Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/360ef9-ec20-4e13-9647-ddfeb424adf5/1/5TmLENOolAmWX-AQVeLDq5hWUOo.roa
File:                     5TmLENOolAmWX-AQVeLDq5hWUOo.roa (raw, json)
Hash identifier:          4fVFR8VE8yMtviU1+p95XWeRbl81CnF+YOKSkt0ZP0o=
Subject key identifier:   E5:39:8B:10:D3:A8:94:09:96:5F:E0:10:55:E2:C3:AB:98:56:50:EA
Certificate issuer:       /CN=b9ab361394683e4f24397cfc8f23eab2c6828dea
Certificate serial:       018CC492FC96E5FC5EE3D21CDF66956427B0
Authority key identifier: B9:AB:36:13:94:68:3E:4F:24:39:7C:FC:8F:23:EA:B2:C6:82:8D:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uas2E5RoPk8kOXz8jyPqssaCjeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/360ef9-ec20-4e13-9647-ddfeb424adf5/1/5TmLENOolAmWX-AQVeLDq5hWUOo.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:2e02::/36 maxlen: 48
                          2a13:2e01::/36 maxlen: 48
                          2a13:2e00::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/360ef9-ec20-4e13-9647-ddfeb424adf5/1/uas2E5RoPk8kOXz8jyPqssaCjeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/360ef9-ec20-4e13-9647-ddfeb424adf5/1/uas2E5RoPk8kOXz8jyPqssaCjeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uas2E5RoPk8kOXz8jyPqssaCjeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fc:96:e5:fc:5e:e3:d2:1c:df:66:95:64:27:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ab361394683e4f24397cfc8f23eab2c6828dea
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5398b10d3a89409965fe01055e2c3ab985650ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3a:d3:b3:e4:e3:dc:ab:88:e5:a5:a6:a4:94:
                    6d:e7:1f:7f:14:5b:63:f6:ba:d6:c8:38:95:5b:48:
                    b4:f4:e9:ee:87:fd:49:42:33:23:5e:9a:03:59:14:
                    00:fa:89:94:ca:1c:8c:b3:7c:bd:f2:ea:15:01:01:
                    74:b7:df:a2:f0:47:83:99:6d:d7:91:a7:c5:30:66:
                    8b:be:d0:75:70:06:3d:ef:78:d0:f3:28:61:27:5a:
                    3a:68:1d:3e:11:83:0c:78:8e:99:b0:c8:28:9f:ff:
                    88:5c:e9:47:96:60:6b:da:62:1f:e4:35:72:67:e1:
                    8f:cb:f5:4e:71:f6:14:ed:0b:7e:60:d7:93:30:82:
                    cc:94:c2:03:1a:9e:44:01:bd:2e:4c:4a:8f:93:62:
                    76:85:27:e3:a7:64:56:3c:45:b8:20:df:28:47:5b:
                    73:79:4f:f2:79:e4:fc:97:13:de:16:e6:15:27:d3:
                    90:30:4d:c6:06:19:a5:20:aa:04:26:d5:b7:18:df:
                    ee:25:85:db:8f:61:7c:a6:b6:c5:b7:c1:a6:20:31:
                    60:9b:5f:82:cc:da:8e:22:f8:7e:3e:af:aa:72:b5:
                    c7:51:47:89:1b:40:28:57:8b:24:bf:5a:fb:f2:e6:
                    84:7e:07:98:96:91:0f:19:c8:0a:ae:fd:4d:2a:ce:
                    ef:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:39:8B:10:D3:A8:94:09:96:5F:E0:10:55:E2:C3:AB:98:56:50:EA
            X509v3 Authority Key Identifier:
