Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/5XaRqReFVYOaTvnV2R9_MAfI1uY.roa
File:                     5XaRqReFVYOaTvnV2R9_MAfI1uY.roa (raw, json)
Hash identifier:          HRROlwpEY6ttcF3ptBKvpVcl+0SS+UPpWg0GG8CVrgQ=
Subject key identifier:   E5:76:91:A9:17:85:55:83:9A:4E:F9:D5:D9:1F:7F:30:07:C8:D6:E6
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018F1FE9302374F8D722ED80DA89597E729F
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/5XaRqReFVYOaTvnV2R9_MAfI1uY.roa
Signing time:             Sat 27 Apr 2024 14:15:26 +0000
ROA not before:           Sat 27 Apr 2024 14:15:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44149
IP address blocks:        92.246.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1f:e9:30:23:74:f8:d7:22:ed:80:da:89:59:7e:72:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Apr 27 14:15:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e57691a9178555839a4ef9d5d91f7f3007c8d6e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f4:3a:0b:fb:79:7b:0c:a2:ae:12:e5:25:d9:
                    14:7c:fa:1a:07:18:75:5f:98:0b:18:04:33:00:8c:
                    0f:1e:da:f6:02:99:c0:de:2e:c3:b1:1c:a4:74:ab:
                    ff:06:78:1e:56:7d:89:37:e6:08:af:2b:bf:ac:f7:
                    2b:c0:ab:be:4f:80:2a:61:bf:45:52:ff:51:4c:12:
                    56:c4:01:48:fe:21:b2:64:68:c0:0e:c1:b6:ca:6e:
                    f4:39:99:da:f1:e9:9f:4b:e0:98:fa:c1:af:2b:06:
                    2d:f9:0a:a0:d5:51:58:35:4b:be:1d:98:6d:be:f2:
                    c8:97:d3:f9:23:8f:2b:36:7b:5e:12:51:c8:6f:63:
                    fa:08:cc:c4:12:e6:b3:ee:50:b7:60:e6:9c:6a:a6:
                    23:8b:89:0f:65:8d:c7:d1:e4:e8:a0:79:b8:90:e2:
                    4f:ab:98:cf:eb:8b:df:88:25:7e:a6:d8:d8:2d:44:
                    fb:bf:12:79:43:1d:27:26:a0:5b:36:7f:3d:ef:91:
                    de:13:2d:82:48:04:d0:a5:f0:4f:0f:a6:e2:dc:e1:
                    21:46:5b:3e:38:c3:4d:fb:04:ca:7f:c8:60:d4:8c:
                    6b:9c:eb:e2:60:c8:0e:3b:e1:0b:8d:79:88:fb:2c:
                    c1:e4:8a:4d:94:3a:55:49:a9:cd:08:56:fc:e6:51:
                    52:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:76:91:A9:17:85:55:83:9A:4E:F9:D5:D9:1F:7F:30:07:C8:D6:E6
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/5XaRqReFVYOaTvnV2R9_MAfI1uY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.246.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:59:28:18:92:ad:f3:cc:da:84:dd:e6:4c:fa:9c:58:dc:57:
         3a:52:fe:8c:00:36:51:38:29:3e:e2:fa:e6:e6:e2:5f:ad:7d:
         1e:34:a2:5e:e4:15:bc:fd:70:e7:e3:33:7e:dc:28:e0:8c:ff:
         f6:c6:65:24:9b:0a:05:7d:09:30:dc:fa:d2:f1:33:76:c9:19:
         ee:fd:5d:cd:a5:49:a7:40:67:ca:f2:38:d6:7e:58:e2:a3:2d:
         fa:82:21:be:c9:22:7b:0f:4a:c1:2f:b4:27:db:51:b1:0b:b3:
         2c:a4:cd:9e:96:1d:5e:8f:ec:31:a8:8d:31:a7:19:49:1a:05:
         ef:18:1c:1e:8d:ea:b0:ef:6e:1b:b9:18:27:1c:0c:82:39:ce:
         d3:0f:e3:75:ca:9c:e4:89:a5:d6:30:18:8d:7e:bd:3b:88:52:
         bb:95:33:54:a9:72:3f:4f:18:2a:af:e7:53:2f:38:47:df:e8:
         16:b5:81:d4:1e:18:04:c2:a1:86:11:cf:ee:f5:24:3b:63:6f:
         bd:91:1f:46:d4:2a:1b:56:48:6b:c7:43:7b:ab:42:21:04:83:
         a9:a8:40:a4:a8:bb:d9:2b:0c:af:68:4d:97:5f:bf:52:04:af:
         97:26:d8:9a:69:1a:08:77:65:fb:e5:d6:06:e4:36:8a:8c:2a:
         ce:b1:ff:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8f6TAjdPjXIu2A2olZfnKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNDI3MTQxNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTc2OTFhOTE3ODU1NTgzOWE0ZWY5ZDVkOTFmN2YzMDA3YzhkNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PQ6C/t5ewyirhLlJdkUfPoaBxh1
X5gLGAQzAIwPHtr2ApnA3i7DsRykdKv/BngeVn2JN+YIryu/rPcrwKu+T4AqYb9F
Uv9RTBJWxAFI/iGyZGjADsG2ym70OZna8emfS+CY+sGvKwYt+Qqg1VFYNUu+HZht
vvLIl9P5I48rNnteElHIb2P6CMzEEuaz7lC3YOacaqYji4kPZY3H0eTooHm4kOJP
q5jP64vfiCV+ptjYLUT7vxJ5Qx0nJqBbNn8975HeEy2CSATQpfBPD6bi3OEhRls+
OMNN+wTKf8hg1IxrnOviYMgOO+ELjXmI+yzB5IpNlDpVSanNCFb85lFSsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOV2kakXhVWDmk751dkffzAHyNbmMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvNVhhUnFSZUZWWU9hVHZuVjJSOV9NQWZJMXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPZOMA0G
CSqGSIb3DQEBCwUAA4IBAQAVWSgYkq3zzNqE3eZM+pxY3Fc6Uv6MADZROCk+4vrm
5uJfrX0eNKJe5BW8/XDn4zN+3CjgjP/2xmUkmwoFfQkw3PrS8TN2yRnu/V3NpUmn
QGfK8jjWfljioy36giG+ySJ7D0rBL7Qn21GxC7MspM2elh1ej+wxqI0xpxlJGgXv
GBwejeqw724buRgnHAyCOc7TD+N1ypzkiaXWMBiNfr07iFK7lTNUqXI/Txgqr+dT
LzhH3+gWtYHUHhgEwqGGEc/u9SQ7Y2+9kR9G1CobVkhrx0N7q0IhBIOpqECkqLvZ
KwyvaE2XX79SBK+XJtiaaRoId2X75dYG5DaKjCrOsf/q
-----END CERTIFICATE-----