Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/nl5AOfRkEF4PyUiU0YmlWWnjzjk.roa
File:                     nl5AOfRkEF4PyUiU0YmlWWnjzjk.roa (raw, json)
Hash identifier:          tNhQHspfLzXLniS8HQyZg52UMJsZCDpT8WYm1zGE1xU=
Subject key identifier:   9E:5E:40:39:F4:64:10:5E:0F:C9:48:94:D1:89:A5:59:69:E3:CE:39
Certificate issuer:       /CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
Certificate serial:       018CC795225E1A058C35C65421A66B4E1080
Authority key identifier: 0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/nl5AOfRkEF4PyUiU0YmlWWnjzjk.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.127.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:22:5e:1a:05:8c:35:c6:54:21:a6:6b:4e:10:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e5e4039f464105e0fc94894d189a55969e3ce39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:58:9f:f3:b3:5b:d6:2c:e4:c2:46:7a:de:63:
                    6f:3a:f0:ca:a1:ed:9d:d8:54:8b:8a:e7:39:a6:65:
                    54:7e:6c:7d:f8:45:0a:24:2f:0d:ea:b5:b8:82:66:
                    66:cd:34:c9:97:4e:93:48:7d:dd:09:87:2a:f2:98:
                    e0:67:65:10:76:8c:dd:ad:dc:bf:86:c1:d0:51:7e:
                    f7:07:c4:60:2d:a0:ea:04:46:73:a0:ff:d1:7d:47:
                    ac:d2:f4:08:54:7e:bf:6f:12:3a:17:49:b1:df:50:
                    77:3b:80:93:3c:59:78:f3:1a:fd:47:a8:ce:e8:6a:
                    da:6c:14:f7:91:f2:6d:c9:75:6d:c0:5c:ac:72:0a:
                    79:5e:9d:fe:a6:d3:77:11:45:30:50:ee:bc:f4:4e:
                    19:56:7a:1b:34:6e:df:d6:9a:d1:4b:e4:07:75:d1:
                    fb:1d:75:36:4a:43:f3:9c:77:1f:cb:0b:9b:aa:87:
                    99:b7:6c:d9:5f:f2:c0:20:c5:e8:86:c6:21:23:e8:
                    d4:94:35:27:be:fb:28:87:0a:c2:24:7e:90:98:32:
                    ac:13:44:0e:4e:81:82:d5:b0:c4:a0:3d:5d:09:54:
                    63:d5:96:e5:b8:2f:a0:93:82:4b:90:21:a2:1c:ce:
                    41:d1:85:0c:8d:d9:a0:d0:da:2a:ee:cf:86:40:da:
                    74:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:5E:40:39:F4:64:10:5E:0F:C9:48:94:D1:89:A5:59:69:E3:CE:39
            X509v3 Authority Key Identifier:
                keyid:0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/nl5AOfRkEF4PyUiU0YmlWWnjzjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:54:45:38:fc:a0:63:51:47:78:2b:7e:aa:8c:19:b7:b4:16:
         52:28:a6:da:62:99:62:b1:f6:13:00:ba:68:35:3c:c1:31:5e:
         dc:8e:a5:58:9c:9e:ac:2d:cb:be:51:c3:f6:32:8b:9b:b4:95:
         f2:85:a2:96:d9:90:a8:0b:92:3a:38:83:fe:14:5b:bc:ae:bd:
         85:2a:34:2f:d2:65:78:ec:41:67:14:d4:99:62:eb:47:ff:b2:
         dc:4a:86:8b:2a:48:10:28:e9:ad:e7:57:67:24:a0:10:18:14:
         a4:c5:1d:54:e9:b3:65:eb:51:8a:34:ac:fe:d5:20:be:15:04:
         8d:1d:87:ed:52:3d:74:8c:cb:49:21:12:64:99:06:43:14:01:
         db:51:39:17:17:60:2d:96:f4:16:8f:7a:cb:7d:e4:5e:52:68:
         64:f8:80:50:f8:e4:5b:ec:ea:50:7e:2f:8b:c2:09:69:e2:0c:
         f5:6a:b9:d1:ea:92:4d:da:b9:5b:4a:6b:f6:5b:0e:53:a0:49:
         8f:a7:4e:2f:13:d5:43:1f:44:3f:e8:fd:75:ed:b4:c0:64:c1:
         92:d6:c4:b0:b9:ea:1e:85:96:ff:60:a7:28:81:54:9e:06:35:
         34:e8:4b:55:cc:47:b7:f1:a9:67:22:0a:32:28:45:4c:92:30:
         f1:8c:64:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSJeGgWMNcZUIaZrThCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGIwZGNiNmFkMGNhODE2ZDJiZDIwNGUxM2YxZWFmMTEw
NDI3NGMwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTVlNDAzOWY0NjQxMDVlMGZjOTQ4OTRkMTg5YTU1OTY5ZTNjZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlif87Nb1izkwkZ63mNvOvDKoe2d
2FSLiuc5pmVUfmx9+EUKJC8N6rW4gmZmzTTJl06TSH3dCYcq8pjgZ2UQdozdrdy/
hsHQUX73B8RgLaDqBEZzoP/RfUes0vQIVH6/bxI6F0mx31B3O4CTPFl48xr9R6jO
6GrabBT3kfJtyXVtwFyscgp5Xp3+ptN3EUUwUO689E4ZVnobNG7f1prRS+QHddH7
HXU2SkPznHcfywubqoeZt2zZX/LAIMXohsYhI+jUlDUnvvsohwrCJH6QmDKsE0QO
ToGC1bDEoD1dCVRj1ZbluC+gk4JLkCGiHM5B0YUMjdmg0Noq7s+GQNp0RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5eQDn0ZBBeD8lIlNGJpVlp4845MB8GA1UdIwQY
MBaAFA4LDctq0MqBbSvSBOE/Hq8RBCdMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMt
N2ZlMzk1MWE3MzViLzEvbmw1QU9mUmtFRjRQeVVpVTBZbWxXV25qemprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMtN2ZlMzk1MWE3MzVi
LzEvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX8cMA0G
CSqGSIb3DQEBCwUAA4IBAQCqVEU4/KBjUUd4K36qjBm3tBZSKKbaYplisfYTALpo
NTzBMV7cjqVYnJ6sLcu+UcP2MoubtJXyhaKW2ZCoC5I6OIP+FFu8rr2FKjQv0mV4
7EFnFNSZYutH/7LcSoaLKkgQKOmt51dnJKAQGBSkxR1U6bNl61GKNKz+1SC+FQSN
HYftUj10jMtJIRJkmQZDFAHbUTkXF2AtlvQWj3rLfeReUmhk+IBQ+ORb7OpQfi+L
wglp4gz1arnR6pJN2rlbSmv2Ww5ToEmPp04vE9VDH0Q/6P117bTAZMGS1sSwueoe
hZb/YKcogVSeBjU06EtVzEe38alnIgoyKEVMkjDxjGRG
-----END CERTIFICATE-----