Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/9Vsa130gB9VDFFBPwCbrG5ic-C0.roa
File:                     9Vsa130gB9VDFFBPwCbrG5ic-C0.roa (raw, json)
Hash identifier:          5wEFM0wd13S9FJLK3TQuKN4SYJhAsn/hh7CQtIYV90g=
Subject key identifier:   F5:5B:1A:D7:7D:20:07:D5:43:14:50:4F:C0:26:EB:1B:98:9C:F8:2D
Certificate issuer:       /CN=dbc7840920d1c709ff299aed3682c23fb432767d
Certificate serial:       018CC5013D76AF2FB45FCFFB7BEE3CCF4A69
Authority key identifier: DB:C7:84:09:20:D1:C7:09:FF:29:9A:ED:36:82:C2:3F:B4:32:76:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28eECSDRxwn_KZrtNoLCP7Qydn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/9Vsa130gB9VDFFBPwCbrG5ic-C0.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43350
IP address blocks:        141.98.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28eECSDRxwn_KZrtNoLCP7Qydn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3d:76:af:2f:b4:5f:cf:fb:7b:ee:3c:cf:4a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbc7840920d1c709ff299aed3682c23fb432767d
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f55b1ad77d2007d54314504fc026eb1b989cf82d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ca:66:cb:1c:42:e4:f1:86:4f:14:6c:ff:cd:
                    b8:0e:12:71:67:56:7d:1c:ac:d5:ae:dc:95:a6:18:
                    5a:eb:2d:e4:79:41:ea:97:8d:d3:b4:31:2c:03:da:
                    aa:dd:3c:51:91:c2:dc:03:6e:0e:a6:98:ab:63:2c:
                    23:44:89:67:4f:91:eb:3f:68:f1:f9:6f:13:e4:74:
                    20:81:35:22:d8:cc:b6:79:c3:4a:11:65:6e:e1:39:
                    94:e2:14:52:6c:f5:26:b8:82:5f:47:08:23:22:a8:
                    df:54:ba:17:7a:bc:62:ce:d6:74:19:96:19:4c:31:
                    73:0f:7e:d6:09:8b:da:92:9e:a2:32:0b:e8:70:92:
                    35:c2:ca:ab:6a:5c:58:b1:59:d9:c8:4a:2a:75:f4:
                    d6:67:05:71:13:50:74:0c:22:9a:7d:36:e5:88:af:
                    fa:ce:ef:85:c9:2d:38:0e:a0:7a:a8:99:cc:08:dc:
                    94:2b:14:5b:69:b1:09:30:c5:b4:bd:ad:f2:48:2e:
                    4f:fb:0a:4d:6c:c7:fa:71:5e:21:13:06:eb:20:b2:
                    b5:1c:24:51:02:15:7c:72:62:2b:d1:bb:d6:b8:be:
                    65:14:98:ba:7f:22:39:f4:79:fa:ef:04:8a:d3:e5:
                    c4:46:66:9f:e6:f1:82:b8:b6:7c:63:ba:c6:ae:6e:
                    da:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:5B:1A:D7:7D:20:07:D5:43:14:50:4F:C0:26:EB:1B:98:9C:F8:2D
            X509v3 Authority Key Identifier:
                keyid:DB:C7:84:09:20:D1:C7:09:FF:29:9A:ED:36:82:C2:3F:B4:32:76:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28eECSDRxwn_KZrtNoLCP7Qydn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/9Vsa130gB9VDFFBPwCbrG5ic-C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:da:60:4a:6d:80:2c:4c:c7:d2:50:00:6e:fa:d4:01:f6:0d:
