Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/mbj28Jx9W9INLE-UFpkvLEfBgcs.roa
File:                     mbj28Jx9W9INLE-UFpkvLEfBgcs.roa (raw, json)
Hash identifier:          +OwCe8JKDVl9lE7VOvg2tZ4bINXy29UP4lkgd5iSV/A=
Subject key identifier:   99:B8:F6:F0:9C:7D:5B:D2:0D:2C:4F:94:16:99:2F:2C:47:C1:81:CB
Certificate issuer:       /CN=74d7da63929999603395877448ce50ac6e0213a9
Certificate serial:       018CC801ECEAEEEC88376CF5EB26CCE46338
Authority key identifier: 74:D7:DA:63:92:99:99:60:33:95:87:74:48:CE:50:AC:6E:02:13:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/mbj28Jx9W9INLE-UFpkvLEfBgcs.roa
Signing time:             Tue 02 Jan 2024 02:30:18 +0000
ROA not before:           Tue 02 Jan 2024 02:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        193.16.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ec:ea:ee:ec:88:37:6c:f5:eb:26:cc:e4:63:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74d7da63929999603395877448ce50ac6e0213a9
        Validity
            Not Before: Jan  2 02:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99b8f6f09c7d5bd20d2c4f9416992f2c47c181cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6a:0b:2c:e9:3e:e4:0f:ab:3b:8e:f0:67:e3:
                    69:60:75:8b:ea:ad:bf:03:6c:38:c1:ce:e9:0e:a4:
                    70:93:88:a9:94:2f:ea:26:75:3f:4b:f8:19:47:2f:
                    38:33:6a:3b:1a:2a:ad:4a:ef:e3:95:bc:16:70:35:
                    75:1a:c2:fa:82:e0:71:c7:13:f3:ff:58:02:3d:76:
                    30:0b:90:95:c3:99:71:7d:38:55:ab:03:9a:cd:d1:
                    c4:2d:9f:ce:74:3c:58:a7:59:72:c3:b7:11:f3:b9:
                    c2:48:60:0e:05:a0:4e:bd:bd:ad:65:e7:03:fa:a3:
                    63:5d:cd:76:13:86:4e:7b:22:1d:7d:01:17:1f:db:
                    e1:0f:ac:ec:87:14:b0:7b:ef:f0:81:a6:4e:ee:77:
                    28:dd:ce:85:10:bb:7d:60:23:8d:27:9b:56:b4:50:
                    7c:70:a2:1b:ac:21:18:ae:4a:70:62:7c:7c:92:3c:
                    12:58:78:e0:b9:dc:f3:f0:f1:fa:ee:af:a3:9d:db:
                    ff:a2:9a:40:e3:70:aa:d5:1b:dc:ab:cc:12:79:ae:
                    1f:1b:ca:af:60:2c:c0:e5:fe:a7:78:61:e4:53:10:
                    c4:9d:d2:c0:ad:f6:f9:41:65:8a:52:5e:69:8f:4c:
                    5c:62:8f:06:04:68:30:fc:11:89:f3:15:4a:9c:fb:
                    7a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:B8:F6:F0:9C:7D:5B:D2:0D:2C:4F:94:16:99:2F:2C:47:C1:81:CB
            X509v3 Authority Key Identifier:
                keyid:74:D7:DA:63:92:99:99:60:33:95:87:74:48:CE:50:AC:6E:02:13:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/mbj28Jx9W9INLE-UFpkvLEfBgcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a1:41:35:67:8c:42:9f:c2:99:c5:6e:1a:ed:97:d4:8f:28:
