Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/5XRCkC80QuxhWS7D8KqdZeFlCE4.roa
File:                     5XRCkC80QuxhWS7D8KqdZeFlCE4.roa (raw, json)
Hash identifier:          P5RWfpxEdm9qreWz+zwfKLLdVMpXM1+jBLGxJuy2X+A=
Subject key identifier:   E5:74:42:90:2F:34:42:EC:61:59:2E:C3:F0:AA:9D:65:E1:65:08:4E
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018F772C0A1B16F176BB4C0204B64BCD9A90
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/5XRCkC80QuxhWS7D8KqdZeFlCE4.roa
Signing time:             Tue 14 May 2024 12:55:25 +0000
ROA not before:           Tue 14 May 2024 12:55:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        62.72.168.0/24 maxlen: 24
                          176.57.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:2c:0a:1b:16:f1:76:bb:4c:02:04:b6:4b:cd:9a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: May 14 12:55:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e57442902f3442ec61592ec3f0aa9d65e165084e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a4:70:a5:9a:b4:2c:ba:27:f9:b5:74:68:7c:
                    83:7e:65:8e:06:a5:8e:12:be:af:4a:19:61:ed:81:
                    b1:7e:38:5f:b3:41:45:3e:fe:74:a3:1c:75:31:d4:
                    14:fc:08:fc:8d:d8:e0:7a:71:e8:3d:88:ce:f9:db:
                    9e:3d:f7:0b:03:a0:8c:b6:c5:61:c8:9b:02:64:5f:
                    22:6f:22:67:a1:3a:50:85:b7:26:da:49:e2:32:81:
                    32:b3:df:c6:5d:a1:fd:79:40:02:25:70:8d:cf:17:
                    79:cd:7a:d2:61:bf:46:0c:c0:25:04:51:e3:1c:e6:
                    61:1a:ad:4b:16:26:80:2c:28:01:07:48:c4:58:b3:
                    8c:48:a9:1d:3c:dc:6b:c7:b5:be:ff:34:52:95:79:
                    2b:df:f4:cb:af:32:2e:c8:63:a4:e6:8f:2a:d5:6a:
                    bf:65:c1:07:51:47:76:63:2c:33:3e:20:fe:99:38:
                    40:b2:e3:c4:f2:dc:c2:d1:1e:99:b0:b0:86:30:b4:
                    00:be:01:3e:cb:0c:cf:ff:60:4f:d0:02:92:00:93:
                    ec:fe:47:f1:04:2c:58:a5:fb:1d:0c:a3:4d:cd:bc:
                    70:7e:d2:67:04:cf:7e:9a:77:8e:80:f7:27:80:f2:
                    3b:e5:6c:50:df:9f:9a:f5:88:b0:aa:1d:52:87:68:
                    79:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:74:42:90:2F:34:42:EC:61:59:2E:C3:F0:AA:9D:65:E1:65:08:4E
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/5XRCkC80QuxhWS7D8KqdZeFlCE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.168.0/24
                  176.57.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:cc:ed:ad:2f:b0:f6:5f:0f:7f:2b:ec:b2:eb:8c:4c:14:10:
         e7:4d:05:4e:3d:74:4c:39:17:14:52:d5:85:87:23:03:fe:b3:
         a3:d8:12:e9:34:08:07:21:4f:d0:79:da:59:9d:66:75:13:a1:
         bc:e0:f6:a4:5d:bb:47:19:51:8a:65:5e:51:07:12:3a:c3:79:
         0b:07:55:78:23:cb:14:56:da:65:09:0a:f9:73:68:ea:76:72:
         b9:ba:35:d2:da:0b:b4:85:2d:92:9b:08:ad:1c:8f:3d:7c:7f:
         7d:3f:92:dc:e9:fa:9a:ab:be:24:5e:64:90:fb:31:84:28:37:
         05:51:81:4b:36:27:3a:1a:18:be:5f:72:da:5a:12:88:2c:a5:
         58:99:1c:77:d2:3f:07:f8:42:3b:64:a1:30:0a:f5:13:ac:34:
         69:ab:76:16:4a:bf:21:1c:c9:4e:07:21:7f:b3:21:11:39:88:
         87:01:48:c1:bb:42:f0:dd:7c:6f:cf:d5:e2:e7:05:32:63:c7:
         bd:64:8c:93:40:18:cc:3c:e5:dd:81:e8:a2:f8:db:ee:58:bc:
         12:52:13:89:a7:8b:27:48:21:4a:6d:39:25:c7:35:f2:d4:16:
         79:69:22:da:5f:bc:d8:48:b6:4a:5b:07:06:1b:69:f3:03:be:
         c6:1d:f6:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY93LAobFvF2u0wCBLZLzZqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNTE0MTI1NTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTc0NDI5MDJmMzQ0MmVjNjE1OTJlYzNmMGFhOWQ2NWUxNjUwODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKRwpZq0LLon+bV0aHyDfmWOBqWO
Er6vShlh7YGxfjhfs0FFPv50oxx1MdQU/Aj8jdjgenHoPYjO+duePfcLA6CMtsVh
yJsCZF8ibyJnoTpQhbcm2kniMoEys9/GXaH9eUACJXCNzxd5zXrSYb9GDMAlBFHj
HOZhGq1LFiaALCgBB0jEWLOMSKkdPNxrx7W+/zRSlXkr3/TLrzIuyGOk5o8q1Wq/
ZcEHUUd2YywzPiD+mThAsuPE8tzC0R6ZsLCGMLQAvgE+ywzP/2BP0AKSAJPs/kfx
BCxYpfsdDKNNzbxwftJnBM9+mneOgPcngPI75WxQ35+a9Yiwqh1Sh2h5LwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOV0QpAvNELsYVkuw/CqnWXhZQhOMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvNVhSQ2tDODBRdXhoV1M3RDhLcWRaZUZsQ0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkioAwQA
sDk3MA0GCSqGSIb3DQEBCwUAA4IBAQAKzO2tL7D2Xw9/K+yy64xMFBDnTQVOPXRM
ORcUUtWFhyMD/rOj2BLpNAgHIU/QedpZnWZ1E6G84PakXbtHGVGKZV5RBxI6w3kL
B1V4I8sUVtplCQr5c2jqdnK5ujXS2gu0hS2SmwitHI89fH99P5Lc6fqaq74kXmSQ
+zGEKDcFUYFLNic6Ghi+X3LaWhKILKVYmRx30j8H+EI7ZKEwCvUTrDRpq3YWSr8h
HMlOByF/syEROYiHAUjBu0Lw3Xxvz9Xi5wUyY8e9ZIyTQBjMPOXdgeii+NvuWLwS
UhOJp4snSCFKbTklxzXy1BZ5aSLaX7zYSLZKWwcGG2nzA77GHfbg
-----END CERTIFICATE-----