Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/7NdNrToH32IfrUHCos6L9oY3BzM.roa
File:                     7NdNrToH32IfrUHCos6L9oY3BzM.roa (raw, json)
Hash identifier:          pi6b3J7EQE6X3cIHXUtwtpCcH9kZ3uSbBNS9eXZP9vg=
Subject key identifier:   EC:D7:4D:AD:3A:07:DF:62:1F:AD:41:C2:A2:CE:8B:F6:86:37:07:33
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D1B8C65548A68E237DB3C70CEB1B
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/7NdNrToH32IfrUHCos6L9oY3BzM.roa
Signing time:             Mon 01 Jan 2024 10:30:05 +0000
ROA not before:           Mon 01 Jan 2024 10:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35043
IP address blocks:        5.160.248.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d1:b8:c6:55:48:a6:8e:23:7d:b3:c7:0c:eb:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecd74dad3a07df621fad41c2a2ce8bf686370733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:44:80:6b:80:16:8b:eb:c4:89:e9:e6:83:85:
                    89:fa:10:c2:fe:42:bd:4f:8f:e7:55:e2:65:4f:d7:
                    0c:44:44:8a:59:62:e2:bd:ea:b4:1c:38:20:fd:e3:
                    79:74:dd:db:72:43:c4:63:6e:a0:2e:c3:93:b4:18:
                    50:24:05:9f:32:dd:20:0c:5e:3d:2f:23:83:fc:4c:
                    4c:ba:b1:92:ad:f7:09:4d:d9:85:c3:bf:1e:b5:03:
                    59:94:3f:c0:1c:28:cc:99:1a:0c:93:9c:1f:6e:25:
                    06:8c:e6:74:9e:26:9a:65:7b:71:a8:22:0a:b6:56:
                    6d:0d:61:e7:82:39:45:86:47:55:92:da:18:c6:88:
                    e4:cc:89:ed:34:99:7c:07:18:e6:39:82:fb:4d:f4:
                    f4:e7:91:22:0d:ab:ed:ab:83:6e:45:ec:41:f5:84:
                    d0:69:f8:08:66:62:74:a7:18:19:e8:63:35:17:8f:
                    44:b3:41:fc:6d:ce:9f:91:5a:4e:bf:ac:ee:cf:94:
                    02:46:60:1d:05:52:29:6f:31:7b:b6:49:68:dd:19:
                    4b:2c:93:7b:74:a8:7e:36:64:2e:6c:49:3c:9e:d9:
                    43:1a:7f:14:d0:a6:bc:fa:59:f6:44:41:48:98:f8:
                    0d:ae:e7:1a:d8:f7:2c:e4:92:c7:f5:ea:19:97:79:
                    07:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D7:4D:AD:3A:07:DF:62:1F:AD:41:C2:A2:CE:8B:F6:86:37:07:33
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/7NdNrToH32IfrUHCos6L9oY3BzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         14:bd:52:8b:32:79:c4:c9:af:c0:1a:ee:c7:a1:c6:74:89:86:
         69:ed:13:a0:0e:2d:5d:2b:d5:b1:e3:c2:b4:d4:fd:ad:55:49:
         f9:11:3a:39:68:de:f5:eb:b7:bc:85:12:87:81:a7:f9:c5:2e:
         1e:11:cb:7d:78:77:3d:48:a2:9c:19:5b:10:40:1d:7b:e0:77:
         d8:d6:58:fb:e5:a9:de:75:a3:f1:f0:69:28:15:3a:8c:af:7e:
         5f:d6:5b:53:44:c1:2e:27:9e:4a:31:51:40:95:17:35:7c:2e:
         3f:86:98:1b:f7:5b:30:d8:44:6c:c6:4d:08:5d:49:28:df:d3:
         df:d0:0d:28:04:35:6c:9a:0d:63:1b:a8:a5:e1:04:24:ad:b1:
         09:a2:2c:08:bc:84:4e:1f:ae:b3:c8:cb:1b:a8:10:d8:32:5f:
         8a:0e:da:fb:8d:ff:00:d9:c8:f7:01:71:f6:8f:d6:75:0d:f5:
         9c:5f:1b:83:57:a8:a2:56:56:38:97:ce:ec:0e:3c:d2:3f:fb:
         21:54:1d:53:fa:ef:b2:6b:70:7d:6f:89:2e:7c:f4:53:9a:78:
         98:00:aa:0e:50:d4:c3:51:46:a6:0c:a5:6a:e6:cb:95:3c:0a:
         e2:f8:d7:06:76:b5:58:53:8d:37:b2:e0:96:eb:23:19:51:b1:
         90:cc:ab:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktG4xlVIpo4jfbPHDOsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Q3NGRhZDNhMDdkZjYyMWZhZDQxYzJhMmNlOGJmNjg2MzcwNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0SAa4AWi+vEienmg4WJ+hDC/kK9
T4/nVeJlT9cMRESKWWLiveq0HDgg/eN5dN3bckPEY26gLsOTtBhQJAWfMt0gDF49
LyOD/ExMurGSrfcJTdmFw78etQNZlD/AHCjMmRoMk5wfbiUGjOZ0niaaZXtxqCIK
tlZtDWHngjlFhkdVktoYxojkzIntNJl8BxjmOYL7TfT055EiDavtq4NuRexB9YTQ
afgIZmJ0pxgZ6GM1F49Es0H8bc6fkVpOv6zuz5QCRmAdBVIpbzF7tklo3RlLLJN7
dKh+NmQubEk8ntlDGn8U0Ka8+ln2REFImPgNruca2Pcs5JLH9eoZl3kHaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzXTa06B99iH61BwqLOi/aGNwczMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvN05kTnJUb0gzMklmclVIQ29zNkw5b1kzQnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBaD4MA0G
CSqGSIb3DQEBCwUAA4IBAQAUvVKLMnnEya/AGu7HocZ0iYZp7ROgDi1dK9Wx48K0
1P2tVUn5ETo5aN7167e8hRKHgaf5xS4eEct9eHc9SKKcGVsQQB174HfY1lj75ane
daPx8GkoFTqMr35f1ltTRMEuJ55KMVFAlRc1fC4/hpgb91sw2ERsxk0IXUko39Pf
0A0oBDVsmg1jG6il4QQkrbEJoiwIvIROH66zyMsbqBDYMl+KDtr7jf8A2cj3AXH2
j9Z1DfWcXxuDV6iiVlY4l87sDjzSP/shVB1T+u+ya3B9b4kufPRTmniYAKoOUNTD
UUamDKVq5suVPAri+NcGdrVYU403suCW6yMZUbGQzKtc
-----END CERTIFICATE-----