Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/CW3mAtCqWgPxWS6h_zTVIzCAywQ.roa
File:                     CW3mAtCqWgPxWS6h_zTVIzCAywQ.roa (raw, json)
Hash identifier:          aBtJw68+DNe0dFUq1RVDKhKq6rWanQqzQbfRS0IdVM0=
Subject key identifier:   09:6D:E6:02:D0:AA:5A:03:F1:59:2E:A1:FF:34:D5:23:30:80:CB:04
Certificate issuer:       /CN=3993d54e639080a46c3fe3d58aa87e305db69ad1
Certificate serial:       018CC2DB24B22EBB1C8C19FB77FD09371D80
Authority key identifier: 39:93:D5:4E:63:90:80:A4:6C:3F:E3:D5:8A:A8:7E:30:5D:B6:9A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/CW3mAtCqWgPxWS6h_zTVIzCAywQ.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212424
IP address blocks:        192.159.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/OZPVTmOQgKRsP-PViqh-MF22mtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/OZPVTmOQgKRsP-PViqh-MF22mtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:24:b2:2e:bb:1c:8c:19:fb:77:fd:09:37:1d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3993d54e639080a46c3fe3d58aa87e305db69ad1
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=096de602d0aa5a03f1592ea1ff34d5233080cb04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:26:51:7a:a8:36:eb:cf:39:2a:30:2c:3b:27:
                    b2:24:76:f1:45:0b:dd:88:4f:f1:8c:20:bc:fe:e7:
                    10:f0:4d:a6:ec:8e:dd:c1:06:96:75:c2:3f:ac:9a:
                    36:2b:85:37:e4:3a:85:33:a9:0f:7d:3d:06:89:22:
                    7b:41:55:0e:78:a0:82:9f:ef:c4:0c:9d:3e:5a:ac:
                    09:56:19:35:37:64:7d:3e:c0:32:2d:82:5c:a4:67:
                    dd:f2:b6:2f:81:a8:6c:77:3d:db:70:6e:bf:76:ea:
                    0e:5a:56:cd:29:b6:8a:e0:b4:44:66:9e:37:e4:dc:
                    37:a0:a8:0d:4d:f0:97:ba:89:f4:92:bd:c6:53:9a:
                    49:b9:64:23:68:96:db:a9:f8:e8:25:70:52:7e:cc:
                    63:65:81:35:a7:4b:4f:bd:5d:57:be:a4:10:b3:ed:
                    e8:3f:9d:65:c7:38:e1:46:91:d8:16:f5:22:ad:53:
                    4d:75:c4:98:3e:02:e7:f9:7f:c2:93:6b:d1:36:c1:
                    26:0d:22:7b:50:3e:75:46:6e:a3:24:42:6e:03:2f:
                    10:75:fb:de:37:a7:b9:40:f7:80:0c:b1:ea:19:d4:
                    60:f1:34:3f:a5:e3:75:45:ef:99:c8:81:a9:75:d2:
                    da:b6:bc:80:6f:fa:bf:b3:36:a6:f0:5d:d5:82:e4:
                    14:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6D:E6:02:D0:AA:5A:03:F1:59:2E:A1:FF:34:D5:23:30:80:CB:04
            X509v3 Authority Key Identifier:
