Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/191219-47c9-4b1b-8e46-dd8a68dbd3b6/1/NyWgVp_-QJXWscBELi8zsRgffHc.roa
File:                     NyWgVp_-QJXWscBELi8zsRgffHc.roa (raw, json)
Hash identifier:          6KICuCiHGYJPjYnxMCHApe6+Vvnktl22IiNbnumZNcs=
Subject key identifier:   37:25:A0:56:9F:FE:40:95:D6:B1:C0:44:2E:2F:33:B1:18:1F:7C:77
Certificate issuer:       /CN=ffabc23595fd80447d98f5ec3513161bd2473fc6
Certificate serial:       018CC9BC05DC3B47FF5D42C07D43E50CDDC7
Authority key identifier: FF:AB:C2:35:95:FD:80:44:7D:98:F5:EC:35:13:16:1B:D2:47:3F:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6vCNZX9gER9mPXsNRMWG9JHP8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/191219-47c9-4b1b-8e46-dd8a68dbd3b6/1/NyWgVp_-QJXWscBELi8zsRgffHc.roa
Signing time:             Tue 02 Jan 2024 10:33:11 +0000
ROA not before:           Tue 02 Jan 2024 10:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203568
IP address blocks:        193.222.252.0/23 maxlen: 23
                          193.223.70.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/191219-47c9-4b1b-8e46-dd8a68dbd3b6/1/_6vCNZX9gER9mPXsNRMWG9JHP8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/191219-47c9-4b1b-8e46-dd8a68dbd3b6/1/_6vCNZX9gER9mPXsNRMWG9JHP8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6vCNZX9gER9mPXsNRMWG9JHP8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:05:dc:3b:47:ff:5d:42:c0:7d:43:e5:0c:dd:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffabc23595fd80447d98f5ec3513161bd2473fc6
        Validity
            Not Before: Jan  2 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3725a0569ffe4095d6b1c0442e2f33b1181f7c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f8:61:4b:be:96:23:ce:d7:d9:df:0c:36:96:
                    4b:2a:f4:56:99:c9:2a:85:ca:8d:fe:e8:e6:a0:b4:
                    aa:f9:19:82:7f:44:8a:b6:53:24:58:15:8b:8a:24:
                    27:7b:15:ff:ee:26:ca:92:27:ef:32:f4:87:1d:6f:
                    af:14:43:6b:e1:8d:78:25:e2:a4:7b:ec:3e:7b:2d:
                    8b:68:e2:51:0c:84:16:51:c6:c5:a4:9e:fb:37:ff:
                    68:d5:27:20:c2:3d:09:13:3e:66:b8:55:a5:69:b4:
                    0c:b3:25:1b:26:2a:09:8b:47:68:48:c9:6a:e1:ec:
                    ce:5e:a7:5e:80:8e:01:f7:4b:da:e2:76:43:46:7b:
                    48:6b:9d:29:82:d0:53:2c:0d:b8:54:2a:09:3a:b6:
                    dd:7d:4a:2c:d0:f1:be:06:f2:36:c1:1b:a3:0e:2e:
                    00:e8:67:d9:14:5a:8a:ab:cc:b7:63:ee:f9:27:d9:
                    57:a5:7a:40:8e:1d:40:9e:c8:4f:8c:fa:8a:1d:28:
                    d9:ab:02:0c:ca:3e:dd:59:30:fb:e2:c1:ae:38:64:
                    90:ec:0e:4d:01:8a:ac:2c:14:66:98:e9:e3:5a:1f:
                    d9:1e:de:1a:8d:16:ad:de:b7:52:5c:07:e9:87:43:
                    5e:79:2b:ef:94:f1:58:c3:70:b7:af:f5:34:6b:6b:
                    75:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:25:A0:56:9F:FE:40:95:D6:B1:C0:44:2E:2F:33:B1:18:1F:7C:77
            X509v3 Authority Key Identifier:
