Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/788fcf-60f3-426f-9858-82f476b5cfdb/1/n7oWdnxl9oxjGM2CaIz9f346dUg.roa
File:                     n7oWdnxl9oxjGM2CaIz9f346dUg.roa (raw, json)
Hash identifier:          8T4lPsUTCWjCLn3DOc3LGBg1PfPB5gYyeiWLj1YwZCE=
Subject key identifier:   9F:BA:16:76:7C:65:F6:8C:63:18:CD:82:68:8C:FD:7F:7E:3A:75:48
Certificate issuer:       /CN=9dc366af6ce0b1a9f60173b14b5fddd7e0b96306
Certificate serial:       018CC87098213D585475D155F93776C1FC6F
Authority key identifier: 9D:C3:66:AF:6C:E0:B1:A9:F6:01:73:B1:4B:5F:DD:D7:E0:B9:63:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ncNmr2zgsan2AXOxS1_d1-C5YwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/788fcf-60f3-426f-9858-82f476b5cfdb/1/n7oWdnxl9oxjGM2CaIz9f346dUg.roa
Signing time:             Tue 02 Jan 2024 04:31:11 +0000
ROA not before:           Tue 02 Jan 2024 04:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51487
IP address blocks:        5.253.4.0/24 maxlen: 24
                          5.253.6.0/24 maxlen: 24
                          5.253.5.0/24 maxlen: 24
                          5.253.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/788fcf-60f3-426f-9858-82f476b5cfdb/1/ncNmr2zgsan2AXOxS1_d1-C5YwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/788fcf-60f3-426f-9858-82f476b5cfdb/1/ncNmr2zgsan2AXOxS1_d1-C5YwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ncNmr2zgsan2AXOxS1_d1-C5YwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:98:21:3d:58:54:75:d1:55:f9:37:76:c1:fc:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dc366af6ce0b1a9f60173b14b5fddd7e0b96306
        Validity
            Not Before: Jan  2 04:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fba16767c65f68c6318cd82688cfd7f7e3a7548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:93:e5:a1:3a:0e:72:4a:2d:ad:a8:01:4e:9b:
                    16:2d:53:fa:da:4d:94:e3:a8:35:94:0f:d6:7f:19:
                    2d:ce:a1:b4:13:a6:d0:c6:ec:06:c4:11:64:61:28:
                    58:6b:e9:81:28:b5:16:c3:fc:22:33:14:36:16:5c:
                    c9:7f:52:f9:99:6f:dd:39:9d:ed:f2:f5:26:e6:17:
                    49:a6:73:b8:5e:09:e5:26:3f:ed:27:e4:5f:d3:66:
                    72:b4:e5:af:8f:74:65:70:a7:5f:b6:1a:3c:5d:a2:
                    0d:82:7d:f0:bb:8e:7f:d0:00:78:d6:49:cd:b2:65:
                    5b:d9:4a:89:f0:d5:c9:f7:a4:62:54:ea:33:19:c8:
                    49:61:17:81:bb:cd:2a:d2:f8:8a:0c:0e:29:52:b5:
                    b2:e9:78:10:d9:2d:ac:1a:bc:ed:2d:54:e4:33:ae:
                    58:d9:f9:15:a4:cd:40:ba:01:f8:62:a3:7f:0d:45:
                    d1:97:e9:94:05:b2:c4:4b:57:50:1b:ad:35:0a:6e:
                    f5:f0:1e:b1:77:ab:fc:df:c3:e0:85:c6:85:1c:5f:
                    3a:bc:82:33:c4:e2:7f:87:2b:8e:e1:63:03:3d:4d:
                    c5:fa:cf:7e:29:78:36:d8:cc:90:de:a9:a9:3c:fd:
                    79:4f:1b:1b:b8:86:57:ba:a0:b2:ff:85:b6:98:a0:
                    ac:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BA:16:76:7C:65:F6:8C:63:18:CD:82:68:8C:FD:7F:7E:3A:75:48
