Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/w2qY6wXryLRJven5jwVHtiFUem8.roa
File:                     w2qY6wXryLRJven5jwVHtiFUem8.roa (raw, json)
Hash identifier:          CVAqLldpWlYK8WqQxUzhDKZUS55ewiAyi6+zFPElId0=
Subject key identifier:   C3:6A:98:EB:05:EB:C8:B4:49:BD:E9:F9:8F:05:47:B6:21:54:7A:6F
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       018CC4938503C5E63E296B41CCF0A7D5C525
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/w2qY6wXryLRJven5jwVHtiFUem8.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18345
IP address blocks:        178.157.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:85:03:c5:e6:3e:29:6b:41:cc:f0:a7:d5:c5:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c36a98eb05ebc8b449bde9f98f0547b621547a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:62:75:6a:55:65:51:af:f7:6a:e0:ea:46:7f:
                    62:30:d7:6d:b4:08:41:d2:f4:a2:bb:b5:27:4b:5e:
                    fe:b7:23:b2:34:0c:ef:c3:6d:6b:7b:0c:c8:eb:ff:
                    ae:21:42:3c:dd:c8:7f:62:f8:c9:f3:74:dd:0e:f7:
                    cf:20:96:74:b6:b0:2b:83:f6:35:22:4c:be:45:0c:
                    92:eb:76:a6:da:80:c0:e8:fb:f9:1b:c4:39:29:4e:
                    c5:ba:71:23:81:a0:2a:1c:64:d8:fd:bf:f3:35:d1:
                    a6:8a:87:ea:28:39:44:a1:8b:78:0b:ad:53:f6:ae:
                    ac:c6:a7:b8:07:d9:4f:86:55:41:03:8a:a1:6b:cf:
                    ca:40:a5:6b:b2:53:af:69:ae:0f:ef:f2:9b:82:c2:
                    5b:02:7c:1a:a5:2c:2b:40:b7:68:64:ac:96:c2:4f:
                    5c:44:ed:b5:88:dd:ec:ee:31:37:24:51:52:4f:50:
                    ec:d6:db:c8:a0:aa:c7:a0:d3:f8:84:26:c7:37:87:
                    98:ec:1c:e5:6e:12:c4:08:de:c8:db:ef:8b:22:d8:
                    94:f2:d9:eb:1b:53:61:e2:bd:30:4d:c0:45:fc:45:
                    10:d6:87:f8:90:6d:e2:7e:f9:99:e1:8c:86:ab:9b:
                    46:2f:7f:bc:df:c3:26:1b:96:78:2d:34:dc:1a:42:
                    7a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:6A:98:EB:05:EB:C8:B4:49:BD:E9:F9:8F:05:47:B6:21:54:7A:6F
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/w2qY6wXryLRJven5jwVHtiFUem8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.157.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:fc:c2:c7:83:8f:39:fa:dc:18:30:40:a6:e1:2c:3c:c0:af:
         0d:ee:6e:b2:21:9e:36:ec:30:da:44:02:9c:9f:f8:67:6d:a2:
         95:50:e1:14:6f:69:e9:a7:45:8c:7e:7a:6a:9b:e7:58:3c:9f:
         f6:37:f9:4a:98:22:c2:e3:31:54:fc:15:d8:4a:02:db:70:5e:
         9a:f8:9b:ae:36:08:f0:30:e1:ca:c3:ef:03:f6:5c:96:17:16:
         dc:d9:f2:e1:6a:d1:c6:ab:3e:b0:ec:63:d4:eb:1f:6d:66:14:
         be:bb:da:89:0a:d5:2b:9b:9a:e9:ba:1f:fb:d4:97:b7:0e:0f:
         e1:3e:59:1c:ae:6d:31:af:50:e8:b3:6f:be:35:90:2c:c1:97:
         db:3f:35:33:46:93:74:99:2f:bf:fa:43:f5:96:4a:1e:d2:c8:
         0a:d8:e1:24:09:27:01:fe:4d:7a:8d:ff:34:bf:fc:48:fa:da:
         e4:a9:9c:c4:b1:5d:7d:84:ad:00:b7:71:8a:ca:66:41:6e:76:
         ed:68:a8:d2:b3:38:eb:e5:f5:a0:7c:81:ec:a7:23:14:d1:ae:
         32:f2:7c:04:f6:67:81:00:ea:3b:10:14:8c:20:d6:e4:20:60:
         0a:79:e5:96:d7:72:84:53:05:52:39:4d:70:e0:d9:7e:ac:24:
         60:55:64:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4UDxeY+KWtBzPCn1cUlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzZhOThlYjA1ZWJjOGI0NDliZGU5Zjk4ZjA1NDdiNjIxNTQ3YTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2J1alVlUa/3auDqRn9iMNdttAhB
0vSiu7UnS17+tyOyNAzvw21rewzI6/+uIUI83ch/YvjJ83TdDvfPIJZ0trArg/Y1
Iky+RQyS63am2oDA6Pv5G8Q5KU7FunEjgaAqHGTY/b/zNdGmiofqKDlEoYt4C61T
9q6sxqe4B9lPhlVBA4qha8/KQKVrslOvaa4P7/KbgsJbAnwapSwrQLdoZKyWwk9c
RO21iN3s7jE3JFFST1Ds1tvIoKrHoNP4hCbHN4eY7BzlbhLECN7I2++LItiU8tnr
G1Nh4r0wTcBF/EUQ1of4kG3ifvmZ4YyGq5tGL3+838MmG5Z4LTTcGkJ6vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNqmOsF68i0Sb3p+Y8FR7YhVHpvMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvdzJxWTZ3WHJ5TFJKdmVuNWp3Vkh0aUZVZW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsp1dMA0G
CSqGSIb3DQEBCwUAA4IBAQCp/MLHg485+twYMECm4Sw8wK8N7m6yIZ427DDaRAKc
n/hnbaKVUOEUb2npp0WMfnpqm+dYPJ/2N/lKmCLC4zFU/BXYSgLbcF6a+JuuNgjw
MOHKw+8D9lyWFxbc2fLhatHGqz6w7GPU6x9tZhS+u9qJCtUrm5rpuh/71Je3Dg/h
Plkcrm0xr1Dos2++NZAswZfbPzUzRpN0mS+/+kP1lkoe0sgK2OEkCScB/k16jf80
v/xI+trkqZzEsV19hK0At3GKymZBbnbtaKjSszjr5fWgfIHspyMU0a4y8nwE9meB
AOo7EBSMINbkIGAKeeWW13KEUwVSOU1w4Nl+rCRgVWQr
-----END CERTIFICATE-----