                keyid:B9:AB:36:13:94:68:3E:4F:24:39:7C:FC:8F:23:EA:B2:C6:82:8D:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uas2E5RoPk8kOXz8jyPqssaCjeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/360ef9-ec20-4e13-9647-ddfeb424adf5/1/5TmLENOolAmWX-AQVeLDq5hWUOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/360ef9-ec20-4e13-9647-ddfeb424adf5/1/uas2E5RoPk8kOXz8jyPqssaCjeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2e00::/36
                  2a13:2e01::/36
                  2a13:2e02::/36

    Signature Algorithm: sha256WithRSAEncryption
         57:de:7f:e9:33:b9:51:71:17:42:a1:44:f1:3b:f4:bc:b3:4d:
         08:d2:04:5e:d7:61:ae:1d:5b:e7:09:ad:03:57:45:f5:14:34:
         c0:43:dc:53:5d:d1:d9:f3:5a:b7:ca:49:73:33:78:c2:c3:f9:
         df:d7:99:d6:e2:da:6f:34:01:5b:93:86:7d:00:6e:ff:6c:52:
         50:68:60:26:b3:fc:81:4a:66:39:90:d1:3a:92:0d:2a:4a:e4:
         4a:88:cd:75:9a:ec:d5:d8:52:6b:7f:ac:d5:02:aa:49:97:59:
         36:26:30:c8:40:94:5d:e5:b5:9f:21:ca:21:97:c8:ee:1f:53:
         dd:54:60:5f:97:10:cb:ee:67:ad:9a:48:73:91:12:55:1c:24:
         2e:3e:a4:9f:ca:6b:f5:0f:33:a2:94:86:18:c6:9f:cf:a4:fe:
         0e:98:90:5e:26:7d:c1:19:85:e2:e3:47:eb:9f:b5:04:10:74:
         fa:26:b1:ed:cb:53:a8:91:b0:1b:5d:9d:02:75:d5:78:c9:99:
         aa:ed:95:36:9c:1f:b8:51:fd:b9:69:33:0a:f1:8d:a6:6e:7f:
         8c:0e:c2:c3:94:35:78:07:6c:24:33:d9:24:60:d7:dc:8a:62:
         4d:3f:19:4e:55:52:ac:ee:39:bd:54:ca:f5:57:6e:c9:52:0b:
         7f:9d:aa:ce
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkvyW5fxe49Ic32aVZCewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YWIzNjEzOTQ2ODNlNGYyNDM5N2NmYzhmMjNlYWIyYzY4
MjhkZWEwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTM5OGIxMGQzYTg5NDA5OTY1ZmUwMTA1NWUyYzNhYjk4NTY1MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TrTs+Tj3KuI5aWmpJRt5x9/FFtj
9rrWyDiVW0i09Onuh/1JQjMjXpoDWRQA+omUyhyMs3y98uoVAQF0t9+i8EeDmW3X
kafFMGaLvtB1cAY973jQ8yhhJ1o6aB0+EYMMeI6ZsMgon/+IXOlHlmBr2mIf5DVy
Z+GPy/VOcfYU7Qt+YNeTMILMlMIDGp5EAb0uTEqPk2J2hSfjp2RWPEW4IN8oR1tz
eU/yeeT8lxPeFuYVJ9OQME3GBhmlIKoEJtW3GN/uJYXbj2F8prbFt8GmIDFgm1+C
zNqOIvh+Pq+qcrXHUUeJG0AoV4skv1r78uaEfgeYlpEPGcgKrv1NKs7vPQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOU5ixDTqJQJll/gEFXiw6uYVlDqMB8GA1UdIwQY
MBaAFLmrNhOUaD5PJDl8/I8j6rLGgo3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWFzMkU1Um9QazhrT1h6OGp5UHFzc2FDamVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8zNjBlZjktZWMyMC00ZTEzLTk2NDct
ZGRmZWI0MjRhZGY1LzEvNVRtTEVOT29sQW1XWC1BUVZlTERxNWhXVU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8zNjBlZjktZWMyMC00ZTEzLTk2NDctZGRmZWI0MjRhZGY1
LzEvdWFzMkU1Um9QazhrT1h6OGp5UHFzc2FDamVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAAjAYAwYEKhMuAAAD
BgQqEy4BAAMGBCoTLgIAMA0GCSqGSIb3DQEBCwUAA4IBAQBX3n/pM7lRcRdCoUTx
O/S8s00I0gRe12GuHVvnCa0DV0X1FDTAQ9xTXdHZ81q3yklzM3jCw/nf15nW4tpv
NAFbk4Z9AG7/bFJQaGAms/yBSmY5kNE6kg0qSuRKiM11muzV2FJrf6zVAqpJl1k2
JjDIQJRd5bWfIcohl8juH1PdVGBflxDL7metmkhzkRJVHCQuPqSfymv1DzOilIYY
xp/PpP4OmJBeJn3BGYXi40frn7UEEHT6JrHty1OokbAbXZ0CddV4yZmq7ZU2nB+4
Uf25aTMK8Y2mbn+MDsLDlDV4B2wkM9kkYNfcimJNPxlOVVKs7jm9VMr1V27JUgt/
narO
-----END CERTIFICATE-----