Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/_5xNTexb8bMlq1zVFv1eSL-_YFE.roa
File:                     _5xNTexb8bMlq1zVFv1eSL-_YFE.roa (raw, json)
Hash identifier:          5wSWYCGvysyYcKVIdm4LIhYsnOETRRyNf2eM0C+eL4g=
Subject key identifier:   FF:9C:4D:4D:EC:5B:F1:B3:25:AB:5C:D5:16:FD:5E:48:BF:BF:60:51
Certificate issuer:       /CN=81e4e6075978ea9476b641ce008c787ab28e5d13
Certificate serial:       018CC94C243273C09205B5B9E7850575D34E
Authority key identifier: 81:E4:E6:07:59:78:EA:94:76:B6:41:CE:00:8C:78:7A:B2:8E:5D:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/geTmB1l46pR2tkHOAIx4erKOXRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/_5xNTexb8bMlq1zVFv1eSL-_YFE.roa
Signing time:             Tue 02 Jan 2024 08:30:59 +0000
ROA not before:           Tue 02 Jan 2024 08:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8473
IP address blocks:        185.65.188.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/geTmB1l46pR2tkHOAIx4erKOXRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/geTmB1l46pR2tkHOAIx4erKOXRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/geTmB1l46pR2tkHOAIx4erKOXRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:24:32:73:c0:92:05:b5:b9:e7:85:05:75:d3:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81e4e6075978ea9476b641ce008c787ab28e5d13
        Validity
            Not Before: Jan  2 08:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff9c4d4dec5bf1b325ab5cd516fd5e48bfbf6051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a4:0c:52:25:8b:dc:60:37:7c:b3:14:0f:4f:
                    b0:4b:0b:9d:9c:5f:2f:11:46:50:b9:81:da:29:a9:
                    85:2a:ce:98:bb:fe:d8:ca:74:40:bc:06:f9:f9:df:
                    ce:d3:54:9c:3c:79:c8:fe:d0:b3:26:91:63:08:68:
                    c5:e9:e0:9b:53:23:3c:65:5b:89:b1:c4:e5:08:68:
                    a5:ab:ea:a5:04:03:13:9a:49:31:3f:1c:dc:5b:34:
                    7a:35:11:db:d5:62:41:c9:a9:69:43:94:8c:77:35:
                    af:30:7f:31:5e:e1:0a:47:81:b4:77:4c:fe:c8:a2:
                    b3:d5:59:c7:ea:c5:ab:5d:fa:cc:04:12:51:e5:5f:
                    e6:b0:7d:25:51:a1:7c:02:83:b4:80:82:57:26:da:
                    68:a7:51:0f:44:66:f8:eb:63:bf:ee:35:1a:a1:13:
                    45:32:41:43:97:ee:d7:fe:82:88:88:67:46:e4:88:
                    ac:d2:a4:28:e0:20:2d:53:e4:73:18:7f:63:25:95:
                    34:d1:3b:d8:2b:82:fd:91:80:11:94:cb:1d:77:43:
                    05:05:03:f2:6f:b8:c4:74:71:30:a3:4d:79:81:3a:
                    07:72:ed:23:e0:74:02:b6:70:fe:b0:7a:0b:1b:21:
                    05:66:08:15:49:fb:d7:06:3a:37:fa:d9:78:13:e6:
                    b6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:9C:4D:4D:EC:5B:F1:B3:25:AB:5C:D5:16:FD:5E:48:BF:BF:60:51
            X509v3 Authority Key Identifier:
                keyid:81:E4:E6:07:59:78:EA:94:76:B6:41:CE:00:8C:78:7A:B2:8E:5D:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/geTmB1l46pR2tkHOAIx4erKOXRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/_5xNTexb8bMlq1zVFv1eSL-_YFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/geTmB1l46pR2tkHOAIx4erKOXRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:32:29:4c:08:9e:36:fe:6f:83:7b:62:3c:d7:63:f9:76:2f:
         68:4b:fc:54:fa:ad:07:95:8d:e6:4d:fd:dd:13:03:5e:5e:1c:
         d4:56:33:67:53:1e:d3:2d:a1:d9:36:1f:67:0f:95:6f:fe:4a:
         89:b5:91:75:6f:20:0e:fd:fb:c3:48:56:20:e3:10:2e:2f:cb:
         d0:e2:01:d5:69:eb:5e:fa:b0:3f:e9:f2:1f:65:0e:e9:c2:36:
         87:a0:0b:a4:70:4c:e7:49:fe:57:cb:bd:e1:db:27:52:d7:09:
         a8:46:59:e7:33:ea:75:7d:c4:88:31:1e:83:f1:57:a1:d7:68:
         9b:83:23:bf:ff:ee:45:1b:7a:a2:cf:b1:e4:d8:f6:29:e0:da:
         e2:dc:50:d8:39:c9:76:d1:2d:98:a7:b2:5b:d6:6c:69:d4:8e:
         7f:10:99:bf:42:a7:2a:43:ab:4c:1d:f0:d4:72:d9:77:fb:54:
         b8:94:f9:94:4d:d7:19:65:fb:12:01:8c:f8:33:65:ef:70:95:
         ab:03:5f:16:a3:b8:eb:dd:f7:74:60:c2:de:ed:8c:2c:bd:85:
         f8:42:03:35:c9:00:0d:24:49:21:21:2a:ef:4f:ba:3a:18:65:
         11:da:54:47:af:6b:ad:3c:7b:15:91:fb:05:8a:46:54:81:04:
         b9:f3:3d:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTCQyc8CSBbW554UFddNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZTRlNjA3NTk3OGVhOTQ3NmI2NDFjZTAwOGM3ODdhYjI4
ZTVkMTMwHhcNMjQwMTAyMDgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjljNGQ0ZGVjNWJmMWIzMjVhYjVjZDUxNmZkNWU0OGJmYmY2MDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaQMUiWL3GA3fLMUD0+wSwudnF8v
EUZQuYHaKamFKs6Yu/7YynRAvAb5+d/O01ScPHnI/tCzJpFjCGjF6eCbUyM8ZVuJ
scTlCGilq+qlBAMTmkkxPxzcWzR6NRHb1WJByalpQ5SMdzWvMH8xXuEKR4G0d0z+
yKKz1VnH6sWrXfrMBBJR5V/msH0lUaF8AoO0gIJXJtpop1EPRGb462O/7jUaoRNF
MkFDl+7X/oKIiGdG5Iis0qQo4CAtU+RzGH9jJZU00TvYK4L9kYARlMsdd0MFBQPy
b7jEdHEwo015gToHcu0j4HQCtnD+sHoLGyEFZggVSfvXBjo3+tl4E+a2YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+cTU3sW/GzJatc1Rb9Xki/v2BRMB8GA1UdIwQY
MBaAFIHk5gdZeOqUdrZBzgCMeHqyjl0TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2VUbUIxbDQ2cFIydGtIT0FJeDRlcktPWFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83OTM3MDktZWU1OC00Zjc2LWIzMDgt
ODYyYjg2YjZlNjQyLzEvXzV4TlRleGI4Yk1scTF6VkZ2MWVTTC1fWUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83OTM3MDktZWU1OC00Zjc2LWIzMDgtODYyYjg2YjZlNjQy
LzEvZ2VUbUIxbDQ2cFIydGtIT0FJeDRlcktPWFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUG8MA0G
CSqGSIb3DQEBCwUAA4IBAQAcMilMCJ42/m+De2I812P5di9oS/xU+q0HlY3mTf3d
EwNeXhzUVjNnUx7TLaHZNh9nD5Vv/kqJtZF1byAO/fvDSFYg4xAuL8vQ4gHVaete
+rA/6fIfZQ7pwjaHoAukcEznSf5Xy73h2ydS1wmoRlnnM+p1fcSIMR6D8Veh12ib
gyO//+5FG3qiz7Hk2PYp4Nri3FDYOcl20S2Yp7Jb1mxp1I5/EJm/QqcqQ6tMHfDU
ctl3+1S4lPmUTdcZZfsSAYz4M2XvcJWrA18Wo7jr3fd0YMLe7YwsvYX4QgM1yQAN
JEkhISrvT7o6GGUR2lRHr2utPHsVkfsFikZUgQS58z2n
-----END CERTIFICATE-----