Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/_h2skRZM6Yn0I85ZzvlGPKAElSI.roa
File:                     _h2skRZM6Yn0I85ZzvlGPKAElSI.roa (raw, json)
Hash identifier:          QJX5vpZrMiHz15g476VaQ10BmWEfeukhtqr31JBTfbs=
Subject key identifier:   FE:1D:AC:91:16:4C:E9:89:F4:23:CE:59:CE:F9:46:3C:A0:04:95:22
Certificate issuer:       /CN=63082d6d3a1dc501795737537ca74d27a80265a2
Certificate serial:       018CCA2A5E93925C48661B33368814BEF060
Authority key identifier: 63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/_h2skRZM6Yn0I85ZzvlGPKAElSI.roa
Signing time:             Tue 02 Jan 2024 12:33:43 +0000
ROA not before:           Tue 02 Jan 2024 12:33:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202650
IP address blocks:        79.174.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5e:93:92:5c:48:66:1b:33:36:88:14:be:f0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63082d6d3a1dc501795737537ca74d27a80265a2
        Validity
            Not Before: Jan  2 12:33:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe1dac91164ce989f423ce59cef9463ca0049522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2c:76:d2:dc:fe:da:94:bb:82:e3:92:80:cb:
                    48:4e:39:cc:7b:8d:b3:12:4e:d9:db:ae:82:d4:98:
                    1c:2e:0b:a3:71:42:e1:82:97:a1:89:c3:55:43:55:
                    cc:13:41:07:a5:c6:02:ad:08:72:97:3b:38:66:cb:
                    65:51:2b:16:01:f6:05:bc:99:11:a6:7b:d1:b2:1a:
                    ad:e5:23:66:25:8a:df:89:57:09:6c:b5:53:b6:83:
                    10:16:38:dd:2a:c2:c2:a3:f1:b2:bb:ea:2b:45:8f:
                    54:89:27:2c:14:5d:d4:81:4b:e1:ea:41:d1:1e:5d:
                    32:e6:3b:90:5c:64:fd:87:3d:92:b3:93:08:61:91:
                    dd:07:44:87:a2:d2:47:cf:9a:11:7d:ac:4b:b6:e5:
                    f9:66:e1:8e:1a:0f:7f:78:cd:03:c4:e6:25:bf:9b:
                    f0:b8:86:a7:aa:1a:78:16:6f:81:5b:02:82:56:b6:
                    7d:f4:8c:15:4a:47:e7:1d:3d:54:94:80:ee:29:b6:
                    cd:74:c0:7e:02:5c:aa:57:b0:98:90:9a:72:0d:c8:
                    9a:c5:53:d6:c4:1a:fa:99:5e:3b:38:2b:92:aa:77:
                    dd:5a:56:71:a1:80:b6:40:5a:97:1f:3e:e0:66:46:
                    a9:32:5c:7e:60:6c:fc:d1:0b:d8:ed:e0:4a:de:fc:
                    24:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:1D:AC:91:16:4C:E9:89:F4:23:CE:59:CE:F9:46:3C:A0:04:95:22
            X509v3 Authority Key Identifier:
                keyid:63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/_h2skRZM6Yn0I85ZzvlGPKAElSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:d9:b2:8e:c0:32:63:47:cc:f7:87:7c:35:9c:dc:2c:32:a2:
         41:07:b9:f9:f7:dd:ce:42:86:d2:b1:4c:9e:7e:ac:af:7b:08:
         ec:2f:a2:cd:b3:40:ee:46:1e:51:e8:f6:60:0c:22:4a:0a:26:
         fa:17:1a:8c:9c:ae:60:0a:3e:4c:d5:82:9a:f4:8c:b6:08:7f:
         5d:e4:5e:c3:8b:a5:ed:38:ff:11:6e:99:bc:37:1d:4e:22:4a:
         2e:bd:0d:cc:fd:86:df:3d:f8:09:19:b7:86:8c:e2:5e:cc:d5:
         8c:e2:df:00:23:97:eb:5c:1e:d4:a3:78:dc:42:2a:0e:03:1a:
         bc:10:c1:ce:59:a7:ea:bf:89:f9:58:1d:3b:ca:ac:b9:e8:ad:
         6a:68:68:e8:80:aa:52:27:8a:0a:2d:de:8e:9f:8b:e9:62:53:
         e6:11:6b:d8:3d:c8:29:95:ad:c8:4c:f7:35:13:60:4f:1f:ff:
         b9:84:92:12:bf:5b:6a:7c:b5:80:07:a8:d0:b8:d4:55:99:66:
         cf:4f:fb:00:dd:ff:06:b8:0f:47:1b:76:4f:a8:49:9b:79:f7:
         46:22:2c:05:80:0d:46:a1:93:81:d3:f5:0e:76:3a:60:6c:b3:
         0c:bd:67:a7:06:fe:f4:1c:c6:9d:10:61:6a:76:1f:ec:51:3a:
         1c:32:7a:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKl6TklxIZhszNogUvvBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMDgyZDZkM2ExZGM1MDE3OTU3Mzc1MzdjYTc0ZDI3YTgw
MjY1YTIwHhcNMjQwMTAyMTIzMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTFkYWM5MTE2NGNlOTg5ZjQyM2NlNTljZWY5NDYzY2EwMDQ5NTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Sx20tz+2pS7guOSgMtITjnMe42z
Ek7Z266C1JgcLgujcULhgpehicNVQ1XME0EHpcYCrQhylzs4ZstlUSsWAfYFvJkR
pnvRshqt5SNmJYrfiVcJbLVTtoMQFjjdKsLCo/Gyu+orRY9UiScsFF3UgUvh6kHR
Hl0y5juQXGT9hz2Ss5MIYZHdB0SHotJHz5oRfaxLtuX5ZuGOGg9/eM0DxOYlv5vw
uIanqhp4Fm+BWwKCVrZ99IwVSkfnHT1UlIDuKbbNdMB+AlyqV7CYkJpyDciaxVPW
xBr6mV47OCuSqnfdWlZxoYC2QFqXHz7gZkapMlx+YGz80QvY7eBK3vwkMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4drJEWTOmJ9CPOWc75RjygBJUiMB8GA1UdIwQY
MBaAFGMILW06HcUBeVc3U3ynTSeoAmWiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMt
YzE4YWQzNmE3YjMwLzEvX2gyc2tSWk02WW4wSTg1Wnp2bEdQS0FFbFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMtYzE4YWQzNmE3YjMw
LzEvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT66/MA0G
CSqGSIb3DQEBCwUAA4IBAQA22bKOwDJjR8z3h3w1nNwsMqJBB7n5993OQobSsUye
fqyvewjsL6LNs0DuRh5R6PZgDCJKCib6FxqMnK5gCj5M1YKa9Iy2CH9d5F7Di6Xt
OP8Rbpm8Nx1OIkouvQ3M/YbfPfgJGbeGjOJezNWM4t8AI5frXB7Uo3jcQioOAxq8
EMHOWafqv4n5WB07yqy56K1qaGjogKpSJ4oKLd6On4vpYlPmEWvYPcgpla3ITPc1
E2BPH/+5hJISv1tqfLWAB6jQuNRVmWbPT/sA3f8GuA9HG3ZPqEmbefdGIiwFgA1G
oZOB0/UOdjpgbLMMvWenBv70HMadEGFqdh/sUTocMnp/
-----END CERTIFICATE-----