Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/ODjZE2aOpEvQUEE513VN5L9LcD8.roa
File:                     ODjZE2aOpEvQUEE513VN5L9LcD8.roa (raw, json)
Hash identifier:          xZ/s0DcLjROpS+rHwe/i5V++6uNGNHEbzdIqQqLpzmo=
Subject key identifier:   38:38:D9:13:66:8E:A4:4B:D0:50:41:39:D7:75:4D:E4:BF:4B:70:3F
Certificate issuer:       /CN=a3698b01053911607edb2a76090a6aced95a3ed5
Certificate serial:       018CC5DC26CA232D9DFB4185286AD960369A
Authority key identifier: A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/ODjZE2aOpEvQUEE513VN5L9LcD8.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209154
IP address blocks:        194.61.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:26:ca:23:2d:9d:fb:41:85:28:6a:d9:60:36:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3698b01053911607edb2a76090a6aced95a3ed5
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3838d913668ea44bd0504139d7754de4bf4b703f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d2:d5:07:56:94:a0:6d:a3:88:35:35:e4:a8:
                    c5:37:04:fa:41:69:fe:4b:5c:06:96:51:fc:b3:b6:
                    12:40:f6:74:e1:34:d5:18:9f:3d:43:bd:11:c1:cf:
                    63:cc:ff:9e:82:a1:ee:62:5e:84:be:2e:a3:cd:1c:
                    c8:e6:2f:42:f7:3b:b6:f8:d0:d8:3e:6b:e0:15:f8:
                    61:59:82:32:4a:61:e8:75:dc:00:7c:f2:99:37:fc:
                    ea:4a:e8:5d:ca:87:0a:23:12:50:37:3f:99:ec:78:
                    40:be:57:86:01:86:e6:ee:46:0d:2e:3e:8e:b1:b9:
                    d6:6d:8e:b9:97:17:ea:8e:57:bd:14:14:15:9b:6f:
                    d3:97:83:21:ce:2f:3c:23:18:98:78:fb:03:80:53:
                    f4:11:49:35:03:f1:63:e5:7f:25:1d:e4:3b:48:ea:
                    ae:be:49:b3:fe:3d:62:d4:63:44:ee:fd:d8:51:20:
                    03:24:ba:f5:b1:6d:d0:c5:8a:b4:09:fa:a5:db:5d:
                    00:a1:f7:06:1b:6e:af:c9:b7:ff:ff:08:af:ea:54:
                    82:7e:86:64:f4:b2:4c:42:5d:75:a1:4a:d8:69:64:
                    0f:72:be:ee:af:49:92:8f:75:a5:2c:92:8b:33:53:
                    00:62:21:58:91:4f:34:ac:8d:9a:f7:aa:94:bc:70:
                    22:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:38:D9:13:66:8E:A4:4B:D0:50:41:39:D7:75:4D:E4:BF:4B:70:3F
            X509v3 Authority Key Identifier:
                keyid:A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/ODjZE2aOpEvQUEE513VN5L9LcD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:01:e4:b3:d0:c8:ce:d3:8a:bc:7e:3a:c1:96:d5:c5:ff:61:
         c9:64:95:8a:52:a8:61:cb:31:cf:dd:c3:d5:55:b3:21:e7:5f:
         7d:c3:99:72:8e:9c:97:d6:d2:8f:25:d3:9d:09:1e:7b:c7:75:
         1c:23:1e:67:12:d7:0d:03:c5:2f:0a:e7:d8:3a:6e:ad:bf:28:
         0c:a2:60:e6:74:70:5f:16:f8:fd:fb:7e:5a:fb:b5:87:85:42:
         56:fc:4f:f2:54:a6:71:8b:7d:b6:3d:02:8c:89:8f:f7:02:81:
         5f:34:70:62:25:7c:4b:39:7d:6a:c5:60:71:f7:ff:03:b0:d0:
         06:e4:fe:93:ae:ea:b4:c5:cd:cf:7e:ce:c2:9b:e6:ac:cb:a3:
         26:0d:d3:f2:38:01:4d:a5:76:f2:1a:71:20:d3:15:21:f7:94:
         da:63:c2:a4:b5:aa:72:1f:0e:7a:a2:a5:ef:a9:b0:f5:3c:90:
         4c:36:49:7d:32:b3:0c:e5:4a:44:42:23:68:e2:2a:91:c2:ac:
         91:bc:18:19:9a:66:53:61:12:a7:8f:e5:cb:43:fa:aa:51:25:
         be:d9:80:5a:19:23:e6:a0:d1:7f:14:c8:d8:cf:3c:fb:22:ce:
         cf:40:7f:72:10:44:19:aa:41:c2:54:30:7d:4e:bf:70:05:ef:
         2a:29:d5:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CbKIy2d+0GFKGrZYDaaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjk4YjAxMDUzOTExNjA3ZWRiMmE3NjA5MGE2YWNlZDk1
YTNlZDUwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM4ZDkxMzY2OGVhNDRiZDA1MDQxMzlkNzc1NGRlNGJmNGI3MDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9LVB1aUoG2jiDU15KjFNwT6QWn+
S1wGllH8s7YSQPZ04TTVGJ89Q70Rwc9jzP+egqHuYl6Evi6jzRzI5i9C9zu2+NDY
PmvgFfhhWYIySmHoddwAfPKZN/zqSuhdyocKIxJQNz+Z7HhAvleGAYbm7kYNLj6O
sbnWbY65lxfqjle9FBQVm2/Tl4Mhzi88IxiYePsDgFP0EUk1A/Fj5X8lHeQ7SOqu
vkmz/j1i1GNE7v3YUSADJLr1sW3QxYq0Cfql210AofcGG26vybf//wiv6lSCfoZk
9LJMQl11oUrYaWQPcr7ur0mSj3WlLJKLM1MAYiFYkU80rI2a96qUvHAiqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg42RNmjqRL0FBBOdd1TeS/S3A/MB8GA1UdIwQY
MBaAFKNpiwEFORFgftsqdgkKas7ZWj7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTIt
YmJkMzExMTg2OTUwLzEvT0RqWkUyYU9wRXZRVUVFNTEzVk41TDlMY0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTItYmJkMzExMTg2OTUw
LzEvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj3gMA0G
CSqGSIb3DQEBCwUAA4IBAQCsAeSz0MjO04q8fjrBltXF/2HJZJWKUqhhyzHP3cPV
VbMh5199w5lyjpyX1tKPJdOdCR57x3UcIx5nEtcNA8UvCufYOm6tvygMomDmdHBf
Fvj9+35a+7WHhUJW/E/yVKZxi322PQKMiY/3AoFfNHBiJXxLOX1qxWBx9/8DsNAG
5P6Truq0xc3Pfs7Cm+asy6MmDdPyOAFNpXbyGnEg0xUh95TaY8KktapyHw56oqXv
qbD1PJBMNkl9MrMM5UpEQiNo4iqRwqyRvBgZmmZTYRKnj+XLQ/qqUSW+2YBaGSPm
oNF/FMjYzzz7Is7PQH9yEEQZqkHCVDB9Tr9wBe8qKdW0
-----END CERTIFICATE-----