Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/UzJEfYrK8k3REzILsm6rUTr9YhI.roa
File:                     UzJEfYrK8k3REzILsm6rUTr9YhI.roa (raw, json)
Hash identifier:          DqkUqMmpONDMcOkVpzft4tQW2Xpc9j0ICc+uIFw5SQQ=
Subject key identifier:   53:32:44:7D:8A:CA:F2:4D:D1:13:32:0B:B2:6E:AB:51:3A:FD:62:12
Certificate issuer:       /CN=5f1cdada398240e67e4f826e8089d25b12490401
Certificate serial:       018CC2DAB3FCBE4FC9D9310C7CE52D0E658A
Authority key identifier: 5F:1C:DA:DA:39:82:40:E6:7E:4F:82:6E:80:89:D2:5B:12:49:04:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xxza2jmCQOZ-T4JugInSWxJJBAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/UzJEfYrK8k3REzILsm6rUTr9YhI.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58075
IP address blocks:        45.95.68.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/Xxza2jmCQOZ-T4JugInSWxJJBAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/Xxza2jmCQOZ-T4JugInSWxJJBAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xxza2jmCQOZ-T4JugInSWxJJBAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b3:fc:be:4f:c9:d9:31:0c:7c:e5:2d:0e:65:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1cdada398240e67e4f826e8089d25b12490401
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5332447d8acaf24dd113320bb26eab513afd6212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c9:f6:ad:50:a2:bb:44:54:81:f7:b3:96:c7:
                    f5:b0:cf:35:71:57:4d:47:02:89:60:93:b4:53:7a:
                    d9:8b:c6:2a:fc:31:56:c3:91:9b:ee:cc:0a:75:22:
                    c4:31:88:99:9d:73:86:bc:f3:52:99:ce:f7:ed:85:
                    49:92:6c:b8:c4:9b:a7:20:08:14:eb:5f:c0:b8:19:
                    84:6f:f9:94:33:b6:f5:12:d9:77:86:6c:fa:f6:7b:
                    38:3e:de:4e:2d:9b:c7:3c:17:87:3b:31:ba:2c:df:
                    df:68:72:cc:61:70:bc:5a:23:58:c1:42:b7:2a:7d:
                    e1:45:00:db:b2:2a:98:6c:c7:da:1d:a4:1a:df:e8:
                    ab:52:91:3c:ee:6b:ec:62:26:bd:44:1e:af:1d:be:
                    98:be:5b:a1:82:aa:77:88:cc:0d:cc:88:0a:0c:c2:
                    2d:24:6a:cd:a4:54:24:0d:ed:fd:87:cf:ac:33:7e:
                    14:9f:4d:72:14:f6:43:90:59:15:0a:3c:83:cd:45:
                    03:cb:67:3f:9a:b2:9d:55:0b:ea:d0:b1:d9:f2:7a:
                    de:45:e5:a7:55:e3:13:33:39:74:30:fc:3e:9e:92:
                    f4:0d:c7:44:49:d5:d0:e5:a8:61:d5:5e:f1:fc:09:
                    e1:13:07:ed:b5:51:0c:8f:b5:7c:14:6b:2c:50:ea:
                    64:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:32:44:7D:8A:CA:F2:4D:D1:13:32:0B:B2:6E:AB:51:3A:FD:62:12
            X509v3 Authority Key Identifier:
                keyid:5F:1C:DA:DA:39:82:40:E6:7E:4F:82:6E:80:89:D2:5B:12:49:04:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xxza2jmCQOZ-T4JugInSWxJJBAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/UzJEfYrK8k3REzILsm6rUTr9YhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/Xxza2jmCQOZ-T4JugInSWxJJBAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:de:8d:9b:10:55:30:20:d2:39:32:7b:6a:c3:ca:4d:fb:15:
         a3:91:3c:40:a5:f7:6b:9a:dc:bf:45:c6:fb:eb:fc:5f:58:1b:
         e5:1c:8b:96:ec:50:63:e2:08:c8:52:12:e9:3a:8f:70:4c:de:
         72:f3:16:e4:5b:0e:4b:5f:7a:55:51:a8:c0:74:d9:6e:cd:24:
         71:a4:20:c7:f8:12:79:bc:9e:04:05:27:d5:9c:cb:40:e2:9e:
         2d:c9:b8:82:52:fc:d3:c3:d6:ff:ce:2c:1a:ff:47:c2:3c:90:
         8e:04:c2:55:92:c3:0c:a8:a1:1b:00:14:60:87:30:18:00:89:
         e5:98:d2:be:fb:51:da:8b:09:a6:3d:6d:d4:a3:7d:43:26:cc:
         72:44:e7:dd:3d:39:96:7d:51:c0:34:3e:6d:b8:41:b6:28:ad:
         40:35:7f:03:16:f0:a7:4d:43:76:97:5b:5b:9e:24:80:bc:bd:
         64:7a:ee:c2:1f:25:92:f3:29:03:76:59:fb:51:74:27:45:c7:
         f7:ce:fa:44:2a:57:f7:33:42:06:bd:8f:f5:b4:db:28:19:27:
         c6:5f:2d:a1:ee:e9:ce:49:f0:e1:0d:21:99:0d:21:4e:7d:f2:
         27:f0:42:f1:eb:2f:11:50:94:8f:f3:4c:92:67:56:43:28:dd:
         a9:b5:f8:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rP8vk/J2TEMfOUtDmWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWNkYWRhMzk4MjQwZTY3ZTRmODI2ZTgwODlkMjViMTI0
OTA0MDEwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzMyNDQ3ZDhhY2FmMjRkZDExMzMyMGJiMjZlYWI1MTNhZmQ2MjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cn2rVCiu0RUgfezlsf1sM81cVdN
RwKJYJO0U3rZi8Yq/DFWw5Gb7swKdSLEMYiZnXOGvPNSmc737YVJkmy4xJunIAgU
61/AuBmEb/mUM7b1Etl3hmz69ns4Pt5OLZvHPBeHOzG6LN/faHLMYXC8WiNYwUK3
Kn3hRQDbsiqYbMfaHaQa3+irUpE87mvsYia9RB6vHb6Yvluhgqp3iMwNzIgKDMIt
JGrNpFQkDe39h8+sM34Un01yFPZDkFkVCjyDzUUDy2c/mrKdVQvq0LHZ8nreReWn
VeMTMzl0MPw+npL0DcdESdXQ5ahh1V7x/AnhEwfttVEMj7V8FGssUOpkYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMyRH2KyvJN0RMyC7Juq1E6/WISMB8GA1UdIwQY
MBaAFF8c2to5gkDmfk+CboCJ0lsSSQQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHh6YTJqbUNRT1otVDRKdWdJblNXeEpKQkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80OTBhZTUtMzJkZC00NDU3LTk0MDct
MGUwMDE1MmRkOWUxLzEvVXpKRWZZcks4azNSRXpJTHNtNnJVVHI5WWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80OTBhZTUtMzJkZC00NDU3LTk0MDctMGUwMDE1MmRkOWUx
LzEvWHh6YTJqbUNRT1otVDRKdWdJblNXeEpKQkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV9EMA0G
CSqGSIb3DQEBCwUAA4IBAQBb3o2bEFUwINI5Mntqw8pN+xWjkTxApfdrmty/Rcb7
6/xfWBvlHIuW7FBj4gjIUhLpOo9wTN5y8xbkWw5LX3pVUajAdNluzSRxpCDH+BJ5
vJ4EBSfVnMtA4p4tybiCUvzTw9b/ziwa/0fCPJCOBMJVksMMqKEbABRghzAYAInl
mNK++1HaiwmmPW3Uo31DJsxyROfdPTmWfVHAND5tuEG2KK1ANX8DFvCnTUN2l1tb
niSAvL1keu7CHyWS8ykDdln7UXQnRcf3zvpEKlf3M0IGvY/1tNsoGSfGXy2h7unO
SfDhDSGZDSFOffIn8ELx6y8RUJSP80ySZ1ZDKN2ptfh0
-----END CERTIFICATE-----