Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ykQ3li33hJt3GElAKLdJiKdFf7w.roa
File:                     ykQ3li33hJt3GElAKLdJiKdFf7w.roa (raw, json)
Hash identifier:          oLOdH5JAtUyb1CHgwGrxs+XpnjPdVqL8zvYyDuzpPXo=
Subject key identifier:   CA:44:37:96:2D:F7:84:9B:77:18:49:40:28:B7:49:88:A7:45:7F:BC
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DAB5A14BF434DE3DEAD182CC4EE88
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ykQ3li33hJt3GElAKLdJiKdFf7w.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33881
IP address blocks:        5.154.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ab:5a:14:bf:43:4d:e3:de:ad:18:2c:c4:ee:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca4437962df7849b7718494028b74988a7457fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:93:3f:4e:bd:5c:b9:01:ec:a2:44:3a:38:df:
                    9d:45:24:8f:34:a5:db:58:8b:6f:63:e4:d7:f1:23:
                    19:a9:42:e8:39:ea:80:2b:27:a1:9b:be:61:54:26:
                    df:ae:cb:cf:03:10:03:18:14:f4:af:d7:c3:ed:a4:
                    6a:56:a9:63:e0:a0:6f:b2:ff:b7:b7:1b:aa:b1:ae:
                    5f:f1:46:0d:3c:7a:a2:8c:dc:e8:32:0a:8d:76:d2:
                    2a:6d:d9:6c:b9:ab:58:15:04:6c:84:95:f8:59:1d:
                    21:eb:50:db:23:45:9c:5f:ee:7d:13:44:ab:d6:b1:
                    82:d6:ae:d7:db:06:33:33:41:36:74:4d:9d:7b:a9:
                    79:c7:33:be:a9:5f:8c:9c:46:52:77:5e:43:ed:1a:
                    e2:42:bf:3f:aa:7d:7b:8d:56:75:34:d8:43:7a:42:
                    fe:2d:3e:61:2a:d9:5e:a0:e4:ef:e8:d1:27:9a:e2:
                    e9:3f:30:97:d5:32:e9:05:05:06:69:e8:f1:14:fb:
                    fb:48:bf:23:f1:d9:c2:a3:67:c0:06:3c:a7:d3:7e:
                    35:0f:09:d2:87:2c:1c:51:72:d0:1a:90:2e:d9:ba:
                    83:d2:0e:19:b3:84:32:2d:0f:39:6f:63:0a:fe:21:
                    bd:a7:b3:bd:2e:39:8d:14:9f:d5:10:bb:f0:b4:51:
                    d8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:44:37:96:2D:F7:84:9B:77:18:49:40:28:B7:49:88:A7:45:7F:BC
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ykQ3li33hJt3GElAKLdJiKdFf7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:49:d3:91:6f:c0:3e:c8:6a:cf:cc:e5:cb:ef:68:df:7f:26:
         af:5a:72:f3:25:a5:7e:cd:20:6a:93:99:c6:7d:20:bf:76:5c:
         0d:7e:ad:9f:f8:95:c1:e2:e3:8c:35:dd:5a:fe:20:be:7d:6f:
         e8:55:1b:4e:03:07:57:08:f3:f6:fc:2e:b4:77:83:b7:ec:ac:
         e5:2a:23:26:5e:ea:55:45:e7:42:4c:ce:a6:68:3b:d3:0c:73:
         c2:0d:f9:74:1b:f8:1a:af:e7:65:a6:97:2d:ba:e5:60:e5:96:
         0f:0c:44:81:a4:12:f8:5f:8f:08:a3:95:21:a3:e6:77:f4:68:
         97:eb:98:b5:c9:45:33:9d:15:52:cd:80:68:ce:da:c5:c5:60:
         1c:30:b5:d8:66:8f:21:a6:97:78:b0:f2:78:95:32:b7:d6:ad:
         d6:ca:81:ac:48:77:07:34:34:83:53:80:d5:74:e2:79:21:e1:
         1e:ac:89:a3:ea:f7:e7:8d:7e:a1:47:6b:d0:41:f6:69:13:79:
         cb:93:15:90:fd:7d:6d:3d:e0:8e:fb:6c:a5:4d:c6:ca:4f:ab:
         32:da:f5:2f:c1:96:2c:04:3d:eb:dc:df:70:87:50:4e:2f:05:
         ab:75:55:94:47:02:17:87:ad:de:50:ce:8c:bc:a2:66:d6:2a:
         1a:8e:35:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTataFL9DTePerRgsxO6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQ0Mzc5NjJkZjc4NDliNzcxODQ5NDAyOGI3NDk4OGE3NDU3ZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJM/Tr1cuQHsokQ6ON+dRSSPNKXb
WItvY+TX8SMZqULoOeqAKyehm75hVCbfrsvPAxADGBT0r9fD7aRqVqlj4KBvsv+3
txuqsa5f8UYNPHqijNzoMgqNdtIqbdlsuatYFQRshJX4WR0h61DbI0WcX+59E0Sr
1rGC1q7X2wYzM0E2dE2de6l5xzO+qV+MnEZSd15D7RriQr8/qn17jVZ1NNhDekL+
LT5hKtleoOTv6NEnmuLpPzCX1TLpBQUGaejxFPv7SL8j8dnCo2fABjyn0341DwnS
hywcUXLQGpAu2bqD0g4Zs4QyLQ85b2MK/iG9p7O9LjmNFJ/VELvwtFHYZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpEN5Yt94SbdxhJQCi3SYinRX+8MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEveWtRM2xpMzNoSnQzR0VsQUtMZEppS2RGZjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZqsMA0G
CSqGSIb3DQEBCwUAA4IBAQAHSdORb8A+yGrPzOXL72jffyavWnLzJaV+zSBqk5nG
fSC/dlwNfq2f+JXB4uOMNd1a/iC+fW/oVRtOAwdXCPP2/C60d4O37KzlKiMmXupV
RedCTM6maDvTDHPCDfl0G/gar+dlppctuuVg5ZYPDESBpBL4X48Io5Uho+Z39GiX
65i1yUUznRVSzYBoztrFxWAcMLXYZo8hppd4sPJ4lTK31q3WyoGsSHcHNDSDU4DV
dOJ5IeEerImj6vfnjX6hR2vQQfZpE3nLkxWQ/X1tPeCO+2ylTcbKT6sy2vUvwZYs
BD3r3N9wh1BOLwWrdVWURwIXh63eUM6MvKJm1ioajjVt
-----END CERTIFICATE-----