Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/2WvQosGMiD6t_b4ezeZy7hI87MI.roa
File:                     2WvQosGMiD6t_b4ezeZy7hI87MI.roa (raw, json)
Hash identifier:          TAgaTbKQgBvh9jEj1EIO1HkUy/WFOub8lE71pIQ9CTc=
Subject key identifier:   D9:6B:D0:A2:C1:8C:88:3E:AD:FD:BE:1E:CD:E6:72:EE:12:3C:EC:C2
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       01925B6C79EC4E58FEDE70643B1A93723BFE
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/2WvQosGMiD6t_b4ezeZy7hI87MI.roa
Signing time:             Sat 05 Oct 2024 06:44:48 +0000
ROA not before:           Sat 05 Oct 2024 06:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214174
IP address blocks:        110.172.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5b:6c:79:ec:4e:58:fe:de:70:64:3b:1a:93:72:3b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Oct  5 06:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d96bd0a2c18c883eadfdbe1ecde672ee123cecc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b8:48:4f:ba:2d:a5:f5:4b:10:a3:11:cb:73:
                    3f:fe:c2:cd:40:91:5c:5f:21:e3:62:7d:37:22:f2:
                    69:33:92:34:a0:22:4c:ff:4b:b0:1d:ea:14:87:1f:
                    9f:19:1d:a4:2b:56:d5:04:a7:2d:c3:17:aa:bc:10:
                    85:10:c1:98:ee:4f:68:aa:74:d7:48:77:3c:2c:3b:
                    b8:31:31:19:c2:1d:5c:43:0a:12:2a:f3:76:39:a3:
                    10:39:79:31:02:6f:3b:8d:28:0d:c5:e9:d0:2f:bb:
                    65:ca:4a:eb:b6:8e:0c:7d:ea:d2:47:46:92:64:04:
                    c7:6c:21:28:6f:b4:3a:d5:6a:4c:ae:4c:96:e0:e0:
                    3b:aa:2f:76:e4:3d:5e:78:2c:1b:1f:c5:5a:ed:38:
                    13:9c:e6:ce:b8:5a:e7:01:17:7e:ba:fd:af:36:3b:
                    ba:c2:42:db:0a:4e:43:1a:31:26:c3:0a:a8:b3:9d:
                    f6:0e:f8:7c:58:b7:5a:56:15:f6:31:d4:88:0c:3b:
                    88:7c:09:c5:46:a1:40:98:c0:b0:d7:c1:f7:47:6a:
                    e5:44:bc:ff:5c:50:a0:ec:2d:f1:fe:c1:0b:d5:65:
                    91:05:4f:c0:4c:03:28:92:60:13:76:0c:9b:ab:21:
                    90:d1:dc:e9:7d:fc:98:c6:80:e2:f2:3e:31:7e:db:
                    9c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6B:D0:A2:C1:8C:88:3E:AD:FD:BE:1E:CD:E6:72:EE:12:3C:EC:C2
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/2WvQosGMiD6t_b4ezeZy7hI87MI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.172.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:31:c8:a6:d1:8e:ba:c5:40:34:6a:38:04:c9:ac:c0:16:b7:
         26:a5:d5:fc:3a:43:4e:94:4c:e2:d7:a0:9d:21:6c:e3:62:0a:
         0b:b4:e7:2b:2a:b7:4b:32:e0:4b:fd:ca:4d:7c:54:e4:0d:d7:
         ba:1b:7c:f8:d2:72:2c:11:e6:13:8a:44:54:75:04:c8:c5:98:
         02:1b:07:78:11:9b:7f:97:6f:90:78:74:a9:e0:f2:fa:03:6a:
         1f:6a:5b:3e:4a:20:c8:19:7f:a9:58:bf:ea:20:dc:29:3e:05:
         55:1f:57:26:33:c5:90:5f:fd:a0:fb:f8:fe:6b:42:c2:33:2f:
         dc:b5:21:57:08:06:82:54:0a:3d:cd:58:67:42:00:c0:ce:32:
         3e:9b:fa:9c:64:74:09:78:ff:0d:28:64:7e:60:03:64:d0:86:
         8f:f2:68:ca:6f:ca:88:53:a0:b5:f3:b4:39:eb:ac:70:72:ab:
         16:66:e3:34:37:12:d7:f1:4c:e3:b0:36:e6:03:da:34:49:9a:
         12:ff:c3:e7:7a:50:7c:97:06:5e:a7:45:40:ce:43:a0:af:1b:
         18:8c:f3:f2:ce:3b:1c:71:5d:dc:52:eb:fd:5d:b5:ae:6d:21:
         0e:7d:db:17:bd:05:22:83:82:c3:2f:7c:55:46:c2:bb:59:c1:
         9b:87:b2:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJbbHnsTlj+3nBkOxqTcjv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMDA1MDY0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTZiZDBhMmMxOGM4ODNlYWRmZGJlMWVjZGU2NzJlZTEyM2NlY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbhIT7otpfVLEKMRy3M//sLNQJFc
XyHjYn03IvJpM5I0oCJM/0uwHeoUhx+fGR2kK1bVBKctwxeqvBCFEMGY7k9oqnTX
SHc8LDu4MTEZwh1cQwoSKvN2OaMQOXkxAm87jSgNxenQL7tlykrrto4MferSR0aS
ZATHbCEob7Q61WpMrkyW4OA7qi925D1eeCwbH8Va7TgTnObOuFrnARd+uv2vNju6
wkLbCk5DGjEmwwqos532Dvh8WLdaVhX2MdSIDDuIfAnFRqFAmMCw18H3R2rlRLz/
XFCg7C3x/sEL1WWRBU/ATAMokmATdgybqyGQ0dzpffyYxoDi8j4xftucHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlr0KLBjIg+rf2+Hs3mcu4SPOzCMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvMld2UW9zR01pRDZ0X2I0ZXplWnk3aEk4N01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbqy+MA0G
CSqGSIb3DQEBCwUAA4IBAQAYMcim0Y66xUA0ajgEyazAFrcmpdX8OkNOlEzi16Cd
IWzjYgoLtOcrKrdLMuBL/cpNfFTkDde6G3z40nIsEeYTikRUdQTIxZgCGwd4EZt/
l2+QeHSp4PL6A2ofals+SiDIGX+pWL/qINwpPgVVH1cmM8WQX/2g+/j+a0LCMy/c
tSFXCAaCVAo9zVhnQgDAzjI+m/qcZHQJeP8NKGR+YANk0IaP8mjKb8qIU6C187Q5
66xwcqsWZuM0NxLX8UzjsDbmA9o0SZoS/8PnelB8lwZep0VAzkOgrxsYjPPyzjsc
cV3cUuv9XbWubSEOfdsXvQUig4LDL3xVRsK7WcGbh7Ld
-----END CERTIFICATE-----