Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/c5eb99-7289-4e3e-a8cd-05bbe4ef06c0/1/MVo9tijyJNginLL8kZ6zVRAQg_Q.roa
File:                     MVo9tijyJNginLL8kZ6zVRAQg_Q.roa (raw, json)
Hash identifier:          Oqq5E/oO+OxgKY8Xq5V1igUnaKwvmU4IK6dQF5KT48k=
Subject key identifier:   31:5A:3D:B6:28:F2:24:D8:22:9C:B2:FC:91:9E:B3:55:10:10:83:F4
Certificate issuer:       /CN=cbd216b005744c18cb384d3d09d124066d55f62d
Certificate serial:       018CC94ADA042AD4B4D2400FBB75B024EFEE
Authority key identifier: CB:D2:16:B0:05:74:4C:18:CB:38:4D:3D:09:D1:24:06:6D:55:F6:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9IWsAV0TBjLOE09CdEkBm1V9i0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/c5eb99-7289-4e3e-a8cd-05bbe4ef06c0/1/MVo9tijyJNginLL8kZ6zVRAQg_Q.roa
Signing time:             Tue 02 Jan 2024 08:29:35 +0000
ROA not before:           Tue 02 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        194.5.191.0/24 maxlen: 24
                          194.5.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/c5eb99-7289-4e3e-a8cd-05bbe4ef06c0/1/y9IWsAV0TBjLOE09CdEkBm1V9i0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/c5eb99-7289-4e3e-a8cd-05bbe4ef06c0/1/y9IWsAV0TBjLOE09CdEkBm1V9i0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9IWsAV0TBjLOE09CdEkBm1V9i0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:da:04:2a:d4:b4:d2:40:0f:bb:75:b0:24:ef:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd216b005744c18cb384d3d09d124066d55f62d
        Validity
            Not Before: Jan  2 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=315a3db628f224d8229cb2fc919eb355101083f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:76:05:13:88:f7:80:9e:e6:a7:7f:57:9c:08:
                    09:99:35:18:5f:ee:40:7a:63:64:e3:b9:c5:a7:f9:
                    67:bd:ec:51:90:fa:4d:7c:8a:e0:c8:69:f0:56:b5:
                    d5:bd:0e:fa:91:2b:8a:88:af:3b:84:75:6a:f7:fa:
                    1c:22:45:5e:8d:bc:b7:53:4f:5e:f8:a4:85:c5:b7:
                    ba:9f:b4:66:82:a8:fb:b2:80:81:8e:76:44:04:99:
                    b3:f2:b2:25:2f:16:7b:8f:1d:3d:1d:f5:fc:ad:30:
                    6a:a5:96:de:f2:28:cd:1e:bd:e4:57:f3:9d:59:22:
                    39:85:fb:c7:50:d2:2d:0a:ac:97:7b:7b:67:73:00:
                    bd:1c:89:ee:1c:4b:70:53:17:43:8e:77:ca:91:cd:
                    1a:f1:0f:48:54:4b:49:d8:cd:9e:65:71:07:b0:79:
                    bf:1f:0e:78:02:80:45:cc:4d:be:1a:7a:db:be:75:
                    23:2e:47:fd:c5:5c:f7:e3:89:cc:4a:f9:55:bf:ae:
                    f3:62:de:20:25:55:aa:2a:25:5c:38:57:0c:ad:97:
                    53:cb:73:2b:84:9a:da:67:97:6a:e7:21:3e:39:ae:
                    93:e0:fd:26:e1:4c:25:e9:ca:4b:c0:8a:f0:1f:4d:
                    7f:3e:8b:f6:28:05:07:7e:cc:8f:13:87:21:d3:1e:
                    6e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:5A:3D:B6:28:F2:24:D8:22:9C:B2:FC:91:9E:B3:55:10:10:83:F4
            X509v3 Authority Key Identifier:
                keyid:CB:D2:16:B0:05:74:4C:18:CB:38:4D:3D:09:D1:24:06:6D:55:F6:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9IWsAV0TBjLOE09CdEkBm1V9i0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/c5eb99-7289-4e3e-a8cd-05bbe4ef06c0/1/MVo9tijyJNginLL8kZ6zVRAQg_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/c5eb99-7289-4e3e-a8cd-05bbe4ef06c0/1/y9IWsAV0TBjLOE09CdEkBm1V9i0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:4c:9c:1f:4d:e2:ed:b9:48:bd:70:3e:78:36:f3:eb:56:8d:
         de:15:74:f8:21:ba:72:f0:5a:93:e9:c8:16:bd:39:3a:c7:fb:
         7c:03:32:6f:3e:ff:58:b9:77:25:dc:91:4e:0b:f4:91:2e:e4:
         27:ee:12:7f:e6:8c:5c:af:58:27:1b:bc:6f:a2:b6:4f:89:da:
         78:63:ad:52:c5:f8:f0:3a:af:cd:ad:fe:c5:4c:2b:ec:9f:68:
         5f:24:e5:17:4f:a1:04:75:11:19:83:69:7c:14:d7:8c:a5:16:
         f2:21:b3:7c:83:0f:28:5e:2c:6f:53:18:9c:35:70:a0:45:00:
         59:b4:bc:fe:9e:37:09:af:8e:3c:58:3c:3c:9f:6b:f8:b3:f3:
         a3:f0:10:90:e2:c9:29:12:4f:c8:cd:0f:91:fd:6d:d2:71:97:
         f3:96:8a:eb:7f:a3:83:5b:27:4d:88:b5:80:6b:84:26:3f:b2:
         59:7c:59:30:68:66:1c:78:ca:ec:3d:f4:14:7d:db:4c:24:0e:
         dd:81:44:58:e8:1e:11:78:68:56:8e:4c:38:56:1e:58:9e:d4:
         48:7f:b2:56:1d:1d:d3:ae:4f:93:85:21:1c:69:a6:cd:bd:0b:
         48:97:f4:8d:c6:4c:03:b6:d8:ce:39:5f:ed:e3:02:83:18:ae:
         3c:41:01:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJStoEKtS00kAPu3WwJO/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDIxNmIwMDU3NDRjMThjYjM4NGQzZDA5ZDEyNDA2NmQ1
NWY2MmQwHhcNMjQwMTAyMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTVhM2RiNjI4ZjIyNGQ4MjI5Y2IyZmM5MTllYjM1NTEwMTA4M2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3YFE4j3gJ7mp39XnAgJmTUYX+5A
emNk47nFp/lnvexRkPpNfIrgyGnwVrXVvQ76kSuKiK87hHVq9/ocIkVejby3U09e
+KSFxbe6n7Rmgqj7soCBjnZEBJmz8rIlLxZ7jx09HfX8rTBqpZbe8ijNHr3kV/Od
WSI5hfvHUNItCqyXe3tncwC9HInuHEtwUxdDjnfKkc0a8Q9IVEtJ2M2eZXEHsHm/
Hw54AoBFzE2+GnrbvnUjLkf9xVz344nMSvlVv67zYt4gJVWqKiVcOFcMrZdTy3Mr
hJraZ5dq5yE+Oa6T4P0m4Uwl6cpLwIrwH01/Pov2KAUHfsyPE4ch0x5uKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFaPbYo8iTYIpyy/JGes1UQEIP0MB8GA1UdIwQY
MBaAFMvSFrAFdEwYyzhNPQnRJAZtVfYtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlJV3NBVjBUQmpMT0UwOUNkRWtCbTFWOWkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9jNWViOTktNzI4OS00ZTNlLWE4Y2Qt
MDViYmU0ZWYwNmMwLzEvTVZvOXRpanlKTmdpbkxMOGtaNnpWUkFRZ19RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9jNWViOTktNzI4OS00ZTNlLWE4Y2QtMDViYmU0ZWYwNmMw
LzEveTlJV3NBVjBUQmpMT0UwOUNkRWtCbTFWOWkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgW+MA0G
CSqGSIb3DQEBCwUAA4IBAQA8TJwfTeLtuUi9cD54NvPrVo3eFXT4Ibpy8FqT6cgW
vTk6x/t8AzJvPv9YuXcl3JFOC/SRLuQn7hJ/5oxcr1gnG7xvorZPidp4Y61Sxfjw
Oq/Nrf7FTCvsn2hfJOUXT6EEdREZg2l8FNeMpRbyIbN8gw8oXixvUxicNXCgRQBZ
tLz+njcJr448WDw8n2v4s/Oj8BCQ4skpEk/IzQ+R/W3ScZfzlorrf6ODWydNiLWA
a4QmP7JZfFkwaGYceMrsPfQUfdtMJA7dgURY6B4ReGhWjkw4Vh5YntRIf7JWHR3T
rk+ThSEcaabNvQtIl/SNxkwDttjOOV/t4wKDGK48QQE1
-----END CERTIFICATE-----