Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/172310-3cb0-4bb0-91ae-4462a126d07d/1/2_swvO1kdgfYEmxH22QqXJKm_qM.roa
File:                     2_swvO1kdgfYEmxH22QqXJKm_qM.roa (raw, json)
Hash identifier:          G7otxsRf9FkiScWKpXBiPiRN2pWqib+n4KdbWVl9Wwo=
Subject key identifier:   DB:FB:30:BC:ED:64:76:07:D8:12:6C:47:DB:64:2A:5C:92:A6:FE:A3
Certificate issuer:       /CN=f50e225bfb45218b997719804ea287f1751cf20e
Certificate serial:       018CC49356CF16037BD2026F6F9A067C7E87
Authority key identifier: F5:0E:22:5B:FB:45:21:8B:99:77:19:80:4E:A2:87:F1:75:1C:F2:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Q4iW_tFIYuZdxmATqKH8XUc8g4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/172310-3cb0-4bb0-91ae-4462a126d07d/1/2_swvO1kdgfYEmxH22QqXJKm_qM.roa
Signing time:             Mon 01 Jan 2024 10:30:39 +0000
ROA not before:           Mon 01 Jan 2024 10:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58247
IP address blocks:        2001:67c:29d4::/48 maxlen: 48
                          2001:67c:29d4:8000::/49 maxlen: 49

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/172310-3cb0-4bb0-91ae-4462a126d07d/1/9Q4iW_tFIYuZdxmATqKH8XUc8g4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/172310-3cb0-4bb0-91ae-4462a126d07d/1/9Q4iW_tFIYuZdxmATqKH8XUc8g4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Q4iW_tFIYuZdxmATqKH8XUc8g4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:56:cf:16:03:7b:d2:02:6f:6f:9a:06:7c:7e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50e225bfb45218b997719804ea287f1751cf20e
        Validity
            Not Before: Jan  1 10:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbfb30bced647607d8126c47db642a5c92a6fea3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:54:a8:05:57:a1:25:2e:26:98:0f:1d:d2:cf:
                    97:19:a8:3c:31:7b:a9:c1:8f:e2:8d:1b:fd:1f:15:
                    62:ea:7d:15:df:0e:53:21:bc:4a:27:bc:ce:9c:87:
                    01:1c:89:a7:b4:7b:b5:4c:a4:4d:45:5e:05:a0:b7:
                    d6:de:71:bd:82:6c:e1:56:fc:07:53:e9:18:df:e2:
                    6a:c3:25:f7:d9:79:bc:d1:b3:88:15:e2:ad:28:ba:
                    6d:0d:4e:7c:e4:5e:bd:4f:18:22:f9:3f:e2:4b:12:
                    13:b6:6f:b0:54:9f:be:89:5b:ff:87:7a:34:fa:ce:
                    f9:8f:8c:ae:07:44:13:f3:c9:f6:63:74:c9:6b:e5:
                    01:8f:fe:25:2c:ad:8d:f8:97:b5:13:f6:28:92:e5:
                    b5:ff:a9:e3:e5:96:e4:61:5a:54:0f:c3:52:66:ea:
                    2f:91:55:81:3e:23:3e:d5:06:6a:ba:4e:f1:2a:7d:
                    94:47:38:02:b8:29:12:07:07:ee:2c:c5:dc:e6:89:
                    db:d6:94:47:85:6d:9d:e3:5a:c3:68:b6:8e:f8:62:
                    31:04:d4:ed:81:4d:51:06:4d:69:e9:5a:8b:15:c3:
                    54:fa:3a:b6:fb:f4:e5:ec:cb:d6:a0:60:4f:c0:eb:
                    f8:09:ef:34:e3:a4:5d:8c:a4:5c:31:3f:75:9b:6a:
                    0a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FB:30:BC:ED:64:76:07:D8:12:6C:47:DB:64:2A:5C:92:A6:FE:A3
            X509v3 Authority Key Identifier:
                keyid:F5:0E:22:5B:FB:45:21:8B:99:77:19:80:4E:A2:87:F1:75:1C:F2:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Q4iW_tFIYuZdxmATqKH8XUc8g4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/172310-3cb0-4bb0-91ae-4462a126d07d/1/2_swvO1kdgfYEmxH22QqXJKm_qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/172310-3cb0-4bb0-91ae-4462a126d07d/1/9Q4iW_tFIYuZdxmATqKH8XUc8g4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:29d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:52:53:d4:f5:4f:b0:98:82:76:8d:f6:a6:a2:ad:0e:79:1e:
         73:14:b7:6d:8a:84:44:c2:83:05:f5:f8:e0:64:82:94:9b:28:
         34:c5:74:1e:89:35:83:0b:94:f9:36:86:3b:53:ae:17:b1:7e:
         6a:6c:b7:58:3d:63:40:cc:fb:77:f1:6f:03:cd:73:29:ee:f4:
         f7:e3:7e:32:09:42:48:3d:c2:b8:30:7d:66:e2:4f:fa:9e:2f:
         23:6d:d5:cb:6d:04:ac:9a:95:ca:83:95:c4:cd:dc:e5:01:07:
         a6:11:cd:f3:02:87:04:44:4c:85:26:fb:99:bc:5f:62:1b:06:
         9d:a3:c4:8c:b1:83:31:6b:20:2d:d5:0e:99:26:da:71:6b:16:
         6a:44:a2:4d:3a:fd:0b:7a:4d:7f:e4:78:22:1c:32:63:76:5b:
         a6:fe:c9:d6:66:0f:be:8d:fe:0a:e1:e1:a2:69:c6:07:56:67:
         7c:97:af:1b:d4:7d:42:1c:8f:41:3e:5c:63:b1:e2:d8:13:00:
         55:e0:7b:a1:a1:c0:42:d6:75:4b:d3:86:11:4b:f5:b0:36:e6:
         ff:1f:d4:d8:2d:d3:90:3d:5a:fc:39:bc:f9:c3:64:63:c0:b7:
         92:5a:c0:40:e2:2d:5a:5f:bb:30:7f:66:21:26:91:ec:e5:6c:
         59:dd:48:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk1bPFgN70gJvb5oGfH6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGUyMjViZmI0NTIxOGI5OTc3MTk4MDRlYTI4N2YxNzUx
Y2YyMGUwHhcNMjQwMTAxMTAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZiMzBiY2VkNjQ3NjA3ZDgxMjZjNDdkYjY0MmE1YzkyYTZmZWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1SoBVehJS4mmA8d0s+XGag8MXup
wY/ijRv9HxVi6n0V3w5TIbxKJ7zOnIcBHImntHu1TKRNRV4FoLfW3nG9gmzhVvwH
U+kY3+JqwyX32Xm80bOIFeKtKLptDU585F69Txgi+T/iSxITtm+wVJ++iVv/h3o0
+s75j4yuB0QT88n2Y3TJa+UBj/4lLK2N+Je1E/YokuW1/6nj5ZbkYVpUD8NSZuov
kVWBPiM+1QZquk7xKn2URzgCuCkSBwfuLMXc5onb1pRHhW2d41rDaLaO+GIxBNTt
gU1RBk1p6VqLFcNU+jq2+/Tl7MvWoGBPwOv4Ce8046RdjKRcMT91m2oKdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNv7MLztZHYH2BJsR9tkKlySpv6jMB8GA1UdIwQY
MBaAFPUOIlv7RSGLmXcZgE6ih/F1HPIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVE0aVdfdEZJWXVaZHhtQVRxS0g4WFVjOGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8xNzIzMTAtM2NiMC00YmIwLTkxYWUt
NDQ2MmExMjZkMDdkLzEvMl9zd3ZPMWtkZ2ZZRW14SDIyUXFYSkttX3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8xNzIzMTAtM2NiMC00YmIwLTkxYWUtNDQ2MmExMjZkMDdk
LzEvOVE0aVdfdEZJWXVaZHhtQVRxS0g4WFVjOGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCnU
MA0GCSqGSIb3DQEBCwUAA4IBAQBpUlPU9U+wmIJ2jfamoq0OeR5zFLdtioREwoMF
9fjgZIKUmyg0xXQeiTWDC5T5NoY7U64XsX5qbLdYPWNAzPt38W8DzXMp7vT3434y
CUJIPcK4MH1m4k/6ni8jbdXLbQSsmpXKg5XEzdzlAQemEc3zAocEREyFJvuZvF9i
Gwado8SMsYMxayAt1Q6ZJtpxaxZqRKJNOv0Lek1/5HgiHDJjdlum/snWZg++jf4K
4eGiacYHVmd8l68b1H1CHI9BPlxjseLYEwBV4HuhocBC1nVL04YRS/WwNub/H9TY
LdOQPVr8Obz5w2RjwLeSWsBA4i1aX7swf2YhJpHs5WxZ3Ug7
-----END CERTIFICATE-----