         73:fd:90:b3:25:cb:be:e9:55:7f:c4:b9:a0:ab:92:6a:58:b4:
         3f:ee:32:ba:86:7e:35:2f:50:8a:e7:1b:95:14:6d:8b:a9:56:
         34:38:60:d0:98:4b:cf:18:ef:29:e3:9c:c5:bb:8e:19:0c:4a:
         69:e1:97:d7:95:77:64:16:e3:6e:88:e9:3d:52:a3:06:ca:c9:
         e1:7e:24:64:14:3e:67:79:12:16:ab:b3:e7:1d:80:d9:bd:ab:
         79:27:6e:6b:4e:c5:d6:93:9b:cf:f4:25:b6:7f:76:65:67:33:
         8d:8b:6c:9d:2d:38:2d:de:8d:33:8e:e5:ae:5c:ac:be:7f:76:
         06:07:25:00:7d:9f:4a:ac:a0:19:aa:20:fc:5f:4e:ef:47:63:
         91:4e:8c:46:59:0c:23:03:38:17:dd:74:0d:3b:b3:5e:b7:07:
         40:80:f5:ef:f7:10:a8:ef:a6:e8:c4:d4:76:71:be:00:8a:6d:
         4c:a7:48:72:5c:d9:0d:4a:45:c4:8f:e4:13:ee:1c:99:05:b5:
         d2:d9:e7:8e:9a:2f:47:65:7b:43:de:16:fa:56:0e:92:38:d8:
         f1:6e:cf:67:9e:68:5b:f5:b7:9b:8b:26:4e:05:d4:31:ab:b4:
         60:63:b5:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAT12ry+0X8/7e+48z0ppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzc4NDA5MjBkMWM3MDlmZjI5OWFlZDM2ODJjMjNmYjQz
Mjc2N2QwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTViMWFkNzdkMjAwN2Q1NDMxNDUwNGZjMDI2ZWIxYjk4OWNmODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMpmyxxC5PGGTxRs/824DhJxZ1Z9
HKzVrtyVphha6y3keUHql43TtDEsA9qq3TxRkcLcA24OppirYywjRIlnT5HrP2jx
+W8T5HQggTUi2My2ecNKEWVu4TmU4hRSbPUmuIJfRwgjIqjfVLoXerxiztZ0GZYZ
TDFzD37WCYvakp6iMgvocJI1wsqralxYsVnZyEoqdfTWZwVxE1B0DCKafTbliK/6
zu+FyS04DqB6qJnMCNyUKxRbabEJMMW0va3ySC5P+wpNbMf6cV4hEwbrILK1HCRR
AhV8cmIr0bvWuL5lFJi6fyI59Hn67wSK0+XERmaf5vGCuLZ8Y7rGrm7a5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVbGtd9IAfVQxRQT8Am6xuYnPgtMB8GA1UdIwQY
MBaAFNvHhAkg0ccJ/yma7TaCwj+0MnZ9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhlRUNTRFJ4d25fS1pydE5vTENQN1F5ZG4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85NTIxZTEtNzYxMC00ZDQzLTg2ODMt
NTFiZTJmOTYwOGJjLzEvOVZzYTEzMGdCOVZERkZCUHdDYnJHNWljLUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85NTIxZTEtNzYxMC00ZDQzLTg2ODMtNTFiZTJmOTYwOGJj
LzEvMjhlRUNTRFJ4d25fS1pydE5vTENQN1F5ZG4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWJQMA0G
CSqGSIb3DQEBCwUAA4IBAQAI2mBKbYAsTMfSUABu+tQB9g1z/ZCzJcu+6VV/xLmg
q5JqWLQ/7jK6hn41L1CK5xuVFG2LqVY0OGDQmEvPGO8p45zFu44ZDEpp4ZfXlXdk
FuNuiOk9UqMGysnhfiRkFD5neRIWq7PnHYDZvat5J25rTsXWk5vP9CW2f3ZlZzON
i2ydLTgt3o0zjuWuXKy+f3YGByUAfZ9KrKAZqiD8X07vR2ORToxGWQwjAzgX3XQN
O7NetwdAgPXv9xCo76boxNR2cb4Aim1Mp0hyXNkNSkXEj+QT7hyZBbXS2eeOmi9H
ZXtD3hb6Vg6SONjxbs9nnmhb9bebiyZOBdQxq7RgY7Wu
-----END CERTIFICATE-----