                keyid:FF:AB:C2:35:95:FD:80:44:7D:98:F5:EC:35:13:16:1B:D2:47:3F:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6vCNZX9gER9mPXsNRMWG9JHP8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/191219-47c9-4b1b-8e46-dd8a68dbd3b6/1/NyWgVp_-QJXWscBELi8zsRgffHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/191219-47c9-4b1b-8e46-dd8a68dbd3b6/1/_6vCNZX9gER9mPXsNRMWG9JHP8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.252.0/23
                  193.223.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:1b:3c:8f:6c:05:4a:99:03:ce:30:b7:e9:fd:11:8b:c5:d9:
         4d:6a:dd:13:57:67:da:43:84:02:3e:75:6f:10:0b:3d:49:9c:
         d2:3c:24:52:41:cd:6b:55:e3:5f:38:bd:14:a4:5a:23:80:51:
         21:be:fd:5f:bb:88:b3:2f:08:fa:10:8e:87:17:1a:ac:85:83:
         30:a6:7a:f9:10:37:96:e1:70:af:70:31:1f:70:12:41:45:93:
         26:d9:3b:e3:39:f8:55:0b:e3:1f:32:67:80:4e:f3:d9:5c:c6:
         7f:f5:5c:34:81:09:e8:b4:aa:92:fe:c2:59:20:86:66:8b:9e:
         d7:61:ed:9c:b7:54:e2:3d:31:2e:6f:3f:5a:8b:98:1b:c2:e9:
         ba:66:1e:90:4f:40:9d:55:1b:1b:bc:67:63:00:78:02:d4:68:
         95:0d:e9:3f:16:73:81:6d:3b:48:d5:d4:cf:26:5f:39:aa:38:
         35:02:fd:11:83:e7:62:2c:95:ce:ad:37:26:6e:9e:7a:6e:7e:
         a0:81:d8:3a:4b:f3:13:62:4b:c8:1a:0e:d0:1f:f1:fd:c4:e9:
         87:17:ca:cf:f6:81:7f:eb:41:8c:de:c1:1c:b3:c1:fe:3c:c5:
         48:d4:3e:85:d3:0e:07:e8:9d:dc:2f:a4:64:21:4d:a9:21:7f:
         12:96:ba:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvAXcO0f/XULAfUPlDN3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYWJjMjM1OTVmZDgwNDQ3ZDk4ZjVlYzM1MTMxNjFiZDI0
NzNmYzYwHhcNMjQwMTAyMTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzI1YTA1NjlmZmU0MDk1ZDZiMWMwNDQyZTJmMzNiMTE4MWY3Yzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfhhS76WI87X2d8MNpZLKvRWmckq
hcqN/ujmoLSq+RmCf0SKtlMkWBWLiiQnexX/7ibKkifvMvSHHW+vFENr4Y14JeKk
e+w+ey2LaOJRDIQWUcbFpJ77N/9o1Scgwj0JEz5muFWlabQMsyUbJioJi0doSMlq
4ezOXqdegI4B90va4nZDRntIa50pgtBTLA24VCoJOrbdfUos0PG+BvI2wRujDi4A
6GfZFFqKq8y3Y+75J9lXpXpAjh1AnshPjPqKHSjZqwIMyj7dWTD74sGuOGSQ7A5N
AYqsLBRmmOnjWh/ZHt4ajRat3rdSXAfph0NeeSvvlPFYw3C3r/U0a2t1dQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDcloFaf/kCV1rHARC4vM7EYH3x3MB8GA1UdIwQY
MBaAFP+rwjWV/YBEfZj17DUTFhvSRz/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZ2Q05aWDlnRVI5bVBYc05STVdHOUpIUDhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8xOTEyMTktNDdjOS00YjFiLThlNDYt
ZGQ4YTY4ZGJkM2I2LzEvTnlXZ1ZwXy1RSlhXc2NCRUxpOHpzUmdmZkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8xOTEyMTktNDdjOS00YjFiLThlNDYtZGQ4YTY4ZGJkM2I2
LzEvXzZ2Q05aWDlnRVI5bVBYc05STVdHOUpIUDhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwd78AwQB
wd9GMA0GCSqGSIb3DQEBCwUAA4IBAQCrGzyPbAVKmQPOMLfp/RGLxdlNat0TV2fa
Q4QCPnVvEAs9SZzSPCRSQc1rVeNfOL0UpFojgFEhvv1fu4izLwj6EI6HFxqshYMw
pnr5EDeW4XCvcDEfcBJBRZMm2TvjOfhVC+MfMmeATvPZXMZ/9Vw0gQnotKqS/sJZ
IIZmi57XYe2ct1TiPTEubz9ai5gbwum6Zh6QT0CdVRsbvGdjAHgC1GiVDek/FnOB
bTtI1dTPJl85qjg1Av0Rg+diLJXOrTcmbp56bn6ggdg6S/MTYkvIGg7QH/H9xOmH
F8rP9oF/60GM3sEcs8H+PMVI1D6F0w4H6J3cL6RkIU2pIX8Slrp2
-----END CERTIFICATE-----