         a7:14:57:32:3f:1a:eb:9f:5f:84:b3:ec:1f:21:ec:05:b9:be:
         47:f6:ed:e3:ca:cb:b6:d0:b3:46:b2:ef:8d:a0:78:cf:1a:0e:
         a8:07:73:8b:33:3d:d9:10:62:94:bc:1c:cb:5a:9d:13:e1:46:
         20:2e:18:40:44:d2:a1:04:89:1d:c3:c4:e4:a0:45:8b:28:fc:
         72:c6:5c:e0:01:0c:17:89:8d:73:88:92:22:7d:46:3b:50:b0:
         45:d5:c9:74:16:9e:44:34:33:aa:3b:70:56:7d:33:e0:70:05:
         60:d2:3e:1e:b7:88:4c:28:82:92:86:f9:8b:27:b4:d7:8e:96:
         d9:4d:26:98:61:4e:35:ac:93:d3:f5:02:59:ef:3e:4f:a0:4c:
         a1:b0:64:61:c7:8d:3c:99:99:80:1c:6f:85:9e:92:ed:2a:3a:
         15:43:2c:0f:60:86:df:f4:16:2b:ad:47:d6:67:a9:3e:73:51:
         55:b7:15:2c:7e:e0:e3:62:d1:53:58:37:82:80:1c:80:40:0f:
         d3:63:e4:2b:06:1f:75:a8:94:b8:c4:91:a5:f8:81:cd:bd:d4:
         4b:ef:cc:9f:fe:35:19:69:39:3a:ee:1e:65:31:99:82:4b:e0:
         9d:0c:8c:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAezq7uyIN2z16ybM5GM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZDdkYTYzOTI5OTk5NjAzMzk1ODc3NDQ4Y2U1MGFjNmUw
MjEzYTkwHhcNMjQwMTAyMDIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWI4ZjZmMDljN2Q1YmQyMGQyYzRmOTQxNjk5MmYyYzQ3YzE4MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGoLLOk+5A+rO47wZ+NpYHWL6q2/
A2w4wc7pDqRwk4iplC/qJnU/S/gZRy84M2o7GiqtSu/jlbwWcDV1GsL6guBxxxPz
/1gCPXYwC5CVw5lxfThVqwOazdHELZ/OdDxYp1lyw7cR87nCSGAOBaBOvb2tZecD
+qNjXc12E4ZOeyIdfQEXH9vhD6zshxSwe+/wgaZO7nco3c6FELt9YCONJ5tWtFB8
cKIbrCEYrkpwYnx8kjwSWHjgudzz8PH67q+jndv/oppA43Cq1Rvcq8wSea4fG8qv
YCzA5f6neGHkUxDEndLArfb5QWWKUl5pj0xcYo8GBGgw/BGJ8xVKnPt6nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJm49vCcfVvSDSxPlBaZLyxHwYHLMB8GA1UdIwQY
MBaAFHTX2mOSmZlgM5WHdEjOUKxuAhOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE5mYVk1S1ptV0F6bFlkMFNNNVFyRzRDRTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wZWI4NTItYWYzNC00Y2I5LTg3MmUt
NGI1ZDVkNWY4Njk5LzEvbWJqMjhKeDlXOUlOTEUtVUZwa3ZMRWZCZ2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wZWI4NTItYWYzNC00Y2I5LTg3MmUtNGI1ZDVkNWY4Njk5
LzEvZE5mYVk1S1ptV0F6bFlkMFNNNVFyRzRDRTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRA/MA0G
CSqGSIb3DQEBCwUAA4IBAQBFoUE1Z4xCn8KZxW4a7ZfUjyinFFcyPxrrn1+Es+wf
IewFub5H9u3jysu20LNGsu+NoHjPGg6oB3OLMz3ZEGKUvBzLWp0T4UYgLhhARNKh
BIkdw8TkoEWLKPxyxlzgAQwXiY1ziJIifUY7ULBF1cl0Fp5ENDOqO3BWfTPgcAVg
0j4et4hMKIKShvmLJ7TXjpbZTSaYYU41rJPT9QJZ7z5PoEyhsGRhx408mZmAHG+F
npLtKjoVQywPYIbf9BYrrUfWZ6k+c1FVtxUsfuDjYtFTWDeCgByAQA/TY+QrBh91
qJS4xJGl+IHNvdRL78yf/jUZaTk67h5lMZmCS+CdDIzQ
-----END CERTIFICATE-----