Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9tS0DIr3Fq0YcfTCRW_kldHHt0k.roa
File:                     9tS0DIr3Fq0YcfTCRW_kldHHt0k.roa (raw, json)
Hash identifier:          gB818lfSM2ofdjtY1Eweb34XVbsMAOsvuccyRnsPhpQ=
Subject key identifier:   F6:D4:B4:0C:8A:F7:16:AD:18:71:F4:C2:45:6F:E4:95:D1:C7:B7:49
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC425639135297AF75726EACE1D817EA7
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9tS0DIr3Fq0YcfTCRW_kldHHt0k.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64249
IP address blocks:        5.182.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:63:91:35:29:7a:f7:57:26:ea:ce:1d:81:7e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6d4b40c8af716ad1871f4c2456fe495d1c7b749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:98:e5:0f:eb:f4:9f:f2:89:5a:d4:fd:c4:37:
                    ba:9f:2a:8f:8b:16:0e:c9:62:5d:80:f2:4b:f5:d9:
                    80:24:04:7b:d2:45:86:01:7d:17:d8:16:2a:39:7c:
                    c5:bb:34:bb:67:52:df:f1:68:a6:b5:fa:91:a0:f5:
                    83:56:ae:5a:39:fa:b8:2d:59:b1:2a:85:d5:75:4a:
                    3c:b2:b0:f4:ab:52:62:c3:88:60:64:66:e2:08:83:
                    20:48:2c:ec:62:62:4f:76:1c:14:08:2a:32:f2:45:
                    68:58:58:6c:d4:4c:48:ca:28:fa:f0:c5:17:5e:ba:
                    e1:59:c6:78:f4:a0:a5:30:26:21:70:df:ab:44:91:
                    49:d7:b9:29:d4:c2:89:46:ad:02:07:0a:49:94:d3:
                    a6:93:d9:91:55:f1:64:76:34:2e:12:26:e7:50:a0:
                    bd:27:5e:9f:4c:ac:81:9b:5d:44:15:3f:4b:33:ae:
                    3d:41:8d:25:fa:70:c4:fa:04:1b:34:1c:d5:b3:4f:
                    17:9d:08:ab:2e:3f:27:e5:ed:aa:30:ee:a9:bd:91:
                    af:ff:a1:0f:9a:8b:29:f8:0a:6e:24:c5:93:85:97:
                    b0:63:41:f3:b2:0f:b9:80:5a:62:2b:cf:df:1c:3d:
                    52:dc:97:21:5a:44:df:fb:1f:48:c8:a6:a7:b3:9c:
                    a0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D4:B4:0C:8A:F7:16:AD:18:71:F4:C2:45:6F:E4:95:D1:C7:B7:49
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9tS0DIr3Fq0YcfTCRW_kldHHt0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:da:56:3c:e8:91:2a:98:e5:02:92:a2:3a:17:bf:8d:e4:28:
         df:7f:6d:b1:29:b1:44:06:78:42:c6:14:c9:4e:f9:21:97:c0:
         67:ac:76:e1:9a:73:5f:bd:90:05:78:22:5b:12:ea:f2:74:bb:
         8b:00:4c:eb:e9:67:67:6e:22:60:dc:2c:26:25:3b:2a:69:56:
         2b:d3:3c:b8:39:96:d8:e2:08:96:bf:0e:ed:67:69:c8:65:60:
         46:e2:bf:10:9d:2d:77:74:8e:ee:4a:84:53:5d:f8:67:ec:a3:
         54:f3:4a:7a:d0:82:f2:60:3c:01:6e:3e:aa:b9:db:7e:f2:c0:
         cb:be:f2:ed:f7:83:1b:a2:67:86:c6:df:24:10:6f:e6:6d:32:
         ae:3c:1e:f7:19:80:a2:af:e4:b3:aa:46:eb:5a:2e:46:b9:57:
         0e:63:c7:21:94:55:f0:c1:f3:e5:2f:53:75:82:3e:05:19:f0:
         d0:7e:3d:0e:10:8d:9f:fb:c1:52:1e:a5:34:e3:da:9c:9e:e2:
         93:48:b4:dd:ca:a7:85:d5:c0:5f:cc:45:38:d3:f5:c2:82:f1:
         d6:3a:f6:79:a9:17:2c:b2:f8:cc:6f:5a:32:1f:f6:5e:9c:d5:
         ee:9f:b5:cf:22:0a:4d:3c:81:b9:e9:e3:af:63:2d:97:6f:a2:
         f8:08:63:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWORNSl691cm6s4dgX6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQ0YjQwYzhhZjcxNmFkMTg3MWY0YzI0NTZmZTQ5NWQxYzdiNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZjlD+v0n/KJWtT9xDe6nyqPixYO
yWJdgPJL9dmAJAR70kWGAX0X2BYqOXzFuzS7Z1Lf8WimtfqRoPWDVq5aOfq4LVmx
KoXVdUo8srD0q1Jiw4hgZGbiCIMgSCzsYmJPdhwUCCoy8kVoWFhs1ExIyij68MUX
XrrhWcZ49KClMCYhcN+rRJFJ17kp1MKJRq0CBwpJlNOmk9mRVfFkdjQuEibnUKC9
J16fTKyBm11EFT9LM649QY0l+nDE+gQbNBzVs08XnQirLj8n5e2qMO6pvZGv/6EP
mosp+ApuJMWThZewY0Hzsg+5gFpiK8/fHD1S3JchWkTf+x9IyKans5ygCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbUtAyK9xatGHH0wkVv5JXRx7dJMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvOXRTMERJcjNGcTBZY2ZUQ1JXX2tsZEhIdDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYzMA0G
CSqGSIb3DQEBCwUAA4IBAQC42lY86JEqmOUCkqI6F7+N5Cjff22xKbFEBnhCxhTJ
Tvkhl8BnrHbhmnNfvZAFeCJbEurydLuLAEzr6WdnbiJg3CwmJTsqaVYr0zy4OZbY
4giWvw7tZ2nIZWBG4r8QnS13dI7uSoRTXfhn7KNU80p60ILyYDwBbj6qudt+8sDL
vvLt94MbomeGxt8kEG/mbTKuPB73GYCir+SzqkbrWi5GuVcOY8chlFXwwfPlL1N1
gj4FGfDQfj0OEI2f+8FSHqU049qcnuKTSLTdyqeF1cBfzEU40/XCgvHWOvZ5qRcs
svjMb1oyH/ZenNXun7XPIgpNPIG56eOvYy2Xb6L4CGPP
-----END CERTIFICATE-----