:bf:dd:09:
         16:2c:7a:16:96:f2:c9:97:4b:c1:c2:ba:fd:ef:1a:fd:c4:83:
         cd:29:fc:f3:b4:fd:67:d6:1e:19:d5:3d:73:44:b5:a6:dd:36:
         99:21:17:e6:42:eb:d2:a1:a1:23:59:5c:82:de:42:18:4c:d0:
         3f:70:4f:ff:9b:a1:da:87:6e:12:f0:1a:b5:d2:52:4d:80:55:
         60:86:fe:2b:76:66:67:5a:75:63:97:34:d7:be:1f:72:55:b5:
         5b:39:3d:e9:67:2c:e5:59:2a:ef:58:2e:7f:de:ef:39:9f:c3:
         ae:fa:c4:fe:f8:0d:68:2c:3f:a3:ee:aa:b6:f9:f1:b5:8b:c8:
         38:5b:95:e8:75:59:f2:99:07:a3:1a:84:52:69:58:85:ba:a0:
         8f:ae:76:16:4d:21:34:95:b4:64:92:5b:fb:ac:a6:d9:f1:85:
         a4:d7:dd:01:c1:de:f4:9a:69:61:f5:42:01:07:0a:4f:7a:72:
         5e:fd:3b:fb:f2:bb:c6:e1:52:2a:f4:6d:df:76:45:61:46:bb:
         18:ba:92:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwT4e8vEdsLxPU3GGmq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNWNiNzEzMmMxOWY3ZDUxZjAwMmVkNGFkODExYWVjZjVi
MjBmNTcwHhcNMjQwMTAyMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdhOWRlMTExNmEwZDBmNTNhZDFlY2I3NjlhMTI0ZGZiMzBiMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYPon8lBfyGC95pieBmhWuPoyUQG
ZcMKuzM7Emw7cUmgNdLcGk4oSJ8VnKx9z3Ph5yGcrpUPo/KVT24OP0FSbpTtvDix
wjlTWEY8yVDNX8SU55BOK1lIkv/Kb0r1tZlZt8DIe7xpKQ+nF/n7ovVe+QdnxymQ
AlOdsNX/PjjdOPqBEKLdaTn64sreQvPw7nTwBtwGG3m9QLdZw3KdncGccVrASMJ0
dX78PKOv/cLS2MHRon3Qqd1XZgqZCxxC2BwB+xp9bfWo2tImUb2PpRTqhMtqWx91
gkubFNE6P+B66XbQeiImsy3sktBY7YxApT1Dx83KLCzEqFZqjQ1gpXhV9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp6neERag0PU60ey3aaEk37MLH3MB8GA1UdIwQY
MBaAFMJctxMsGffVHwAu1K2BGuz1sg9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2x5M0V5d1o5OVVmQUM3VXJZRWE3UFd5RDFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9iMjcyMDMtOWQ0OC00OWE1LWFmMjUt
NDlkNDBhMTNjYmMyLzEvMm5xZDRSRnFEUTlUclI3TGRwb1NUZnN3c2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9iMjcyMDMtOWQ0OC00OWE1LWFmMjUtNDlkNDBhMTNjYmMy
LzEvd2x5M0V5d1o5OVVmQUM3VXJZRWE3UFd5RDFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwURwMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ6RTsG+OLz1bME8gPqwW/2no69Od9l/X9J+/5U5JR
xldNeBUhYPrE2dymKLPYMCrLb6q/3QkWLHoWlvLJl0vBwrr97xr9xIPNKfzztP1n
1h4Z1T1zRLWm3TaZIRfmQuvSoaEjWVyC3kIYTNA/cE//m6Hah24S8Bq10lJNgFVg
hv4rdmZnWnVjlzTXvh9yVbVbOT3pZyzlWSrvWC5/3u85n8Ou+sT++A1oLD+j7qq2
+fG1i8g4W5XodVnymQejGoRSaViFuqCPrnYWTSE0lbRkklv7rKbZ8YWk190Bwd70
mmlh9UIBBwpPenJe/Tv78rvG4VIq9G3fdkVhRrsYupJJ
-----END CERTIFICATE-----