Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/XJRT5qzrjyXAByD2W1GzCLBf6GE.roa
File:                     XJRT5qzrjyXAByD2W1GzCLBf6GE.roa (raw, json)
Hash identifier:          XaLu+s67Q/J6EE+T2Oq/aLcAnnVj15McWPYxA87IH9w=
Subject key identifier:   5C:94:53:E6:AC:EB:8F:25:C0:07:20:F6:5B:51:B3:08:B0:5F:E8:61
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018CC7956A2386E4B7FDF06A9471AF051D50
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/XJRT5qzrjyXAByD2W1GzCLBf6GE.roa
Signing time:             Tue 02 Jan 2024 00:31:47 +0000
ROA not before:           Tue 02 Jan 2024 00:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201934
IP address blocks:        193.38.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6a:23:86:e4:b7:fd:f0:6a:94:71:af:05:1d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 00:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c9453e6aceb8f25c00720f65b51b308b05fe861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:64:bd:19:4f:d6:07:1d:c6:cb:bc:2b:8b:df:
                    6f:59:df:6e:db:e2:fe:7c:7b:90:c9:be:43:7f:11:
                    6f:c9:58:52:6a:94:0b:9e:47:7d:50:96:ec:eb:8c:
                    b2:9f:ba:98:28:46:26:6d:c3:aa:97:9b:54:2e:bf:
                    30:e8:ac:01:a5:6c:ca:97:f6:a6:73:fb:a7:43:51:
                    7c:a0:cb:fa:13:64:b2:2b:21:71:26:3d:50:ea:db:
                    73:fe:3e:c0:23:01:7b:4c:80:15:51:23:d6:ae:b3:
                    20:7e:f2:b3:17:d2:8a:d8:00:63:fe:cc:5e:17:45:
                    57:cc:f2:5c:b1:2e:4b:a6:9b:b5:9a:b1:94:2f:a8:
                    ac:7e:2c:b2:21:4b:b8:a2:ad:a0:5d:dc:71:d0:ba:
                    9b:ef:03:48:8b:a3:43:6b:cb:f7:29:ca:8f:35:fd:
                    db:6c:02:05:99:78:92:07:26:86:5a:eb:6b:e9:fe:
                    f1:07:17:58:42:92:c4:74:5f:92:fa:39:8e:40:bd:
                    aa:42:bb:ba:fd:5b:3a:3f:f5:5f:85:6e:6e:ef:16:
                    ca:98:92:e7:7e:ff:24:21:b3:fa:c3:a0:03:7d:fc:
                    3f:54:5b:2c:03:51:54:dc:3c:0d:ce:5f:e7:6b:f6:
                    1e:6c:a7:0a:d3:0a:e9:9e:86:58:4f:f1:6d:88:66:
                    9b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:94:53:E6:AC:EB:8F:25:C0:07:20:F6:5B:51:B3:08:B0:5F:E8:61
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/XJRT5qzrjyXAByD2W1GzCLBf6GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:22:6d:3c:dd:9e:1d:ab:03:53:df:ed:56:58:53:ff:11:80:
         d7:51:b4:91:cf:b5:bd:fd:73:88:ea:56:66:2f:f4:cc:2a:80:
         09:9d:26:7c:41:9c:08:5b:89:dd:ff:6e:65:8e:34:04:6b:8b:
         d2:13:9d:94:2e:c0:76:c2:ad:43:e9:f9:91:71:30:bb:03:18:
         15:58:4e:d1:3b:6f:57:ed:e8:01:88:d2:09:00:ef:b0:de:25:
         d4:8e:ac:a9:3e:d6:85:43:b8:11:61:b7:17:af:29:05:c9:19:
         97:3a:6f:c3:05:db:fb:06:7a:30:17:c0:d3:1d:6d:27:6a:b7:
         fc:d5:b8:66:52:86:97:9e:be:f1:d1:8a:07:d5:6f:e4:5d:e9:
         a0:c3:7e:8d:a4:77:e0:64:a6:3f:6a:a6:ac:d5:6b:fc:a8:3b:
         b4:4d:64:c5:87:36:48:53:c6:02:c1:36:25:ee:da:ef:e6:d4:
         cd:20:34:48:14:be:9b:fd:3e:60:5f:92:53:e2:81:97:20:81:
         74:56:36:a8:69:da:0b:84:ee:cc:79:ac:c5:20:e5:8d:d6:c9:
         c3:5f:34:4c:5b:be:3f:2f:3c:4f:64:2f:2e:78:c4:15:f0:e0:
         b9:8c:19:ba:f3:78:4d:e9:34:3a:cf:16:c6:48:bf:f2:6a:16:
         b6:a3:70:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWojhuS3/fBqlHGvBR1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwMTAyMDAzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzk0NTNlNmFjZWI4ZjI1YzAwNzIwZjY1YjUxYjMwOGIwNWZlODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2S9GU/WBx3Gy7wri99vWd9u2+L+
fHuQyb5DfxFvyVhSapQLnkd9UJbs64yyn7qYKEYmbcOql5tULr8w6KwBpWzKl/am
c/unQ1F8oMv6E2SyKyFxJj1Q6ttz/j7AIwF7TIAVUSPWrrMgfvKzF9KK2ABj/sxe
F0VXzPJcsS5Lppu1mrGUL6isfiyyIUu4oq2gXdxx0Lqb7wNIi6NDa8v3KcqPNf3b
bAIFmXiSByaGWutr6f7xBxdYQpLEdF+S+jmOQL2qQru6/Vs6P/VfhW5u7xbKmJLn
fv8kIbP6w6ADffw/VFssA1FU3DwNzl/na/YebKcK0wrpnoZYT/FtiGab5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyUU+as648lwAcg9ltRswiwX+hhMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvWEpSVDVxenJqeVhBQnlEMlcxR3pDTEJmNkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSb8MA0G
CSqGSIb3DQEBCwUAA4IBAQBQIm083Z4dqwNT3+1WWFP/EYDXUbSRz7W9/XOI6lZm
L/TMKoAJnSZ8QZwIW4nd/25ljjQEa4vSE52ULsB2wq1D6fmRcTC7AxgVWE7RO29X
7egBiNIJAO+w3iXUjqypPtaFQ7gRYbcXrykFyRmXOm/DBdv7BnowF8DTHW0narf8
1bhmUoaXnr7x0YoH1W/kXemgw36NpHfgZKY/aqas1Wv8qDu0TWTFhzZIU8YCwTYl
7trv5tTNIDRIFL6b/T5gX5JT4oGXIIF0VjaoadoLhO7MeazFIOWN1snDXzRMW74/
LzxPZC8ueMQV8OC5jBm683hN6TQ6zxbGSL/yaha2o3DA
-----END CERTIFICATE-----