Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/xZhQ3T_ONX3JfJVU-H1ZE-rFwvs.roa
File:                     xZhQ3T_ONX3JfJVU-H1ZE-rFwvs.roa (raw, json)
Hash identifier:          c2pcQwHEssresb/duFnJbTp3AI1aX4wYF4MCdVK+Gqw=
Subject key identifier:   C5:98:50:DD:3F:CE:35:7D:C9:7C:95:54:F8:7D:59:13:EA:C5:C2:FB
Certificate issuer:       /CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
Certificate serial:       018CC3B6E0E7CE55D0EC97914A587E8BCBEE
Authority key identifier: AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/xZhQ3T_ONX3JfJVU-H1ZE-rFwvs.roa
Signing time:             Mon 01 Jan 2024 06:29:51 +0000
ROA not before:           Mon 01 Jan 2024 06:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49243
IP address blocks:        86.57.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e0:e7:ce:55:d0:ec:97:91:4a:58:7e:8b:cb:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
        Validity
            Not Before: Jan  1 06:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c59850dd3fce357dc97c9554f87d5913eac5c2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5b:5e:0a:42:34:69:1d:e4:91:78:90:5f:18:
                    34:39:73:b2:c1:d3:d0:90:01:3c:75:65:28:88:44:
                    8a:80:97:c8:2a:26:03:44:db:23:6b:97:6e:35:58:
                    35:ef:4b:5e:be:e5:e4:a1:e1:5c:9b:54:b8:41:89:
                    04:6c:8c:37:c5:42:36:1e:8a:9b:24:3e:d1:09:34:
                    9d:7b:2d:1b:84:0a:d2:1c:db:a5:40:79:8c:ec:d4:
                    5c:e4:df:c8:ec:8e:a4:a1:a2:5f:dd:17:95:c3:f0:
                    0b:f4:63:6f:2a:ae:6d:59:4a:47:e2:3a:d6:ac:d7:
                    41:7c:ab:ec:c8:63:fb:cd:61:89:7f:8c:fb:0c:1a:
                    5f:f6:0b:83:8b:e7:81:44:82:65:31:97:39:22:1f:
                    a6:89:cd:b4:5d:22:eb:d6:6e:54:43:ce:70:7f:c1:
                    c9:7a:8d:a8:26:75:8f:52:02:89:d2:24:0f:fa:bc:
                    0b:da:72:b4:03:c9:09:98:2e:f0:1c:3d:c0:1e:42:
                    71:4e:79:73:1a:a0:4b:1d:bf:65:92:f4:bf:88:5e:
                    82:dd:3d:52:4b:1c:9e:53:c8:a7:d3:7a:bd:48:49:
                    3c:99:23:16:0b:91:1a:b2:29:b4:d1:9c:35:79:b0:
                    68:3c:08:68:71:0a:8d:45:4f:6e:b4:2a:c6:d9:19:
                    57:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:98:50:DD:3F:CE:35:7D:C9:7C:95:54:F8:7D:59:13:EA:C5:C2:FB
            X509v3 Authority Key Identifier:
                keyid:AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/xZhQ3T_ONX3JfJVU-H1ZE-rFwvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.57.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         2e:98:08:80:34:b9:cc:39:50:69:03:fa:62:d3:70:3e:b1:ee:
         27:2c:87:fd:28:14:2a:0d:8e:75:dd:5d:5d:84:7a:54:79:8f:
         6d:bd:28:4e:e2:85:94:dc:0c:b6:69:8a:64:17:0f:8d:c5:a4:
         fc:5f:d3:0b:1a:58:cf:d8:10:be:b3:bb:13:6b:30:c4:96:74:
         41:05:46:0b:5f:fa:29:e6:59:d4:e5:8e:3a:3f:df:46:ca:38:
         d4:f0:65:e8:67:88:cc:df:d0:23:59:a2:c2:2e:ce:a3:9a:24:
         6c:80:7b:5e:a3:2a:4e:f4:dc:01:f2:9e:e5:5e:bc:08:59:46:
         d8:d0:b3:f4:79:5d:51:e2:46:1a:95:bb:c4:c6:7f:49:37:c7:
         0b:f8:8b:52:e2:92:07:44:41:cc:34:e6:07:e7:73:26:ea:bf:
         6c:37:2a:ad:85:94:be:71:b6:0c:fe:b8:2c:ab:ce:9c:9c:e6:
         42:e4:be:f4:ad:16:9a:9f:fd:b6:18:cd:d2:35:e4:cf:ff:15:
         fc:6c:ef:29:6b:91:15:54:1e:d2:5a:0c:c6:81:32:16:80:0f:
         e5:61:5f:59:b0:25:f9:69:e0:2d:f5:84:d4:71:2e:fb:c6:3b:
         d0:a2:3c:80:c9:38:d0:dc:62:10:15:28:a2:c8:60:44:4c:03:
         4b:23:49:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuDnzlXQ7JeRSlh+i8vuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODgyY2Q2ZDE5NmFlMWY5Njg3MmFjYWU3ODMyMWJlN2E5
MmI4ZWIwHhcNMjQwMTAxMDYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk4NTBkZDNmY2UzNTdkYzk3Yzk1NTRmODdkNTkxM2VhYzVjMmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1teCkI0aR3kkXiQXxg0OXOywdPQ
kAE8dWUoiESKgJfIKiYDRNsja5duNVg170tevuXkoeFcm1S4QYkEbIw3xUI2Hoqb
JD7RCTSdey0bhArSHNulQHmM7NRc5N/I7I6koaJf3ReVw/AL9GNvKq5tWUpH4jrW
rNdBfKvsyGP7zWGJf4z7DBpf9guDi+eBRIJlMZc5Ih+mic20XSLr1m5UQ85wf8HJ
eo2oJnWPUgKJ0iQP+rwL2nK0A8kJmC7wHD3AHkJxTnlzGqBLHb9lkvS/iF6C3T1S
SxyeU8in03q9SEk8mSMWC5Easim00Zw1ebBoPAhocQqNRU9utCrG2RlXqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWYUN0/zjV9yXyVVPh9WRPqxcL7MB8GA1UdIwQY
MBaAFKuILNbRlq4flocqyueDIb56krjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTct
OTUwYzE4MDU5NmQwLzEveFpoUTNUX09OWDNKZkpWVS1IMVpFLXJGd3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTctOTUwYzE4MDU5NmQw
LzEvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHVjmAMA0G
CSqGSIb3DQEBCwUAA4IBAQAumAiANLnMOVBpA/pi03A+se4nLIf9KBQqDY513V1d
hHpUeY9tvShO4oWU3Ay2aYpkFw+NxaT8X9MLGljP2BC+s7sTazDElnRBBUYLX/op
5lnU5Y46P99GyjjU8GXoZ4jM39AjWaLCLs6jmiRsgHteoypO9NwB8p7lXrwIWUbY
0LP0eV1R4kYalbvExn9JN8cL+ItS4pIHREHMNOYH53Mm6r9sNyqthZS+cbYM/rgs
q86cnOZC5L70rRaan/22GM3SNeTP/xX8bO8pa5EVVB7SWgzGgTIWgA/lYV9ZsCX5
aeAt9YTUcS77xjvQojyAyTjQ3GIQFSiiyGBETANLI0kd
-----END CERTIFICATE-----