Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/2cPzx5yC33wf52182891dA6O0ZU.roa
File:                     2cPzx5yC33wf52182891dA6O0ZU.roa (raw, json)
Hash identifier:          xicT5jJWaPOazymgWVfUrmfvCXEB9Rh170sVgX2/ssg=
Subject key identifier:   D9:C3:F3:C7:9C:82:DF:7C:1F:E7:6D:7C:DB:CF:75:74:0E:8E:D1:95
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348F7B603C1B7D05EC4F1034A960D52
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/2cPzx5yC33wf52182891dA6O0ZU.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43957
IP address blocks:        144.208.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f7:b6:03:c1:b7:d0:5e:c4:f1:03:4a:96:0d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9c3f3c79c82df7c1fe76d7cdbcf75740e8ed195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:81:cf:c9:cb:01:ba:69:2c:9c:26:b8:92:7e:
                    d5:20:ea:a3:9d:74:39:05:bf:01:f1:15:27:1e:26:
                    08:c3:85:81:9d:15:70:b3:01:5c:c6:44:9f:75:04:
                    88:d7:21:39:20:98:57:d9:26:06:d6:77:04:78:39:
                    ae:c9:99:22:ae:7e:9b:52:0b:aa:00:11:44:08:b6:
                    74:43:e4:12:bb:aa:14:5a:09:8a:f7:e2:86:7e:b0:
                    ed:cf:81:8d:0d:04:b1:7d:42:05:de:e2:00:ad:5c:
                    3b:c0:7f:77:b3:1b:d8:39:a8:8a:1c:02:ba:05:ab:
                    f5:02:3e:4b:0a:4f:15:bd:52:42:9c:ea:c7:8e:78:
                    38:a0:23:6a:f1:60:1d:cf:92:f7:19:3f:31:f8:eb:
                    a9:f5:15:16:5f:d0:07:c7:5e:91:73:89:36:fa:7d:
                    20:7a:57:40:c7:1b:9c:f4:96:56:b0:c8:e7:1e:6a:
                    d4:cc:65:cd:86:8d:d8:c9:56:fd:16:2e:4d:f5:dc:
                    a5:59:f3:67:fb:2b:6b:6d:2b:1a:41:4e:a4:bf:97:
                    37:2f:7c:74:d2:da:3e:d8:86:cd:14:b4:87:bb:c6:
                    15:5a:86:90:b3:be:c8:2c:b4:89:00:19:f2:8d:3b:
                    a5:88:90:b2:dd:d4:21:be:55:77:69:b9:46:76:7c:
                    db:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:C3:F3:C7:9C:82:DF:7C:1F:E7:6D:7C:DB:CF:75:74:0E:8E:D1:95
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/2cPzx5yC33wf52182891dA6O0ZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.208.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:9e:5a:d2:b2:ce:99:df:01:fa:6e:a7:3a:e0:2d:da:50:65:
         2b:c1:4e:f0:0d:3a:e0:5b:28:5e:a8:d7:bb:3b:88:cd:9b:07:
         29:22:3a:36:97:1a:0f:1d:3c:f2:b7:3e:01:6b:fe:cd:ca:1f:
         50:f0:f8:55:cd:8d:4f:52:c3:61:4e:30:fb:dc:2a:9a:da:17:
         68:66:c9:e3:90:f2:1c:30:cd:12:6f:6f:6b:0e:9b:71:73:34:
         98:e2:55:5a:5d:f0:2b:12:c2:0a:2d:e4:17:64:bb:e5:28:9d:
         67:2a:76:4c:51:12:d6:c2:bc:0a:db:6d:46:99:f8:c5:d5:c0:
         6e:05:32:e6:c2:26:a2:98:59:f8:64:0f:0a:4d:e5:2c:de:09:
         d6:18:15:65:04:b4:c7:8f:a5:cd:d9:40:26:25:12:f5:69:82:
         a1:51:27:1e:79:93:09:b8:c5:a1:59:40:02:38:4f:d5:de:86:
         c1:bd:3c:b0:fc:19:29:7c:2f:c3:da:b5:26:7f:1d:28:d7:dc:
         24:f5:0b:67:55:2a:82:74:fa:70:dd:97:01:b7:28:8b:a2:18:
         53:89:1b:bf:45:d6:7a:fb:7a:e0:52:2f:b8:a2:68:ff:82:6a:
         2e:ab:84:65:75:c5:17:61:87:73:84:ba:1d:51:fb:9e:b7:19:
         98:06:d7:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPe2A8G30F7E8QNKlg1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWMzZjNjNzljODJkZjdjMWZlNzZkN2NkYmNmNzU3NDBlOGVkMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4HPycsBumksnCa4kn7VIOqjnXQ5
Bb8B8RUnHiYIw4WBnRVwswFcxkSfdQSI1yE5IJhX2SYG1ncEeDmuyZkirn6bUguq
ABFECLZ0Q+QSu6oUWgmK9+KGfrDtz4GNDQSxfUIF3uIArVw7wH93sxvYOaiKHAK6
Bav1Aj5LCk8VvVJCnOrHjng4oCNq8WAdz5L3GT8x+Oup9RUWX9AHx16Rc4k2+n0g
eldAxxuc9JZWsMjnHmrUzGXNho3YyVb9Fi5N9dylWfNn+ytrbSsaQU6kv5c3L3x0
0to+2IbNFLSHu8YVWoaQs77ILLSJABnyjTuliJCy3dQhvlV3ablGdnzbYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnD88ecgt98H+dtfNvPdXQOjtGVMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvMmNQeng1eUMzM3dmNTIxODI4OTFkQTZPMFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkNDAMA0G
CSqGSIb3DQEBCwUAA4IBAQDInlrSss6Z3wH6bqc64C3aUGUrwU7wDTrgWyheqNe7
O4jNmwcpIjo2lxoPHTzytz4Ba/7Nyh9Q8PhVzY1PUsNhTjD73Cqa2hdoZsnjkPIc
MM0Sb29rDptxczSY4lVaXfArEsIKLeQXZLvlKJ1nKnZMURLWwrwK221GmfjF1cBu
BTLmwiaimFn4ZA8KTeUs3gnWGBVlBLTHj6XN2UAmJRL1aYKhUSceeZMJuMWhWUAC
OE/V3obBvTyw/BkpfC/D2rUmfx0o19wk9QtnVSqCdPpw3ZcBtyiLohhTiRu/RdZ6
+3rgUi+4omj/gmouq4RldcUXYYdzhLodUfuetxmYBteo
-----END CERTIFICATE-----