Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/uQ5LB2wgDpvk4NWaddMFTpiAFLQ.roa
File:                     uQ5LB2wgDpvk4NWaddMFTpiAFLQ.roa (raw, json)
Hash identifier:          +BnmmJZaKG83U/LnZI5FWk4Dc8VrvZzumrDME3pVwVo=
Subject key identifier:   B9:0E:4B:07:6C:20:0E:9B:E4:E0:D5:9A:75:D3:05:4E:98:80:14:B4
Certificate issuer:       /CN=181e4d608152fc244afffba2dc72b851b19b2527
Certificate serial:       018E0D5D98A9427F3493BB43DC59FEBEC858
Authority key identifier: 18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/uQ5LB2wgDpvk4NWaddMFTpiAFLQ.roa
Signing time:             Tue 05 Mar 2024 06:47:01 +0000
ROA not before:           Tue 05 Mar 2024 06:47:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50427
IP address blocks:        86.62.4.0/23 maxlen: 23
                          86.62.4.0/24 maxlen: 24
                          86.62.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:5d:98:a9:42:7f:34:93:bb:43:dc:59:fe:be:c8:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=181e4d608152fc244afffba2dc72b851b19b2527
        Validity
            Not Before: Mar  5 06:47:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b90e4b076c200e9be4e0d59a75d3054e988014b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a4:25:8f:ff:a4:0a:58:31:62:de:32:db:7e:
                    5a:7e:9d:37:d3:6f:3e:00:92:c5:8a:5a:bf:f6:a7:
                    2f:8b:bd:02:16:55:e1:03:12:7d:78:85:f4:1a:c6:
                    05:bf:9a:b2:67:63:37:63:0d:4c:b3:f1:e2:03:0b:
                    bc:06:71:2f:79:d3:14:77:ab:94:25:f1:7b:75:cb:
                    f1:47:b0:e6:f8:a7:a5:48:52:d9:08:21:78:52:ef:
                    3c:06:b6:7d:03:ef:fb:6a:b7:a8:b7:2f:ee:d0:a5:
                    44:4b:5d:d3:2f:b9:44:5a:88:9c:c4:b4:73:d2:e1:
                    73:3e:f4:04:64:3c:85:15:5a:a2:39:0a:23:be:e7:
                    d7:75:c7:90:ce:9d:f0:5c:be:2d:35:12:54:fd:d9:
                    7e:1b:d9:dd:73:42:c4:97:2d:14:8f:28:e0:7e:bc:
                    46:41:97:30:df:de:7a:39:ca:ff:3d:e1:67:94:fc:
                    06:5f:3f:7a:d1:46:02:cd:d9:4e:c0:dd:36:5b:d2:
                    94:86:6a:9d:76:d0:65:9a:9a:dc:fb:31:6f:41:8e:
                    8e:55:ea:dd:70:c2:3b:c3:7d:9c:9f:9d:f5:9c:bb:
                    17:ec:84:60:57:1f:cc:32:60:a0:77:46:1e:e4:24:
                    55:e5:f0:22:04:7c:6e:ff:20:9d:4a:64:a3:09:58:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:0E:4B:07:6C:20:0E:9B:E4:E0:D5:9A:75:D3:05:4E:98:80:14:B4
            X509v3 Authority Key Identifier:
                keyid:18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/uQ5LB2wgDpvk4NWaddMFTpiAFLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:f2:22:6e:20:f2:bf:ec:8e:31:9d:ef:46:82:37:87:80:3d:
         f9:0d:b2:45:a2:72:f5:4a:9c:9a:3f:b0:64:71:18:62:6a:b9:
         70:f6:8c:c0:ac:f1:8d:7f:ff:a5:86:d0:41:8d:7d:77:72:3e:
         ed:25:6e:8e:a6:58:49:d8:99:0f:6a:64:12:77:14:63:a0:9e:
         2e:28:8d:77:15:c1:92:e8:8a:63:bc:f5:be:e3:0e:81:cb:da:
         4f:e1:15:97:78:98:e7:29:f3:6d:3a:e9:a9:0b:72:c0:48:bb:
         35:23:cf:4d:96:1a:30:fe:ac:d0:99:ef:4a:47:91:d8:7f:a6:
         82:39:e7:58:a8:9b:60:42:d8:b2:ba:45:d6:f3:33:ab:88:a6:
         bb:4e:07:a5:87:94:45:2c:18:98:6f:17:2b:60:81:f8:b4:0f:
         63:c8:10:ef:38:95:77:fc:fa:73:be:48:08:d8:7b:29:4f:33:
         78:6d:b9:3d:db:b1:ec:b5:58:0f:0c:24:f3:b1:18:87:bf:ea:
         8b:63:9d:da:74:76:ea:88:f5:e4:8e:3a:da:67:e3:f8:e0:6b:
         29:f1:3c:0a:a7:e1:a9:2d:91:d0:a7:bb:98:29:72:66:4c:4c:
         7f:6b:5c:88:46:87:e1:9a:ba:01:96:47:a3:04:26:79:87:11:
         84:cf:19:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4NXZipQn80k7tD3Fn+vshYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MWU0ZDYwODE1MmZjMjQ0YWZmZmJhMmRjNzJiODUxYjE5
YjI1MjcwHhcNMjQwMzA1MDY0NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTBlNGIwNzZjMjAwZTliZTRlMGQ1OWE3NWQzMDU0ZTk4ODAxNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKQlj/+kClgxYt4y235afp03028+
AJLFilq/9qcvi70CFlXhAxJ9eIX0GsYFv5qyZ2M3Yw1Ms/HiAwu8BnEvedMUd6uU
JfF7dcvxR7Dm+KelSFLZCCF4Uu88BrZ9A+/7areoty/u0KVES13TL7lEWoicxLRz
0uFzPvQEZDyFFVqiOQojvufXdceQzp3wXL4tNRJU/dl+G9ndc0LEly0UjyjgfrxG
QZcw3956Ocr/PeFnlPwGXz960UYCzdlOwN02W9KUhmqddtBlmprc+zFvQY6OVerd
cMI7w32cn531nLsX7IRgVx/MMmCgd0Ye5CRV5fAiBHxu/yCdSmSjCVjPHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkOSwdsIA6b5ODVmnXTBU6YgBS0MB8GA1UdIwQY
MBaAFBgeTWCBUvwkSv/7otxyuFGxmyUnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjIt
MzIyMDhkNTQ0YTg0LzEvdVE1TEIyd2dEcHZrNE5XYWRkTUZUcGlBRkxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjItMzIyMDhkNTQ0YTg0
LzEvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVj4EMA0G
CSqGSIb3DQEBCwUAA4IBAQA48iJuIPK/7I4xne9GgjeHgD35DbJFonL1SpyaP7Bk
cRhiarlw9ozArPGNf/+lhtBBjX13cj7tJW6OplhJ2JkPamQSdxRjoJ4uKI13FcGS
6IpjvPW+4w6By9pP4RWXeJjnKfNtOumpC3LASLs1I89Nlhow/qzQme9KR5HYf6aC
OedYqJtgQtiyukXW8zOriKa7Tgelh5RFLBiYbxcrYIH4tA9jyBDvOJV3/PpzvkgI
2HspTzN4bbk927HstVgPDCTzsRiHv+qLY53adHbqiPXkjjraZ+P44Gsp8TwKp+Gp
LZHQp7uYKXJmTEx/a1yIRofhmroBlkejBCZ5hxGEzxly
-----END CERTIFICATE-----