Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/CDDNs_-_sKkdkvSqjHhysdAN8NI.roa
File:                     CDDNs_-_sKkdkvSqjHhysdAN8NI.roa (raw, json)
Hash identifier:          e1c8MB0epbJ/JieyzGvAL3owwMQgNgdwv5U6DmIpzA0=
Subject key identifier:   08:30:CD:B3:FF:BF:B0:A9:1D:92:F4:AA:8C:78:72:B1:D0:0D:F0:D2
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018E37EEDE6FEDA3DE2265CE30742FBE6853
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/CDDNs_-_sKkdkvSqjHhysdAN8NI.roa
Signing time:             Wed 13 Mar 2024 13:09:45 +0000
ROA not before:           Wed 13 Mar 2024 13:09:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60891
IP address blocks:        5.144.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:ee:de:6f:ed:a3:de:22:65:ce:30:74:2f:be:68:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Mar 13 13:09:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0830cdb3ffbfb0a91d92f4aa8c7872b1d00df0d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:60:38:c8:0a:79:a3:1d:cd:9e:b6:37:fc:8e:
                    d7:81:c1:ba:8b:a0:ff:4c:3a:4d:ef:81:2f:b0:9a:
                    c9:fc:05:31:66:4b:03:72:73:24:29:50:b9:55:c8:
                    fa:a9:06:f2:f3:e7:93:7a:7d:54:9a:11:5b:c1:fd:
                    8a:13:cc:4c:38:e8:36:dc:df:ab:c4:42:1a:01:7a:
                    57:a0:ba:32:bc:0d:bb:5b:91:8b:4b:47:12:2c:07:
                    7a:69:30:36:31:18:fd:a1:12:45:82:28:17:0e:b6:
                    29:e6:cf:b8:d1:5e:15:d6:71:fd:b6:04:f5:ef:67:
                    ea:20:c0:c4:6f:e6:a6:69:cd:f2:45:61:97:62:1f:
                    91:9a:97:36:0b:23:68:a7:c6:73:6d:1a:2e:1a:05:
                    bf:35:02:3c:bb:6e:90:82:4b:07:cc:a8:8f:5d:d7:
                    ad:ac:4f:47:90:b9:ea:ba:ae:9e:71:5a:d1:10:38:
                    cf:5d:cb:5e:bf:4d:73:49:4c:fd:0f:48:a3:d8:e8:
                    86:8d:53:ac:50:b6:55:42:7d:27:78:ac:4c:c9:15:
                    6f:27:ec:26:7a:ba:6c:ed:ae:23:48:09:6c:3f:38:
                    67:d3:57:59:18:24:d2:f9:d5:1c:98:bd:24:b3:45:
                    84:7c:d6:6b:98:8c:57:6f:da:be:b2:7e:5e:ac:f4:
                    33:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:30:CD:B3:FF:BF:B0:A9:1D:92:F4:AA:8C:78:72:B1:D0:0D:F0:D2
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/CDDNs_-_sKkdkvSqjHhysdAN8NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:ee:f5:88:3b:dd:fe:0e:b9:6d:40:7d:ea:fe:d9:ef:a9:e2:
         fc:62:f3:c7:ad:68:6b:bd:ea:1c:94:d0:e5:78:fe:cd:ff:c9:
         63:3f:f1:37:7d:36:37:49:41:d2:33:34:c3:61:4e:c6:51:a1:
         dc:1f:b3:79:b5:02:f4:83:aa:6e:41:1b:14:1a:0e:cd:6f:0d:
         fa:64:cb:53:a9:d8:3e:69:a3:3d:87:7c:90:c9:01:a7:3d:0b:
         64:79:14:e2:41:19:76:d0:9e:3a:84:b1:0a:66:38:3e:dd:36:
         d5:af:8f:4c:89:99:3e:dc:1d:7c:d3:f7:93:8d:bb:eb:34:60:
         04:44:47:ad:33:74:f5:34:78:d7:90:06:e8:d8:95:00:ab:9f:
         73:a8:b3:da:18:06:a9:57:8a:49:c2:56:9e:7f:e0:84:55:16:
         44:95:25:91:91:3d:7e:50:6c:8a:b2:a1:d2:10:fb:c4:4c:46:
         02:06:b8:25:30:fb:66:2a:1b:a6:ab:ae:4c:a9:9a:2a:4b:51:
         73:c5:37:70:cb:db:e2:3a:e7:23:5e:51:45:fa:89:12:13:26:
         71:5e:72:1b:07:b3:2a:10:af:6c:a8:96:5c:f2:e6:ef:24:7f:
         76:98:c2:a0:cd:6a:0c:ed:72:d6:fe:f9:6c:6d:c1:05:5d:53:
         ac:34:12:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY437t5v7aPeImXOMHQvvmhTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMzEzMTMwOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODMwY2RiM2ZmYmZiMGE5MWQ5MmY0YWE4Yzc4NzJiMWQwMGRmMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWA4yAp5ox3NnrY3/I7XgcG6i6D/
TDpN74EvsJrJ/AUxZksDcnMkKVC5Vcj6qQby8+eTen1UmhFbwf2KE8xMOOg23N+r
xEIaAXpXoLoyvA27W5GLS0cSLAd6aTA2MRj9oRJFgigXDrYp5s+40V4V1nH9tgT1
72fqIMDEb+amac3yRWGXYh+Rmpc2CyNop8ZzbRouGgW/NQI8u26QgksHzKiPXdet
rE9HkLnquq6ecVrREDjPXctev01zSUz9D0ij2OiGjVOsULZVQn0neKxMyRVvJ+wm
erps7a4jSAlsPzhn01dZGCTS+dUcmL0ks0WEfNZrmIxXb9q+sn5erPQzcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgwzbP/v7CpHZL0qox4crHQDfDSMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvQ0RETnNfLV9zS2tka3ZTcWpIaHlzZEFOOE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBZB+MA0G
CSqGSIb3DQEBCwUAA4IBAQAi7vWIO93+DrltQH3q/tnvqeL8YvPHrWhrveoclNDl
eP7N/8ljP/E3fTY3SUHSMzTDYU7GUaHcH7N5tQL0g6puQRsUGg7Nbw36ZMtTqdg+
aaM9h3yQyQGnPQtkeRTiQRl20J46hLEKZjg+3TbVr49MiZk+3B180/eTjbvrNGAE
REetM3T1NHjXkAbo2JUAq59zqLPaGAapV4pJwlaef+CEVRZElSWRkT1+UGyKsqHS
EPvETEYCBrglMPtmKhumq65MqZoqS1FzxTdwy9viOucjXlFF+okSEyZxXnIbB7Mq
EK9sqJZc8ubvJH92mMKgzWoM7XLW/vlsbcEFXVOsNBK5
-----END CERTIFICATE-----