Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a56c12-db7a-4220-9b15-1c2b842d22be/1/_pwX9g3Fm2zKgfTAsD8MSDmCfCY.roa
File:                     _pwX9g3Fm2zKgfTAsD8MSDmCfCY.roa (raw, json)
Hash identifier:          fuIb62wXVg7P9MkUAzfqRacQUf4+3+0NqNp7IeLQK/E=
Subject key identifier:   FE:9C:17:F6:0D:C5:9B:6C:CA:81:F4:C0:B0:3F:0C:48:39:82:7C:26
Certificate issuer:       /CN=29da6411a13264dc6de0f101108540ef741ed19a
Certificate serial:       018CC26D855B3B9AF9C24B787D6CD181EBE7
Authority key identifier: 29:DA:64:11:A1:32:64:DC:6D:E0:F1:01:10:85:40:EF:74:1E:D1:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdpkEaEyZNxt4PEBEIVA73Qe0Zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a56c12-db7a-4220-9b15-1c2b842d22be/1/_pwX9g3Fm2zKgfTAsD8MSDmCfCY.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197233
IP address blocks:        178.212.168.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a56c12-db7a-4220-9b15-1c2b842d22be/1/KdpkEaEyZNxt4PEBEIVA73Qe0Zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a56c12-db7a-4220-9b15-1c2b842d22be/1/KdpkEaEyZNxt4PEBEIVA73Qe0Zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdpkEaEyZNxt4PEBEIVA73Qe0Zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:85:5b:3b:9a:f9:c2:4b:78:7d:6c:d1:81:eb:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29da6411a13264dc6de0f101108540ef741ed19a
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe9c17f60dc59b6cca81f4c0b03f0c4839827c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f8:3b:b2:ed:b9:a4:dd:06:65:7e:35:fe:11:
                    51:02:9f:3e:09:85:87:ca:f8:37:f7:3f:8d:d0:bb:
                    d5:de:8d:b3:a8:39:73:68:f2:7d:3d:d4:52:41:e2:
                    71:8c:bf:3a:7f:de:61:db:cd:37:a5:b6:b9:cb:e6:
                    21:bc:3a:90:aa:9a:7c:a6:8d:e1:9d:c8:fe:04:50:
                    f3:1a:9a:1f:d1:a1:29:47:2f:f7:09:b1:18:8f:08:
                    e3:2c:74:37:d3:d5:61:d7:de:37:c3:03:64:3e:40:
                    e4:42:78:d4:39:ed:08:00:da:f7:05:a5:d1:04:9c:
                    53:19:e0:e3:0d:97:8a:09:f1:d1:a8:7a:a5:96:1a:
                    7a:fe:38:c3:bd:58:ce:04:5f:01:ea:0d:03:60:1e:
                    85:bb:94:34:69:ab:a8:01:9c:c9:81:86:f0:71:cd:
                    9d:81:66:04:58:b1:e8:7c:a0:c0:7b:53:a2:c2:12:
                    63:63:19:b7:62:3c:91:28:67:42:bc:d5:be:43:96:
                    22:53:1e:b5:47:ba:c1:e1:90:e4:2d:8b:0b:81:13:
                    84:7f:19:b5:e6:2c:70:c7:94:63:3c:4c:5f:76:f7:
                    42:11:d1:32:9a:c7:5f:50:65:9e:93:c3:2b:06:16:
                    1c:1a:79:97:92:19:cc:d5:72:1d:31:e5:a2:40:0d:
                    c5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9C:17:F6:0D:C5:9B:6C:CA:81:F4:C0:B0:3F:0C:48:39:82:7C:26
            X509v3 Authority Key Identifier:
