Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/abbUPNPMnf-uQiAas5CKXWUFA_o.roa
File:                     abbUPNPMnf-uQiAas5CKXWUFA_o.roa (raw, json)
Hash identifier:          Qdbb2z3CkTmZUz3KZtOEWs8a88B840qMu/CcFEDz1WE=
Subject key identifier:   69:B6:D4:3C:D3:CC:9D:FF:AE:42:20:1A:B3:90:8A:5D:65:05:03:FA
Certificate issuer:       /CN=dc4b4a18a7e151a37da5e4ccdaa9e7dbd88e9d93
Certificate serial:       018D5F5C4788EE69AF1C96546253A09CEAD8
Authority key identifier: DC:4B:4A:18:A7:E1:51:A3:7D:A5:E4:CC:DA:A9:E7:DB:D8:8E:9D:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EtKGKfhUaN9peTM2qnn29iOnZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/abbUPNPMnf-uQiAas5CKXWUFA_o.roa
Signing time:             Wed 31 Jan 2024 11:51:39 +0000
ROA not before:           Wed 31 Jan 2024 11:51:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        194.5.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/3EtKGKfhUaN9peTM2qnn29iOnZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/3EtKGKfhUaN9peTM2qnn29iOnZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EtKGKfhUaN9peTM2qnn29iOnZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5f:5c:47:88:ee:69:af:1c:96:54:62:53:a0:9c:ea:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4b4a18a7e151a37da5e4ccdaa9e7dbd88e9d93
        Validity
            Not Before: Jan 31 11:51:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69b6d43cd3cc9dffae42201ab3908a5d650503fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:75:3f:62:cf:f2:d8:fd:93:60:40:95:86:ac:
                    76:cc:ab:33:33:8f:b9:76:d6:25:b3:ca:e2:97:64:
                    42:c5:22:dc:a6:33:0f:2a:bf:16:ed:e3:36:0c:f8:
                    35:74:64:b8:ec:f4:99:26:ad:3b:43:45:6b:20:6e:
                    f3:e5:08:56:84:5b:f2:5a:bc:09:77:03:12:2f:5c:
                    7b:03:21:1c:ef:d7:83:83:e6:3b:eb:77:f1:f9:64:
                    58:20:06:e9:87:f2:a0:4b:41:18:4d:c1:00:13:0b:
                    33:5a:66:7b:84:c7:51:be:f3:10:e6:21:cf:66:83:
                    8d:62:12:d0:91:79:8a:cc:29:78:e9:27:b9:3a:11:
                    71:9e:af:45:2e:a9:61:e2:4b:cb:94:94:97:f7:9a:
                    fb:2d:20:d0:46:fc:79:b6:42:95:e8:c7:c1:f8:c2:
                    fa:5c:0d:56:ba:b8:a5:ce:92:ab:33:46:f7:50:39:
                    2e:06:51:e1:43:42:00:a1:b3:e8:d9:ad:59:55:1d:
                    b4:3b:e0:59:52:c2:59:5a:6e:fc:b0:a6:d3:e2:a1:
                    8d:a8:c8:35:73:e9:7c:0f:de:02:78:67:0c:f5:c6:
                    63:07:ba:8d:d3:b9:3e:4e:a1:51:82:b5:d1:4d:a7:
                    a9:d7:1c:a5:b6:80:a5:92:2f:5e:9b:34:e2:f0:12:
                    3f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B6:D4:3C:D3:CC:9D:FF:AE:42:20:1A:B3:90:8A:5D:65:05:03:FA
            X509v3 Authority Key Identifier:
                keyid:DC:4B:4A:18:A7:E1:51:A3:7D:A5:E4:CC:DA:A9:E7:DB:D8:8E:9D:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EtKGKfhUaN9peTM2qnn29iOnZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/abbUPNPMnf-uQiAas5CKXWUFA_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/3EtKGKfhUaN9peTM2qnn29iOnZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:e5:23:89:22:de:04:b7:8c:24:08:bb:0b:04:f5:ea:ec:78:
         c0:19:c9:4d:a2:96:48:26:67:d4:50:1b:e9:4e:d1:7d:5a:47:
         ab:67:4a:05:15:e4:97:19:d2:e9:84:fb:7b:b7:0d:f0:33:3e:
         d0:da:74:7b:78:ad:66:7c:eb:15:d5:63:82:c4:c0:09:e2:72:
         dc:8b:4e:c2:84:74:61:35:17:68:89:85:d3:cf:76:27:e3:35:
         67:d0:a4:f4:77:ff:54:69:10:18:7e:c5:9b:47:50:ee:31:49:
         6b:93:8e:26:2f:ae:5c:b9:e5:02:cc:3f:b1:cc:ea:12:ee:91:
         f2:fd:f3:0a:e6:e2:11:f7:b4:47:f1:f4:c8:16:47:4a:59:17:
         6b:de:48:60:52:df:8f:c7:04:e8:2a:59:a1:2e:40:17:dd:70:
         c6:46:e5:e6:c3:6a:92:fc:6e:99:15:c5:4a:00:2d:d4:aa:c2:
         fd:96:07:c6:bd:fc:4d:c8:fb:12:4a:e7:03:d5:b6:bd:48:dc:
         ea:a0:3f:5d:67:0b:ad:a4:42:73:1b:bb:f1:e7:fb:18:08:99:
         bf:0c:e3:ee:86:d3:4a:ab:3a:59:a2:39:cd:79:01:01:02:b2:
         86:d3:83:62:44:b6:12:01:58:8c:6a:55:ec:0f:24:7d:a8:7d:
         e2:30:cf:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1fXEeI7mmvHJZUYlOgnOrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGI0YTE4YTdlMTUxYTM3ZGE1ZTRjY2RhYTllN2RiZDg4
ZTlkOTMwHhcNMjQwMTMxMTE1MTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWI2ZDQzY2QzY2M5ZGZmYWU0MjIwMWFiMzkwOGE1ZDY1MDUwM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXU/Ys/y2P2TYECVhqx2zKszM4+5
dtYls8ril2RCxSLcpjMPKr8W7eM2DPg1dGS47PSZJq07Q0VrIG7z5QhWhFvyWrwJ
dwMSL1x7AyEc79eDg+Y763fx+WRYIAbph/KgS0EYTcEAEwszWmZ7hMdRvvMQ5iHP
ZoONYhLQkXmKzCl46Se5OhFxnq9FLqlh4kvLlJSX95r7LSDQRvx5tkKV6MfB+ML6
XA1WurilzpKrM0b3UDkuBlHhQ0IAobPo2a1ZVR20O+BZUsJZWm78sKbT4qGNqMg1
c+l8D94CeGcM9cZjB7qN07k+TqFRgrXRTaep1xyltoClki9emzTi8BI/dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGm21DzTzJ3/rkIgGrOQil1lBQP6MB8GA1UdIwQY
MBaAFNxLShin4VGjfaXkzNqp59vYjp2TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0V0S0dLZmhVYU45cGVUTTJxbm4yOWlPblpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNjFhMjEtMGI1YS00MzY3LTg0MWUt
M2RkMjkzZjc0ZTVlLzEvYWJiVVBOUE1uZi11UWlBYXM1Q0tYV1VGQV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNjFhMjEtMGI1YS00MzY3LTg0MWUtM2RkMjkzZjc0ZTVl
LzEvM0V0S0dLZmhVYU45cGVUTTJxbm4yOWlPblpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgUyMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ5SOJIt4Et4wkCLsLBPXq7HjAGclNopZIJmfUUBvp
TtF9WkerZ0oFFeSXGdLphPt7tw3wMz7Q2nR7eK1mfOsV1WOCxMAJ4nLci07ChHRh
NRdoiYXTz3Yn4zVn0KT0d/9UaRAYfsWbR1DuMUlrk44mL65cueUCzD+xzOoS7pHy
/fMK5uIR97RH8fTIFkdKWRdr3khgUt+PxwToKlmhLkAX3XDGRuXmw2qS/G6ZFcVK
AC3UqsL9lgfGvfxNyPsSSucD1ba9SNzqoD9dZwutpEJzG7vx5/sYCJm/DOPuhtNK
qzpZojnNeQEBArKG04NiRLYSAViMalXsDyR9qH3iMM9P
-----END CERTIFICATE-----