Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/aSouAFpobtv7M0V6zHzQvNf6OvQ.roa
File:                     aSouAFpobtv7M0V6zHzQvNf6OvQ.roa (raw, json)
Hash identifier:          ej8PkkDHAaFpXF/p+qZLfol3iZA3apeg7JeJ7IrGPJ8=
Subject key identifier:   69:2A:2E:00:5A:68:6E:DB:FB:33:45:7A:CC:7C:D0:BC:D7:FA:3A:F4
Certificate issuer:       /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial:       018EC78085464F0A76C2880434071C188091
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/aSouAFpobtv7M0V6zHzQvNf6OvQ.roa
Signing time:             Wed 10 Apr 2024 10:14:32 +0000
ROA not before:           Wed 10 Apr 2024 10:14:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201631
IP address blocks:        5.42.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:80:85:46:4f:0a:76:c2:88:04:34:07:1c:18:80:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
        Validity
            Not Before: Apr 10 10:14:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=692a2e005a686edbfb33457acc7cd0bcd7fa3af4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:10:fb:cf:87:ef:ce:e7:86:65:25:21:ac:cd:
                    4f:67:22:6b:d8:39:b9:cf:66:34:bd:80:f9:76:94:
                    7f:e7:96:67:f3:0d:31:69:45:5c:67:92:37:bb:74:
                    7a:df:96:5e:2f:24:bb:35:41:2e:a0:2a:e3:8d:ed:
                    11:55:32:7f:be:dd:32:8d:10:e2:f7:1d:1f:9f:56:
                    e5:0a:a9:7c:44:9d:12:45:36:cf:92:03:7e:4f:43:
                    c0:6d:f1:e6:cb:bc:c8:c4:11:63:ca:3e:75:c4:2a:
                    17:3a:1f:26:aa:4a:e4:16:49:6a:44:c5:0c:45:bd:
                    e6:ea:89:42:09:34:a8:5d:5f:6b:24:67:3f:e2:06:
                    74:d9:79:53:e5:f9:83:8b:f0:3d:de:8a:8e:ed:46:
                    ea:b0:f2:ee:84:23:40:05:32:2d:6c:b4:69:0f:58:
                    0b:0a:f6:af:7f:48:73:30:9f:cb:96:21:2d:80:01:
                    42:ff:a1:d0:35:81:de:3d:e1:51:15:2c:06:09:52:
                    74:30:d9:a7:aa:5a:ac:ec:2d:f1:fe:76:6a:9a:03:
                    2c:02:a8:0b:ef:b6:d2:84:63:fd:1f:c7:ba:d2:4b:
                    b9:3c:71:e4:91:49:6c:6d:82:8f:f1:f7:98:47:f7:
                    24:58:bb:68:be:d1:08:48:9e:9c:09:8f:5f:21:bc:
                    f0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:2A:2E:00:5A:68:6E:DB:FB:33:45:7A:CC:7C:D0:BC:D7:FA:3A:F4
            X509v3 Authority Key Identifier:
                keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/aSouAFpobtv7M0V6zHzQvNf6OvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:95:0f:d2:1d:f5:af:6d:f5:cf:e2:98:8c:c6:b9:e1:8a:e9:
         fd:05:d9:50:14:a6:af:30:0b:25:42:db:b5:80:c9:3c:b7:08:
         cd:55:5c:47:4a:d0:64:82:b2:5b:01:6d:6f:73:fe:fa:17:99:
         a0:7b:a1:5f:ce:78:0f:28:d0:38:79:67:20:0e:79:ec:0b:bf:
         57:ef:af:9f:9e:dc:52:e4:e4:1f:f9:54:7a:44:ef:ab:3f:13:
         1b:bd:8c:48:31:09:5c:75:7d:49:de:d1:79:92:1e:55:a1:09:
         36:9e:23:a9:83:01:c1:58:e9:5e:68:48:b9:f5:ca:80:43:98:
         15:67:da:81:d8:b1:15:f7:b2:5f:b1:9f:8a:49:f7:5a:d9:cd:
         6e:00:4b:dc:e7:f4:fb:a2:63:cd:5e:19:ba:bc:a9:dd:df:e0:
         20:b9:75:6f:e9:b0:52:9f:1d:05:e1:3c:c0:fc:53:ec:a5:c0:
         93:ee:1b:b7:4e:03:50:bd:21:2b:1f:dd:dd:f9:7d:0b:98:56:
         dc:2b:72:9c:44:fb:e9:3b:bf:d8:74:a3:66:5f:86:14:ce:6d:
         6a:e9:07:be:33:46:95:d7:45:a4:ff:cb:b1:b5:25:c7:ec:d5:
         a4:bd:49:18:a1:10:ce:cf:0a:a7:e3:3e:84:19:eb:d1:05:28:
         0f:de:95:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7HgIVGTwp2wogENAccGICRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjQwNDEwMTAxNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTJhMmUwMDVhNjg2ZWRiZmIzMzQ1N2FjYzdjZDBiY2Q3ZmEzYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBD7z4fvzueGZSUhrM1PZyJr2Dm5
z2Y0vYD5dpR/55Zn8w0xaUVcZ5I3u3R635ZeLyS7NUEuoCrjje0RVTJ/vt0yjRDi
9x0fn1blCql8RJ0SRTbPkgN+T0PAbfHmy7zIxBFjyj51xCoXOh8mqkrkFklqRMUM
Rb3m6olCCTSoXV9rJGc/4gZ02XlT5fmDi/A93oqO7UbqsPLuhCNABTItbLRpD1gL
Cvavf0hzMJ/LliEtgAFC/6HQNYHePeFRFSwGCVJ0MNmnqlqs7C3x/nZqmgMsAqgL
77bShGP9H8e60ku5PHHkkUlsbYKP8feYR/ckWLtovtEISJ6cCY9fIbzwCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkqLgBaaG7b+zNFesx80LzX+jr0MB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvYVNvdUFGcG9idHY3TTBWNnpIelF2TmY2T3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrbMA0G
CSqGSIb3DQEBCwUAA4IBAQBPlQ/SHfWvbfXP4piMxrnhiun9BdlQFKavMAslQtu1
gMk8twjNVVxHStBkgrJbAW1vc/76F5mge6FfzngPKNA4eWcgDnnsC79X76+fntxS
5OQf+VR6RO+rPxMbvYxIMQlcdX1J3tF5kh5VoQk2niOpgwHBWOleaEi59cqAQ5gV
Z9qB2LEV97JfsZ+KSfda2c1uAEvc5/T7omPNXhm6vKnd3+AguXVv6bBSnx0F4TzA
/FPspcCT7hu3TgNQvSErH93d+X0LmFbcK3KcRPvpO7/YdKNmX4YUzm1q6Qe+M0aV
10Wk/8uxtSXH7NWkvUkYoRDOzwqn4z6EGevRBSgP3pWl
-----END CERTIFICATE-----