Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/v7TraiK7icKmoAjAU8WQr95Ti5I.roa
File:                     v7TraiK7icKmoAjAU8WQr95Ti5I.roa (raw, json)
Hash identifier:          9xGPE3i/GrCWIQjctdsdZMPNTtAV0OQfJgYTch+0bEM=
Subject key identifier:   BF:B4:EB:6A:22:BB:89:C2:A6:A0:08:C0:53:C5:90:AF:DE:53:8B:92
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018F724B436D4C35904766ACABE59BD07CEE
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/v7TraiK7icKmoAjAU8WQr95Ti5I.roa
Signing time:             Mon 13 May 2024 14:11:25 +0000
ROA not before:           Mon 13 May 2024 14:11:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        5.188.232.0/24 maxlen: 24
                          46.161.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:72:4b:43:6d:4c:35:90:47:66:ac:ab:e5:9b:d0:7c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: May 13 14:11:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfb4eb6a22bb89c2a6a008c053c590afde538b92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3f:18:30:7d:3f:6e:7b:5a:da:b0:62:ba:36:
                    3b:1e:4e:3e:06:bc:56:48:17:fa:55:62:0a:7b:26:
                    02:ea:6c:b5:bc:dc:d5:a5:6a:18:69:a9:57:b8:61:
                    b9:ec:a6:6e:a7:b0:7d:94:9e:27:25:ee:e2:8a:5f:
                    5e:05:ca:4c:95:8b:81:51:13:06:2d:52:82:47:b5:
                    3f:8b:30:5e:90:31:aa:23:b6:59:e5:d2:fb:84:51:
                    f4:76:a2:12:ee:b3:e5:75:6a:2b:6c:73:a9:eb:37:
                    2d:ed:d0:2e:5a:1b:2e:78:bd:c3:c2:e3:55:17:11:
                    c2:cc:cf:ba:d4:d7:4f:16:92:b2:79:12:8e:b6:04:
                    13:64:76:44:3e:5d:93:23:c2:09:93:83:e0:6d:8a:
                    d9:e8:69:4b:ca:78:f2:6e:a8:20:14:24:e7:c4:9f:
                    13:cf:28:e3:53:bd:47:aa:10:3b:16:eb:c2:6e:4a:
                    ed:60:90:88:b0:95:77:74:4e:bd:a4:8f:10:60:59:
                    4e:72:0e:62:b1:f2:25:60:e4:9f:37:7d:0d:cd:91:
                    b2:f7:e9:ab:3f:6d:e4:e1:36:98:fe:f5:2a:7b:7b:
                    32:bf:79:c5:4e:c2:f4:69:90:b8:a7:c1:60:24:0a:
                    24:82:ac:1f:ab:e6:97:a4:1b:64:1a:ee:a1:e3:cf:
                    5a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B4:EB:6A:22:BB:89:C2:A6:A0:08:C0:53:C5:90:AF:DE:53:8B:92
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/v7TraiK7icKmoAjAU8WQr95Ti5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.232.0/24
                  46.161.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:b3:90:67:f1:cb:84:cb:66:98:fe:44:2b:f1:c2:f8:d6:01:
         73:9a:3d:e3:d9:9f:6c:e5:32:59:85:cc:7a:ec:ad:41:df:e0:
         2b:32:29:ca:fb:59:5b:f9:e8:5c:9e:08:75:69:9a:3b:96:d3:
         bf:78:71:0a:e2:02:96:1f:d3:49:9d:00:ef:5d:96:cd:84:78:
         7a:a8:e7:e7:73:d0:8f:6d:9b:02:2c:d2:65:81:16:88:2a:12:
         13:ff:a3:88:00:66:2f:3d:6d:61:66:25:57:55:10:2e:bf:00:
         f6:ce:71:d5:ed:46:f7:3b:63:ce:1a:a3:65:8f:93:78:30:33:
         38:ef:b1:1d:86:ce:c0:d1:1d:9a:bd:72:8f:95:83:ee:80:49:
         8d:7d:ee:fc:6e:3f:f6:06:23:cc:cf:ae:ce:18:ee:8c:73:fc:
         49:b9:1f:a9:f2:30:23:df:61:e8:bf:91:39:90:d4:c4:41:c2:
         5d:e6:fc:6a:18:a5:b0:7b:9c:4a:5c:9c:b5:6d:fd:f3:8f:51:
         4e:62:77:7c:e1:ea:ed:10:ba:dc:f0:d4:b0:55:7b:61:c3:fa:
         12:b0:a7:1e:ed:ae:92:10:2f:86:09:08:5d:42:80:61:02:04:
         41:f8:52:3b:20:24:47:71:00:62:5c:9c:ab:93:16:ee:3a:ce:
         a9:12:8d:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9yS0NtTDWQR2asq+Wb0HzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwNTEzMTQxMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmI0ZWI2YTIyYmI4OWMyYTZhMDA4YzA1M2M1OTBhZmRlNTM4YjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1D8YMH0/bnta2rBiujY7Hk4+BrxW
SBf6VWIKeyYC6my1vNzVpWoYaalXuGG57KZup7B9lJ4nJe7iil9eBcpMlYuBURMG
LVKCR7U/izBekDGqI7ZZ5dL7hFH0dqIS7rPldWorbHOp6zct7dAuWhsueL3DwuNV
FxHCzM+61NdPFpKyeRKOtgQTZHZEPl2TI8IJk4PgbYrZ6GlLynjybqggFCTnxJ8T
zyjjU71HqhA7FuvCbkrtYJCIsJV3dE69pI8QYFlOcg5isfIlYOSfN30NzZGy9+mr
P23k4TaY/vUqe3syv3nFTsL0aZC4p8FgJAokgqwfq+aXpBtkGu6h489aswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL+062oiu4nCpqAIwFPFkK/eU4uSMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdjdUcmFpSzdpY0ttb0FqQVU4V1FyOTVUaTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbzoAwQA
LqEoMA0GCSqGSIb3DQEBCwUAA4IBAQCZs5Bn8cuEy2aY/kQr8cL41gFzmj3j2Z9s
5TJZhcx67K1B3+ArMinK+1lb+ehcngh1aZo7ltO/eHEK4gKWH9NJnQDvXZbNhHh6
qOfnc9CPbZsCLNJlgRaIKhIT/6OIAGYvPW1hZiVXVRAuvwD2znHV7Ub3O2POGqNl
j5N4MDM477Edhs7A0R2avXKPlYPugEmNfe78bj/2BiPMz67OGO6Mc/xJuR+p8jAj
32Hov5E5kNTEQcJd5vxqGKWwe5xKXJy1bf3zj1FOYnd84ertELrc8NSwVXthw/oS
sKce7a6SEC+GCQhdQoBhAgRB+FI7ICRHcQBiXJyrkxbuOs6pEo03
-----END CERTIFICATE-----