Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/1a3ffc-ec93-4724-bea3-ee601cd92c2f/1/5nojSlU8g5ZTCEasOlJv4zCaEcc.roa
File:                     5nojSlU8g5ZTCEasOlJv4zCaEcc.roa (raw, json)
Hash identifier:          OpJecJRKf0rIVOI9CFBg+ENHn0r3XVLWkLtEiGssLfk=
Subject key identifier:   E6:7A:23:4A:55:3C:83:96:53:08:46:AC:3A:52:6F:E3:30:9A:11:C7
Certificate issuer:       /CN=53b42f7f210254ea472ac755a16472c52efc2a92
Certificate serial:       018D5EC568B161AAE926ECE511640604B8B9
Authority key identifier: 53:B4:2F:7F:21:02:54:EA:47:2A:C7:55:A1:64:72:C5:2E:FC:2A:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7QvfyECVOpHKsdVoWRyxS78KpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/1a3ffc-ec93-4724-bea3-ee601cd92c2f/1/5nojSlU8g5ZTCEasOlJv4zCaEcc.roa
Signing time:             Wed 31 Jan 2024 09:06:52 +0000
ROA not before:           Wed 31 Jan 2024 09:06:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        185.94.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/1a3ffc-ec93-4724-bea3-ee601cd92c2f/1/U7QvfyECVOpHKsdVoWRyxS78KpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/1a3ffc-ec93-4724-bea3-ee601cd92c2f/1/U7QvfyECVOpHKsdVoWRyxS78KpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7QvfyECVOpHKsdVoWRyxS78KpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c5:68:b1:61:aa:e9:26:ec:e5:11:64:06:04:b8:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b42f7f210254ea472ac755a16472c52efc2a92
        Validity
            Not Before: Jan 31 09:06:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e67a234a553c8396530846ac3a526fe3309a11c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6e:52:b2:58:36:2d:03:c1:ae:08:9f:78:54:
                    c8:ac:10:ef:64:f7:e8:78:f0:de:b2:27:92:00:b0:
                    7b:c2:fc:6f:0a:9b:bf:1c:f4:ad:92:49:32:67:2f:
                    54:d4:e7:1f:6a:5b:15:9c:79:21:04:f1:44:5e:af:
                    0f:18:18:45:9b:46:b0:53:31:1c:55:fe:b6:98:7e:
                    96:16:cb:81:f4:68:8c:a6:a4:3a:df:6b:36:24:2d:
                    e7:95:2c:f6:e3:8f:db:52:a4:73:d3:b7:7c:7a:34:
                    6d:c6:a4:b6:b5:8d:44:0d:36:b4:ac:1b:75:28:93:
                    53:42:42:6c:88:12:dc:ee:33:44:d0:01:98:f6:61:
                    87:bd:b2:c7:0a:af:44:a2:9c:93:fb:62:23:91:29:
                    a0:69:0b:01:62:fd:37:72:c9:64:fc:67:90:24:5d:
                    88:36:ac:0f:e1:a0:36:a4:38:57:1a:bc:93:e8:85:
                    cb:a4:2a:0d:2b:10:43:5c:58:ef:6f:c7:9a:6e:16:
                    fa:57:7b:88:93:7e:99:bf:83:c4:5b:a0:e5:31:d9:
                    85:11:7f:4a:4d:0a:70:34:cd:65:2d:44:e2:4c:03:
                    10:a5:b5:90:0a:e4:76:d5:4e:ef:63:af:e9:9f:fb:
                    06:2a:14:22:a3:9a:0d:c7:9e:c8:91:1e:d1:bf:c6:
                    cf:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7A:23:4A:55:3C:83:96:53:08:46:AC:3A:52:6F:E3:30:9A:11:C7
            X509v3 Authority Key Identifier:
