Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/XIB3xR7_mkWl5MP9D9lYrT44G60.roa
File:                     XIB3xR7_mkWl5MP9D9lYrT44G60.roa (raw, json)
Hash identifier:          xdDaeDJMkhasEA/4MGQFrGgkpY8bX0zp7M5LGGK/uD0=
Subject key identifier:   5C:80:77:C5:1E:FF:9A:45:A5:E4:C3:FD:0F:D9:58:AD:3E:38:1B:AD
Certificate issuer:       /CN=96062f5ddb18f96d78492b3538d7745cc4714a26
Certificate serial:       018EC6970F5020BA468B9D35274F1408F475
Authority key identifier: 96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/XIB3xR7_mkWl5MP9D9lYrT44G60.roa
Signing time:             Wed 10 Apr 2024 05:59:32 +0000
ROA not before:           Wed 10 Apr 2024 05:59:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216334
IP address blocks:        5.42.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c6:97:0f:50:20:ba:46:8b:9d:35:27:4f:14:08:f4:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96062f5ddb18f96d78492b3538d7745cc4714a26
        Validity
            Not Before: Apr 10 05:59:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c8077c51eff9a45a5e4c3fd0fd958ad3e381bad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fb:53:3f:11:b2:50:40:04:19:18:6b:a6:43:
                    7c:1a:6a:4d:fe:cc:81:62:b3:54:07:24:76:56:bd:
                    49:09:e7:d5:fd:6d:c0:e6:15:c2:e9:38:15:02:78:
                    95:df:f4:2a:9b:9c:8e:ef:fa:d6:79:e6:d9:9d:9f:
                    76:fb:77:8c:62:1e:76:b8:45:8b:7b:d9:1d:82:93:
                    92:4e:20:fe:7f:d6:d0:95:48:12:e3:59:4b:60:be:
                    18:dd:a7:45:0e:e9:17:d2:b9:93:82:53:fa:2f:e8:
                    65:3c:7a:08:79:05:3f:22:f2:28:c6:4d:fc:07:53:
                    c5:21:64:89:2b:f5:94:37:2b:fc:10:4b:70:49:e5:
                    c9:0b:31:4b:80:40:85:7f:18:e3:ea:7e:b0:d9:b3:
                    41:9b:ed:ee:bb:9b:26:c7:02:96:0b:bb:9d:9f:4c:
                    3b:6b:83:cf:49:71:72:e4:59:df:c2:8d:ff:9e:8f:
                    52:75:9b:10:0f:a7:37:7b:f0:34:c6:e6:ed:ef:64:
                    1c:ee:fb:b8:1e:54:87:a3:40:8f:0a:bf:7f:85:eb:
                    d4:6c:80:e4:ad:14:b1:e5:b2:66:c2:a9:57:d4:8c:
                    0a:f6:4f:c3:a6:3c:6d:fd:9a:2f:3a:18:8a:1c:d3:
                    85:69:bb:57:77:9c:f1:eb:2d:db:38:0d:7f:2c:2a:
                    5a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:80:77:C5:1E:FF:9A:45:A5:E4:C3:FD:0F:D9:58:AD:3E:38:1B:AD
            X509v3 Authority Key Identifier:
                keyid:96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/XIB3xR7_mkWl5MP9D9lYrT44G60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:69:b0:6a:b9:0b:9f:c2:f7:5c:d7:18:f3:43:cc:c1:e0:15:
         0b:4b:a2:0e:dd:8f:9a:3e:aa:94:99:f4:81:c6:4a:0c:87:d3:
         d4:fb:73:26:e8:46:7b:7d:67:38:93:30:b4:17:71:d2:74:47:
         eb:b9:8a:e3:f9:1e:04:f5:cf:7e:e0:2a:c7:ef:53:86:c8:2a:
         af:47:e7:00:c7:ac:5f:90:a4:0e:76:bd:f2:e0:4b:33:de:8b:
         fb:6f:1e:c0:5c:10:e9:7c:d6:c0:b5:d0:5f:44:91:74:f7:0f:
         59:fa:22:37:3f:c7:4d:e6:56:43:bc:b0:1a:44:37:da:25:49:
         83:4b:be:01:f0:42:6c:f1:59:92:41:c4:e0:42:5a:20:8a:c0:
         58:77:6f:a7:82:ca:36:e3:29:d9:31:5a:4a:55:1a:07:ea:9c:
         4b:4c:d7:a5:3b:07:ec:91:4f:a4:91:76:93:da:4c:bd:f9:f2:
         68:f4:f7:c4:e4:5a:24:f8:bd:51:c6:e0:fa:51:01:f4:ea:04:
         34:5f:7b:a7:6b:fd:91:a8:11:3a:e6:57:fc:7d:78:a3:94:ac:
         3e:83:59:8a:2f:16:06:46:c7:2e:0e:1e:b4:c6:35:53:37:3f:
         54:34:90:50:55:a4:f3:10:cb:10:18:98:78:9d:7a:f5:1e:b8:
         7f:e4:c9:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Glw9QILpGi501J08UCPR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MDYyZjVkZGIxOGY5NmQ3ODQ5MmIzNTM4ZDc3NDVjYzQ3
MTRhMjYwHhcNMjQwNDEwMDU1OTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzgwNzdjNTFlZmY5YTQ1YTVlNGMzZmQwZmQ5NThhZDNlMzgxYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvtTPxGyUEAEGRhrpkN8GmpN/syB
YrNUByR2Vr1JCefV/W3A5hXC6TgVAniV3/Qqm5yO7/rWeebZnZ92+3eMYh52uEWL
e9kdgpOSTiD+f9bQlUgS41lLYL4Y3adFDukX0rmTglP6L+hlPHoIeQU/IvIoxk38
B1PFIWSJK/WUNyv8EEtwSeXJCzFLgECFfxjj6n6w2bNBm+3uu5smxwKWC7udn0w7
a4PPSXFy5Fnfwo3/no9SdZsQD6c3e/A0xubt72Qc7vu4HlSHo0CPCr9/hevUbIDk
rRSx5bJmwqlX1IwK9k/Dpjxt/ZovOhiKHNOFabtXd5zx6y3bOA1/LCpafwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyAd8Ue/5pFpeTD/Q/ZWK0+OButMB8GA1UdIwQY
MBaAFJYGL13bGPlteEkrNTjXdFzEcUomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmIt
M2ZjYjVmM2YzYzU5LzEvWElCM3hSN19ta1dsNU1QOUQ5bFlyVDQ0RzYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmItM2ZjYjVmM2YzYzU5
LzEvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSpiMA0G
CSqGSIb3DQEBCwUAA4IBAQCHabBquQufwvdc1xjzQ8zB4BULS6IO3Y+aPqqUmfSB
xkoMh9PU+3Mm6EZ7fWc4kzC0F3HSdEfruYrj+R4E9c9+4CrH71OGyCqvR+cAx6xf
kKQOdr3y4Esz3ov7bx7AXBDpfNbAtdBfRJF09w9Z+iI3P8dN5lZDvLAaRDfaJUmD
S74B8EJs8VmSQcTgQlogisBYd2+ngso24ynZMVpKVRoH6pxLTNelOwfskU+kkXaT
2ky9+fJo9PfE5Fok+L1RxuD6UQH06gQ0X3una/2RqBE65lf8fXijlKw+g1mKLxYG
RscuDh60xjVTNz9UNJBQVaTzEMsQGJh4nXr1Hrh/5Mky
-----END CERTIFICATE-----