Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2-KqaYq7ekDSmiL_BOcwgaWzrcI.roa
File:                     2-KqaYq7ekDSmiL_BOcwgaWzrcI.roa (raw, json)
Hash identifier:          xFf4BJhIDYV1F/Af1GwHvh079DCZCLB+1Yk8HM7S6pQ=
Subject key identifier:   DB:E2:AA:69:8A:BB:7A:40:D2:9A:22:FF:04:E7:30:81:A5:B3:AD:C2
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC803052ABBE8800D54D95A543E496231
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2-KqaYq7ekDSmiL_BOcwgaWzrcI.roa
Signing time:             Tue 02 Jan 2024 02:31:30 +0000
ROA not before:           Tue 02 Jan 2024 02:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208610
IP address blocks:        192.36.247.0/24 maxlen: 24
                          193.234.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:05:2a:bb:e8:80:0d:54:d9:5a:54:3e:49:62:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbe2aa698abb7a40d29a22ff04e73081a5b3adc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:27:9d:71:a0:2c:71:e4:29:d4:47:4c:d1:f3:
                    fa:a2:20:68:c6:0d:e3:2b:ab:a0:fb:83:a4:70:62:
                    17:fb:fd:8a:66:24:f6:3d:b9:3d:02:18:60:2f:87:
                    ff:5c:63:a6:c0:49:80:88:20:8a:eb:b3:88:be:2b:
                    da:a6:22:02:04:11:e3:77:89:50:30:89:cb:bc:90:
                    a6:ae:2b:58:c0:1f:73:d4:db:e0:0a:85:ce:ff:55:
                    65:72:3e:26:38:8a:74:9d:34:4c:f6:3a:34:25:a6:
                    42:29:27:0c:e1:3f:eb:13:a5:7a:be:09:9c:fc:66:
                    41:d1:c2:f6:ae:07:a8:f2:94:2c:f4:ea:43:64:a2:
                    9a:74:da:3a:2a:7f:3e:18:be:4b:e0:4f:42:80:bb:
                    ce:5d:8b:af:a1:54:93:74:a2:a0:85:d3:58:27:a1:
                    b6:a7:cc:b4:fe:82:1c:30:3b:fc:fa:e0:99:49:13:
                    38:9e:89:68:aa:32:ba:20:96:6c:ef:73:d9:f2:e2:
                    d6:35:c3:a2:2e:f7:b8:8c:42:8f:34:96:a8:f1:9d:
                    4a:bf:3e:7c:1f:3a:6a:d6:b8:e4:01:76:c9:6f:d5:
                    8b:28:88:6a:99:16:3d:2f:72:8b:25:76:a8:c3:b7:
                    60:27:73:1d:06:c9:ba:0c:4b:15:a4:c4:6f:bb:cf:
                    dd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E2:AA:69:8A:BB:7A:40:D2:9A:22:FF:04:E7:30:81:A5:B3:AD:C2
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2-KqaYq7ekDSmiL_BOcwgaWzrcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.247.0/24
                  193.234.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:00:3c:35:e6:51:55:b1:1e:e9:88:76:08:91:e8:bc:a2:99:
         51:f3:bc:8b:e2:0a:d7:e2:18:8a:9a:c2:d2:18:10:d2:a6:71:
         6f:c6:30:b9:c5:13:c7:f9:4e:22:69:4f:14:20:f3:d1:e8:c0:
         97:14:33:fd:30:86:de:6b:30:93:48:dd:96:a2:fb:5d:66:ef:
         b0:0f:78:b4:8e:8d:5b:b8:73:28:ef:f5:51:db:75:43:73:5e:
         2f:dc:a2:50:8f:73:69:21:61:2a:57:6f:22:14:03:54:ad:68:
         04:3a:bc:91:67:38:03:0c:a6:71:e9:38:52:89:d0:c3:86:65:
         cd:74:9c:07:1b:c7:1f:74:73:ab:da:78:99:43:03:db:65:ae:
         e2:ad:a3:d1:54:e8:5e:e5:04:d7:d0:37:16:3e:01:87:e5:11:
         82:c4:86:9a:f2:54:da:32:3c:8b:85:07:71:6a:a2:d3:94:62:
         82:1a:83:0c:a7:04:09:f2:c2:3c:32:f3:bd:11:d4:f9:15:49:
         d7:2b:5d:32:cc:13:08:af:45:f7:ca:4a:af:63:01:ba:36:71:
         c6:48:dd:d5:04:89:2a:d9:d2:e4:97:ba:43:99:bc:58:4d:c2:
         02:9f:d0:a0:42:e8:36:4a:33:0a:a7:49:f1:d3:90:14:8c:d3:
         5c:c1:76:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAwUqu+iADVTZWlQ+SWIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUyYWE2OThhYmI3YTQwZDI5YTIyZmYwNGU3MzA4MWE1YjNhZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiedcaAsceQp1EdM0fP6oiBoxg3j
K6ug+4OkcGIX+/2KZiT2Pbk9AhhgL4f/XGOmwEmAiCCK67OIvivapiICBBHjd4lQ
MInLvJCmritYwB9z1NvgCoXO/1Vlcj4mOIp0nTRM9jo0JaZCKScM4T/rE6V6vgmc
/GZB0cL2rgeo8pQs9OpDZKKadNo6Kn8+GL5L4E9CgLvOXYuvoVSTdKKghdNYJ6G2
p8y0/oIcMDv8+uCZSRM4noloqjK6IJZs73PZ8uLWNcOiLve4jEKPNJao8Z1Kvz58
Hzpq1rjkAXbJb9WLKIhqmRY9L3KLJXaow7dgJ3MdBsm6DEsVpMRvu8/dGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNviqmmKu3pA0poi/wTnMIGls63CMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMi1LcWFZcTdla0RTbWlMX0JPY3dnYVd6cmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwCT3AwQC
wep4MA0GCSqGSIb3DQEBCwUAA4IBAQCmADw15lFVsR7piHYIkei8oplR87yL4grX
4hiKmsLSGBDSpnFvxjC5xRPH+U4iaU8UIPPR6MCXFDP9MIbeazCTSN2WovtdZu+w
D3i0jo1buHMo7/VR23VDc14v3KJQj3NpIWEqV28iFANUrWgEOryRZzgDDKZx6ThS
idDDhmXNdJwHG8cfdHOr2niZQwPbZa7iraPRVOhe5QTX0DcWPgGH5RGCxIaa8lTa
MjyLhQdxaqLTlGKCGoMMpwQJ8sI8MvO9EdT5FUnXK10yzBMIr0X3ykqvYwG6NnHG
SN3VBIkq2dLkl7pDmbxYTcICn9CgQug2SjMKp0nx05AUjNNcwXY5
-----END CERTIFICATE-----