                keyid:53:B4:2F:7F:21:02:54:EA:47:2A:C7:55:A1:64:72:C5:2E:FC:2A:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7QvfyECVOpHKsdVoWRyxS78KpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/1a3ffc-ec93-4724-bea3-ee601cd92c2f/1/5nojSlU8g5ZTCEasOlJv4zCaEcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/1a3ffc-ec93-4724-bea3-ee601cd92c2f/1/U7QvfyECVOpHKsdVoWRyxS78KpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c2:aa:2b:cb:57:33:25:d3:10:67:c4:04:7f:f9:76:51:4c:
         d4:b4:37:75:db:a9:54:f7:07:33:f5:fa:29:a7:60:e9:19:8e:
         2e:5b:73:a0:86:18:ee:6c:49:56:aa:50:c7:34:4d:91:f8:05:
         6b:20:9e:a9:28:1d:e2:4b:12:b6:13:7e:73:ae:cc:80:67:50:
         b8:48:50:35:4e:82:c7:8a:42:df:5d:2c:51:e9:43:6a:00:7e:
         c3:9e:98:fd:ee:20:2d:c9:20:7e:24:88:a3:8a:4a:12:b8:7e:
         60:99:6a:17:de:84:99:ed:91:92:46:cd:b7:ba:3c:e7:c1:94:
         ba:60:1a:1d:84:42:84:b2:e4:66:5f:fc:18:86:02:97:b3:b9:
         6c:fb:cd:05:d7:55:bc:e4:a4:e9:6f:61:bc:ee:2e:d9:fb:e4:
         c3:68:3c:e7:75:c5:4e:3a:87:90:31:1e:0b:0e:3e:e1:6b:e4:
         e0:4c:06:ee:ad:3d:c7:b0:49:d1:ff:4d:f1:7d:2a:e0:79:10:
         14:30:65:da:b9:cf:86:0d:77:3b:f7:a9:8e:38:56:7d:72:23:
         a8:d5:6d:e7:b3:1e:2c:a3:c9:7c:7f:17:3d:49:05:21:64:f8:
         5b:24:50:a6:84:f4:ff:aa:45:4f:67:94:7d:2c:45:a1:0e:b3:
         80:e1:31:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1exWixYarpJuzlEWQGBLi5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjQyZjdmMjEwMjU0ZWE0NzJhYzc1NWExNjQ3MmM1MmVm
YzJhOTIwHhcNMjQwMTMxMDkwNjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdhMjM0YTU1M2M4Mzk2NTMwODQ2YWMzYTUyNmZlMzMwOWExMWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG5Sslg2LQPBrgifeFTIrBDvZPfo
ePDesieSALB7wvxvCpu/HPStkkkyZy9U1OcfalsVnHkhBPFEXq8PGBhFm0awUzEc
Vf62mH6WFsuB9GiMpqQ632s2JC3nlSz244/bUqRz07d8ejRtxqS2tY1EDTa0rBt1
KJNTQkJsiBLc7jNE0AGY9mGHvbLHCq9EopyT+2IjkSmgaQsBYv03cslk/GeQJF2I
NqwP4aA2pDhXGryT6IXLpCoNKxBDXFjvb8eabhb6V3uIk36Zv4PEW6DlMdmFEX9K
TQpwNM1lLUTiTAMQpbWQCuR21U7vY6/pn/sGKhQio5oNx57IkR7Rv8bPFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZ6I0pVPIOWUwhGrDpSb+MwmhHHMB8GA1UdIwQY
MBaAFFO0L38hAlTqRyrHVaFkcsUu/CqSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdRdmZ5RUNWT3BIS3NkVm9XUnl4Uzc4S3BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8xYTNmZmMtZWM5My00NzI0LWJlYTMt
ZWU2MDFjZDkyYzJmLzEvNW5valNsVThnNVpUQ0Vhc09sSnY0ekNhRWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8xYTNmZmMtZWM5My00NzI0LWJlYTMtZWU2MDFjZDkyYzJm
LzEvVTdRdmZ5RUNWT3BIS3NkVm9XUnl4Uzc4S3BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV4eMA0G
CSqGSIb3DQEBCwUAA4IBAQBJwqory1czJdMQZ8QEf/l2UUzUtDd126lU9wcz9fop
p2DpGY4uW3OghhjubElWqlDHNE2R+AVrIJ6pKB3iSxK2E35zrsyAZ1C4SFA1ToLH
ikLfXSxR6UNqAH7Dnpj97iAtySB+JIijikoSuH5gmWoX3oSZ7ZGSRs23ujznwZS6
YBodhEKEsuRmX/wYhgKXs7ls+80F11W85KTpb2G87i7Z++TDaDzndcVOOoeQMR4L
Dj7ha+TgTAburT3HsEnR/03xfSrgeRAUMGXauc+GDXc796mOOFZ9ciOo1W3nsx4s
o8l8fxc9SQUhZPhbJFCmhPT/qkVPZ5R9LEWhDrOA4THR
-----END CERTIFICATE-----