Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/qud88SSydu5bBSdEjLkozELRd_Q.roa
File:                     qud88SSydu5bBSdEjLkozELRd_Q.roa (raw, json)
Hash identifier:          5gouVEDUvVvtvkxjirvau8+SZpUfdGJUMW/ANG3HTqE=
Subject key identifier:   AA:E7:7C:F1:24:B2:76:EE:5B:05:27:44:8C:B9:28:CC:42:D1:77:F4
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019305614802B3478A7877CA5684A5816523
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/qud88SSydu5bBSdEjLkozELRd_Q.roa
Signing time:             Thu 07 Nov 2024 06:48:01 +0000
ROA not before:           Thu 07 Nov 2024 06:48:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7488
IP address blocks:        5.102.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:61:48:02:b3:47:8a:78:77:ca:56:84:a5:81:65:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Nov  7 06:48:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aae77cf124b276ee5b0527448cb928cc42d177f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cb:fa:01:04:b4:29:c0:df:2f:84:d7:4b:a2:
                    08:de:58:57:8a:ba:c1:97:6c:0f:97:a5:f7:a4:88:
                    99:05:eb:b5:e1:d2:5a:36:8d:63:f4:f5:67:9b:52:
                    22:a0:ff:7d:48:c9:6d:7c:12:15:06:8c:1e:ea:e0:
                    8b:4b:63:10:d8:92:58:c5:9a:21:59:32:b8:70:66:
                    23:09:c4:01:a9:1f:74:cd:16:33:15:66:a4:56:74:
                    56:f7:f3:80:29:e2:01:51:e6:8d:8c:2f:d2:68:00:
                    4a:35:59:1e:8c:e5:ef:d3:3a:28:82:2d:cf:88:54:
                    16:59:53:46:ab:5e:36:f5:f5:3d:8c:36:bd:9c:f3:
                    e8:57:34:93:14:79:de:a5:fe:35:43:04:26:2a:32:
                    74:9e:0d:0b:3c:d2:b8:a5:ae:cc:37:3c:46:56:be:
                    7c:78:5d:af:41:17:3e:bc:78:d4:0a:46:ea:2c:41:
                    5b:7d:3e:55:2a:2e:e3:d4:0a:7c:44:3e:a3:31:a8:
                    68:81:0f:24:0d:7a:9b:91:df:61:27:a7:26:e7:23:
                    47:af:9d:b7:5b:e0:e8:c4:5c:24:91:7d:93:ef:7b:
                    72:53:85:7e:61:68:b1:a1:88:2d:7e:23:59:f6:ff:
                    2f:b1:24:dc:8b:e3:32:69:bc:9b:59:3a:5d:8f:92:
                    56:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E7:7C:F1:24:B2:76:EE:5B:05:27:44:8C:B9:28:CC:42:D1:77:F4
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/qud88SSydu5bBSdEjLkozELRd_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:c4:0d:bc:f8:de:97:d0:77:22:13:3e:fe:fb:33:26:d6:a0:
         ad:6c:72:96:6f:cc:b2:69:79:d6:64:3d:9f:41:0e:0e:e3:bf:
         b6:d5:4f:b1:50:6f:19:81:4e:b6:c5:71:ff:0d:a2:ef:93:d5:
         cf:28:4b:0a:b1:ec:0e:e9:31:06:6c:b1:62:20:a1:35:94:88:
         1b:b7:18:ae:f8:63:e6:a7:ea:28:67:89:b5:39:02:f8:c6:bb:
         c3:d9:06:7f:34:93:ff:28:46:30:97:95:5c:43:64:5a:18:8d:
         cf:64:4d:a1:68:47:76:fb:68:3d:fe:4b:d2:d1:56:8f:c9:5a:
         fd:17:18:37:6f:d3:56:9f:7b:7d:ff:78:95:1d:3a:82:a3:67:
         a0:fb:68:1e:e8:fe:1a:1d:c1:a1:2e:f7:6b:ba:ba:5e:50:76:
         26:3c:92:b0:67:8b:e1:52:fd:14:2f:93:f6:e3:40:1c:6b:7e:
         ba:c7:6b:8e:9f:9b:8a:03:35:c3:e6:7b:22:ee:51:09:04:14:
         01:28:d3:69:f7:40:c9:88:91:70:01:c5:b6:0c:72:c3:c5:87:
         5f:6f:08:bf:25:5c:d9:b1:37:84:1b:49:c1:c1:68:d2:e4:1f:
         c3:ad:35:20:0e:a1:e2:5b:f0:49:0d:55:2a:82:b5:e5:33:09:
         54:c5:bd:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMFYUgCs0eKeHfKVoSlgWUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQxMTA3MDY0ODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWU3N2NmMTI0YjI3NmVlNWIwNTI3NDQ4Y2I5MjhjYzQyZDE3N2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcv6AQS0KcDfL4TXS6II3lhXirrB
l2wPl6X3pIiZBeu14dJaNo1j9PVnm1IioP99SMltfBIVBowe6uCLS2MQ2JJYxZoh
WTK4cGYjCcQBqR90zRYzFWakVnRW9/OAKeIBUeaNjC/SaABKNVkejOXv0zoogi3P
iFQWWVNGq1429fU9jDa9nPPoVzSTFHnepf41QwQmKjJ0ng0LPNK4pa7MNzxGVr58
eF2vQRc+vHjUCkbqLEFbfT5VKi7j1Ap8RD6jMahogQ8kDXqbkd9hJ6cm5yNHr523
W+DoxFwkkX2T73tyU4V+YWixoYgtfiNZ9v8vsSTci+MyabybWTpdj5JWlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrnfPEksnbuWwUnRIy5KMxC0Xf0MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvcXVkODhTU3lkdTViQlNkRWpMa296RUxSZF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZgMA0G
CSqGSIb3DQEBCwUAA4IBAQApxA28+N6X0HciEz7++zMm1qCtbHKWb8yyaXnWZD2f
QQ4O47+21U+xUG8ZgU62xXH/DaLvk9XPKEsKsewO6TEGbLFiIKE1lIgbtxiu+GPm
p+ooZ4m1OQL4xrvD2QZ/NJP/KEYwl5VcQ2RaGI3PZE2haEd2+2g9/kvS0VaPyVr9
Fxg3b9NWn3t9/3iVHTqCo2eg+2ge6P4aHcGhLvdrurpeUHYmPJKwZ4vhUv0UL5P2
40Aca366x2uOn5uKAzXD5nsi7lEJBBQBKNNp90DJiJFwAcW2DHLDxYdfbwi/JVzZ
sTeEG0nBwWjS5B/DrTUgDqHiW/BJDVUqgrXlMwlUxb09
-----END CERTIFICATE-----