Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/VILYjzb1Bl-B52Qb2vXZ8aL4gf8.roa
File:                     VILYjzb1Bl-B52Qb2vXZ8aL4gf8.roa (raw, json)
Hash identifier:          qDJ2Hyd/88hWlsAILodLKtVypKcWs1+7sRQw6Ql90RE=
Subject key identifier:   54:82:D8:8F:36:F5:06:5F:81:E7:64:1B:DA:F5:D9:F1:A2:F8:81:FF
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DB5D8D365F729C23E2273A5D8727D
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/VILYjzb1Bl-B52Qb2vXZ8aL4gf8.roa
Signing time:             Tue 02 Jan 2024 08:32:42 +0000
ROA not before:           Tue 02 Jan 2024 08:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204774
IP address blocks:        5.154.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b5:d8:d3:65:f7:29:c2:3e:22:73:a5:d8:72:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5482d88f36f5065f81e7641bdaf5d9f1a2f881ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3f:6b:4e:72:fa:aa:1a:61:f4:df:db:66:76:
                    ab:6e:f1:70:80:03:6f:bf:48:99:86:6c:56:91:4e:
                    3d:16:c2:82:58:b4:c2:ea:08:eb:2e:8c:90:78:18:
                    24:6f:aa:6b:75:5f:c6:7b:24:56:98:6e:ed:76:41:
                    26:12:d7:1c:f6:06:52:f3:47:f7:73:b7:08:00:5e:
                    0b:68:92:75:63:36:79:34:9d:f8:3e:cd:9d:ee:f6:
                    ec:d5:a7:6e:ef:7a:e0:06:0e:d2:5b:d8:b5:81:97:
                    3a:6c:09:b0:be:1c:99:6a:ab:4a:e6:ad:88:54:74:
                    7f:0e:af:9b:df:37:77:38:9a:ff:92:9b:90:46:97:
                    9f:41:7b:94:c6:04:8d:7a:dd:bc:fa:2c:88:c0:f7:
                    5d:d7:dc:59:a0:2c:10:d3:63:c8:a6:a7:51:ac:0f:
                    1a:9e:f7:c5:27:cb:ca:aa:4b:3a:19:7f:9a:0b:ac:
                    e4:6b:f7:17:7d:fb:7c:72:78:e9:b8:2e:b3:20:a0:
                    51:41:81:eb:ee:ee:64:a5:1f:a3:a8:90:9c:be:69:
                    93:5b:0f:05:a8:95:ff:d2:8a:b0:3e:b7:4f:46:d0:
                    04:23:c0:d6:d1:38:f6:d8:93:11:22:12:78:92:b7:
                    5e:a7:1d:3c:7d:b3:de:60:20:85:0c:29:9d:6a:ea:
                    f8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:82:D8:8F:36:F5:06:5F:81:E7:64:1B:DA:F5:D9:F1:A2:F8:81:FF
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/VILYjzb1Bl-B52Qb2vXZ8aL4gf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:f9:30:c9:df:2d:0d:a2:65:08:0d:2e:ac:5c:d1:61:f4:ed:
         88:94:98:15:9f:e2:2b:ab:e9:24:06:28:2d:1b:7e:2c:90:46:
         ff:f2:9b:f8:0d:d2:67:cd:76:b9:e7:0b:ab:77:51:42:ad:5a:
         ee:bb:c6:30:6a:55:ba:f2:d0:e4:90:fc:90:d5:ab:42:3d:41:
         ac:27:e4:08:bf:19:d4:e1:54:d1:10:4c:7e:84:9e:8d:3f:63:
         c8:ec:fa:c1:b8:fd:77:cc:ca:fe:dd:96:d4:49:95:3a:dd:96:
         7c:24:2b:e8:33:05:a6:d7:cf:16:83:02:09:ec:63:a1:f3:bc:
         3b:07:39:da:b1:c9:e2:1b:b0:bd:66:4b:a8:8c:45:11:4a:11:
         da:af:d1:67:a6:36:b6:22:0e:59:62:6a:9e:e2:3f:2a:d2:a8:
         cc:47:cb:17:c4:8f:f3:8c:80:76:d2:9f:11:70:34:e2:79:bf:
         32:8a:0c:18:2c:89:97:78:0b:1e:7a:5d:5d:95:81:3e:ee:bd:
         4a:ee:2a:dd:77:d1:70:ee:af:30:40:52:22:e4:e6:65:aa:1b:
         65:97:ff:09:f6:c2:c4:da:89:52:2e:1a:59:67:bb:db:91:81:
         7e:6d:1e:96:2b:44:7d:c0:20:b3:38:f3:41:a9:0b:7b:c4:f8:
         3b:da:d9:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbXY02X3KcI+InOl2HJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDgyZDg4ZjM2ZjUwNjVmODFlNzY0MWJkYWY1ZDlmMWEyZjg4MWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoT9rTnL6qhph9N/bZnarbvFwgANv
v0iZhmxWkU49FsKCWLTC6gjrLoyQeBgkb6prdV/GeyRWmG7tdkEmEtcc9gZS80f3
c7cIAF4LaJJ1YzZ5NJ34Ps2d7vbs1adu73rgBg7SW9i1gZc6bAmwvhyZaqtK5q2I
VHR/Dq+b3zd3OJr/kpuQRpefQXuUxgSNet28+iyIwPdd19xZoCwQ02PIpqdRrA8a
nvfFJ8vKqks6GX+aC6zka/cXfft8cnjpuC6zIKBRQYHr7u5kpR+jqJCcvmmTWw8F
qJX/0oqwPrdPRtAEI8DW0Tj22JMRIhJ4krdepx08fbPeYCCFDCmdaur44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSC2I829QZfgedkG9r12fGi+IH/MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvVklMWWp6YjFCbC1CNTJRYjJ2WFo4YUw0Z2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZpLMA0G
CSqGSIb3DQEBCwUAA4IBAQDO+TDJ3y0NomUIDS6sXNFh9O2IlJgVn+Irq+kkBigt
G34skEb/8pv4DdJnzXa55wurd1FCrVruu8YwalW68tDkkPyQ1atCPUGsJ+QIvxnU
4VTREEx+hJ6NP2PI7PrBuP13zMr+3ZbUSZU63ZZ8JCvoMwWm188WgwIJ7GOh87w7
BznascniG7C9ZkuojEURShHar9Fnpja2Ig5ZYmqe4j8q0qjMR8sXxI/zjIB20p8R
cDTieb8yigwYLImXeAseel1dlYE+7r1K7irdd9Fw7q8wQFIi5OZlqhtll/8J9sLE
2olSLhpZZ7vbkYF+bR6WK0R9wCCzOPNBqQt7xPg72tmN
-----END CERTIFICATE-----