Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/59c24e-a21f-46b2-9ea1-b3a6707ead04/1/pf35tf8O6hv-wW-rXbXOrZpJKos.roa
File:                     pf35tf8O6hv-wW-rXbXOrZpJKos.roa (raw, json)
Hash identifier:          azXNzWivByCMiVEBh3WvKSoD7dmTisfypuwKgy2Z7PY=
Subject key identifier:   A5:FD:F9:B5:FF:0E:EA:1B:FE:C1:6F:AB:5D:B5:CE:AD:9A:49:2A:8B
Certificate issuer:       /CN=a90d9ac2ef11d5469375d6de6c6bf721129e3b71
Certificate serial:       018CC42556560A55A72ADD9590BFCE0ABBB5
Authority key identifier: A9:0D:9A:C2:EF:11:D5:46:93:75:D6:DE:6C:6B:F7:21:12:9E:3B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qQ2awu8R1UaTddbebGv3IRKeO3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/59c24e-a21f-46b2-9ea1-b3a6707ead04/1/pf35tf8O6hv-wW-rXbXOrZpJKos.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198221
IP address blocks:        193.168.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/59c24e-a21f-46b2-9ea1-b3a6707ead04/1/qQ2awu8R1UaTddbebGv3IRKeO3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/59c24e-a21f-46b2-9ea1-b3a6707ead04/1/qQ2awu8R1UaTddbebGv3IRKeO3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qQ2awu8R1UaTddbebGv3IRKeO3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:56:56:0a:55:a7:2a:dd:95:90:bf:ce:0a:bb:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a90d9ac2ef11d5469375d6de6c6bf721129e3b71
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5fdf9b5ff0eea1bfec16fab5db5cead9a492a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e3:bc:f9:47:52:78:37:4f:5c:dc:fb:81:cc:
                    a5:45:d9:31:d5:32:d0:06:ce:26:e4:45:c9:a5:de:
                    cf:93:ec:5d:18:2c:5f:45:c3:db:f7:e9:1d:1e:e7:
                    f7:10:bc:69:8e:f1:b9:1c:82:12:bb:d0:8a:2d:f3:
                    17:ff:5c:fb:49:33:04:43:e4:15:ca:1f:93:02:b4:
                    5f:52:d1:36:4d:2a:aa:f2:cd:3f:0f:d3:3b:c3:70:
                    ee:2e:d2:7b:a7:c8:2a:07:a7:13:de:0c:53:78:46:
                    28:25:78:a1:53:af:f2:ee:04:af:cf:b9:97:63:10:
                    a1:2d:4d:51:72:64:2e:3b:75:42:e9:74:33:c0:68:
                    3a:17:1d:79:e5:65:a7:ee:71:c4:4b:f8:02:be:14:
                    46:2a:78:ff:5a:3a:e6:3c:0f:a3:17:ce:5c:7e:b8:
                    0e:44:54:9c:74:0b:50:aa:94:1f:49:03:d5:81:47:
                    13:27:76:2d:df:89:ec:04:d7:8d:66:31:5b:4d:83:
                    d7:e8:7a:fc:57:6c:34:41:18:6c:92:2e:8f:05:d3:
                    cf:6e:5a:4b:3b:4c:5c:61:a8:1d:71:38:e0:2a:be:
                    e7:5a:f1:79:36:03:c4:38:a5:eb:67:58:5d:24:c2:
                    92:ae:fb:61:51:4a:51:74:21:21:e1:c3:14:26:66:
                    38:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:FD:F9:B5:FF:0E:EA:1B:FE:C1:6F:AB:5D:B5:CE:AD:9A:49:2A:8B
            X509v3 Authority Key Identifier:
