Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/2QGVStcvEs_xinxmyh5Wgz2MF48.roa
File:                     2QGVStcvEs_xinxmyh5Wgz2MF48.roa (raw, json)
Hash identifier:          gRXzz5ttXZx9tMp63FnkTiRzNi2kPeeB9meZfe3UjOc=
Subject key identifier:   D9:01:95:4A:D7:2F:12:CF:F1:8A:7C:66:CA:1E:56:83:3D:8C:17:8F
Certificate issuer:       /CN=0f23f73d64f6dbf81d51d35805481568cdd81875
Certificate serial:       018CC26D35D4A9DF071C35C06834A34323BF
Authority key identifier: 0F:23:F7:3D:64:F6:DB:F8:1D:51:D3:58:05:48:15:68:CD:D8:18:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyP3PWT22_gdUdNYBUgVaM3YGHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/2QGVStcvEs_xinxmyh5Wgz2MF48.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48560
IP address blocks:        194.50.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/DyP3PWT22_gdUdNYBUgVaM3YGHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/DyP3PWT22_gdUdNYBUgVaM3YGHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyP3PWT22_gdUdNYBUgVaM3YGHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:35:d4:a9:df:07:1c:35:c0:68:34:a3:43:23:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f23f73d64f6dbf81d51d35805481568cdd81875
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d901954ad72f12cff18a7c66ca1e56833d8c178f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e4:e4:4e:d9:ae:39:31:91:70:8e:6e:16:a2:
                    89:3a:9f:03:9f:d1:25:5d:31:c8:e6:f0:90:5f:00:
                    3b:92:61:da:f8:f3:10:26:4f:27:e0:37:dd:99:8d:
                    35:4a:93:e3:74:39:48:da:fa:1a:78:11:1b:58:7d:
                    b3:73:bd:d5:ec:da:a8:51:a2:d5:da:83:21:65:c2:
                    60:f4:df:a9:81:ed:19:cd:fb:13:97:8e:84:85:17:
                    4d:d3:d9:d2:bc:43:d0:6c:5b:ef:00:12:bd:e8:0a:
                    1a:65:4b:f9:5a:c9:68:a3:fe:02:19:09:0e:0e:4c:
                    70:08:85:64:74:f2:2f:e8:c2:d9:c3:61:d8:76:78:
                    54:c3:7b:7e:a7:6e:4c:1c:69:fa:60:76:a2:dc:06:
                    f2:3a:16:3d:3a:55:de:b0:a1:6f:1d:5e:af:8a:dc:
                    40:f3:57:1a:fe:82:24:c0:36:e9:1d:8f:32:39:b5:
                    bc:9a:38:df:5d:93:0d:fc:51:b8:26:b9:ba:8a:4a:
                    76:0e:fa:01:7c:80:69:ec:dc:c0:b4:36:01:ed:5a:
                    ec:01:24:98:21:d1:ca:56:69:c0:f6:5e:2d:4e:16:
                    0c:21:fd:b8:48:b0:f9:19:a8:28:77:ac:f8:31:56:
                    30:2c:01:e1:3a:f8:cb:16:06:41:74:a3:3b:9b:f2:
                    09:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:01:95:4A:D7:2F:12:CF:F1:8A:7C:66:CA:1E:56:83:3D:8C:17:8F
            X509v3 Authority Key Identifier:
