Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/g0e8P2itr8M28Uwq5EYhZbC4WYU.roa
File:                     g0e8P2itr8M28Uwq5EYhZbC4WYU.roa (raw, json)
Hash identifier:          FoDf3xE8pLiK++JA75QpXVRnkiqYZ6KlfORq120/cCQ=
Subject key identifier:   83:47:BC:3F:68:AD:AF:C3:36:F1:4C:2A:E4:46:21:65:B0:B8:59:85
Certificate issuer:       /CN=6167999645e15b65268a0d93bb14c4f51724451b
Certificate serial:       018CCA99B5FA737C357E78EED8167DB6F069
Authority key identifier: 61:67:99:96:45:E1:5B:65:26:8A:0D:93:BB:14:C4:F5:17:24:45:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWeZlkXhW2Umig2TuxTE9RckRRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/g0e8P2itr8M28Uwq5EYhZbC4WYU.roa
Signing time:             Tue 02 Jan 2024 14:35:20 +0000
ROA not before:           Tue 02 Jan 2024 14:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62080
IP address blocks:        194.145.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/YWeZlkXhW2Umig2TuxTE9RckRRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/YWeZlkXhW2Umig2TuxTE9RckRRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YWeZlkXhW2Umig2TuxTE9RckRRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:b5:fa:73:7c:35:7e:78:ee:d8:16:7d:b6:f0:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6167999645e15b65268a0d93bb14c4f51724451b
        Validity
            Not Before: Jan  2 14:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8347bc3f68adafc336f14c2ae4462165b0b85985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6c:fc:9e:db:f0:94:e1:03:aa:f5:f2:07:bf:
                    99:3c:a1:b1:dc:72:ab:85:30:dd:f8:05:71:79:f8:
                    26:4e:3f:ee:e5:3e:d2:f3:4e:a8:48:ab:0e:91:2c:
                    eb:0b:eb:a3:dd:5a:86:25:49:8a:e7:4c:ad:38:46:
                    79:4c:61:16:36:3c:60:b0:a8:85:e8:9d:ae:ba:77:
                    8b:cc:89:38:9d:6c:3c:7b:28:66:cb:25:e8:ce:df:
                    1b:c2:39:e9:6b:41:ed:c9:3d:53:22:b8:4b:4a:a9:
                    cb:c4:24:33:67:87:0c:23:f9:07:76:4d:13:1b:12:
                    40:f1:5f:f2:81:9e:25:00:59:32:8a:a8:98:61:03:
                    be:38:be:b7:26:dc:54:fe:ce:63:37:08:86:aa:b3:
                    b4:96:49:78:ab:ae:15:5a:c3:6b:a8:69:d1:99:b1:
                    d2:73:64:2b:c0:52:4a:93:ce:bd:06:82:2b:f2:bd:
                    f1:05:10:1a:9c:36:21:49:55:fa:c2:ea:18:f6:62:
                    0e:3d:7a:4a:15:1e:1f:2a:2b:85:2b:75:1e:d7:94:
                    b2:1c:ab:17:92:4f:5b:b8:fd:80:33:c6:8c:35:36:
                    13:e1:7f:90:cd:fb:c9:e1:0c:08:5e:0b:70:3a:52:
                    2c:08:6b:69:2f:34:22:e5:d3:56:22:93:67:6e:b0:
                    b5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:47:BC:3F:68:AD:AF:C3:36:F1:4C:2A:E4:46:21:65:B0:B8:59:85
            X509v3 Authority Key Identifier:
