Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/bRw88PIUdQXV_Ofkk4wUr7dp0gw.roa
File:                     bRw88PIUdQXV_Ofkk4wUr7dp0gw.roa (raw, json)
Hash identifier:          0GGFuDes2Gh3q7UNKA333gQHT/bpMB5DNWmdVrJ5kmo=
Subject key identifier:   6D:1C:3C:F0:F2:14:75:05:D5:FC:E7:E4:93:8C:14:AF:B7:69:D2:0C
Certificate issuer:       /CN=50592e68895c7068b4655508917ad5bbddbd0a5f
Certificate serial:       01914697818FF59525BB5804F8AAA47DE84D
Authority key identifier: 50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/bRw88PIUdQXV_Ofkk4wUr7dp0gw.roa
Signing time:             Mon 12 Aug 2024 12:36:59 +0000
ROA not before:           Mon 12 Aug 2024 12:36:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200002
IP address blocks:        185.205.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:97:81:8f:f5:95:25:bb:58:04:f8:aa:a4:7d:e8:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50592e68895c7068b4655508917ad5bbddbd0a5f
        Validity
            Not Before: Aug 12 12:36:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d1c3cf0f2147505d5fce7e4938c14afb769d20c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8f:32:1a:54:f5:bf:3c:72:b5:7b:5c:a7:1e:
                    0a:e1:ad:95:fc:44:25:6d:a4:62:54:22:45:bc:d9:
                    f2:99:82:b1:8a:4a:85:51:77:51:59:fa:c5:8c:c7:
                    89:29:e4:0f:a7:71:d0:22:b7:e5:73:91:5b:cc:29:
                    0b:ac:9d:6d:27:40:26:8e:c2:bb:8d:f6:bb:57:36:
                    5e:ea:9e:74:1e:01:de:05:af:ea:20:20:3c:38:29:
                    e6:58:df:e9:e9:bb:6b:92:b6:de:a5:93:69:d8:f9:
                    b9:1b:cd:bd:57:25:25:c5:99:00:ab:6b:93:e9:f7:
                    7d:8c:9c:b1:29:a0:4b:3c:b7:3a:69:a9:02:d3:cf:
                    cb:6e:8d:e8:29:36:f9:7d:b7:92:15:78:c1:87:ea:
                    79:00:87:5a:18:25:a0:3a:5d:2c:8e:b0:4a:0a:d3:
                    12:e3:c7:7e:d1:7d:f8:97:39:70:04:1e:51:55:0c:
                    1f:4f:48:37:29:6c:da:62:5b:6c:c3:76:9f:d7:a2:
                    74:78:09:d3:84:89:4c:20:24:51:13:6b:2f:e4:94:
                    81:d8:92:60:4c:78:49:b6:07:5a:4c:cb:ec:2f:d6:
                    5d:3d:42:52:68:d7:b1:8e:8f:9c:1e:73:fa:ba:44:
                    5f:71:13:cb:a6:ba:df:62:22:b6:9d:db:5f:ed:b1:
                    5c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:1C:3C:F0:F2:14:75:05:D5:FC:E7:E4:93:8C:14:AF:B7:69:D2:0C
            X509v3 Authority Key Identifier:
                keyid:50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/bRw88PIUdQXV_Ofkk4wUr7dp0gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:76:2d:ae:05:01:50:fe:0f:22:d7:03:77:03:dc:11:21:83:
         e1:3a:c2:a9:cf:12:b1:ea:ec:e1:0e:df:66:95:16:1f:71:2a:
         58:69:3d:06:c2:f7:cf:9d:d7:f0:ff:61:cc:c0:fa:d7:c7:ce:
         88:a9:b0:05:09:b5:78:1d:46:e0:94:3e:34:06:66:89:58:af:
         dc:cd:b5:35:78:4f:6b:18:06:dc:3c:30:a8:1a:c4:e9:8b:59:
         88:31:ec:27:50:77:6e:30:71:9c:c7:cf:0b:90:ff:79:1b:e1:
         0c:f4:7d:d0:00:38:dd:a6:a4:6b:7e:c9:e8:49:88:45:79:78:
         74:b7:6f:0a:f4:ad:cf:09:e2:46:57:4f:e1:66:d3:1b:f3:dc:
         ea:f8:0d:4d:31:49:cb:a5:fe:9c:b1:5f:25:38:5e:cd:6b:0f:
         cd:be:bf:09:2e:15:a9:b5:72:ec:0c:01:f8:2e:21:2c:e2:58:
         4a:e7:69:b7:eb:a4:4b:c8:bb:90:ef:92:98:64:07:bc:11:4b:
         5f:f5:c6:39:ed:97:dc:23:a8:e4:73:84:1b:89:2d:b4:d2:56:
         b1:a6:bb:9f:d7:3c:36:1b:bd:bd:2d:bb:8f:9c:ee:8f:05:22:
         a8:03:a6:77:d6:cb:5f:b8:71:f7:e2:57:95:37:9c:dc:ab:34:
         ff:09:4a:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFGl4GP9ZUlu1gE+KqkfehNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTkyZTY4ODk1YzcwNjhiNDY1NTUwODkxN2FkNWJiZGRi
ZDBhNWYwHhcNMjQwODEyMTIzNjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDFjM2NmMGYyMTQ3NTA1ZDVmY2U3ZTQ5MzhjMTRhZmI3NjlkMjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY8yGlT1vzxytXtcpx4K4a2V/EQl
baRiVCJFvNnymYKxikqFUXdRWfrFjMeJKeQPp3HQIrflc5FbzCkLrJ1tJ0AmjsK7
jfa7VzZe6p50HgHeBa/qICA8OCnmWN/p6btrkrbepZNp2Pm5G829VyUlxZkAq2uT
6fd9jJyxKaBLPLc6aakC08/Lbo3oKTb5fbeSFXjBh+p5AIdaGCWgOl0sjrBKCtMS
48d+0X34lzlwBB5RVQwfT0g3KWzaYltsw3af16J0eAnThIlMICRRE2sv5JSB2JJg
THhJtgdaTMvsL9ZdPUJSaNexjo+cHnP6ukRfcRPLprrfYiK2ndtf7bFcwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0cPPDyFHUF1fzn5JOMFK+3adIMMB8GA1UdIwQY
MBaAFFBZLmiJXHBotGVVCJF61bvdvQpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEt
N2JiZDI4Y2U0YTc1LzEvYlJ3ODhQSVVkUVhWX09ma2s0d1VyN2RwMGd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEtN2JiZDI4Y2U0YTc1
LzEvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc0TMA0G
CSqGSIb3DQEBCwUAA4IBAQCVdi2uBQFQ/g8i1wN3A9wRIYPhOsKpzxKx6uzhDt9m
lRYfcSpYaT0GwvfPndfw/2HMwPrXx86IqbAFCbV4HUbglD40BmaJWK/czbU1eE9r
GAbcPDCoGsTpi1mIMewnUHduMHGcx88LkP95G+EM9H3QADjdpqRrfsnoSYhFeXh0
t28K9K3PCeJGV0/hZtMb89zq+A1NMUnLpf6csV8lOF7Naw/Nvr8JLhWptXLsDAH4
LiEs4lhK52m366RLyLuQ75KYZAe8EUtf9cY57ZfcI6jkc4QbiS200laxpruf1zw2
G729LbuPnO6PBSKoA6Z31stfuHH34leVN5zcqzT/CUp8
-----END CERTIFICATE-----