            X509v3 Authority Key Identifier:
                keyid:9D:C3:66:AF:6C:E0:B1:A9:F6:01:73:B1:4B:5F:DD:D7:E0:B9:63:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncNmr2zgsan2AXOxS1_d1-C5YwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/788fcf-60f3-426f-9858-82f476b5cfdb/1/n7oWdnxl9oxjGM2CaIz9f346dUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/788fcf-60f3-426f-9858-82f476b5cfdb/1/ncNmr2zgsan2AXOxS1_d1-C5YwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:9c:2b:11:68:18:14:3c:d8:6f:de:6c:81:79:67:80:30:94:
         1d:c3:fd:9e:43:7a:14:36:57:70:d3:54:aa:e4:b0:78:1e:5e:
         24:81:24:a0:6c:cf:21:1e:32:70:99:cf:f2:4e:db:17:f3:0a:
         25:1a:bd:e7:f4:94:2f:3d:03:db:00:b2:30:d7:be:71:84:64:
         89:3f:2b:82:ce:7f:d0:6a:02:87:22:f1:82:48:47:62:69:86:
         d2:48:ea:ec:f8:ee:a1:93:84:46:4d:7f:e0:2d:7d:3f:30:0f:
         0b:a2:66:11:31:e6:84:ee:e6:92:1f:1e:97:2d:32:bb:b2:e6:
         e1:f0:82:44:77:2a:e7:8b:57:00:6c:38:41:48:8c:6d:d9:78:
         f8:32:c1:45:37:72:5e:7b:02:51:ba:07:a5:a0:4d:dc:96:aa:
         17:7e:a9:61:05:f3:6f:64:63:7d:8d:98:56:2f:f3:6a:40:c0:
         47:7a:a9:92:1c:ed:84:b5:09:2a:db:d7:62:3c:40:15:7c:fb:
         2d:6e:0f:2a:6d:94:7f:70:18:8e:d7:c9:e0:8e:2a:de:19:d8:
         08:05:ec:76:ae:34:fb:fd:f5:97:be:29:50:e4:f8:e2:01:c7:
         be:24:bf:38:b5:39:80:06:17:97:04:64:e2:f0:18:3d:2b:99:
         80:8f:4e:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcJghPVhUddFV+Td2wfxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzM2NmFmNmNlMGIxYTlmNjAxNzNiMTRiNWZkZGQ3ZTBi
OTYzMDYwHhcNMjQwMTAyMDQzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJhMTY3NjdjNjVmNjhjNjMxOGNkODI2ODhjZmQ3ZjdlM2E3NTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJPloToOckotragBTpsWLVP62k2U
46g1lA/WfxktzqG0E6bQxuwGxBFkYShYa+mBKLUWw/wiMxQ2FlzJf1L5mW/dOZ3t
8vUm5hdJpnO4XgnlJj/tJ+Rf02ZytOWvj3RlcKdftho8XaINgn3wu45/0AB41knN
smVb2UqJ8NXJ96RiVOozGchJYReBu80q0viKDA4pUrWy6XgQ2S2sGrztLVTkM65Y
2fkVpM1AugH4YqN/DUXRl+mUBbLES1dQG601Cm718B6xd6v838PghcaFHF86vIIz
xOJ/hyuO4WMDPU3F+s9+KXg22MyQ3qmpPP15TxsbuIZXuqCy/4W2mKCsPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+6FnZ8ZfaMYxjNgmiM/X9+OnVIMB8GA1UdIwQY
MBaAFJ3DZq9s4LGp9gFzsUtf3dfguWMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNObXIyemdzYW4yQVhPeFMxX2QxLUM1WXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC83ODhmY2YtNjBmMy00MjZmLTk4NTgt
ODJmNDc2YjVjZmRiLzEvbjdvV2RueGw5b3hqR00yQ2FJejlmMzQ2ZFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC83ODhmY2YtNjBmMy00MjZmLTk4NTgtODJmNDc2YjVjZmRi
LzEvbmNObXIyemdzYW4yQVhPeFMxX2QxLUM1WXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf0EMA0G
CSqGSIb3DQEBCwUAA4IBAQBxnCsRaBgUPNhv3myBeWeAMJQdw/2eQ3oUNldw01Sq
5LB4Hl4kgSSgbM8hHjJwmc/yTtsX8wolGr3n9JQvPQPbALIw175xhGSJPyuCzn/Q
agKHIvGCSEdiaYbSSOrs+O6hk4RGTX/gLX0/MA8LomYRMeaE7uaSHx6XLTK7subh
8IJEdyrni1cAbDhBSIxt2Xj4MsFFN3JeewJRugeloE3clqoXfqlhBfNvZGN9jZhW
L/NqQMBHeqmSHO2EtQkq29diPEAVfPstbg8qbZR/cBiO18ngjireGdgIBex2rjT7
/fWXvilQ5PjiAce+JL84tTmABheXBGTi8Bg9K5mAj07R
-----END CERTIFICATE-----