Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/5hjhV_qh2XFESbHTdDFG53vXqYE.roa
File:                     5hjhV_qh2XFESbHTdDFG53vXqYE.roa (raw, json)
Hash identifier:          nzi/xVmuO2XyvOFDdza+7pq610U/W5qKYRFb9ECgoOY=
Subject key identifier:   E6:18:E1:57:FA:A1:D9:71:44:49:B1:D3:74:31:46:E7:7B:D7:A9:81
Certificate issuer:       /CN=3b9a251e5d1d3babe4c579c91eb3e0ac37f7bf2a
Certificate serial:       018CC2DB4674C40835C0E71A7D9C53051716
Authority key identifier: 3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/5hjhV_qh2XFESbHTdDFG53vXqYE.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        94.142.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:74:c4:08:35:c0:e7:1a:7d:9c:53:05:17:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b9a251e5d1d3babe4c579c91eb3e0ac37f7bf2a
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e618e157faa1d9714449b1d3743146e77bd7a981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:59:37:d1:f7:78:a9:ca:48:0d:ed:9d:0f:7d:
                    ad:03:5f:76:db:36:5f:3c:3a:ea:45:3d:7c:48:ce:
                    95:25:4e:8f:b4:aa:aa:8d:ef:12:69:3e:c7:bf:5c:
                    e2:1b:d3:0a:43:90:de:2f:05:3a:1b:62:66:42:bb:
                    7f:28:08:43:e0:52:d9:ef:ca:4e:59:49:b0:34:68:
                    99:96:32:49:af:37:e7:81:9c:75:be:b7:fa:e6:44:
                    3c:01:08:b1:32:fb:c7:5d:e8:2d:25:54:12:01:de:
                    80:43:ef:c3:65:4f:d3:63:86:d3:08:7a:e2:26:63:
                    2a:32:37:56:af:42:14:b3:ce:34:bd:09:1c:06:49:
                    59:49:11:d9:6b:28:55:ba:08:cd:f1:70:89:a3:36:
                    3d:82:a2:c5:0d:7d:e2:f6:95:c4:cf:73:db:43:95:
                    f5:e9:03:c1:6e:ec:1d:ec:a7:9f:be:87:95:06:a2:
                    60:80:3d:9e:c1:0f:17:96:48:59:24:be:91:94:e6:
                    7e:e4:13:3c:05:a8:5c:c3:0e:dd:cd:d9:0a:06:c6:
                    a4:08:4a:0a:34:4b:47:b3:25:99:c1:03:3c:72:be:
                    d8:c2:13:28:f3:ef:d8:0c:36:e2:45:04:f3:8f:1c:
                    91:a4:10:63:38:4d:fc:86:6a:08:9e:f3:04:4e:f6:
                    76:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:18:E1:57:FA:A1:D9:71:44:49:B1:D3:74:31:46:E7:7B:D7:A9:81
            X509v3 Authority Key Identifier:
                keyid:3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/5hjhV_qh2XFESbHTdDFG53vXqYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:e3:c1:50:4e:1b:32:3d:16:bc:ae:95:32:22:e1:d4:14:96:
         aa:b6:e9:56:22:28:05:07:1f:61:af:1e:b8:a9:f4:c4:cb:5d:
         dc:b1:7f:80:75:9a:41:b7:a5:30:dd:48:8f:9e:62:cd:9a:51:
         2e:b4:92:fc:f3:b1:e2:df:4d:cc:2b:91:ba:4e:7d:c3:27:32:
         17:59:99:94:8c:ae:2b:f4:13:83:7a:60:32:1e:17:18:ac:3a:
         d9:13:44:56:56:a7:82:88:7e:f5:a4:59:03:d6:d4:fa:21:5b:
         16:c8:c4:7c:5a:de:1e:79:c8:e4:8d:cd:1d:81:65:fe:06:39:
         db:08:26:b1:a9:e6:01:96:eb:f5:c7:8d:f6:83:ae:85:2c:fc:
         a2:ec:9d:b5:60:84:92:b6:81:51:83:a4:97:bd:34:9f:d8:cf:
         3a:22:a7:17:d4:49:fb:6e:c2:99:6a:f7:0c:4e:e3:26:bc:d3:
         1f:2f:bd:ea:82:59:1c:d1:e2:aa:7f:bc:e1:5e:b0:e6:5c:90:
         09:a9:ec:d0:50:0e:45:0b:ec:03:de:19:27:18:19:a1:92:c5:
         bd:e1:e4:7c:97:a4:12:e0:8b:c3:9d:54:7a:dc:90:55:50:a6:
         7a:f8:ba:45:9f:6c:c0:84:87:89:bb:ff:05:07:97:08:fb:08:
         08:5c:60:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20Z0xAg1wOcafZxTBRcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOWEyNTFlNWQxZDNiYWJlNGM1NzljOTFlYjNlMGFjMzdm
N2JmMmEwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE4ZTE1N2ZhYTFkOTcxNDQ0OWIxZDM3NDMxNDZlNzdiZDdhOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Fk30fd4qcpIDe2dD32tA1922zZf
PDrqRT18SM6VJU6PtKqqje8SaT7Hv1ziG9MKQ5DeLwU6G2JmQrt/KAhD4FLZ78pO
WUmwNGiZljJJrzfngZx1vrf65kQ8AQixMvvHXegtJVQSAd6AQ+/DZU/TY4bTCHri
JmMqMjdWr0IUs840vQkcBklZSRHZayhVugjN8XCJozY9gqLFDX3i9pXEz3PbQ5X1
6QPBbuwd7KefvoeVBqJggD2ewQ8XlkhZJL6RlOZ+5BM8Bahcww7dzdkKBsakCEoK
NEtHsyWZwQM8cr7YwhMo8+/YDDbiRQTzjxyRpBBjOE38hmoInvMETvZ2NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYY4Vf6odlxREmx03QxRud716mBMB8GA1UdIwQY
MBaAFDuaJR5dHTur5MV5yR6z4Kw3978qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVvbEhsMGRPNnZreFhuSkhyUGdyRGYzdnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8wZGRmZjMtOWU3MC00ZDYzLWI1YTAt
YzY2MzJjYzAxNGIwLzEvNWhqaFZfcWgyWEZFU2JIVGRERkc1M3ZYcVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8wZGRmZjMtOWU3MC00ZDYzLWI1YTAtYzY2MzJjYzAxNGIw
LzEvTzVvbEhsMGRPNnZreFhuSkhyUGdyRGYzdnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo78MA0G
CSqGSIb3DQEBCwUAA4IBAQBv48FQThsyPRa8rpUyIuHUFJaqtulWIigFBx9hrx64
qfTEy13csX+AdZpBt6Uw3UiPnmLNmlEutJL887Hi303MK5G6Tn3DJzIXWZmUjK4r
9BODemAyHhcYrDrZE0RWVqeCiH71pFkD1tT6IVsWyMR8Wt4eecjkjc0dgWX+Bjnb
CCaxqeYBluv1x432g66FLPyi7J21YISStoFRg6SXvTSf2M86IqcX1En7bsKZavcM
TuMmvNMfL73qglkc0eKqf7zhXrDmXJAJqezQUA5FC+wD3hknGBmhksW94eR8l6QS
4IvDnVR63JBVUKZ6+LpFn2zAhIeJu/8FB5cI+wgIXGBF
-----END CERTIFICATE-----