                keyid:61:67:99:96:45:E1:5B:65:26:8A:0D:93:BB:14:C4:F5:17:24:45:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWeZlkXhW2Umig2TuxTE9RckRRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/g0e8P2itr8M28Uwq5EYhZbC4WYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d31a25-2507-471d-adc7-8807f95ae75d/1/YWeZlkXhW2Umig2TuxTE9RckRRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:3d:c6:12:44:e8:82:a1:76:8d:f0:67:e7:1e:bc:65:18:09:
         09:81:e9:32:78:9f:e6:68:ba:98:2d:46:08:4c:e9:18:ce:c5:
         a2:eb:2d:55:02:04:df:79:53:51:7a:44:35:87:9f:b4:ee:0e:
         32:50:75:7b:6e:56:6b:20:a8:ec:2c:1c:84:58:7b:05:47:33:
         61:57:c0:a9:ea:a7:99:a7:30:7f:eb:0e:ce:5f:42:1e:ee:be:
         2b:e4:bb:7d:fa:9f:72:eb:04:ab:73:16:7e:35:ed:3e:25:da:
         96:76:b7:16:98:79:4b:a1:59:d8:36:34:13:ac:12:f2:66:cf:
         c5:eb:b4:9e:14:6a:eb:a5:99:0c:f6:1c:ad:b8:01:f3:4c:40:
         ab:fa:b7:ae:57:3b:c8:c7:13:a6:72:20:ce:f5:c3:01:59:94:
         fd:29:a4:f3:f0:d3:ee:d5:90:86:f3:97:34:80:8f:82:53:a4:
         c6:5b:b8:3d:fc:47:b7:61:a6:3e:1c:18:95:cc:47:e0:18:35:
         4a:6a:1e:31:e3:91:68:88:68:7e:a2:5a:df:50:74:17:7b:92:
         3d:da:31:3b:7f:9a:cc:8c:bf:bb:e5:b7:af:a6:bc:69:25:b5:
         a1:4c:08:ff:4a:ce:83:4b:75:18:40:4d:6a:cf:68:4a:28:10:
         cb:54:7b:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmbX6c3w1fnju2BZ9tvBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNjc5OTk2NDVlMTViNjUyNjhhMGQ5M2JiMTRjNGY1MTcy
NDQ1MWIwHhcNMjQwMTAyMTQzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ3YmMzZjY4YWRhZmMzMzZmMTRjMmFlNDQ2MjE2NWIwYjg1OTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2z8ntvwlOEDqvXyB7+ZPKGx3HKr
hTDd+AVxefgmTj/u5T7S806oSKsOkSzrC+uj3VqGJUmK50ytOEZ5TGEWNjxgsKiF
6J2uuneLzIk4nWw8eyhmyyXozt8bwjnpa0HtyT1TIrhLSqnLxCQzZ4cMI/kHdk0T
GxJA8V/ygZ4lAFkyiqiYYQO+OL63JtxU/s5jNwiGqrO0lkl4q64VWsNrqGnRmbHS
c2QrwFJKk869BoIr8r3xBRAanDYhSVX6wuoY9mIOPXpKFR4fKiuFK3Ue15SyHKsX
kk9buP2AM8aMNTYT4X+QzfvJ4QwIXgtwOlIsCGtpLzQi5dNWIpNnbrC1swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINHvD9ora/DNvFMKuRGIWWwuFmFMB8GA1UdIwQY
MBaAFGFnmZZF4VtlJooNk7sUxPUXJEUbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVdlWmxrWGhXMlVtaWcyVHV4VEU5UmNrUlJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kMzFhMjUtMjUwNy00NzFkLWFkYzct
ODgwN2Y5NWFlNzVkLzEvZzBlOFAyaXRyOE0yOFV3cTVFWWhaYkM0V1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kMzFhMjUtMjUwNy00NzFkLWFkYzctODgwN2Y5NWFlNzVk
LzEvWVdlWmxrWGhXMlVtaWcyVHV4VEU5UmNrUlJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGNMA0G
CSqGSIb3DQEBCwUAA4IBAQAFPcYSROiCoXaN8GfnHrxlGAkJgekyeJ/maLqYLUYI
TOkYzsWi6y1VAgTfeVNRekQ1h5+07g4yUHV7blZrIKjsLByEWHsFRzNhV8Cp6qeZ
pzB/6w7OX0Ie7r4r5Lt9+p9y6wSrcxZ+Ne0+JdqWdrcWmHlLoVnYNjQTrBLyZs/F
67SeFGrrpZkM9hytuAHzTECr+reuVzvIxxOmciDO9cMBWZT9KaTz8NPu1ZCG85c0
gI+CU6TGW7g9/Ee3YaY+HBiVzEfgGDVKah4x45FoiGh+olrfUHQXe5I92jE7f5rM
jL+75bevprxpJbWhTAj/Ss6DS3UYQE1qz2hKKBDLVHs/
-----END CERTIFICATE-----