Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/94es2FCSNwRWHw8RIaVRTUjWg8U.roa
File:                     94es2FCSNwRWHw8RIaVRTUjWg8U.roa (raw, json)
Hash identifier:          5NC+Q+Tk4bccvxvsXhxWsALxnCB+N2cQRL11rRJRSKk=
Subject key identifier:   F7:87:AC:D8:50:92:37:04:56:1F:0F:11:21:A5:51:4D:48:D6:83:C5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1230BEBC6BA40C6FAD59C9905761
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/94es2FCSNwRWHw8RIaVRTUjWg8U.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52451
IP address blocks:        141.136.58.0/24 maxlen: 24
                          141.136.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:12:30:be:bc:6b:a4:0c:6f:ad:59:c9:90:57:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f787acd850923704561f0f1121a5514d48d683c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:06:4b:99:72:f4:53:db:bd:00:fd:59:ec:b8:
                    57:10:9d:51:ba:dd:5a:d1:54:92:a2:aa:1a:74:22:
                    3a:83:78:c8:93:90:da:ea:41:bf:6e:17:9e:51:89:
                    28:7a:45:78:9b:4e:39:e8:ed:82:bd:cd:d5:fe:b6:
                    a2:53:f8:ef:59:78:6c:4a:3f:7c:91:f1:c7:ee:89:
                    6a:0b:3e:cb:39:72:16:9b:ec:22:93:91:d9:c1:ca:
                    c3:76:ef:4e:91:4b:03:57:14:69:37:32:4a:35:cb:
                    4e:d9:14:ea:ae:d0:c4:f9:5a:a1:4d:ec:5b:94:73:
                    1e:86:ec:24:8f:d1:a4:b0:2a:2c:39:6a:b4:69:43:
                    65:bc:fa:a2:b3:9f:fc:3d:7c:71:4e:5f:5a:4e:c1:
                    5f:12:cd:15:03:e8:1d:04:89:db:63:e2:2f:d8:38:
                    ef:8e:cc:55:e5:e6:84:d4:59:64:61:1d:a5:62:66:
                    fc:34:2d:a0:e7:d8:f6:7b:cc:80:0a:7b:e8:f4:34:
                    e6:28:4d:a1:34:b0:6b:6b:19:98:57:5f:e5:77:32:
                    e4:a1:1a:c9:bc:fb:2f:96:a9:01:2d:43:1e:f7:ef:
                    6a:79:e9:7d:00:9d:d9:1e:f6:09:3f:60:bb:2a:66:
                    d2:a4:e2:87:72:40:14:64:29:54:29:32:dc:fc:6f:
                    0d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:87:AC:D8:50:92:37:04:56:1F:0F:11:21:A5:51:4D:48:D6:83:C5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/94es2FCSNwRWHw8RIaVRTUjWg8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.58.0/24
                  141.136.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:30:ff:43:dd:73:49:67:f0:71:9a:13:88:40:19:a4:54:31:
         5a:98:81:ee:3f:9f:76:ea:c2:52:11:4b:56:36:7d:8f:f0:ee:
         7f:bd:df:38:d6:44:2c:5a:c7:63:86:be:bd:ff:ae:f8:c0:f2:
         b0:71:8d:4e:36:1a:05:f2:54:1d:9e:ba:ce:90:4c:30:30:94:
         60:b2:e4:1b:a3:79:80:0c:5f:00:6a:05:4e:91:07:8c:2d:83:
         07:db:8a:d7:e2:5c:c5:10:74:09:8d:86:08:0c:08:c7:a8:61:
         d7:62:7c:24:56:18:68:7a:58:e9:0c:7b:38:b2:c8:01:8f:fe:
         6c:54:81:0a:a9:99:72:7a:34:2f:ff:95:1f:aa:1d:ca:68:5e:
         54:8b:b4:9c:18:46:66:7f:98:69:14:f5:5d:95:51:78:73:01:
         64:dc:2c:7e:4c:1d:ae:7e:a2:b3:ac:30:80:93:e7:e0:fc:5c:
         1e:48:65:2f:12:63:72:8b:d5:ee:d6:bf:03:81:f1:08:b3:55:
         15:8d:eb:7c:1f:f4:6f:df:0c:10:c8:42:6d:01:9b:63:fd:45:
         ae:af:62:10:4b:b1:d4:b9:a2:31:f3:3a:f9:6c:03:c0:28:41:
         95:02:93:53:68:96:e8:6d:dd:0a:d7:da:0b:6a:24:63:7d:ab:
         09:00:a4:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbhIwvrxrpAxvrVnJkFdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzg3YWNkODUwOTIzNzA0NTYxZjBmMTEyMWE1NTE0ZDQ4ZDY4M2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwZLmXL0U9u9AP1Z7LhXEJ1Rut1a
0VSSoqoadCI6g3jIk5Da6kG/bheeUYkoekV4m0456O2Cvc3V/raiU/jvWXhsSj98
kfHH7olqCz7LOXIWm+wik5HZwcrDdu9OkUsDVxRpNzJKNctO2RTqrtDE+VqhTexb
lHMehuwkj9GksCosOWq0aUNlvPqis5/8PXxxTl9aTsFfEs0VA+gdBInbY+Iv2Djv
jsxV5eaE1FlkYR2lYmb8NC2g59j2e8yACnvo9DTmKE2hNLBraxmYV1/ldzLkoRrJ
vPsvlqkBLUMe9+9qeel9AJ3ZHvYJP2C7KmbSpOKHckAUZClUKTLc/G8NkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPeHrNhQkjcEVh8PESGlUU1I1oPFMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvOTRlczJGQ1NOd1JXSHc4UklhVlJUVWpXZzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjYg6AwQA
jYg8MA0GCSqGSIb3DQEBCwUAA4IBAQAYMP9D3XNJZ/BxmhOIQBmkVDFamIHuP592
6sJSEUtWNn2P8O5/vd841kQsWsdjhr69/674wPKwcY1ONhoF8lQdnrrOkEwwMJRg
suQbo3mADF8AagVOkQeMLYMH24rX4lzFEHQJjYYIDAjHqGHXYnwkVhhoeljpDHs4
ssgBj/5sVIEKqZlyejQv/5Ufqh3KaF5Ui7ScGEZmf5hpFPVdlVF4cwFk3Cx+TB2u
fqKzrDCAk+fg/FweSGUvEmNyi9Xu1r8DgfEIs1UVjet8H/Rv3wwQyEJtAZtj/UWu
r2IQS7HUuaIx8zr5bAPAKEGVApNTaJbobd0K19oLaiRjfasJAKSs
-----END CERTIFICATE-----