                keyid:39:93:D5:4E:63:90:80:A4:6C:3F:E3:D5:8A:A8:7E:30:5D:B6:9A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/CW3mAtCqWgPxWS6h_zTVIzCAywQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/OZPVTmOQgKRsP-PViqh-MF22mtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.159.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:c7:aa:ad:f0:89:eb:01:d4:45:1b:b4:c4:18:c5:d1:22:51:
         ed:cb:54:7b:33:47:83:af:50:ce:50:0d:9e:24:b3:62:c6:68:
         65:22:7e:ee:21:12:0c:28:4b:43:85:18:f1:de:6b:58:ba:0f:
         d9:20:50:cb:3e:46:a2:8e:c6:86:2d:c1:4e:55:31:97:2d:a2:
         92:f3:a1:40:29:b4:fb:76:de:4f:ff:1d:6d:47:cd:4f:a0:3e:
         aa:8c:e0:15:28:dd:60:0a:59:20:e3:f1:6e:9e:bd:1b:45:97:
         ea:b2:11:96:79:37:a4:1c:41:99:8e:75:49:b7:e5:6a:79:7c:
         ba:7f:ac:2b:40:f2:6b:96:fb:32:ac:da:56:ed:d4:2c:55:ae:
         eb:90:dd:05:a9:34:48:09:49:99:af:05:d0:22:6a:9a:01:12:
         12:52:0f:04:eb:fe:c6:70:14:ee:e9:e0:65:7e:75:85:2a:6e:
         f9:03:64:ee:ae:df:af:64:b6:23:6f:f5:f8:9d:c2:41:bc:e7:
         be:a7:60:3c:a5:82:0e:46:f7:57:07:ca:02:70:53:fd:e5:9a:
         66:72:57:54:4d:df:c6:d9:18:91:15:56:f5:f2:84:1d:d6:df:
         3a:b2:21:2e:63:0a:d6:64:18:90:66:1c:70:9a:a8:4b:22:68:
         51:71:88:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ySyLrscjBn7d/0JNx2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OTNkNTRlNjM5MDgwYTQ2YzNmZTNkNThhYTg3ZTMwNWRi
NjlhZDEwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZkZTYwMmQwYWE1YTAzZjE1OTJlYTFmZjM0ZDUyMzMwODBjYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyZReqg26885KjAsOyeyJHbxRQvd
iE/xjCC8/ucQ8E2m7I7dwQaWdcI/rJo2K4U35DqFM6kPfT0GiSJ7QVUOeKCCn+/E
DJ0+WqwJVhk1N2R9PsAyLYJcpGfd8rYvgahsdz3bcG6/duoOWlbNKbaK4LREZp43
5Nw3oKgNTfCXuon0kr3GU5pJuWQjaJbbqfjoJXBSfsxjZYE1p0tPvV1XvqQQs+3o
P51lxzjhRpHYFvUirVNNdcSYPgLn+X/Ck2vRNsEmDSJ7UD51Rm6jJEJuAy8Qdfve
N6e5QPeADLHqGdRg8TQ/peN1Re+ZyIGpddLatryAb/q/szam8F3VguQUuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlt5gLQqloD8Vkuof801SMwgMsEMB8GA1UdIwQY
MBaAFDmT1U5jkICkbD/j1YqofjBdtprRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1pQVlRtT1FnS1JzUC1QVmlxaC1NRjIybXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS84MDk1OWQtZjVjNC00YWM5LWFkMTMt
ZDQ4ZmJjMWEyNDNiLzEvQ1czbUF0Q3FXZ1B4V1M2aF96VFZJekNBeXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS84MDk1OWQtZjVjNC00YWM5LWFkMTMtZDQ4ZmJjMWEyNDNi
LzEvT1pQVlRtT1FnS1JzUC1QVmlxaC1NRjIybXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJ95MA0G
CSqGSIb3DQEBCwUAA4IBAQBOx6qt8InrAdRFG7TEGMXRIlHty1R7M0eDr1DOUA2e
JLNixmhlIn7uIRIMKEtDhRjx3mtYug/ZIFDLPkaijsaGLcFOVTGXLaKS86FAKbT7
dt5P/x1tR81PoD6qjOAVKN1gClkg4/Funr0bRZfqshGWeTekHEGZjnVJt+VqeXy6
f6wrQPJrlvsyrNpW7dQsVa7rkN0FqTRICUmZrwXQImqaARISUg8E6/7GcBTu6eBl
fnWFKm75A2Turt+vZLYjb/X4ncJBvOe+p2A8pYIORvdXB8oCcFP95ZpmcldUTd/G
2RiRFVb18oQd1t86siEuYwrWZBiQZhxwmqhLImhRcYhQ
-----END CERTIFICATE-----