Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/d5f801-4426-4f45-8f26-9ccdd3c873a6/1/jAQHkJVXme8TuGwWYIEe0kbxIvM.roa
File:                     jAQHkJVXme8TuGwWYIEe0kbxIvM.roa (raw, json)
Hash identifier:          p1Sbv/yE7LawYxfYoh/N1ESHlGdePl3zsNucxGR7ZmE=
Subject key identifier:   8C:04:07:90:95:57:99:EF:13:B8:6C:16:60:81:1E:D2:46:F1:22:F3
Certificate issuer:       /CN=2c7c0a771b30d274285080ddc42e36798396f22c
Certificate serial:       018CC56E36AC49F0FF7E99DA1457E9598F20
Authority key identifier: 2C:7C:0A:77:1B:30:D2:74:28:50:80:DD:C4:2E:36:79:83:96:F2:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHwKdxsw0nQoUIDdxC42eYOW8iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/d5f801-4426-4f45-8f26-9ccdd3c873a6/1/jAQHkJVXme8TuGwWYIEe0kbxIvM.roa
Signing time:             Mon 01 Jan 2024 14:29:43 +0000
ROA not before:           Mon 01 Jan 2024 14:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        5.182.232.0/22 maxlen: 22
                          45.92.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/d5f801-4426-4f45-8f26-9ccdd3c873a6/1/LHwKdxsw0nQoUIDdxC42eYOW8iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/d5f801-4426-4f45-8f26-9ccdd3c873a6/1/LHwKdxsw0nQoUIDdxC42eYOW8iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHwKdxsw0nQoUIDdxC42eYOW8iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:36:ac:49:f0:ff:7e:99:da:14:57:e9:59:8f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c7c0a771b30d274285080ddc42e36798396f22c
        Validity
            Not Before: Jan  1 14:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c040790955799ef13b86c1660811ed246f122f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ed:33:5d:1c:c7:6d:08:ad:f9:96:1c:39:a0:
                    4e:8b:aa:f3:29:15:fb:16:79:44:40:c9:bf:71:0e:
                    78:51:73:41:72:36:25:fd:7b:0b:f9:cb:e3:6e:9c:
                    26:36:2e:d6:9b:ad:6b:6a:a7:88:9d:7f:e5:6b:a2:
                    ab:a7:c7:fe:66:8a:36:40:3a:99:7e:f0:a2:1a:a3:
                    82:6d:d8:c1:f7:25:0b:b9:c3:e8:0c:7a:dc:35:b0:
                    44:36:e6:56:fe:d8:7d:a1:d9:d4:e0:19:fa:02:8a:
                    12:70:01:8b:5d:d2:ea:27:59:66:2d:22:b8:02:a4:
                    05:70:e7:4a:1d:b2:f5:0e:86:40:e5:66:fc:ca:c7:
                    05:57:f6:b7:b4:20:c8:ae:0e:04:d1:52:03:e9:b2:
                    26:78:27:a1:19:43:ac:28:1b:7d:09:f1:26:c3:73:
                    ff:2e:e4:2a:b2:bc:fa:a7:ce:b8:d9:9a:b3:0e:e5:
                    9e:03:d2:dc:2d:07:6e:d2:e0:81:9a:25:ba:39:4d:
                    aa:5c:c4:ac:66:d2:b1:76:1e:3b:03:7d:e2:ff:0a:
                    08:b3:8f:30:4b:b8:89:7f:5e:54:c1:22:7f:11:01:
                    11:be:68:0c:f3:ba:36:9c:a9:25:1b:a0:bb:e4:a6:
                    94:f7:a1:36:e3:9c:2f:88:b4:f7:4a:41:e8:6c:26:
                    30:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:04:07:90:95:57:99:EF:13:B8:6C:16:60:81:1E:D2:46:F1:22:F3
            X509v3 Authority Key Identifier:
