Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/8c88bb-44dc-4f08-beee-fef48712acab/1/U5ola_3eHUi1bL8g1kEXFx3fqaU.roa
File:                     U5ola_3eHUi1bL8g1kEXFx3fqaU.roa (raw, json)
Hash identifier:          rtgOE8yTu90T7FhIL+KBfeB3CxjEQ1CSlRU6JHLl4SY=
Subject key identifier:   53:9A:25:6B:FD:DE:1D:48:B5:6C:BF:20:D6:41:17:17:1D:DF:A9:A5
Certificate issuer:       /CN=c85106daad3a973fde98914f7cc1ccd35d8cc3c3
Certificate serial:       018CC8DE295F3FE56629850DD3E3722DF765
Authority key identifier: C8:51:06:DA:AD:3A:97:3F:DE:98:91:4F:7C:C1:CC:D3:5D:8C:C3:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFEG2q06lz_emJFPfMHM012Mw8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/8c88bb-44dc-4f08-beee-fef48712acab/1/U5ola_3eHUi1bL8g1kEXFx3fqaU.roa
Signing time:             Tue 02 Jan 2024 06:30:51 +0000
ROA not before:           Tue 02 Jan 2024 06:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203462
IP address blocks:        2.57.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/8c88bb-44dc-4f08-beee-fef48712acab/1/yFEG2q06lz_emJFPfMHM012Mw8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/8c88bb-44dc-4f08-beee-fef48712acab/1/yFEG2q06lz_emJFPfMHM012Mw8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFEG2q06lz_emJFPfMHM012Mw8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:29:5f:3f:e5:66:29:85:0d:d3:e3:72:2d:f7:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c85106daad3a973fde98914f7cc1ccd35d8cc3c3
        Validity
            Not Before: Jan  2 06:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=539a256bfdde1d48b56cbf20d64117171ddfa9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:29:53:25:32:c5:a1:97:c3:07:88:10:5d:e6:
                    f7:21:d6:db:7a:97:04:04:8c:d4:5d:2b:ed:ac:b3:
                    60:86:a4:c6:70:4e:47:13:72:cd:c9:7c:8c:23:c8:
                    af:a6:ca:10:12:b9:86:44:a8:50:7b:4e:ed:26:4a:
                    6d:1f:12:74:b4:93:0f:ee:d4:5e:4b:ec:d2:32:ef:
                    fb:71:0e:ed:82:9a:06:71:23:22:dc:a0:08:85:b8:
                    86:0b:9d:d2:0e:1c:07:3d:b5:02:f9:7a:81:62:52:
                    e4:e5:87:0d:c3:a3:d9:96:f6:ab:2b:c9:46:91:f9:
                    6a:c4:4f:a0:37:88:c5:ac:32:3e:b5:a1:12:15:6b:
                    50:e6:8d:c2:91:50:0b:3b:96:19:41:fd:f5:ef:b8:
                    60:5a:35:b3:ee:40:a1:4f:38:f4:08:b8:d7:cd:aa:
                    70:90:20:25:25:79:72:b9:7f:7e:0c:73:e1:91:cc:
                    c5:ba:6f:56:c3:eb:55:ab:28:79:6b:aa:37:ad:40:
                    18:2e:8b:d8:6d:7a:89:d2:2d:b0:f0:c2:d0:3d:8c:
                    07:80:fb:03:64:d7:ee:51:38:0a:1b:c2:df:ec:c2:
                    71:e5:22:2d:92:9e:f8:8c:76:c4:0c:ff:bf:38:0a:
                    e9:c1:4e:71:9c:a1:9e:b9:7b:e7:7f:97:be:06:d9:
                    92:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:9A:25:6B:FD:DE:1D:48:B5:6C:BF:20:D6:41:17:17:1D:DF:A9:A5
            X509v3 Authority Key Identifier:
