Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/k5nmlH8rjLxAK0HsUUYcV0QprMY.roa
File:                     k5nmlH8rjLxAK0HsUUYcV0QprMY.roa (raw, json)
Hash identifier:          hqnfVIaorGP3oJhvAGS08rcXVR6hsOMlNO/I94ebFJ8=
Subject key identifier:   93:99:E6:94:7F:2B:8C:BC:40:2B:41:EC:51:46:1C:57:44:29:AC:C6
Certificate issuer:       /CN=0d4ee193b301665b56f6780f225fd44d144093af
Certificate serial:       018CCA2B033FBA66778D281BD3FFF6CC8CA9
Authority key identifier: 0D:4E:E1:93:B3:01:66:5B:56:F6:78:0F:22:5F:D4:4D:14:40:93:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DU7hk7MBZltW9ngPIl_UTRRAk68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/k5nmlH8rjLxAK0HsUUYcV0QprMY.roa
Signing time:             Tue 02 Jan 2024 12:34:25 +0000
ROA not before:           Tue 02 Jan 2024 12:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5516
IP address blocks:        194.117.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/DU7hk7MBZltW9ngPIl_UTRRAk68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/DU7hk7MBZltW9ngPIl_UTRRAk68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DU7hk7MBZltW9ngPIl_UTRRAk68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:03:3f:ba:66:77:8d:28:1b:d3:ff:f6:cc:8c:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d4ee193b301665b56f6780f225fd44d144093af
        Validity
            Not Before: Jan  2 12:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9399e6947f2b8cbc402b41ec51461c574429acc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d6:72:4e:c7:90:41:d0:14:08:8e:11:8f:79:
                    48:63:51:6a:96:b7:8d:df:1b:8d:d5:76:f3:1a:87:
                    ce:b3:08:b5:54:99:14:52:a3:e3:0a:73:32:0b:43:
                    58:c4:23:83:62:63:b0:9c:53:ee:a6:e2:a3:14:02:
                    68:cf:b2:96:5a:61:1f:19:84:37:ca:46:65:a0:36:
                    c2:9a:4d:7a:f6:95:11:27:e4:90:14:b5:4c:0a:1c:
                    98:1b:52:d3:1e:48:59:23:68:b5:35:f8:8e:06:f2:
                    e7:7e:a1:fd:09:0e:db:cf:c0:49:ea:6f:b3:f3:ad:
                    a9:16:1e:b7:b5:cb:cf:6c:4c:8f:c4:1d:01:cf:4e:
                    da:64:7e:1b:88:e4:f5:ad:a4:3f:07:07:61:f1:f0:
                    61:92:f2:22:58:14:38:de:01:fb:5d:3e:6e:ee:0d:
                    4b:8f:92:c2:a9:74:de:ff:1d:0d:9e:0a:17:b8:bd:
                    8d:8f:7e:fe:28:a3:64:56:95:7c:b1:fa:10:80:3e:
                    82:a2:e1:74:53:f4:e2:eb:fb:36:15:5a:88:8e:3e:
                    64:41:78:69:bd:ee:de:7c:25:01:45:2d:61:b3:0e:
                    ea:37:7a:da:01:e0:0d:d8:11:8c:6f:74:cb:60:25:
                    2a:96:8a:79:bc:7b:a8:53:d3:09:22:d4:c1:e7:a7:
                    d5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:99:E6:94:7F:2B:8C:BC:40:2B:41:EC:51:46:1C:57:44:29:AC:C6
            X509v3 Authority Key Identifier:
                keyid:0D:4E:E1:93:B3:01:66:5B:56:F6:78:0F:22:5F:D4:4D:14:40:93:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DU7hk7MBZltW9ngPIl_UTRRAk68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/k5nmlH8rjLxAK0HsUUYcV0QprMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/DU7hk7MBZltW9ngPIl_UTRRAk68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:8b:0e:0b:3a:fc:e8:55:aa:b7:65:6c:82:a8:28:5c:0a:52:
         4a:75:af:bd:8a:86:a2:2e:37:61:c1:8b:dc:dc:9a:11:60:e8:
         d8:67:70:ad:c3:65:26:7b:8e:02:59:66:65:65:47:04:a4:3d:
         a5:68:cd:09:11:61:d7:72:bd:eb:b2:05:d1:eb:60:8c:35:12:
         31:ab:73:b9:79:01:d0:ab:53:bf:c7:98:b6:42:36:e9:8b:a5:
         ec:68:19:6c:dd:96:b3:e9:02:c5:3f:e2:20:78:1f:94:e9:c8:
         b6:d1:d5:ad:b2:af:39:d4:ec:ca:04:8c:90:46:9c:59:9f:b8:
         66:24:3d:ad:1f:37:df:0b:ce:67:3e:1b:09:66:93:f3:c7:f8:
         ff:2a:f7:e0:4c:86:1f:79:20:c1:4c:eb:c4:ae:0a:1a:a8:d4:
         1b:8d:fe:0a:8e:3b:73:0b:de:dd:74:ba:10:e0:26:80:61:0d:
         d1:a5:4d:ca:07:d4:53:7a:e1:bc:e1:54:ec:6c:b1:4f:7a:ce:
         0a:2c:8c:69:19:e2:d4:0e:91:63:3a:e2:2c:69:5b:01:91:f5:
         aa:b5:f3:f1:33:89:4f:a4:88:d6:a4:d8:18:75:ec:aa:7a:ec:
         b7:2a:00:f8:62:04:84:ec:5b:3c:cc:d9:83:5a:92:60:46:bd:
         ae:86:3d:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKwM/umZ3jSgb0//2zIypMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNGVlMTkzYjMwMTY2NWI1NmY2NzgwZjIyNWZkNDRkMTQ0
MDkzYWYwHhcNMjQwMTAyMTIzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzk5ZTY5NDdmMmI4Y2JjNDAyYjQxZWM1MTQ2MWM1NzQ0MjlhY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodZyTseQQdAUCI4Rj3lIY1FqlreN
3xuN1XbzGofOswi1VJkUUqPjCnMyC0NYxCODYmOwnFPupuKjFAJoz7KWWmEfGYQ3
ykZloDbCmk169pURJ+SQFLVMChyYG1LTHkhZI2i1NfiOBvLnfqH9CQ7bz8BJ6m+z
862pFh63tcvPbEyPxB0Bz07aZH4biOT1raQ/Bwdh8fBhkvIiWBQ43gH7XT5u7g1L
j5LCqXTe/x0NngoXuL2Nj37+KKNkVpV8sfoQgD6CouF0U/Ti6/s2FVqIjj5kQXhp
ve7efCUBRS1hsw7qN3raAeAN2BGMb3TLYCUqlop5vHuoU9MJItTB56fV1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOZ5pR/K4y8QCtB7FFGHFdEKazGMB8GA1UdIwQY
MBaAFA1O4ZOzAWZbVvZ4DyJf1E0UQJOvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFU3aGs3TUJabHRXOW5nUElsX1VUUlJBazY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wOTcxMTEtMzA5OC00Y2Y3LWFjMGYt
OWY3ZTBmODYyZjFlLzEvazVubWxIOHJqTHhBSzBIc1VVWWNWMFFwck1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wOTcxMTEtMzA5OC00Y2Y3LWFjMGYtOWY3ZTBmODYyZjFl
LzEvRFU3aGs3TUJabHRXOW5nUElsX1VUUlJBazY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwnUgMA0G
CSqGSIb3DQEBCwUAA4IBAQCSiw4LOvzoVaq3ZWyCqChcClJKda+9ioaiLjdhwYvc
3JoRYOjYZ3Ctw2Ume44CWWZlZUcEpD2laM0JEWHXcr3rsgXR62CMNRIxq3O5eQHQ
q1O/x5i2Qjbpi6XsaBls3Zaz6QLFP+IgeB+U6ci20dWtsq851OzKBIyQRpxZn7hm
JD2tHzffC85nPhsJZpPzx/j/KvfgTIYfeSDBTOvErgoaqNQbjf4KjjtzC97ddLoQ
4CaAYQ3RpU3KB9RTeuG84VTsbLFPes4KLIxpGeLUDpFjOuIsaVsBkfWqtfPxM4lP
pIjWpNgYdeyqeuy3KgD4YgSE7Fs8zNmDWpJgRr2uhj3C
-----END CERTIFICATE-----