Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/e5312b-8439-4bb4-86d2-69b432799372/1/T9HxlLPWOgd4jgPZGv3kpwdCvH4.roa
File:                     T9HxlLPWOgd4jgPZGv3kpwdCvH4.roa (raw, json)
Hash identifier:          2JG0KdBAt9eczR33OSsLwyGNVfoSC0AwLPhIPTJEapg=
Subject key identifier:   4F:D1:F1:94:B3:D6:3A:07:78:8E:03:D9:1A:FD:E4:A7:07:42:BC:7E
Certificate issuer:       /CN=c2fe993d1f310e8173c17ce9278f1e9f8e22e3c2
Certificate serial:       018CC5009EDD39451D048B04BBCDFF8A498E
Authority key identifier: C2:FE:99:3D:1F:31:0E:81:73:C1:7C:E9:27:8F:1E:9F:8E:22:E3:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wv6ZPR8xDoFzwXzpJ48en44i48I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/e5312b-8439-4bb4-86d2-69b432799372/1/T9HxlLPWOgd4jgPZGv3kpwdCvH4.roa
Signing time:             Mon 01 Jan 2024 12:30:01 +0000
ROA not before:           Mon 01 Jan 2024 12:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        2.59.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/e5312b-8439-4bb4-86d2-69b432799372/1/wv6ZPR8xDoFzwXzpJ48en44i48I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/e5312b-8439-4bb4-86d2-69b432799372/1/wv6ZPR8xDoFzwXzpJ48en44i48I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wv6ZPR8xDoFzwXzpJ48en44i48I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9e:dd:39:45:1d:04:8b:04:bb:cd:ff:8a:49:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2fe993d1f310e8173c17ce9278f1e9f8e22e3c2
        Validity
            Not Before: Jan  1 12:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fd1f194b3d63a07788e03d91afde4a70742bc7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4a:be:c4:a3:aa:20:ae:f6:79:81:82:52:db:
                    e8:3e:2e:bc:3f:7c:5b:2c:40:99:f7:78:ab:d2:ee:
                    cd:90:62:0e:db:2c:46:35:35:ff:11:90:d3:42:ef:
                    e8:95:6e:d4:29:70:7f:e0:30:7e:3d:1f:27:c4:68:
                    1e:9a:e1:94:43:8e:47:a0:98:88:66:83:59:41:3a:
                    b3:f6:9f:81:cf:0d:98:45:59:bb:92:77:c8:00:0d:
                    58:81:c9:20:7f:5e:a3:60:6e:cf:2a:71:ff:c1:a7:
                    c6:4a:82:41:73:ba:16:11:2f:56:ee:b6:bc:ee:46:
                    af:28:6f:fb:cf:d2:e9:14:78:ee:cd:53:17:1b:02:
                    1a:38:0a:5f:04:c1:67:54:25:06:9b:2e:8b:92:a9:
                    9a:77:ff:6d:7f:58:62:e9:88:8f:a8:2b:bd:52:6e:
                    fd:66:95:d5:1c:09:1f:9b:53:88:4d:6a:d3:7f:da:
                    b2:12:df:40:d9:98:36:e4:d7:ab:8e:45:ff:07:79:
                    08:40:17:5a:c1:20:62:43:81:8d:14:f8:31:59:33:
                    68:b0:6a:6d:1c:79:6f:74:b2:e4:da:3f:be:85:96:
                    61:2c:26:eb:27:7f:a3:c0:74:f9:9b:62:26:9a:17:
                    ef:7b:b2:7d:93:e8:93:86:08:2b:42:a2:4d:a5:08:
                    9a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D1:F1:94:B3:D6:3A:07:78:8E:03:D9:1A:FD:E4:A7:07:42:BC:7E
            X509v3 Authority Key Identifier:
                keyid:C2:FE:99:3D:1F:31:0E:81:73:C1:7C:E9:27:8F:1E:9F:8E:22:E3:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wv6ZPR8xDoFzwXzpJ48en44i48I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e5312b-8439-4bb4-86d2-69b432799372/1/T9HxlLPWOgd4jgPZGv3kpwdCvH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e5312b-8439-4bb4-86d2-69b432799372/1/wv6ZPR8xDoFzwXzpJ48en44i48I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:6c:8a:9f:b6:2f:22:97:4b:3b:03:4e:6f:e5:cb:50:82:43:
         2a:5b:5b:55:8f:ab:2e:75:e7:0b:02:a4:60:18:40:d6:0d:87:
         da:54:ab:46:f2:a0:b4:36:ba:4f:c6:9d:94:47:20:ff:d0:44:
         ef:f7:a4:3b:ac:4d:70:ab:88:96:54:35:7f:02:18:62:a2:b8:
         34:45:b3:3f:df:01:3b:b6:d1:63:f8:35:42:91:e8:93:9f:42:
         92:65:69:aa:ce:d2:60:c5:2c:4c:24:e8:f3:f2:4c:de:44:fc:
         d1:57:21:1a:82:30:86:9e:f4:55:5e:e6:d0:e9:21:c5:0e:1e:
         f1:b2:a1:01:75:62:22:d5:4a:dc:40:fa:4e:49:fb:2e:93:c5:
         9d:cd:0a:d6:c8:16:92:30:74:22:4b:89:6f:a5:20:50:8e:b2:
         ea:d3:0f:a3:56:14:54:7a:af:66:9a:3b:cd:07:38:14:4a:c5:
         1a:34:28:d3:b9:aa:f9:4b:f9:d0:b9:28:b7:82:ca:78:b2:14:
         29:20:46:3b:52:92:b2:36:21:6a:aa:64:16:3f:08:01:49:ef:
         b5:75:f9:ec:50:98:13:2b:4f:9a:c8:f4:7a:1f:e2:d9:85:c9:
         5b:ec:ba:6a:c6:db:34:24:e3:56:7b:f7:88:dc:f2:ca:54:26:
         89:72:8e:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJ7dOUUdBIsEu83/ikmOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZmU5OTNkMWYzMTBlODE3M2MxN2NlOTI3OGYxZTlmOGUy
MmUzYzIwHhcNMjQwMTAxMTIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQxZjE5NGIzZDYzYTA3Nzg4ZTAzZDkxYWZkZTRhNzA3NDJiYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0q+xKOqIK72eYGCUtvoPi68P3xb
LECZ93ir0u7NkGIO2yxGNTX/EZDTQu/olW7UKXB/4DB+PR8nxGgemuGUQ45HoJiI
ZoNZQTqz9p+Bzw2YRVm7knfIAA1Ygckgf16jYG7PKnH/wafGSoJBc7oWES9W7ra8
7kavKG/7z9LpFHjuzVMXGwIaOApfBMFnVCUGmy6Lkqmad/9tf1hi6YiPqCu9Um79
ZpXVHAkfm1OITWrTf9qyEt9A2Zg25NerjkX/B3kIQBdawSBiQ4GNFPgxWTNosGpt
HHlvdLLk2j++hZZhLCbrJ3+jwHT5m2Immhfve7J9k+iThggrQqJNpQiaWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/R8ZSz1joHeI4D2Rr95KcHQrx+MB8GA1UdIwQY
MBaAFML+mT0fMQ6Bc8F86SePHp+OIuPCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Y2WlBSOHhEb0Z6d1h6cEo0OGVuNDRpNDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lNTMxMmItODQzOS00YmI0LTg2ZDIt
NjliNDMyNzk5MzcyLzEvVDlIeGxMUFdPZ2Q0amdQWkd2M2twd2RDdkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lNTMxMmItODQzOS00YmI0LTg2ZDItNjliNDMyNzk5Mzcy
LzEvd3Y2WlBSOHhEb0Z6d1h6cEo0OGVuNDRpNDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjtcMA0G
CSqGSIb3DQEBCwUAA4IBAQCSbIqfti8il0s7A05v5ctQgkMqW1tVj6sudecLAqRg
GEDWDYfaVKtG8qC0NrpPxp2URyD/0ETv96Q7rE1wq4iWVDV/Ahhiorg0RbM/3wE7
ttFj+DVCkeiTn0KSZWmqztJgxSxMJOjz8kzeRPzRVyEagjCGnvRVXubQ6SHFDh7x
sqEBdWIi1UrcQPpOSfsuk8WdzQrWyBaSMHQiS4lvpSBQjrLq0w+jVhRUeq9mmjvN
BzgUSsUaNCjTuar5S/nQuSi3gsp4shQpIEY7UpKyNiFqqmQWPwgBSe+1dfnsUJgT
K0+ayPR6H+LZhclb7Lpqxts0JONWe/eI3PLKVCaJco7U
-----END CERTIFICATE-----