                keyid:C8:51:06:DA:AD:3A:97:3F:DE:98:91:4F:7C:C1:CC:D3:5D:8C:C3:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFEG2q06lz_emJFPfMHM012Mw8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/8c88bb-44dc-4f08-beee-fef48712acab/1/U5ola_3eHUi1bL8g1kEXFx3fqaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/8c88bb-44dc-4f08-beee-fef48712acab/1/yFEG2q06lz_emJFPfMHM012Mw8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:95:87:a6:0d:a8:f3:6f:f8:af:06:b3:df:eb:30:5a:a8:6b:
         54:89:ad:08:4b:16:2d:8d:fb:08:35:d6:df:91:7a:4d:75:4e:
         3c:9e:5a:cf:14:e7:06:a2:6b:81:f9:b2:ae:1a:ec:2f:71:2b:
         b8:a5:5c:7c:be:67:72:15:4d:80:6a:43:8a:2b:16:13:fd:f5:
         24:62:3a:70:db:42:b2:41:4d:63:18:dd:21:a9:4d:f9:8c:70:
         9f:36:be:4e:b7:3e:3a:c9:f0:62:fd:b8:19:96:0e:de:c3:a0:
         ad:37:bd:58:8c:47:c1:04:9a:af:7d:fe:dd:87:06:16:d7:a7:
         69:62:e7:23:dd:25:b9:15:e5:96:4f:2d:52:43:a5:d9:45:f7:
         68:9b:ce:de:39:8d:4e:1d:24:bf:2e:5e:bb:29:ef:31:50:b4:
         f6:a3:fd:e1:c7:f7:86:eb:e9:c9:99:65:be:4a:7d:87:52:21:
         b5:ca:cc:fb:91:90:fb:e0:f9:47:bb:fc:8d:97:66:4e:a3:d8:
         70:01:b4:88:ac:ac:14:62:ef:9a:9b:09:57:87:84:91:20:cf:
         35:13:91:8c:99:3e:0e:22:87:0b:c8:18:3f:49:f1:f2:3b:e4:
         b7:18:94:98:08:30:f8:8d:33:4f:48:58:3c:21:39:82:1d:65:
         c2:2a:70:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ilfP+VmKYUN0+NyLfdlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTEwNmRhYWQzYTk3M2ZkZTk4OTE0ZjdjYzFjY2QzNWQ4
Y2MzYzMwHhcNMjQwMTAyMDYzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzlhMjU2YmZkZGUxZDQ4YjU2Y2JmMjBkNjQxMTcxNzFkZGZhOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgilTJTLFoZfDB4gQXeb3IdbbepcE
BIzUXSvtrLNghqTGcE5HE3LNyXyMI8ivpsoQErmGRKhQe07tJkptHxJ0tJMP7tRe
S+zSMu/7cQ7tgpoGcSMi3KAIhbiGC53SDhwHPbUC+XqBYlLk5YcNw6PZlvarK8lG
kflqxE+gN4jFrDI+taESFWtQ5o3CkVALO5YZQf3177hgWjWz7kChTzj0CLjXzapw
kCAlJXlyuX9+DHPhkczFum9Ww+tVqyh5a6o3rUAYLovYbXqJ0i2w8MLQPYwHgPsD
ZNfuUTgKG8Lf7MJx5SItkp74jHbEDP+/OArpwU5xnKGeuXvnf5e+BtmShwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOaJWv93h1ItWy/INZBFxcd36mlMB8GA1UdIwQY
MBaAFMhRBtqtOpc/3piRT3zBzNNdjMPDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZFRzJxMDZsel9lbUpGUGZNSE0wMTJNdzhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC84Yzg4YmItNDRkYy00ZjA4LWJlZWUt
ZmVmNDg3MTJhY2FiLzEvVTVvbGFfM2VIVWkxYkw4ZzFrRVhGeDNmcWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC84Yzg4YmItNDRkYy00ZjA4LWJlZWUtZmVmNDg3MTJhY2Fi
LzEveUZFRzJxMDZsel9lbUpGUGZNSE0wMTJNdzhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjlUMA0G
CSqGSIb3DQEBCwUAA4IBAQB2lYemDajzb/ivBrPf6zBaqGtUia0ISxYtjfsINdbf
kXpNdU48nlrPFOcGomuB+bKuGuwvcSu4pVx8vmdyFU2AakOKKxYT/fUkYjpw20Ky
QU1jGN0hqU35jHCfNr5Otz46yfBi/bgZlg7ew6CtN71YjEfBBJqvff7dhwYW16dp
Yucj3SW5FeWWTy1SQ6XZRfdom87eOY1OHSS/Ll67Ke8xULT2o/3hx/eG6+nJmWW+
Sn2HUiG1ysz7kZD74PlHu/yNl2ZOo9hwAbSIrKwUYu+amwlXh4SRIM81E5GMmT4O
IocLyBg/SfHyO+S3GJSYCDD4jTNPSFg8ITmCHWXCKnCy
-----END CERTIFICATE-----