                keyid:29:DA:64:11:A1:32:64:DC:6D:E0:F1:01:10:85:40:EF:74:1E:D1:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdpkEaEyZNxt4PEBEIVA73Qe0Zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a56c12-db7a-4220-9b15-1c2b842d22be/1/_pwX9g3Fm2zKgfTAsD8MSDmCfCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a56c12-db7a-4220-9b15-1c2b842d22be/1/KdpkEaEyZNxt4PEBEIVA73Qe0Zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         16:11:e8:80:78:c7:4a:f9:be:c1:d2:65:d7:41:b8:84:88:0a:
         20:d5:04:42:24:18:05:49:bb:ab:20:8a:d7:35:e7:db:9e:ea:
         4b:ce:51:05:26:b4:e6:4b:44:e3:06:a1:57:03:89:c6:50:55:
         59:0e:91:5a:97:3a:ad:0c:e7:ba:e2:16:ac:22:2a:c3:53:03:
         a6:69:80:94:0b:dc:35:97:9e:4e:7e:bf:3a:b0:4c:4e:15:e8:
         bd:83:a7:41:f1:4a:05:de:df:b1:de:f1:aa:0b:9c:93:41:c7:
         ee:ee:27:eb:6b:66:30:75:ea:d4:8f:34:db:de:9f:8c:ca:7f:
         ad:db:8b:dc:f5:4f:28:31:5c:07:e7:e4:d6:93:34:44:ee:4c:
         27:23:8c:d4:b2:6f:fc:1e:e7:de:65:7c:b3:95:c8:9d:95:81:
         b5:52:c4:77:1d:b4:86:9b:96:fc:cd:b5:4a:fc:49:e3:0a:62:
         84:35:4a:2b:f1:cc:4b:13:29:17:f6:87:d4:5e:4e:f9:58:b7:
         f2:ab:ce:f3:1d:8d:21:56:cd:dc:30:8b:9d:38:94:3a:5d:73:
         f5:f0:18:b6:e0:d1:b0:67:1e:db:5c:1e:b2:57:9d:f1:3c:0f:
         f9:9e:e5:30:f6:0b:26:3f:e9:9d:8a:2a:46:84:5e:44:d8:d5:
         ee:93:7f:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbYVbO5r5wkt4fWzRgevnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZGE2NDExYTEzMjY0ZGM2ZGUwZjEwMTEwODU0MGVmNzQx
ZWQxOWEwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTljMTdmNjBkYzU5YjZjY2E4MWY0YzBiMDNmMGM0ODM5ODI3YzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfg7su25pN0GZX41/hFRAp8+CYWH
yvg39z+N0LvV3o2zqDlzaPJ9PdRSQeJxjL86f95h2803pba5y+YhvDqQqpp8po3h
ncj+BFDzGpof0aEpRy/3CbEYjwjjLHQ309Vh1943wwNkPkDkQnjUOe0IANr3BaXR
BJxTGeDjDZeKCfHRqHqllhp6/jjDvVjOBF8B6g0DYB6Fu5Q0aauoAZzJgYbwcc2d
gWYEWLHofKDAe1OiwhJjYxm3YjyRKGdCvNW+Q5YiUx61R7rB4ZDkLYsLgROEfxm1
5ixwx5RjPExfdvdCEdEymsdfUGWek8MrBhYcGnmXkhnM1XIdMeWiQA3FUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6cF/YNxZtsyoH0wLA/DEg5gnwmMB8GA1UdIwQY
MBaAFCnaZBGhMmTcbeDxARCFQO90HtGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2Rwa0VhRXlaTnh0NFBFQkVJVkE3M1FlMFpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hNTZjMTItZGI3YS00MjIwLTliMTUt
MWMyYjg0MmQyMmJlLzEvX3B3WDlnM0ZtMnpLZ2ZUQXNEOE1TRG1DZkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hNTZjMTItZGI3YS00MjIwLTliMTUtMWMyYjg0MmQyMmJl
LzEvS2Rwa0VhRXlaTnh0NFBFQkVJVkE3M1FlMFpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstSoMA0G
CSqGSIb3DQEBCwUAA4IBAQAWEeiAeMdK+b7B0mXXQbiEiAog1QRCJBgFSburIIrX
NefbnupLzlEFJrTmS0TjBqFXA4nGUFVZDpFalzqtDOe64hasIirDUwOmaYCUC9w1
l55Ofr86sExOFei9g6dB8UoF3t+x3vGqC5yTQcfu7ifra2YwderUjzTb3p+Myn+t
24vc9U8oMVwH5+TWkzRE7kwnI4zUsm/8HufeZXyzlcidlYG1UsR3HbSGm5b8zbVK
/EnjCmKENUor8cxLEykX9ofUXk75WLfyq87zHY0hVs3cMIudOJQ6XXP18Bi24NGw
Zx7bXB6yV53xPA/5nuUw9gsmP+mdiipGhF5E2NXuk39W
-----END CERTIFICATE-----