                keyid:2C:7C:0A:77:1B:30:D2:74:28:50:80:DD:C4:2E:36:79:83:96:F2:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHwKdxsw0nQoUIDdxC42eYOW8iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/d5f801-4426-4f45-8f26-9ccdd3c873a6/1/jAQHkJVXme8TuGwWYIEe0kbxIvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/d5f801-4426-4f45-8f26-9ccdd3c873a6/1/LHwKdxsw0nQoUIDdxC42eYOW8iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.232.0/22
                  45.92.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:7a:74:f5:0f:24:ff:17:63:e8:ad:3c:9f:f1:a3:38:4a:39:
         c2:c4:4d:3e:bb:35:f1:96:04:a8:b5:1f:41:c7:16:a0:37:d8:
         0a:3f:4d:c0:43:8f:27:64:d9:ab:4f:15:e8:ce:b9:39:2f:eb:
         ef:69:bb:80:ed:41:4a:e2:7c:5c:33:87:1b:99:c3:af:19:21:
         1a:ae:1c:8e:db:40:05:b5:7f:07:7f:28:d5:c1:3e:7d:9d:70:
         26:53:95:36:b5:f9:40:25:65:5a:0e:ce:49:83:2d:53:73:9d:
         67:b1:5f:fb:8d:f9:82:0f:8c:d8:1d:6a:c5:a0:9f:a8:11:bb:
         bf:db:91:6c:8c:17:77:fe:d0:c8:7a:04:ce:c5:bb:86:a2:ca:
         5b:c7:ad:28:6a:27:45:81:f2:ad:0a:55:6a:6d:88:bc:48:d3:
         08:d1:20:2d:df:86:a5:e5:6d:c2:4c:b9:b6:dd:5d:c8:56:79:
         f9:75:ed:91:ec:90:5a:f5:d1:31:89:52:70:0d:73:ba:c7:21:
         86:3b:30:2d:0a:e7:3b:aa:7d:44:a8:89:17:00:d5:64:28:a2:
         22:67:fa:80:7d:03:7a:d1:20:46:eb:82:19:72:32:74:31:50:
         87:75:ac:c4:f9:9d:dd:be:c6:a5:5b:fa:bb:c5:61:50:13:9c:
         b6:25:99:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbjasSfD/fpnaFFfpWY8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjN2MwYTc3MWIzMGQyNzQyODUwODBkZGM0MmUzNjc5ODM5
NmYyMmMwHhcNMjQwMTAxMTQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzA0MDc5MDk1NTc5OWVmMTNiODZjMTY2MDgxMWVkMjQ2ZjEyMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiu0zXRzHbQit+ZYcOaBOi6rzKRX7
FnlEQMm/cQ54UXNBcjYl/XsL+cvjbpwmNi7Wm61raqeInX/la6Krp8f+Zoo2QDqZ
fvCiGqOCbdjB9yULucPoDHrcNbBENuZW/th9odnU4Bn6AooScAGLXdLqJ1lmLSK4
AqQFcOdKHbL1DoZA5Wb8yscFV/a3tCDIrg4E0VID6bImeCehGUOsKBt9CfEmw3P/
LuQqsrz6p8642ZqzDuWeA9LcLQdu0uCBmiW6OU2qXMSsZtKxdh47A33i/woIs48w
S7iJf15UwSJ/EQERvmgM87o2nKklG6C75KaU96E245wviLT3SkHobCYwswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIwEB5CVV5nvE7hsFmCBHtJG8SLzMB8GA1UdIwQY
MBaAFCx8CncbMNJ0KFCA3cQuNnmDlvIsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEh3S2R4c3cwblFvVUlEZHhDNDJlWU9XOGl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9kNWY4MDEtNDQyNi00ZjQ1LThmMjYt
OWNjZGQzYzg3M2E2LzEvakFRSGtKVlhtZThUdUd3V1lJRWUwa2J4SXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9kNWY4MDEtNDQyNi00ZjQ1LThmMjYtOWNjZGQzYzg3M2E2
LzEvTEh3S2R4c3cwblFvVUlEZHhDNDJlWU9XOGl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBbboAwQC
LVzUMA0GCSqGSIb3DQEBCwUAA4IBAQCSenT1DyT/F2PorTyf8aM4SjnCxE0+uzXx
lgSotR9BxxagN9gKP03AQ48nZNmrTxXozrk5L+vvabuA7UFK4nxcM4cbmcOvGSEa
rhyO20AFtX8HfyjVwT59nXAmU5U2tflAJWVaDs5Jgy1Tc51nsV/7jfmCD4zYHWrF
oJ+oEbu/25FsjBd3/tDIegTOxbuGospbx60oaidFgfKtClVqbYi8SNMI0SAt34al
5W3CTLm23V3IVnn5de2R7JBa9dExiVJwDXO6xyGGOzAtCuc7qn1EqIkXANVkKKIi
Z/qAfQN60SBG64IZcjJ0MVCHdazE+Z3dvsalW/q7xWFQE5y2JZmy
-----END CERTIFICATE-----