Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/k6YmwPg4lXJqh13GTCZcfca6oAU.roa
File:                     k6YmwPg4lXJqh13GTCZcfca6oAU.roa (raw, json)
Hash identifier:          n1xvurP+mFRvgiQsYMKeQTpiHSq2lacs/0/W5c0bMT4=
Subject key identifier:   93:A6:26:C0:F8:38:95:72:6A:87:5D:C6:4C:26:5C:7D:C6:BA:A0:05
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC959F69D27A16AD8F865941BF1046
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/k6YmwPg4lXJqh13GTCZcfca6oAU.roa
Signing time:             Mon 01 Jan 2024 16:30:16 +0000
ROA not before:           Mon 01 Jan 2024 16:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        5.178.5.0/24 maxlen: 24
                          5.178.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:95:9f:69:d2:7a:16:ad:8f:86:59:41:bf:10:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93a626c0f83895726a875dc64c265c7dc6baa005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7f:4c:47:ba:f1:c2:8f:b0:13:f3:a6:fa:c5:
                    39:80:a7:59:5c:35:0c:01:00:54:cc:39:44:ab:76:
                    61:3c:97:49:3d:51:40:bb:8c:fd:dd:e8:07:90:76:
                    50:b3:7d:55:66:cc:94:9b:00:a1:8a:40:c6:de:2e:
                    29:91:fa:e0:3f:b1:0a:b2:6d:24:92:40:d4:b1:0a:
                    bc:a7:8b:5c:0c:e4:15:c7:35:db:f8:13:05:df:2d:
                    96:c7:58:ce:56:c7:de:b3:a7:bf:49:5b:50:11:89:
                    20:3c:e0:33:67:9f:f4:5e:74:c9:fd:4c:1f:55:cf:
                    5a:10:7c:85:a2:b1:77:62:18:09:56:44:31:fc:97:
                    8f:f2:9c:7e:ae:1d:94:d4:a2:3f:45:8c:61:36:ec:
                    0a:98:45:da:04:b4:f8:e5:ad:7d:9a:02:14:8a:a6:
                    7c:12:fc:b2:fe:ec:6a:57:b3:00:50:4e:23:80:a7:
                    88:f0:ca:46:4d:91:fd:f6:5e:57:d6:c6:2a:89:05:
                    18:f5:38:d7:49:53:b4:dc:2d:0d:c8:ab:4b:1f:fd:
                    b3:60:18:78:d3:da:54:ee:a4:dd:1f:68:e2:93:a7:
                    53:f8:04:b4:4a:d7:06:a3:ff:1d:a4:28:65:8b:bb:
                    41:07:b5:6d:9d:03:cc:32:a3:2d:c6:43:a9:62:50:
                    7a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A6:26:C0:F8:38:95:72:6A:87:5D:C6:4C:26:5C:7D:C6:BA:A0:05
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/k6YmwPg4lXJqh13GTCZcfca6oAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.5.0-5.178.6.255

    Signature Algorithm: sha256WithRSAEncryption
         26:ae:0d:27:21:a4:a2:44:2b:2e:a4:f5:f6:1d:7e:30:ba:26:
         ed:c9:23:e8:30:01:04:87:35:91:5a:07:b8:db:d6:0e:98:c0:
         e8:84:0a:a8:1d:58:aa:7e:00:d3:d7:dd:2b:e5:94:b0:2c:91:
         a2:5f:bb:6e:30:47:4a:00:a9:94:3a:1a:2e:b6:e3:41:e9:c7:
         db:36:af:93:56:2d:76:da:73:8b:a4:ac:18:32:80:13:ae:93:
         f5:14:f8:c3:c4:2c:4c:ad:9d:6a:a4:89:d2:e1:27:03:6d:3d:
         7b:d1:79:a0:28:be:8d:4e:44:60:88:38:68:01:e8:46:b7:62:
         1b:65:1d:ba:c8:a4:9d:a4:42:31:91:b6:c3:44:0c:06:06:30:
         cf:48:1f:51:cf:17:77:35:96:28:27:d7:6d:76:2b:f8:1a:c5:
         7a:aa:8a:54:79:19:89:1a:61:a5:b9:98:df:19:58:0d:1b:31:
         e7:0d:c5:35:5d:7e:14:a3:15:0c:80:8b:30:38:f0:d7:51:d6:
         e5:51:a3:22:31:87:64:9b:9a:d7:f8:a2:2d:76:2b:b6:ca:ab:
         e4:bd:ba:a1:d5:2c:3a:cf:35:1e:c9:b4:30:c8:88:0c:92:3f:
         6a:91:ba:46:56:ab:6c:b6:c7:11:ab:ce:9b:77:25:58:5d:33:
         00:82:6f:24
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF3JWfadJ6Fq2PhllBvxBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2E2MjZjMGY4Mzg5NTcyNmE4NzVkYzY0YzI2NWM3ZGM2YmFhMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqH9MR7rxwo+wE/Om+sU5gKdZXDUM
AQBUzDlEq3ZhPJdJPVFAu4z93egHkHZQs31VZsyUmwChikDG3i4pkfrgP7EKsm0k
kkDUsQq8p4tcDOQVxzXb+BMF3y2Wx1jOVsfes6e/SVtQEYkgPOAzZ5/0XnTJ/Uwf
Vc9aEHyForF3YhgJVkQx/JeP8px+rh2U1KI/RYxhNuwKmEXaBLT45a19mgIUiqZ8
Evyy/uxqV7MAUE4jgKeI8MpGTZH99l5X1sYqiQUY9TjXSVO03C0NyKtLH/2zYBh4
09pU7qTdH2jik6dT+AS0StcGo/8dpChli7tBB7VtnQPMMqMtxkOpYlB6kwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJOmJsD4OJVyaoddxkwmXH3GuqAFMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvazZZbXdQZzRsWEpxaDEzR1RDWmNmY2E2b0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAFsgUD
BAAFsgYwDQYJKoZIhvcNAQELBQADggEBACauDSchpKJEKy6k9fYdfjC6Ju3JI+gw
AQSHNZFaB7jb1g6YwOiECqgdWKp+ANPX3SvllLAskaJfu24wR0oAqZQ6Gi6240Hp
x9s2r5NWLXbac4ukrBgygBOuk/UU+MPELEytnWqkidLhJwNtPXvReaAovo1ORGCI
OGgB6Ea3YhtlHbrIpJ2kQjGRtsNEDAYGMM9IH1HPF3c1lign1212K/gaxXqqilR5
GYkaYaW5mN8ZWA0bMecNxTVdfhSjFQyAizA48NdR1uVRoyIxh2Sbmtf4oi12K7bK
q+S9uqHVLDrPNR7JtDDIiAySP2qRukZWq2y2xxGrzpt3JVhdMwCCbyQ=
-----END CERTIFICATE-----