Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/97f89e-82b5-442b-b672-5d192fbfcb0b/1/oOUlHOMq2eNdPWTbwMfdN-sEyKs.roa
File:                     oOUlHOMq2eNdPWTbwMfdN-sEyKs.roa (raw, json)
Hash identifier:          Q38Pzp99R9JGE6+ViCd/0/IwFjamlsWPIPQQC5DEWrU=
Subject key identifier:   A0:E5:25:1C:E3:2A:D9:E3:5D:3D:64:DB:C0:C7:DD:37:EB:04:C8:AB
Certificate issuer:       /CN=fab796d980fa60fe2514fce62646f45d12c95165
Certificate serial:       018CC4936F6527E8670D2DBB47AA22D3633F
Authority key identifier: FA:B7:96:D9:80:FA:60:FE:25:14:FC:E6:26:46:F4:5D:12:C9:51:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-reW2YD6YP4lFPzmJkb0XRLJUWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/97f89e-82b5-442b-b672-5d192fbfcb0b/1/oOUlHOMq2eNdPWTbwMfdN-sEyKs.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209435
IP address blocks:        5.253.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/97f89e-82b5-442b-b672-5d192fbfcb0b/1/1-reW2YD6YP4lFPzmJkb0XRLJUWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/97f89e-82b5-442b-b672-5d192fbfcb0b/1/1-reW2YD6YP4lFPzmJkb0XRLJUWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-reW2YD6YP4lFPzmJkb0XRLJUWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:04:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6f:65:27:e8:67:0d:2d:bb:47:aa:22:d3:63:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fab796d980fa60fe2514fce62646f45d12c95165
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0e5251ce32ad9e35d3d64dbc0c7dd37eb04c8ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:bc:2e:88:72:03:49:40:b9:dd:c5:86:19:fc:
                    69:a9:2a:18:6d:92:1f:b4:04:1d:06:79:e7:ee:f4:
                    04:31:1d:cb:3a:44:22:f9:2a:31:1e:90:ce:ba:8c:
                    9d:b8:44:fb:c4:d1:b2:fd:8d:b9:25:2d:94:81:8b:
                    69:4b:d5:1b:eb:30:1b:46:f0:da:d6:47:81:76:52:
                    59:5b:e8:12:ca:4e:25:ee:c4:26:86:ce:23:4f:6e:
                    1f:5b:02:2d:fa:2f:0d:5f:0c:5d:d5:09:4f:d4:40:
                    1a:9a:33:ae:59:7a:d2:40:5f:cc:b1:ec:78:a6:38:
                    0b:b1:d3:7d:b3:cd:ff:cc:c7:1e:72:dc:62:85:ff:
                    99:30:84:b7:ac:8a:d4:50:e8:0a:6c:36:03:a3:47:
                    be:18:b8:0a:00:50:0b:e9:44:14:1a:15:96:56:0e:
                    b6:11:3d:c2:54:4d:9b:6f:3b:62:21:cd:92:ae:a7:
                    e0:21:90:4c:d5:db:4a:ac:74:12:b4:84:dc:67:38:
                    b1:c7:9a:77:27:fb:7d:ea:26:c7:f2:59:21:ac:13:
                    54:1c:f6:2c:50:8f:4e:f9:92:10:ee:c3:68:a1:6e:
                    25:73:86:d5:c8:1c:48:ba:ed:87:62:8a:1d:a6:e3:
                    8e:3a:42:1a:23:fb:8b:44:55:92:c1:8e:2c:6d:08:
                    6f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:E5:25:1C:E3:2A:D9:E3:5D:3D:64:DB:C0:C7:DD:37:EB:04:C8:AB
            X509v3 Authority Key Identifier:
                keyid:FA:B7:96:D9:80:FA:60:FE:25:14:FC:E6:26:46:F4:5D:12:C9:51:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-reW2YD6YP4lFPzmJkb0XRLJUWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/97f89e-82b5-442b-b672-5d192fbfcb0b/1/oOUlHOMq2eNdPWTbwMfdN-sEyKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/97f89e-82b5-442b-b672-5d192fbfcb0b/1/1-reW2YD6YP4lFPzmJkb0XRLJUWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:2b:6b:72:f5:3c:88:1c:29:18:11:6e:69:29:bc:60:38:05:
         4a:6e:a9:f9:81:6d:be:a1:77:e6:9c:49:00:18:a5:4e:73:51:
         3c:eb:43:de:6c:d5:3e:63:68:26:fb:ff:8c:17:88:c1:e6:52:
         6a:a7:f2:78:e9:05:5c:8e:17:9a:17:3d:41:18:41:0b:bb:f4:
         1f:31:be:c1:63:84:ce:21:7d:3c:00:e4:4e:4f:64:30:45:6f:
         c5:98:17:d7:1f:af:68:08:86:1b:12:2b:f5:95:5e:6a:ac:db:
         4d:c9:99:44:da:fc:17:f8:aa:2b:35:69:8d:24:67:72:e4:e9:
         6e:7a:d6:e6:7f:7a:2d:0e:e7:b7:6b:7e:00:22:4e:64:8c:c8:
         bb:09:89:a2:d5:5e:01:42:36:6f:3f:5e:15:d1:1d:a0:c8:b1:
         b8:f5:5b:d5:a0:75:b8:37:60:55:66:d6:41:20:bf:2b:e7:d3:
         53:6f:ab:6b:7c:9e:c1:b8:f2:5f:5b:7f:5c:a3:f2:bf:43:e8:
         fe:49:ed:b5:26:51:58:de:58:4b:1f:13:23:c8:34:ed:f0:24:
         f3:a3:64:4a:e1:25:2e:55:b0:d7:92:eb:82:7b:59:e8:b0:01:
         1f:db:4b:e0:9e:7a:ad:23:f2:2d:1d:23:ec:dc:49:18:9b:9f:
         2d:63:25:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk29lJ+hnDS27R6oi02M/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYjc5NmQ5ODBmYTYwZmUyNTE0ZmNlNjI2NDZmNDVkMTJj
OTUxNjUwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGU1MjUxY2UzMmFkOWUzNWQzZDY0ZGJjMGM3ZGQzN2ViMDRjOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7wuiHIDSUC53cWGGfxpqSoYbZIf
tAQdBnnn7vQEMR3LOkQi+SoxHpDOuoyduET7xNGy/Y25JS2UgYtpS9Ub6zAbRvDa
1keBdlJZW+gSyk4l7sQmhs4jT24fWwIt+i8NXwxd1QlP1EAamjOuWXrSQF/Msex4
pjgLsdN9s83/zMcectxihf+ZMIS3rIrUUOgKbDYDo0e+GLgKAFAL6UQUGhWWVg62
ET3CVE2bbztiIc2SrqfgIZBM1dtKrHQStITcZzixx5p3J/t96ibH8lkhrBNUHPYs
UI9O+ZIQ7sNooW4lc4bVyBxIuu2HYoodpuOOOkIaI/uLRFWSwY4sbQhvywIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKDlJRzjKtnjXT1k28DH3TfrBMirMB8GA1UdIwQY
MBaAFPq3ltmA+mD+JRT85iZG9F0SyVFlMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1yZVcyWUQ2WVA0bEZQem1Ka2IwWFJMSlVXVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvOTdmODllLTgyYjUtNDQyYi1iNjcy
LTVkMTkyZmJmY2IwYi8xL29PVWxIT01xMmVOZFBXVGJ3TWZkTi1zRXlLcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTgvOTdmODllLTgyYjUtNDQyYi1iNjcyLTVkMTkyZmJmY2Iw
Yi8xLzEtcmVXMllENllQNGxGUHptSmtiMFhSTEpVV1UuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIF/aww
DQYJKoZIhvcNAQELBQADggEBAIMra3L1PIgcKRgRbmkpvGA4BUpuqfmBbb6hd+ac
SQAYpU5zUTzrQ95s1T5jaCb7/4wXiMHmUmqn8njpBVyOF5oXPUEYQQu79B8xvsFj
hM4hfTwA5E5PZDBFb8WYF9cfr2gIhhsSK/WVXmqs203JmUTa/Bf4qis1aY0kZ3Lk
6W561uZ/ei0O57drfgAiTmSMyLsJiaLVXgFCNm8/XhXRHaDIsbj1W9Wgdbg3YFVm
1kEgvyvn01Nvq2t8nsG48l9bf1yj8r9D6P5J7bUmUVjeWEsfEyPINO3wJPOjZErh
JS5VsNeS64J7WeiwAR/bS+Ceeq0j8i0dI+zcSRibny1jJQ8=
-----END CERTIFICATE-----