Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Xmce5oy2kqRM5FvxXtrbrk3C0pM.roa
File:                     Xmce5oy2kqRM5FvxXtrbrk3C0pM.roa (raw, json)
Hash identifier:          5sRQmoQSO7NvCGEkQeF1Pcz4E5lKYxBuVHoolG0Pn+o=
Subject key identifier:   5E:67:1E:E6:8C:B6:92:A4:4C:E4:5B:F1:5E:DA:DB:AE:4D:C2:D2:93
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       01902AF2D0E45FF90FC2072640CD50EE7DA6
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Xmce5oy2kqRM5FvxXtrbrk3C0pM.roa
Signing time:             Tue 18 Jun 2024 10:44:34 +0000
ROA not before:           Tue 18 Jun 2024 10:44:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197812
IP address blocks:        5.226.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:f2:d0:e4:5f:f9:0f:c2:07:26:40:cd:50:ee:7d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jun 18 10:44:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e671ee68cb692a44ce45bf15edadbae4dc2d293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:56:fa:a7:5d:24:ef:f3:a3:90:0c:03:70:fd:
                    14:0b:6c:74:28:f5:b7:f6:4e:71:2e:3f:7b:a8:3f:
                    30:16:a9:0d:66:a0:7a:16:98:1d:e2:1f:4a:bc:10:
                    e6:a5:ab:38:94:67:b3:04:2a:dd:00:58:cc:cf:36:
                    4c:8f:a8:2a:69:04:c3:ed:f5:f2:eb:4c:e9:1a:ee:
                    b1:ce:c8:14:6a:3f:b3:4d:b0:50:38:55:a3:e0:2c:
                    93:c9:97:cd:74:30:46:8d:a4:c5:be:16:19:55:6c:
                    7c:14:8d:ce:81:0c:ef:ef:d7:9d:15:de:c7:af:54:
                    af:5a:99:91:ce:cb:83:7e:cb:77:cd:36:6a:c7:fd:
                    56:ba:3f:fa:c0:7b:0b:d1:61:91:24:21:bf:df:ff:
                    a6:40:30:4a:85:63:90:4b:53:91:a7:99:8b:a8:38:
                    a2:e0:d1:09:a7:2b:69:67:64:38:cd:0b:df:fc:ab:
                    69:68:f8:a7:fc:d8:c0:69:95:55:2f:1b:7f:8c:ad:
                    e2:2f:bd:3e:af:2c:c2:c2:e3:e3:ef:e5:27:a5:59:
                    80:d4:26:fe:08:3e:69:9f:e9:01:c6:f7:c8:28:43:
                    31:c8:44:1e:e0:84:fe:e6:cd:b9:98:8d:64:91:4c:
                    69:9a:48:db:ed:b9:aa:5f:ed:8a:b3:a7:79:27:8e:
                    0d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:67:1E:E6:8C:B6:92:A4:4C:E4:5B:F1:5E:DA:DB:AE:4D:C2:D2:93
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Xmce5oy2kqRM5FvxXtrbrk3C0pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:28:63:29:c4:35:f7:c7:43:48:d3:59:3d:c1:d6:95:4e:4f:
         88:01:49:44:78:6f:cd:ed:35:36:f8:18:f3:10:b0:93:b9:25:
         4a:d1:ec:d7:56:c0:d2:18:04:0a:02:2f:aa:0b:65:e3:9c:f4:
         b1:be:b4:ae:99:16:e8:56:fc:ec:33:77:d4:f8:b2:a7:83:c1:
         60:60:86:6c:cb:e2:e3:8b:bb:79:1d:c1:89:49:78:cc:4e:95:
         5f:3c:d4:88:b7:f6:2c:49:b7:d1:7c:38:3e:d0:89:50:df:f6:
         46:53:b5:83:ce:1f:9c:b1:25:a2:3a:e0:5a:da:c4:3e:82:9e:
         54:6a:5c:b7:95:2d:2a:71:c3:a1:e6:40:94:2c:06:e0:06:c9:
         e6:1f:50:2a:cf:44:e8:62:2c:cb:30:7d:fd:d5:95:9d:ce:79:
         de:94:ae:4c:1b:f8:e4:f0:04:bc:31:de:1c:e7:f0:0a:59:74:
         ec:d5:91:3e:77:46:48:63:73:1b:94:0f:cd:b8:cd:fb:95:e5:
         b5:82:05:fb:3c:be:87:9c:66:b5:49:8e:de:41:6e:a9:77:90:
         5a:f0:7a:e6:38:26:04:d9:0f:53:f3:96:11:9f:ee:a1:eb:f0:
         64:5d:95:69:47:cb:5e:b6:fb:76:dd:7d:2c:3c:c8:32:7a:7f:
         f2:8e:9d:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAq8tDkX/kPwgcmQM1Q7n2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwNjE4MTA0NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY3MWVlNjhjYjY5MmE0NGNlNDViZjE1ZWRhZGJhZTRkYzJkMjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Fb6p10k7/OjkAwDcP0UC2x0KPW3
9k5xLj97qD8wFqkNZqB6Fpgd4h9KvBDmpas4lGezBCrdAFjMzzZMj6gqaQTD7fXy
60zpGu6xzsgUaj+zTbBQOFWj4CyTyZfNdDBGjaTFvhYZVWx8FI3OgQzv79edFd7H
r1SvWpmRzsuDfst3zTZqx/1Wuj/6wHsL0WGRJCG/3/+mQDBKhWOQS1ORp5mLqDii
4NEJpytpZ2Q4zQvf/KtpaPin/NjAaZVVLxt/jK3iL70+ryzCwuPj7+UnpVmA1Cb+
CD5pn+kBxvfIKEMxyEQe4IT+5s25mI1kkUxpmkjb7bmqX+2Ks6d5J44NAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5nHuaMtpKkTORb8V7a265NwtKTMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvWG1jZTVveTJrcVJNNUZ2eFh0cmJyazNDMHBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABeKFMA0G
CSqGSIb3DQEBCwUAA4IBAQAAKGMpxDX3x0NI01k9wdaVTk+IAUlEeG/N7TU2+Bjz
ELCTuSVK0ezXVsDSGAQKAi+qC2XjnPSxvrSumRboVvzsM3fU+LKng8FgYIZsy+Lj
i7t5HcGJSXjMTpVfPNSIt/YsSbfRfDg+0IlQ3/ZGU7WDzh+csSWiOuBa2sQ+gp5U
aly3lS0qccOh5kCULAbgBsnmH1Aqz0ToYizLMH391ZWdznnelK5MG/jk8AS8Md4c
5/AKWXTs1ZE+d0ZIY3MblA/NuM37leW1ggX7PL6HnGa1SY7eQW6pd5Ba8HrmOCYE
2Q9T85YRn+6h6/BkXZVpR8tetvt23X0sPMgyen/yjp30
-----END CERTIFICATE-----