                keyid:0F:23:F7:3D:64:F6:DB:F8:1D:51:D3:58:05:48:15:68:CD:D8:18:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyP3PWT22_gdUdNYBUgVaM3YGHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/2QGVStcvEs_xinxmyh5Wgz2MF48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/DyP3PWT22_gdUdNYBUgVaM3YGHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:3d:77:9f:a3:e2:f2:96:96:4a:1c:60:11:dd:5e:ff:e4:d7:
         12:62:c1:e1:8d:84:fd:f1:42:6d:b3:80:9e:8a:3c:e3:a2:bb:
         5c:61:0e:c7:20:72:ad:a8:b4:8e:03:af:c9:ac:7b:72:ce:0d:
         f5:7d:ef:4f:7f:05:72:98:f6:f5:fa:f7:e7:b5:92:e5:c8:a5:
         59:d4:1d:0f:b4:5e:85:a3:a1:c2:2a:04:44:7f:db:41:07:b7:
         71:54:14:56:cb:cf:8e:23:6c:d2:72:74:0f:3a:da:d0:50:06:
         a5:23:62:00:a2:6a:61:59:46:5c:05:1e:87:c9:65:ee:0d:1f:
         96:22:d6:83:0b:79:bf:b2:2a:10:a3:08:35:d2:35:c3:78:0a:
         a9:17:ca:49:d0:fd:7f:90:0f:71:b5:8b:8d:d5:8a:c8:1c:e2:
         f1:e6:c4:86:51:71:69:51:5a:ef:62:d0:eb:8d:38:85:02:1e:
         05:46:8d:dc:60:05:8b:bf:ac:bf:b8:4d:35:80:e8:8d:f2:49:
         2e:a9:1e:4f:84:e7:ea:d2:94:9d:ef:93:35:82:d1:d4:a6:f0:
         4a:50:49:65:8b:28:24:5a:24:1b:20:38:d7:35:11:be:48:dd:
         65:84:0f:d9:99:ca:b8:11:fa:2c:a0:9c:2f:0b:ac:ed:02:1d:
         97:d8:a1:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTXUqd8HHDXAaDSjQyO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjNmNzNkNjRmNmRiZjgxZDUxZDM1ODA1NDgxNTY4Y2Rk
ODE4NzUwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTAxOTU0YWQ3MmYxMmNmZjE4YTdjNjZjYTFlNTY4MzNkOGMxNzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+TkTtmuOTGRcI5uFqKJOp8Dn9El
XTHI5vCQXwA7kmHa+PMQJk8n4DfdmY01SpPjdDlI2voaeBEbWH2zc73V7NqoUaLV
2oMhZcJg9N+pge0ZzfsTl46EhRdN09nSvEPQbFvvABK96AoaZUv5Wsloo/4CGQkO
DkxwCIVkdPIv6MLZw2HYdnhUw3t+p25MHGn6YHai3AbyOhY9OlXesKFvHV6vitxA
81ca/oIkwDbpHY8yObW8mjjfXZMN/FG4Jrm6ikp2DvoBfIBp7NzAtDYB7VrsASSY
IdHKVmnA9l4tThYMIf24SLD5Gagod6z4MVYwLAHhOvjLFgZBdKM7m/IJXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkBlUrXLxLP8Yp8ZsoeVoM9jBePMB8GA1UdIwQY
MBaAFA8j9z1k9tv4HVHTWAVIFWjN2Bh1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlQM1BXVDIyX2dkVWROWUJVZ1ZhTTNZR0hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8wMzQ3N2MtMTBhNC00NTViLWJlNmIt
YjNhMDk0MzBjNjY1LzEvMlFHVlN0Y3ZFc194aW54bXloNVdnejJNRjQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8wMzQ3N2MtMTBhNC00NTViLWJlNmItYjNhMDk0MzBjNjY1
LzEvRHlQM1BXVDIyX2dkVWROWUJVZ1ZhTTNZR0hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJPMA0G
CSqGSIb3DQEBCwUAA4IBAQA0PXefo+LylpZKHGAR3V7/5NcSYsHhjYT98UJts4Ce
ijzjortcYQ7HIHKtqLSOA6/JrHtyzg31fe9PfwVymPb1+vfntZLlyKVZ1B0PtF6F
o6HCKgREf9tBB7dxVBRWy8+OI2zScnQPOtrQUAalI2IAomphWUZcBR6HyWXuDR+W
ItaDC3m/sioQowg10jXDeAqpF8pJ0P1/kA9xtYuN1YrIHOLx5sSGUXFpUVrvYtDr
jTiFAh4FRo3cYAWLv6y/uE01gOiN8kkuqR5PhOfq0pSd75M1gtHUpvBKUElliygk
WiQbIDjXNRG+SN1lhA/Zmcq4EfosoJwvC6ztAh2X2KEj
-----END CERTIFICATE-----