Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Bc5_73qFvhCgRS_ivyWRRJLjxlU.roa
File:                     Bc5_73qFvhCgRS_ivyWRRJLjxlU.roa (raw, json)
Hash identifier:          c/WT2med4B+cpTZKlyoiSkcIMGMNepdyYelHnwG1/Ns=
Subject key identifier:   05:CE:7F:EF:7A:85:BE:10:A0:45:2F:E2:BF:25:91:44:92:E3:C6:55
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018F050D4C28EF23112BE49D727F40CE15B5
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Bc5_73qFvhCgRS_ivyWRRJLjxlU.roa
Signing time:             Mon 22 Apr 2024 09:05:08 +0000
ROA not before:           Mon 22 Apr 2024 09:05:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26383
IP address blocks:        104.239.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:0d:4c:28:ef:23:11:2b:e4:9d:72:7f:40:ce:15:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr 22 09:05:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05ce7fef7a85be10a0452fe2bf25914492e3c655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:34:14:80:44:0d:32:89:5b:96:16:1d:9d:96:
                    0f:c0:43:ca:c8:37:e7:6f:6c:ad:d9:5f:7f:e3:32:
                    45:35:a9:09:b7:f5:a0:f5:c0:86:70:56:b4:9d:e8:
                    11:73:ba:5a:fc:c7:83:d6:fd:ed:a0:24:e1:f1:2d:
                    9f:a2:66:6c:30:f2:e3:cb:88:f3:01:d4:5c:2f:eb:
                    14:b2:1f:f8:d4:7c:15:64:e3:17:f5:63:ef:87:94:
                    60:0c:bb:b5:ee:33:70:85:d3:47:7d:f0:42:85:34:
                    b4:a6:be:4a:28:ef:1d:57:62:28:53:9d:08:ec:69:
                    ff:3f:09:05:4b:a0:3d:e7:70:47:c9:61:8a:fc:34:
                    6c:09:82:54:e1:7f:80:51:06:4e:fb:78:fa:22:10:
                    8b:03:7d:e1:65:c2:c2:db:6b:0a:95:e0:bc:f5:b2:
                    11:a6:16:7c:31:28:ac:2b:3e:34:6e:cd:61:83:1b:
                    88:04:4d:3b:45:16:05:a2:18:ed:7d:ef:01:71:d8:
                    20:20:3a:20:c9:aa:50:3a:1b:f3:08:ee:26:35:f0:
                    66:27:1b:1f:47:cf:d3:38:c9:af:f4:07:f1:06:d0:
                    eb:c8:bb:7d:40:18:98:12:2b:34:c9:9b:b2:94:ba:
                    f4:9a:97:8b:c2:b8:9e:1e:75:b5:3e:2c:b3:e6:7a:
                    43:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:CE:7F:EF:7A:85:BE:10:A0:45:2F:E2:BF:25:91:44:92:E3:C6:55
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Bc5_73qFvhCgRS_ivyWRRJLjxlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.239.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ea:4a:d6:e1:ae:c9:7d:4a:59:e4:a3:37:54:e1:83:d6:7d:
         4d:cc:5b:5f:92:d0:f4:16:cb:81:8f:24:fa:f9:c1:ea:41:c5:
         86:8b:5b:15:b2:da:28:51:13:ab:bf:f9:62:88:c7:5b:ed:3a:
         f1:f4:cf:c6:10:0c:1a:b5:f2:5d:44:72:34:89:15:d0:ee:da:
         a4:ff:73:2a:a5:8b:84:ad:5a:23:cd:0e:25:65:cc:6e:38:8d:
         aa:3c:4a:f1:36:14:9c:7e:e3:98:26:f3:2f:cf:e7:e0:36:bc:
         5a:25:ac:5a:4b:28:4b:20:73:30:97:c1:a1:67:04:21:06:ad:
         e3:4d:7f:6f:3a:27:cb:91:40:68:12:dd:c5:28:b0:7f:3a:38:
         d0:72:e8:d0:b7:50:a8:95:31:88:83:2d:12:f3:97:25:cd:d6:
         3c:73:8f:f5:61:2c:ce:8c:2a:35:27:73:8b:28:06:bb:a8:cf:
         67:94:9b:42:5a:a5:df:6b:b5:89:0d:76:16:74:7a:2c:55:20:
         b7:46:39:29:c0:7a:6b:5a:d6:c7:72:e4:bc:92:8d:49:98:46:
         8c:93:c5:95:34:44:b1:f0:17:07:73:fb:6f:78:e3:6d:c5:cb:
         08:2d:e4:13:3c:3f:b8:ef:97:5f:03:ba:d8:5a:be:ad:dc:a6:
         f8:52:65:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8FDUwo7yMRK+Sdcn9AzhW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNDIyMDkwNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWNlN2ZlZjdhODViZTEwYTA0NTJmZTJiZjI1OTE0NDkyZTNjNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTQUgEQNMolblhYdnZYPwEPKyDfn
b2yt2V9/4zJFNakJt/Wg9cCGcFa0negRc7pa/MeD1v3toCTh8S2fomZsMPLjy4jz
AdRcL+sUsh/41HwVZOMX9WPvh5RgDLu17jNwhdNHffBChTS0pr5KKO8dV2IoU50I
7Gn/PwkFS6A953BHyWGK/DRsCYJU4X+AUQZO+3j6IhCLA33hZcLC22sKleC89bIR
phZ8MSisKz40bs1hgxuIBE07RRYFohjtfe8BcdggIDogyapQOhvzCO4mNfBmJxsf
R8/TOMmv9AfxBtDryLt9QBiYEis0yZuylLr0mpeLwrieHnW1Piyz5npDxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXOf+96hb4QoEUv4r8lkUSS48ZVMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvQmM1XzczcUZ2aENnUlNfaXZ5V1JSSkxqeGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO9XMA0G
CSqGSIb3DQEBCwUAA4IBAQBj6krW4a7JfUpZ5KM3VOGD1n1NzFtfktD0FsuBjyT6
+cHqQcWGi1sVstooUROrv/liiMdb7Trx9M/GEAwatfJdRHI0iRXQ7tqk/3MqpYuE
rVojzQ4lZcxuOI2qPErxNhScfuOYJvMvz+fgNrxaJaxaSyhLIHMwl8GhZwQhBq3j
TX9vOifLkUBoEt3FKLB/OjjQcujQt1ColTGIgy0S85clzdY8c4/1YSzOjCo1J3OL
KAa7qM9nlJtCWqXfa7WJDXYWdHosVSC3RjkpwHprWtbHcuS8ko1JmEaMk8WVNESx
8BcHc/tveONtxcsILeQTPD+475dfA7rYWr6t3Kb4UmXU
-----END CERTIFICATE-----