Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/SRQlJnqs_NWkVL5AV8EjEe8F_bs.roa
File:                     SRQlJnqs_NWkVL5AV8EjEe8F_bs.roa (raw, json)
Hash identifier:          nf8gZNNxLEFH7IILBZCwRL47ri37i0cYwvQCunSkjQA=
Subject key identifier:   49:14:25:26:7A:AC:FC:D5:A4:54:BE:40:57:C1:23:11:EF:05:FD:BB
Certificate issuer:       /CN=96062f5ddb18f96d78492b3538d7745cc4714a26
Certificate serial:       018CCA29DB89C87447D324992D508D417A3E
Authority key identifier: 96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/SRQlJnqs_NWkVL5AV8EjEe8F_bs.roa
Signing time:             Tue 02 Jan 2024 12:33:09 +0000
ROA not before:           Tue 02 Jan 2024 12:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204916
IP address blocks:        5.42.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:db:89:c8:74:47:d3:24:99:2d:50:8d:41:7a:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96062f5ddb18f96d78492b3538d7745cc4714a26
        Validity
            Not Before: Jan  2 12:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=491425267aacfcd5a454be4057c12311ef05fdbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:dc:a0:98:eb:15:af:e4:47:ee:90:d9:17:09:
                    b8:40:a1:04:ad:23:1d:a5:57:ea:ed:3d:5c:90:63:
                    36:ee:4b:44:dc:37:da:91:4c:53:72:0e:07:57:1a:
                    78:56:f0:6c:34:57:fa:4a:2e:c6:69:35:30:b5:0b:
                    d7:01:a9:7c:a2:0d:0b:fe:fa:2d:eb:7d:92:05:08:
                    a7:a2:ba:5a:d5:37:c5:33:8d:1b:9d:b7:b2:b4:46:
                    94:6a:b9:f1:f1:d5:aa:9a:a5:c1:70:31:19:27:55:
                    38:c4:b4:04:3e:c5:1b:9a:5b:f6:3e:65:c2:5c:0f:
                    1f:85:dc:52:b8:7b:19:f2:13:74:eb:07:3e:fa:ca:
                    f4:18:02:c6:70:1a:d7:b4:34:df:df:3f:0c:c5:a4:
                    6e:15:c4:26:43:41:34:f4:21:5a:d8:29:60:3b:74:
                    a7:c5:b1:f5:6a:c0:46:1f:56:fc:3d:c3:7e:f8:32:
                    86:2a:77:01:a8:fe:7f:03:67:87:41:f7:30:c3:f1:
                    ce:1f:6c:19:83:b4:5d:fc:63:81:93:38:b3:f4:91:
                    85:55:ae:d0:77:f4:f0:7c:b1:41:a6:eb:7f:d6:04:
                    06:97:10:16:67:3b:77:0f:8e:be:2a:b8:73:86:c0:
                    22:66:d4:61:2d:89:c9:20:bf:9d:12:ab:97:6a:50:
                    87:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:14:25:26:7A:AC:FC:D5:A4:54:BE:40:57:C1:23:11:EF:05:FD:BB
            X509v3 Authority Key Identifier:
                keyid:96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/SRQlJnqs_NWkVL5AV8EjEe8F_bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:0a:e8:30:27:e1:9e:5d:ea:97:10:25:a5:fa:45:9c:ec:d4:
         b6:33:5e:2e:c6:1c:84:a6:4b:78:3d:49:a5:47:2c:e0:4c:d7:
         3a:f4:36:85:70:fd:8c:bf:9f:7c:56:1d:ec:84:0d:03:0c:01:
         6f:95:84:3b:f9:9c:b4:a4:79:dd:01:e5:85:55:88:b9:35:21:
         71:8e:2a:93:13:bf:a0:6d:ab:94:b6:c4:54:e8:03:f2:68:95:
         16:12:9a:b8:5b:d0:a5:c2:85:fb:e5:3b:8e:f4:87:17:b8:61:
         f7:56:f5:55:c2:81:46:d7:11:53:b8:d7:aa:75:3c:e4:fe:6f:
         26:dc:57:d1:28:98:b1:64:b2:5a:51:1b:1d:eb:f2:4b:e0:3d:
         a1:bb:86:c4:14:32:6d:35:b4:72:08:28:f7:3f:5a:ae:6a:b2:
         d8:3c:c2:af:41:ec:0e:5f:a4:e7:27:45:71:29:eb:5d:b2:60:
         06:f4:d3:b9:27:ac:87:86:b0:a3:a9:14:bd:e0:47:ca:7a:29:
         6c:ac:1e:d0:fa:a8:73:e8:20:07:ce:b5:81:e5:e9:91:ac:a1:
         b4:89:1b:3e:bb:91:22:17:df:87:aa:09:7c:c9:4a:03:ef:66:
         12:a4:fd:6c:14:28:b8:bd:e7:95:c3:34:fb:1b:1a:0d:89:a1:
         d0:8c:df:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKduJyHRH0ySZLVCNQXo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MDYyZjVkZGIxOGY5NmQ3ODQ5MmIzNTM4ZDc3NDVjYzQ3
MTRhMjYwHhcNMjQwMTAyMTIzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTE0MjUyNjdhYWNmY2Q1YTQ1NGJlNDA1N2MxMjMxMWVmMDVmZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9ygmOsVr+RH7pDZFwm4QKEErSMd
pVfq7T1ckGM27ktE3DfakUxTcg4HVxp4VvBsNFf6Si7GaTUwtQvXAal8og0L/vot
632SBQinorpa1TfFM40bnbeytEaUarnx8dWqmqXBcDEZJ1U4xLQEPsUbmlv2PmXC
XA8fhdxSuHsZ8hN06wc++sr0GALGcBrXtDTf3z8MxaRuFcQmQ0E09CFa2ClgO3Sn
xbH1asBGH1b8PcN++DKGKncBqP5/A2eHQfcww/HOH2wZg7Rd/GOBkziz9JGFVa7Q
d/TwfLFBput/1gQGlxAWZzt3D46+KrhzhsAiZtRhLYnJIL+dEquXalCH7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkUJSZ6rPzVpFS+QFfBIxHvBf27MB8GA1UdIwQY
MBaAFJYGL13bGPlteEkrNTjXdFzEcUomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmIt
M2ZjYjVmM2YzYzU5LzEvU1JRbEpucXNfTldrVkw1QVY4RWpFZThGX2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmItM2ZjYjVmM2YzYzU5
LzEvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSpGMA0G
CSqGSIb3DQEBCwUAA4IBAQC9CugwJ+GeXeqXECWl+kWc7NS2M14uxhyEpkt4PUml
RyzgTNc69DaFcP2Mv598Vh3shA0DDAFvlYQ7+Zy0pHndAeWFVYi5NSFxjiqTE7+g
bauUtsRU6APyaJUWEpq4W9ClwoX75TuO9IcXuGH3VvVVwoFG1xFTuNeqdTzk/m8m
3FfRKJixZLJaURsd6/JL4D2hu4bEFDJtNbRyCCj3P1quarLYPMKvQewOX6TnJ0Vx
KetdsmAG9NO5J6yHhrCjqRS94EfKeilsrB7Q+qhz6CAHzrWB5emRrKG0iRs+u5Ei
F9+Hqgl8yUoD72YSpP1sFCi4veeVwzT7GxoNiaHQjN8D
-----END CERTIFICATE-----