Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/RG5ExuxEx_tOLs2Y6ZI8FuJWDgo.roa
File:                     RG5ExuxEx_tOLs2Y6ZI8FuJWDgo.roa (raw, json)
Hash identifier:          FRnmqq/jUkLdKdJneUJA81f0dQxUZXC/tMsEfBXr1I4=
Subject key identifier:   44:6E:44:C6:EC:44:C7:FB:4E:2E:CD:98:E9:92:3C:16:E2:56:0E:0A
Certificate issuer:       /CN=8110149fd12130b3cdcf35862b0dcdb98a9471c9
Certificate serial:       018CC5DBFA592D2AA386CAAAE0B2A1A84E0C
Authority key identifier: 81:10:14:9F:D1:21:30:B3:CD:CF:35:86:2B:0D:CD:B9:8A:94:71:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gRAUn9EhMLPNzzWGKw3NuYqUcck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/RG5ExuxEx_tOLs2Y6ZI8FuJWDgo.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8560
IP address blocks:        217.73.68.0/24 maxlen: 24
                          217.73.70.0/24 maxlen: 24
                          217.73.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/gRAUn9EhMLPNzzWGKw3NuYqUcck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/gRAUn9EhMLPNzzWGKw3NuYqUcck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gRAUn9EhMLPNzzWGKw3NuYqUcck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fa:59:2d:2a:a3:86:ca:aa:e0:b2:a1:a8:4e:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8110149fd12130b3cdcf35862b0dcdb98a9471c9
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=446e44c6ec44c7fb4e2ecd98e9923c16e2560e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c7:fa:83:01:ad:dd:1a:43:09:2f:2d:a9:8b:
                    50:b1:1f:0a:87:b2:f6:51:2e:ca:a5:6c:52:a8:56:
                    94:ec:6b:83:6b:61:14:86:7f:95:08:b7:24:36:92:
                    f6:cb:13:68:80:42:20:65:20:f4:ef:ed:aa:19:93:
                    4a:20:2a:ca:af:59:b9:02:38:98:f8:2c:ac:93:cc:
                    cd:76:a4:a0:2c:60:52:99:7f:22:ff:40:0b:92:52:
                    36:cf:80:c4:4a:49:1b:a7:38:88:44:d9:c3:82:ef:
                    2a:83:10:89:b2:c4:1c:b9:12:87:27:db:f1:5d:4d:
                    e4:a5:50:77:b0:51:62:92:36:d1:4e:79:3d:27:96:
                    c9:fb:f5:90:c8:0c:20:df:54:33:65:0b:a8:35:bb:
                    5c:ef:dd:19:d0:69:87:d6:d0:3a:19:ff:42:fa:72:
                    22:96:ab:a4:04:66:58:43:71:76:fc:41:66:7b:f4:
                    f8:75:9d:f6:ee:0b:4d:c5:8d:fd:8c:25:0f:75:cf:
                    a4:bd:88:c7:4a:74:d5:19:fe:eb:0a:62:87:44:03:
                    43:70:a5:49:60:38:86:39:18:5b:4d:ee:58:9d:5a:
                    f0:fd:11:cd:00:96:59:ed:2a:53:1e:9c:d2:cc:2e:
                    40:b0:b1:19:8c:41:38:35:46:16:4c:61:95:92:2f:
                    ca:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:6E:44:C6:EC:44:C7:FB:4E:2E:CD:98:E9:92:3C:16:E2:56:0E:0A
            X509v3 Authority Key Identifier:
                keyid:81:10:14:9F:D1:21:30:B3:CD:CF:35:86:2B:0D:CD:B9:8A:94:71:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gRAUn9EhMLPNzzWGKw3NuYqUcck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/RG5ExuxEx_tOLs2Y6ZI8FuJWDgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/gRAUn9EhMLPNzzWGKw3NuYqUcck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.73.68.0-217.73.70.255

    Signature Algorithm: sha256WithRSAEncryption
         64:9d:33:31:21:fb:1d:d4:d7:b0:ff:f4:83:07:d1:90:fe:6a:
         c2:4b:90:e2:1b:6a:c7:42:10:97:a1:0d:8f:c6:d4:94:c6:cd:
         a4:aa:c4:d7:8e:4f:86:05:66:94:7c:5b:2e:a2:df:6f:e1:1d:
         e3:93:87:e7:49:e8:ff:c4:4b:10:47:65:04:14:f9:41:89:e6:
         5e:8e:46:26:73:80:c6:13:45:7e:91:de:40:bf:69:eb:1d:23:
         44:02:41:66:21:03:dd:be:d3:5c:6c:19:7f:6a:f4:aa:8b:dd:
         58:a8:e5:cb:11:a5:b1:a6:55:78:81:a4:19:e7:42:9f:af:c4:
         cc:34:e4:55:9a:3f:5e:c4:62:e7:28:a5:1c:99:84:dc:f1:f7:
         f6:15:c0:2f:0e:d5:02:10:23:5c:81:00:a5:b2:5d:18:02:88:
         35:04:19:0c:71:b0:b1:ca:88:e3:35:14:9b:d2:49:58:71:09:
         18:8e:2b:68:8f:f4:fd:ac:60:35:1f:2f:7a:35:e5:7a:93:dd:
         40:3c:a1:22:57:11:91:6d:d0:f7:34:f6:01:74:a8:78:9f:3f:
         67:4b:0c:b8:7f:e3:b0:43:9a:a6:28:e9:3e:1f:e9:9f:9e:42:
         e3:0c:8a:6b:86:c2:86:e7:eb:75:20:2e:15:c0:29:37:ce:fe:
         90:11:f7:d4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF2/pZLSqjhsqq4LKhqE4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMTAxNDlmZDEyMTMwYjNjZGNmMzU4NjJiMGRjZGI5OGE5
NDcxYzkwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDZlNDRjNmVjNDRjN2ZiNGUyZWNkOThlOTkyM2MxNmUyNTYwZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsf6gwGt3RpDCS8tqYtQsR8Kh7L2
US7KpWxSqFaU7GuDa2EUhn+VCLckNpL2yxNogEIgZSD07+2qGZNKICrKr1m5AjiY
+Cysk8zNdqSgLGBSmX8i/0ALklI2z4DESkkbpziIRNnDgu8qgxCJssQcuRKHJ9vx
XU3kpVB3sFFikjbRTnk9J5bJ+/WQyAwg31QzZQuoNbtc790Z0GmH1tA6Gf9C+nIi
lqukBGZYQ3F2/EFme/T4dZ327gtNxY39jCUPdc+kvYjHSnTVGf7rCmKHRANDcKVJ
YDiGORhbTe5YnVrw/RHNAJZZ7SpTHpzSzC5AsLEZjEE4NUYWTGGVki/KRwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFERuRMbsRMf7Ti7NmOmSPBbiVg4KMB8GA1UdIwQY
MBaAFIEQFJ/RITCzzc81hisNzbmKlHHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1JBVW45RWhNTFBOenpXR0t3M051WXFVY2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80OGRiMTAtM2JhOC00ZTgwLWIzZGMt
YWIzMWVhY2JmZmNhLzEvUkc1RXh1eEV4X3RPTHMyWTZaSThGdUpXRGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80OGRiMTAtM2JhOC00ZTgwLWIzZGMtYWIzMWVhY2JmZmNh
LzEvZ1JBVW45RWhNTFBOenpXR0t3M051WXFVY2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALZSUQD
BADZSUYwDQYJKoZIhvcNAQELBQADggEBAGSdMzEh+x3U17D/9IMH0ZD+asJLkOIb
asdCEJehDY/G1JTGzaSqxNeOT4YFZpR8Wy6i32/hHeOTh+dJ6P/ESxBHZQQU+UGJ
5l6ORiZzgMYTRX6R3kC/aesdI0QCQWYhA92+01xsGX9q9KqL3Vio5csRpbGmVXiB
pBnnQp+vxMw05FWaP17EYucopRyZhNzx9/YVwC8O1QIQI1yBAKWyXRgCiDUEGQxx
sLHKiOM1FJvSSVhxCRiOK2iP9P2sYDUfL3o15XqT3UA8oSJXEZFt0Pc09gF0qHif
P2dLDLh/47BDmqYo6T4f6Z+eQuMMimuGwobn63UgLhXAKTfO/pAR99Q=
-----END CERTIFICATE-----