Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/sL7UTLaTALkWozDPTSQWgZmMiAk.roa
File:                     sL7UTLaTALkWozDPTSQWgZmMiAk.roa (raw, json)
Hash identifier:          QCPVnWUnz1T+5BgBhguMPEZrUNY2VQOAvczgE9Z9YOI=
Subject key identifier:   B0:BE:D4:4C:B6:93:00:B9:16:A3:30:CF:4D:24:16:81:99:8C:88:09
Certificate issuer:       /CN=608e6a6a54017dd3b9b2cce35fd5a9a7f2a45498
Certificate serial:       018CC80310B02CCB08F9C2F2CE5D8BCC4EF9
Authority key identifier: 60:8E:6A:6A:54:01:7D:D3:B9:B2:CC:E3:5F:D5:A9:A7:F2:A4:54:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YI5qalQBfdO5sszjX9Wpp_KkVJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/sL7UTLaTALkWozDPTSQWgZmMiAk.roa
Signing time:             Tue 02 Jan 2024 02:31:33 +0000
ROA not before:           Tue 02 Jan 2024 02:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12779
IP address blocks:        5.104.26.0/23 maxlen: 23
                          5.104.30.0/24 maxlen: 24
                          5.104.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/YI5qalQBfdO5sszjX9Wpp_KkVJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/YI5qalQBfdO5sszjX9Wpp_KkVJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YI5qalQBfdO5sszjX9Wpp_KkVJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:10:b0:2c:cb:08:f9:c2:f2:ce:5d:8b:cc:4e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=608e6a6a54017dd3b9b2cce35fd5a9a7f2a45498
        Validity
            Not Before: Jan  2 02:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0bed44cb69300b916a330cf4d241681998c8809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:eb:6b:e3:8e:f1:6b:07:31:91:be:af:41:7b:
                    29:d1:30:cf:54:57:27:59:53:ab:d0:b6:5c:4d:00:
                    b5:5e:fa:de:e1:76:24:3e:9a:d6:02:5e:8e:ca:6c:
                    15:3a:e3:90:1f:11:2c:ca:15:8d:52:38:91:2c:1c:
                    a2:82:e4:aa:b1:28:9c:d0:3a:8e:cc:20:0e:5b:68:
                    5e:bd:e9:d3:df:da:0b:84:a0:a3:9c:96:a8:e5:7b:
                    e9:1f:ba:ed:6f:80:ec:65:67:5c:39:0e:36:14:8b:
                    c6:04:57:4d:9a:a3:02:15:f2:06:02:d4:91:fa:6b:
                    10:46:7b:18:a6:c6:14:80:58:b4:77:3b:92:c3:8d:
                    58:d7:76:b2:fe:b1:08:61:5a:9c:08:31:b2:86:48:
                    81:99:89:97:15:3e:f8:65:36:6c:c4:17:0f:87:a1:
                    e2:50:5e:81:98:4d:1b:d2:44:61:e9:8e:3a:13:06:
                    e8:a3:2e:6a:58:9a:e1:21:7d:62:70:66:99:30:31:
                    7c:ef:63:5c:1f:21:e4:8f:fc:9e:a3:32:48:bf:90:
                    10:98:6f:3a:6c:a7:33:7c:56:a9:e5:67:56:7c:2e:
                    67:54:a2:4b:ae:71:d3:74:c4:c5:bf:c0:63:1f:58:
                    4d:6e:bd:a6:1e:c9:7e:d5:d5:ca:32:8d:d4:9b:48:
                    2a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:BE:D4:4C:B6:93:00:B9:16:A3:30:CF:4D:24:16:81:99:8C:88:09
            X509v3 Authority Key Identifier:
                keyid:60:8E:6A:6A:54:01:7D:D3:B9:B2:CC:E3:5F:D5:A9:A7:F2:A4:54:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YI5qalQBfdO5sszjX9Wpp_KkVJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/sL7UTLaTALkWozDPTSQWgZmMiAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/YI5qalQBfdO5sszjX9Wpp_KkVJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.26.0-5.104.30.255

    Signature Algorithm: sha256WithRSAEncryption
         83:a4:95:99:72:2f:6f:f6:2b:5c:69:68:a3:49:e8:16:2e:30:
         9e:82:80:79:54:7c:a6:6b:ba:f5:86:76:11:5e:1b:c3:59:79:
         86:38:a8:92:c3:7a:8f:9c:a7:41:1b:03:9a:81:f1:ac:01:60:
         11:44:f4:40:f4:e0:30:c7:c7:30:1b:74:e6:3c:84:1b:f0:04:
         28:8f:0b:6d:29:fd:7d:23:5c:74:2d:a2:a6:18:fc:e9:68:89:
         b4:8a:98:65:16:0e:3c:ae:9f:f1:0a:0f:54:8a:2a:78:cd:06:
         15:c8:c6:1b:9e:19:5b:e1:9d:4c:e7:b6:57:04:0d:3c:1c:f8:
         92:1f:9c:a5:2a:96:84:91:2a:94:45:26:c6:33:27:fe:7a:f1:
         81:24:db:7a:82:dc:2e:e9:91:f6:3f:7f:87:0a:37:cf:0c:7e:
         5f:4b:85:c6:58:2f:b9:71:78:18:56:5c:56:be:82:59:fc:bc:
         ec:19:e7:cd:56:98:d7:fe:d7:39:fd:5b:93:c0:01:88:3a:d6:
         24:09:fd:27:a8:36:5f:2a:dc:38:58:60:d2:ee:0d:73:ae:d8:
         0b:9f:07:31:45:31:bf:5f:0a:82:e4:42:6a:a6:ba:81:a7:48:
         f5:38:a9:e7:a6:7c:fc:31:f5:56:5b:0c:71:5a:16:7c:77:c3:
         bc:e1:c7:80
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAxCwLMsI+cLyzl2LzE75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOGU2YTZhNTQwMTdkZDNiOWIyY2NlMzVmZDVhOWE3ZjJh
NDU0OTgwHhcNMjQwMTAyMDIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGJlZDQ0Y2I2OTMwMGI5MTZhMzMwY2Y0ZDI0MTY4MTk5OGM4ODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOtr447xawcxkb6vQXsp0TDPVFcn
WVOr0LZcTQC1Xvre4XYkPprWAl6OymwVOuOQHxEsyhWNUjiRLByiguSqsSic0DqO
zCAOW2hevenT39oLhKCjnJao5XvpH7rtb4DsZWdcOQ42FIvGBFdNmqMCFfIGAtSR
+msQRnsYpsYUgFi0dzuSw41Y13ay/rEIYVqcCDGyhkiBmYmXFT74ZTZsxBcPh6Hi
UF6BmE0b0kRh6Y46Ewbooy5qWJrhIX1icGaZMDF872NcHyHkj/yeozJIv5AQmG86
bKczfFap5WdWfC5nVKJLrnHTdMTFv8BjH1hNbr2mHsl+1dXKMo3Um0gqwwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLC+1Ey2kwC5FqMwz00kFoGZjIgJMB8GA1UdIwQY
MBaAFGCOampUAX3TubLM41/VqafypFSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUk1cWFsUUJmZE81c3N6alg5V3BwX0trVkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jMzMyOGUtMWNlOS00ZTM4LTllY2Et
MjMyNDk3N2M5MzkzLzEvc0w3VVRMYVRBTGtXb3pEUFRTUVdnWm1NaUFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jMzMyOGUtMWNlOS00ZTM4LTllY2EtMjMyNDk3N2M5Mzkz
LzEvWUk1cWFsUUJmZE81c3N6alg5V3BwX0trVkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAEFaBoD
BAAFaB4wDQYJKoZIhvcNAQELBQADggEBAIOklZlyL2/2K1xpaKNJ6BYuMJ6CgHlU
fKZruvWGdhFeG8NZeYY4qJLDeo+cp0EbA5qB8awBYBFE9ED04DDHxzAbdOY8hBvw
BCiPC20p/X0jXHQtoqYY/OloibSKmGUWDjyun/EKD1SKKnjNBhXIxhueGVvhnUzn
tlcEDTwc+JIfnKUqloSRKpRFJsYzJ/568YEk23qC3C7pkfY/f4cKN88Mfl9LhcZY
L7lxeBhWXFa+gln8vOwZ581WmNf+1zn9W5PAAYg61iQJ/SeoNl8q3DhYYNLuDXOu
2AufBzFFMb9fCoLkQmqmuoGnSPU4qeemfPwx9VZbDHFaFnx3w7zhx4A=
-----END CERTIFICATE-----