Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/5def0f-40a4-4071-a602-bc2b7e6f1ca4/1/tpaueUV-pe6FOkwQLAqzOs-5E9k.roa
File:                     tpaueUV-pe6FOkwQLAqzOs-5E9k.roa (raw, json)
Hash identifier:          liJ5PqyIV3auGcLpf5TvKqwziEiQq7zi6+/F8GAjf7k=
Subject key identifier:   B6:96:AE:79:45:7E:A5:EE:85:3A:4C:10:2C:0A:B3:3A:CF:B9:13:D9
Certificate issuer:       /CN=c5538693167afd4c5aae51dea7e5f3f99ba65be9
Certificate serial:       018DD5249779E245F77F7A8BD0C7AEB69783
Authority key identifier: C5:53:86:93:16:7A:FD:4C:5A:AE:51:DE:A7:E5:F3:F9:9B:A6:5B:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVOGkxZ6_UxarlHep-Xz-ZumW-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/5def0f-40a4-4071-a602-bc2b7e6f1ca4/1/tpaueUV-pe6FOkwQLAqzOs-5E9k.roa
Signing time:             Fri 23 Feb 2024 08:46:01 +0000
ROA not before:           Fri 23 Feb 2024 08:46:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207275
IP address blocks:        91.226.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/5def0f-40a4-4071-a602-bc2b7e6f1ca4/1/xVOGkxZ6_UxarlHep-Xz-ZumW-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/5def0f-40a4-4071-a602-bc2b7e6f1ca4/1/xVOGkxZ6_UxarlHep-Xz-ZumW-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVOGkxZ6_UxarlHep-Xz-ZumW-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:24:97:79:e2:45:f7:7f:7a:8b:d0:c7:ae:b6:97:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5538693167afd4c5aae51dea7e5f3f99ba65be9
        Validity
            Not Before: Feb 23 08:46:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b696ae79457ea5ee853a4c102c0ab33acfb913d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e6:50:d9:42:38:ca:4a:ea:3c:81:9c:0b:15:
                    9e:ad:52:0b:ab:6b:5d:e4:da:8d:ef:fc:d4:3a:ed:
                    57:ef:5d:c6:9c:2b:df:8c:78:c5:06:a3:51:aa:c0:
                    30:80:06:f2:b9:39:85:0a:c4:51:fc:16:2c:2d:7f:
                    ca:90:c5:05:73:aa:5b:96:bc:67:33:7d:b7:34:d3:
                    47:53:12:18:a1:83:df:5d:9a:e5:14:a1:e3:17:e4:
                    47:fc:cd:c9:70:fa:29:fb:b8:22:c7:31:ba:7d:db:
                    c8:cc:ab:09:70:5d:76:19:ac:0e:e1:04:f5:54:59:
                    21:4b:12:15:fe:16:8f:28:6b:98:33:a5:75:0d:a8:
                    86:b1:e2:fb:22:de:52:f6:a7:c6:1f:23:56:af:5b:
                    79:b2:c8:e2:a2:93:48:e7:2f:50:d3:67:e8:14:d1:
                    18:8d:64:2f:c2:db:b5:34:e8:14:88:8e:63:8f:72:
                    3c:fa:1c:89:c6:ca:6d:ec:cd:b5:c3:bf:6c:2b:ef:
                    af:3f:9c:2a:87:bc:99:b6:49:b4:69:72:02:53:be:
                    93:de:ae:4d:7c:5b:27:6b:3d:9e:7f:19:3f:4a:d2:
                    b7:b8:d9:00:2c:1b:7d:30:17:55:c1:0d:9e:23:aa:
                    aa:e9:d1:69:24:88:57:4b:07:09:71:1c:58:b6:6f:
                    b3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:96:AE:79:45:7E:A5:EE:85:3A:4C:10:2C:0A:B3:3A:CF:B9:13:D9
            X509v3 Authority Key Identifier:
                keyid:C5:53:86:93:16:7A:FD:4C:5A:AE:51:DE:A7:E5:F3:F9:9B:A6:5B:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVOGkxZ6_UxarlHep-Xz-ZumW-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/5def0f-40a4-4071-a602-bc2b7e6f1ca4/1/tpaueUV-pe6FOkwQLAqzOs-5E9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/5def0f-40a4-4071-a602-bc2b7e6f1ca4/1/xVOGkxZ6_UxarlHep-Xz-ZumW-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:02:df:f8:a6:72:14:6c:78:a2:bd:df:c8:05:af:ec:74:58:
         2a:b6:97:65:28:b0:6c:e6:17:46:62:67:25:ac:3c:b1:19:c4:
         5a:79:10:e7:5b:9c:30:b1:a9:c7:bb:a8:a5:84:0f:66:3c:a0:
         96:50:29:70:59:aa:dd:c4:43:6b:3c:b2:e4:09:f4:e9:97:c8:
         58:7e:3b:05:dc:0a:6c:06:74:16:7d:46:00:8f:9c:92:07:35:
         5d:8f:57:aa:3a:17:20:4d:b7:f8:85:28:29:bc:28:7e:0b:f7:
         30:15:cf:b4:c8:37:93:d0:67:5d:57:b3:7b:a5:e4:c0:5f:ae:
         69:52:71:d6:ab:57:f6:24:0a:62:95:6f:6f:4f:aa:f9:d9:a2:
         e8:63:94:4e:0c:51:e3:63:82:82:02:45:7a:3d:8b:3b:be:45:
         cb:33:43:d4:4f:96:0f:99:05:09:d5:58:c2:3b:d2:c0:40:ec:
         2a:72:38:6e:95:51:a0:33:da:4e:36:4f:69:4e:6d:4c:f8:55:
         77:1e:7a:12:09:77:52:85:ef:5f:26:0a:33:fb:4f:92:b5:1b:
         50:d8:29:18:c9:ca:07:15:54:9b:ac:17:a5:f5:4f:5e:48:a7:
         06:ae:e2:2a:89:68:9b:bb:ac:2a:ed:04:9f:bb:e0:2d:dc:b5:
         2c:3b:30:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3VJJd54kX3f3qL0MeutpeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NTM4NjkzMTY3YWZkNGM1YWFlNTFkZWE3ZTVmM2Y5OWJh
NjViZTkwHhcNMjQwMjIzMDg0NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjk2YWU3OTQ1N2VhNWVlODUzYTRjMTAyYzBhYjMzYWNmYjkxM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOZQ2UI4ykrqPIGcCxWerVILq2td
5NqN7/zUOu1X713GnCvfjHjFBqNRqsAwgAbyuTmFCsRR/BYsLX/KkMUFc6pblrxn
M323NNNHUxIYoYPfXZrlFKHjF+RH/M3JcPop+7gixzG6fdvIzKsJcF12GawO4QT1
VFkhSxIV/haPKGuYM6V1DaiGseL7It5S9qfGHyNWr1t5ssjiopNI5y9Q02foFNEY
jWQvwtu1NOgUiI5jj3I8+hyJxspt7M21w79sK++vP5wqh7yZtkm0aXICU76T3q5N
fFsnaz2efxk/StK3uNkALBt9MBdVwQ2eI6qq6dFpJIhXSwcJcRxYtm+zFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaWrnlFfqXuhTpMECwKszrPuRPZMB8GA1UdIwQY
MBaAFMVThpMWev1MWq5R3qfl8/mbplvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZPR2t4WjZfVXhhcmxIZXAtWHotWnVtVy1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My81ZGVmMGYtNDBhNC00MDcxLWE2MDIt
YmMyYjdlNmYxY2E0LzEvdHBhdWVVVi1wZTZGT2t3UUxBcXpPcy01RTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My81ZGVmMGYtNDBhNC00MDcxLWE2MDItYmMyYjdlNmYxY2E0
LzEveFZPR2t4WjZfVXhhcmxIZXAtWHotWnVtVy1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+IhMA0G
CSqGSIb3DQEBCwUAA4IBAQBsAt/4pnIUbHiivd/IBa/sdFgqtpdlKLBs5hdGYmcl
rDyxGcRaeRDnW5wwsanHu6ilhA9mPKCWUClwWardxENrPLLkCfTpl8hYfjsF3Aps
BnQWfUYAj5ySBzVdj1eqOhcgTbf4hSgpvCh+C/cwFc+0yDeT0GddV7N7peTAX65p
UnHWq1f2JApilW9vT6r52aLoY5RODFHjY4KCAkV6PYs7vkXLM0PUT5YPmQUJ1VjC
O9LAQOwqcjhulVGgM9pONk9pTm1M+FV3HnoSCXdShe9fJgoz+0+StRtQ2CkYycoH
FVSbrBel9U9eSKcGruIqiWibu6wq7QSfu+At3LUsOzBl
-----END CERTIFICATE-----