Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/oHMBwrJ0h7czIM2i2E8Ti6vYBMc.roa
File:                     oHMBwrJ0h7czIM2i2E8Ti6vYBMc.roa (raw, json)
Hash identifier:          csBYYdCqeJYULrRIA+ow1ZDoLGBHOuzu3BvkkdasVN4=
Subject key identifier:   A0:73:01:C2:B2:74:87:B7:33:20:CD:A2:D8:4F:13:8B:AB:D8:04:C7
Certificate issuer:       /CN=55959b0bda0a0f591f968408539f331810bb2534
Certificate serial:       018D17C52AA4DEEC98FCAA83670F989139E3
Authority key identifier: 55:95:9B:0B:DA:0A:0F:59:1F:96:84:08:53:9F:33:18:10:BB:25:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/oHMBwrJ0h7czIM2i2E8Ti6vYBMc.roa
Signing time:             Wed 17 Jan 2024 14:13:33 +0000
ROA not before:           Wed 17 Jan 2024 14:13:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212589
IP address blocks:        5.133.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:c5:2a:a4:de:ec:98:fc:aa:83:67:0f:98:91:39:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55959b0bda0a0f591f968408539f331810bb2534
        Validity
            Not Before: Jan 17 14:13:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a07301c2b27487b73320cda2d84f138babd804c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:09:83:51:dc:72:70:17:72:9d:67:10:ff:8e:
                    a4:4c:a3:cb:a2:33:5d:f3:33:25:62:cc:ba:63:40:
                    bd:17:1b:29:f7:c1:42:3a:3e:84:c6:26:41:26:13:
                    eb:8d:a5:38:ab:7a:61:c8:73:fb:86:98:9d:bb:52:
                    2b:75:0e:52:0b:da:19:d9:51:45:83:32:cc:06:51:
                    5f:e0:3e:e6:6b:1b:24:d9:67:af:da:a9:59:69:6b:
                    ce:57:40:64:61:db:b3:01:9c:15:0c:53:c5:ce:d3:
                    7c:50:ab:c1:cb:ec:f5:23:e7:fb:8e:ec:b3:12:34:
                    1a:e2:a1:0d:92:4f:b7:a8:de:8c:da:47:aa:a5:c0:
                    40:09:da:4e:39:15:47:5d:d3:c1:68:f7:28:ba:ed:
                    f7:a6:c1:77:4d:89:db:5f:9f:b8:25:dd:cb:da:19:
                    78:2e:81:69:9c:9f:72:51:01:b6:ab:b1:04:77:06:
                    a1:c7:1f:f3:3e:4f:73:2b:e9:82:2e:0a:8d:24:98:
                    da:53:35:b7:c7:84:99:a0:f1:50:6f:f0:99:d2:76:
                    8f:30:c5:3d:b1:56:8e:da:f7:c4:79:9b:45:5c:87:
                    01:6d:67:ff:fe:ef:09:35:f2:f6:47:0d:ea:fe:cc:
                    91:2c:ce:b9:bf:cb:a1:68:7e:d3:ea:45:63:55:0b:
                    a2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:73:01:C2:B2:74:87:B7:33:20:CD:A2:D8:4F:13:8B:AB:D8:04:C7
            X509v3 Authority Key Identifier:
                keyid:55:95:9B:0B:DA:0A:0F:59:1F:96:84:08:53:9F:33:18:10:BB:25:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/oHMBwrJ0h7czIM2i2E8Ti6vYBMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f4:53:06:a4:c2:5a:43:f4:db:ca:b1:95:c0:48:bd:fa:68:
         0c:0b:d1:dd:fa:8d:be:fa:0c:39:8d:dc:d6:a3:30:2c:3e:8e:
         51:46:6a:56:e4:26:8d:78:c5:7c:d8:47:4b:64:b5:68:7e:90:
         78:a2:2f:96:74:ce:08:08:b0:14:4e:01:89:0c:c8:83:68:5f:
         5b:6e:44:8e:b9:53:dd:0d:ad:9a:fe:cb:7e:36:64:9a:90:e9:
         6a:5c:b9:72:b5:9e:b1:45:4b:cf:64:23:e1:26:39:2a:99:68:
         eb:46:99:ad:0f:35:77:7e:48:ef:44:3f:a6:ab:81:d5:eb:1a:
         c8:2c:3d:01:cf:86:f1:6c:7c:84:a4:c6:65:98:a3:84:c7:11:
         fb:0e:39:d7:9a:e4:65:05:69:a6:53:df:58:1f:d3:d1:be:c2:
         d3:9f:ec:c6:62:0e:a0:72:ee:fb:1f:18:15:ce:69:05:91:bf:
         14:77:92:9e:4f:08:1b:b7:62:2a:53:fc:35:17:fc:72:00:42:
         7f:2a:69:f4:f4:4d:8c:f8:a6:bf:02:b0:7c:8a:67:ce:69:a1:
         a6:a8:11:73:67:de:e2:83:49:b8:03:19:aa:77:12:27:aa:c4:
         ab:26:af:9d:a6:80:72:cf:e4:67:73:bc:4c:09:6c:09:38:da:
         d8:ba:29:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0XxSqk3uyY/KqDZw+YkTnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OTU5YjBiZGEwYTBmNTkxZjk2ODQwODUzOWYzMzE4MTBi
YjI1MzQwHhcNMjQwMTE3MTQxMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDczMDFjMmIyNzQ4N2I3MzMyMGNkYTJkODRmMTM4YmFiZDgwNGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAmDUdxycBdynWcQ/46kTKPLojNd
8zMlYsy6Y0C9Fxsp98FCOj6ExiZBJhPrjaU4q3phyHP7hpidu1IrdQ5SC9oZ2VFF
gzLMBlFf4D7maxsk2Wev2qlZaWvOV0BkYduzAZwVDFPFztN8UKvBy+z1I+f7juyz
EjQa4qENkk+3qN6M2keqpcBACdpOORVHXdPBaPcouu33psF3TYnbX5+4Jd3L2hl4
LoFpnJ9yUQG2q7EEdwahxx/zPk9zK+mCLgqNJJjaUzW3x4SZoPFQb/CZ0naPMMU9
sVaO2vfEeZtFXIcBbWf//u8JNfL2Rw3q/syRLM65v8uhaH7T6kVjVQuiXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBzAcKydIe3MyDNothPE4ur2ATHMB8GA1UdIwQY
MBaAFFWVmwvaCg9ZH5aECFOfMxgQuyU0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlpXYkM5b0tEMWtmbG9RSVU1OHpHQkM3SlRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8xM2ZjNTktM2I0Zi00NTJjLTgxZDQt
MTQxNTI4NjY0ZDBiLzEvb0hNQndySjBoN2N6SU0yaTJFOFRpNnZZQk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8xM2ZjNTktM2I0Zi00NTJjLTgxZDQtMTQxNTI4NjY0ZDBi
LzEvVlpXYkM5b0tEMWtmbG9RSVU1OHpHQkM3SlRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVxMA0G
CSqGSIb3DQEBCwUAA4IBAQBV9FMGpMJaQ/TbyrGVwEi9+mgMC9Hd+o2++gw5jdzW
ozAsPo5RRmpW5CaNeMV82EdLZLVofpB4oi+WdM4ICLAUTgGJDMiDaF9bbkSOuVPd
Da2a/st+NmSakOlqXLlytZ6xRUvPZCPhJjkqmWjrRpmtDzV3fkjvRD+mq4HV6xrI
LD0Bz4bxbHyEpMZlmKOExxH7DjnXmuRlBWmmU99YH9PRvsLTn+zGYg6gcu77HxgV
zmkFkb8Ud5KeTwgbt2IqU/w1F/xyAEJ/Kmn09E2M+Ka/ArB8imfOaaGmqBFzZ97i
g0m4AxmqdxInqsSrJq+dpoByz+Rnc7xMCWwJONrYuin3
-----END CERTIFICATE-----