                keyid:A9:0D:9A:C2:EF:11:D5:46:93:75:D6:DE:6C:6B:F7:21:12:9E:3B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQ2awu8R1UaTddbebGv3IRKeO3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/59c24e-a21f-46b2-9ea1-b3a6707ead04/1/pf35tf8O6hv-wW-rXbXOrZpJKos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/59c24e-a21f-46b2-9ea1-b3a6707ead04/1/qQ2awu8R1UaTddbebGv3IRKeO3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:6d:2b:0a:7e:8e:60:68:6c:76:bc:fa:8f:a0:bf:f2:7c:ed:
         77:5d:f8:02:8b:8d:5f:76:15:00:c5:a3:9b:12:1b:93:9f:1a:
         07:63:8b:29:fb:17:71:37:c0:ec:51:e7:52:06:96:0a:9d:95:
         ef:8b:16:33:3a:80:4b:79:3b:a6:89:2f:46:ee:9a:86:09:9d:
         de:37:f3:9f:77:ce:c6:44:59:5f:51:c5:c9:34:fa:5c:b8:3b:
         a8:1c:3e:e6:59:4b:8b:5b:e8:60:59:ed:cd:0d:04:8d:2d:8c:
         69:be:01:5a:6e:c1:97:5f:a9:bb:c8:3b:e8:64:25:06:bc:09:
         be:0c:d3:76:c9:e0:90:bf:0f:4f:53:ee:72:73:e7:3d:6f:08:
         f3:a5:88:79:81:e1:aa:1a:7c:78:ca:31:ed:ce:96:8f:32:d4:
         1a:97:3c:ad:d9:9e:6a:d6:30:db:ab:4f:6b:eb:89:e4:d4:5b:
         34:fb:20:6e:30:32:98:67:61:c5:4f:e1:88:ca:b6:d7:3a:0f:
         66:95:1c:6e:a1:8d:28:15:2c:36:10:08:af:e3:a0:6e:4d:e4:
         b6:b8:30:3d:f1:48:08:ef:82:81:4f:73:27:d7:ca:05:76:d6:
         28:5d:03:5a:52:c4:da:46:b9:d1:33:67:a7:ba:38:f7:49:3d:
         51:0e:9d:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVZWClWnKt2VkL/OCru1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MGQ5YWMyZWYxMWQ1NDY5Mzc1ZDZkZTZjNmJmNzIxMTI5
ZTNiNzEwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWZkZjliNWZmMGVlYTFiZmVjMTZmYWI1ZGI1Y2VhZDlhNDkyYThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuO8+UdSeDdPXNz7gcylRdkx1TLQ
Bs4m5EXJpd7Pk+xdGCxfRcPb9+kdHuf3ELxpjvG5HIISu9CKLfMX/1z7STMEQ+QV
yh+TArRfUtE2TSqq8s0/D9M7w3DuLtJ7p8gqB6cT3gxTeEYoJXihU6/y7gSvz7mX
YxChLU1RcmQuO3VC6XQzwGg6Fx155WWn7nHES/gCvhRGKnj/WjrmPA+jF85cfrgO
RFScdAtQqpQfSQPVgUcTJ3Yt34nsBNeNZjFbTYPX6Hr8V2w0QRhski6PBdPPblpL
O0xcYagdcTjgKr7nWvF5NgPEOKXrZ1hdJMKSrvthUUpRdCEh4cMUJmY4fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKX9+bX/Duob/sFvq121zq2aSSqLMB8GA1UdIwQY
MBaAFKkNmsLvEdVGk3XW3mxr9yESnjtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVEyYXd1OFIxVWFUZGRiZWJHdjNJUktlTzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81OWMyNGUtYTIxZi00NmIyLTllYTEt
YjNhNjcwN2VhZDA0LzEvcGYzNXRmOE82aHYtd1ctclhiWE9yWnBKS29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81OWMyNGUtYTIxZi00NmIyLTllYTEtYjNhNjcwN2VhZDA0
LzEvcVEyYXd1OFIxVWFUZGRiZWJHdjNJUktlTzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwag2MA0G
CSqGSIb3DQEBCwUAA4IBAQAabSsKfo5gaGx2vPqPoL/yfO13XfgCi41fdhUAxaOb
EhuTnxoHY4sp+xdxN8DsUedSBpYKnZXvixYzOoBLeTumiS9G7pqGCZ3eN/Ofd87G
RFlfUcXJNPpcuDuoHD7mWUuLW+hgWe3NDQSNLYxpvgFabsGXX6m7yDvoZCUGvAm+
DNN2yeCQvw9PU+5yc+c9bwjzpYh5geGqGnx4yjHtzpaPMtQalzyt2Z5q1jDbq09r
64nk1Fs0+yBuMDKYZ2HFT+GIyrbXOg9mlRxuoY0oFSw2EAiv46BuTeS2uDA98UgI
74KBT3Mn18oFdtYoXQNaUsTaRrnRM2enujj3ST1RDp2o
-----END CERTIFICATE-----