Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/5jxUSaW-WpphR6AUPTijW1zrMkA.roa
File:                     5jxUSaW-WpphR6AUPTijW1zrMkA.roa (raw, json)
Hash identifier:          UwknkbLioQKz0czimXBi6NfXaO18OnRuezfrbJ9Ezt4=
Subject key identifier:   E6:3C:54:49:A5:BE:5A:9A:61:47:A0:14:3D:38:A3:5B:5C:EB:32:40
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80124DBF8A8D9A3A666CCFA6CA2FC5F
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/5jxUSaW-WpphR6AUPTijW1zrMkA.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20910
IP address blocks:        85.254.120.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:24:db:f8:a8:d9:a3:a6:66:cc:fa:6c:a2:fc:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e63c5449a5be5a9a6147a0143d38a35b5ceb3240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f0:43:2a:40:cf:ce:57:4d:e7:c1:22:30:27:
                    55:86:83:bc:20:82:94:fe:92:3f:f8:7e:c4:62:45:
                    a2:81:05:25:97:a6:15:5b:1b:2e:3f:d8:c1:c3:87:
                    4c:32:29:61:d9:36:b7:51:2a:e6:ac:25:76:1a:a1:
                    b7:29:02:06:52:c4:59:3c:67:a8:76:ec:78:28:71:
                    63:bf:f1:7e:85:98:1c:a2:d6:6b:b2:5c:45:6f:1f:
                    70:9f:3a:e7:6b:c8:82:eb:78:31:ef:e6:f9:ad:35:
                    85:04:66:79:a6:d7:8d:8a:37:bf:1a:58:e6:89:97:
                    6b:74:19:d2:0c:e9:ee:8f:a2:31:7b:39:73:5c:51:
                    3c:a3:c6:9f:a4:58:49:7c:94:99:34:42:01:47:d8:
                    59:3f:dc:cf:3f:69:58:de:ba:d5:ea:6e:e0:c5:cf:
                    94:90:2e:41:8e:49:52:db:e3:19:b3:9e:1e:c9:49:
                    ee:79:2e:39:59:92:38:7c:bf:b5:3a:b0:5e:da:86:
                    49:09:d5:97:05:d2:a6:5e:a8:6b:ab:12:80:d8:9e:
                    70:db:66:80:aa:ee:88:2a:89:5b:44:ac:5c:e6:e2:
                    81:d8:7c:fe:aa:85:66:83:c1:ae:e2:a2:a6:bb:7b:
                    91:0a:9f:f1:c1:05:b1:65:00:e9:0c:46:e4:7b:5d:
                    d6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:3C:54:49:A5:BE:5A:9A:61:47:A0:14:3D:38:A3:5B:5C:EB:32:40
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/5jxUSaW-WpphR6AUPTijW1zrMkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:08:5b:c4:52:9b:6d:3a:1d:0b:ad:b8:c7:6c:6f:4c:fb:ee:
         e4:7b:8c:e6:5f:aa:01:9c:98:43:ee:2d:99:fc:e9:93:00:47:
         fd:13:21:c9:28:23:46:21:b4:c7:01:c7:39:83:b6:2a:7b:7c:
         a5:82:b2:7e:10:12:8d:93:a8:08:f7:08:ff:58:ba:8e:77:78:
         a6:d7:19:47:3a:43:bc:c0:d3:6b:0a:bd:b5:6a:8e:a4:03:f4:
         f5:9d:f3:a0:e9:af:dd:3d:ac:ca:1e:20:6b:79:c9:14:6b:0d:
         2c:03:62:68:01:11:30:8f:54:ed:c1:0b:71:4c:de:22:2a:81:
         96:18:64:84:77:c0:a0:be:67:e4:11:f1:9b:90:50:54:96:63:
         8d:0c:c2:a1:ed:2f:95:b3:85:62:57:d0:38:d8:51:3a:22:0d:
         7b:f0:1b:69:4a:b1:b0:10:9a:14:f6:ac:24:97:5b:a4:a8:f1:
         fc:f1:9c:86:a0:c6:4b:2b:ac:d7:fa:ff:c3:80:37:a0:49:ec:
         f3:ae:b9:68:f8:28:10:47:e4:36:ef:ac:ae:78:fd:5a:2a:64:
         1e:0e:4a:b0:3d:2b:84:0d:f6:69:5a:ce:07:3b:92:00:2f:81:
         df:8d:4d:19:91:bb:35:65:13:c5:2c:11:83:73:37:e2:d3:be:
         1f:c7:a1:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASTb+KjZo6ZmzPpsovxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjNjNTQ0OWE1YmU1YTlhNjE0N2EwMTQzZDM4YTM1YjVjZWIzMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfBDKkDPzldN58EiMCdVhoO8IIKU
/pI/+H7EYkWigQUll6YVWxsuP9jBw4dMMilh2Ta3USrmrCV2GqG3KQIGUsRZPGeo
dux4KHFjv/F+hZgcotZrslxFbx9wnzrna8iC63gx7+b5rTWFBGZ5pteNije/Gljm
iZdrdBnSDOnuj6IxezlzXFE8o8afpFhJfJSZNEIBR9hZP9zPP2lY3rrV6m7gxc+U
kC5BjklS2+MZs54eyUnueS45WZI4fL+1OrBe2oZJCdWXBdKmXqhrqxKA2J5w22aA
qu6IKolbRKxc5uKB2Hz+qoVmg8Gu4qKmu3uRCp/xwQWxZQDpDEbke13WYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOY8VEmlvlqaYUegFD04o1tc6zJAMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvNWp4VVNhVy1XcHBoUjZBVVBUaWpXMXpyTWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVf54MA0G
CSqGSIb3DQEBCwUAA4IBAQBECFvEUpttOh0LrbjHbG9M++7ke4zmX6oBnJhD7i2Z
/OmTAEf9EyHJKCNGIbTHAcc5g7Yqe3ylgrJ+EBKNk6gI9wj/WLqOd3im1xlHOkO8
wNNrCr21ao6kA/T1nfOg6a/dPazKHiBreckUaw0sA2JoAREwj1TtwQtxTN4iKoGW
GGSEd8CgvmfkEfGbkFBUlmONDMKh7S+Vs4ViV9A42FE6Ig178BtpSrGwEJoU9qwk
l1ukqPH88ZyGoMZLK6zX+v/DgDegSezzrrlo+CgQR+Q276yueP1aKmQeDkqwPSuE
DfZpWs4HO5IAL4HfjU0Zkbs1ZRPFLBGDczfi074fx6G3
-----END CERTIFICATE-----