Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/pSuZyE2XkeLAS3Mi8WEkirJpQE0.roa
File:                     pSuZyE2XkeLAS3Mi8WEkirJpQE0.roa (raw, json)
Hash identifier:          T+kKhoS2q19Yn9jO0M6P2tlqbdDqD6QOYrz7J5tc/xs=
Subject key identifier:   A5:2B:99:C8:4D:97:91:E2:C0:4B:73:22:F1:61:24:8A:B2:69:40:4D
Certificate issuer:       /CN=5e3a62f1347c1742e5b6e3740244d398b53a513c
Certificate serial:       018CC8DF1476BAAB09D781CEF86DB629F2D1
Authority key identifier: 5E:3A:62:F1:34:7C:17:42:E5:B6:E3:74:02:44:D3:98:B5:3A:51:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xjpi8TR8F0LltuN0AkTTmLU6UTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/pSuZyE2XkeLAS3Mi8WEkirJpQE0.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31463
IP address blocks:        91.232.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/Xjpi8TR8F0LltuN0AkTTmLU6UTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/Xjpi8TR8F0LltuN0AkTTmLU6UTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xjpi8TR8F0LltuN0AkTTmLU6UTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:14:76:ba:ab:09:d7:81:ce:f8:6d:b6:29:f2:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e3a62f1347c1742e5b6e3740244d398b53a513c
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a52b99c84d9791e2c04b7322f161248ab269404d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:4c:2f:cf:f9:8a:c8:42:8f:eb:05:54:ba:
                    bd:b5:8f:58:75:a4:9a:e3:c1:ef:b7:bc:ec:d4:44:
                    a6:75:a8:8b:6e:9b:fd:92:13:9c:c9:30:e1:ff:d8:
                    c1:85:4f:1c:71:ae:43:06:4f:66:d5:19:2e:28:df:
                    4d:d6:b6:a4:b6:42:45:97:e8:df:09:09:72:0e:ef:
                    f6:5b:da:21:7f:01:3d:95:7a:e5:7a:76:a9:72:33:
                    0d:04:fc:bf:8f:fe:54:22:2f:13:34:78:ef:c4:6a:
                    fd:7f:d4:a9:0a:b4:b1:92:24:f5:71:71:3a:20:5d:
                    16:ef:69:d9:ab:52:e8:b9:c1:f6:aa:45:00:e6:13:
                    6d:61:f6:c7:34:df:e3:75:74:d5:68:d6:94:ec:f8:
                    55:f7:49:12:0c:32:9b:2c:4a:d4:3c:4b:5e:83:e1:
                    c1:37:e8:e5:ad:1e:0d:fe:a8:11:88:30:4c:dd:a5:
                    5f:30:af:06:7f:59:89:bd:f3:c4:32:26:06:47:64:
                    46:ae:e9:aa:ae:a6:1d:35:f8:42:03:6e:3f:f1:9c:
                    d4:ec:58:69:7c:b2:20:76:00:73:e9:28:07:ad:60:
                    0f:38:43:53:82:c0:63:fa:c9:11:20:3e:bd:6b:59:
                    57:d4:60:82:ef:1e:47:01:b6:ac:54:f0:7b:7b:c6:
                    90:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:2B:99:C8:4D:97:91:E2:C0:4B:73:22:F1:61:24:8A:B2:69:40:4D
            X509v3 Authority Key Identifier:
                keyid:5E:3A:62:F1:34:7C:17:42:E5:B6:E3:74:02:44:D3:98:B5:3A:51:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xjpi8TR8F0LltuN0AkTTmLU6UTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/pSuZyE2XkeLAS3Mi8WEkirJpQE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/Xjpi8TR8F0LltuN0AkTTmLU6UTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:b2:cc:d3:4b:fc:6a:96:47:2e:8e:a9:6b:e4:c8:32:30:92:
         12:1a:68:6b:e3:f1:58:56:6b:97:aa:42:a7:b3:39:bf:ca:3b:
         39:d5:54:4b:76:1f:28:c0:15:47:38:2a:8b:be:97:34:55:73:
         c1:d3:ef:ee:1d:7a:7f:59:f1:e4:f5:5f:27:43:fb:06:86:23:
         3d:fe:6f:b3:48:74:40:1f:29:66:9c:0a:61:8d:8f:b8:bf:12:
         68:bc:4e:be:e0:3e:b4:07:b6:a7:f1:e0:bc:bd:50:ee:b4:54:
         e3:08:15:2f:ca:4c:44:40:93:07:b5:57:b3:d9:07:ca:93:9c:
         db:57:f7:c1:d1:02:a6:31:c0:d7:9a:ed:2f:ae:3d:7b:1e:bd:
         a8:38:d7:46:3d:f8:b6:87:25:1f:ed:42:ab:84:72:88:22:73:
         5e:6f:49:10:75:b0:59:70:35:49:6d:38:1c:4d:ab:79:3c:6e:
         7b:2b:1d:a9:f2:82:68:4a:96:e1:6f:2b:86:cf:02:05:ca:b3:
         c4:29:b8:53:f5:88:38:5a:8d:2f:80:81:cc:80:d2:0d:60:3b:
         55:38:53:6e:88:23:00:07:4b:9d:dc:ad:f9:01:ad:bd:95:4b:
         e2:5e:0a:59:b7:b7:d8:ba:ae:c0:21:59:a1:6b:be:8d:6b:cf:
         9e:ad:e7:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xR2uqsJ14HO+G22KfLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlM2E2MmYxMzQ3YzE3NDJlNWI2ZTM3NDAyNDRkMzk4YjUz
YTUxM2MwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTJiOTljODRkOTc5MWUyYzA0YjczMjJmMTYxMjQ4YWIyNjk0MDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtltML8/5ishCj+sFVLq9tY9YdaSa
48Hvt7zs1ESmdaiLbpv9khOcyTDh/9jBhU8cca5DBk9m1RkuKN9N1raktkJFl+jf
CQlyDu/2W9ohfwE9lXrlenapcjMNBPy/j/5UIi8TNHjvxGr9f9SpCrSxkiT1cXE6
IF0W72nZq1LoucH2qkUA5hNtYfbHNN/jdXTVaNaU7PhV90kSDDKbLErUPEteg+HB
N+jlrR4N/qgRiDBM3aVfMK8Gf1mJvfPEMiYGR2RGrumqrqYdNfhCA24/8ZzU7Fhp
fLIgdgBz6SgHrWAPOENTgsBj+skRID69a1lX1GCC7x5HAbasVPB7e8aQcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUrmchNl5HiwEtzIvFhJIqyaUBNMB8GA1UdIwQY
MBaAFF46YvE0fBdC5bbjdAJE05i1OlE8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGpwaThUUjhGMExsdHVOMEFrVFRtTFU2VVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MjVjYzEtNTAxNC00OTc5LTg0ZWIt
MDI1NTQwYWZmMTVkLzEvcFN1WnlFMlhrZUxBUzNNaThXRWtpckpwUUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MjVjYzEtNTAxNC00OTc5LTg0ZWItMDI1NTQwYWZmMTVk
LzEvWGpwaThUUjhGMExsdHVOMEFrVFRtTFU2VVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hoMA0G
CSqGSIb3DQEBCwUAA4IBAQDbsszTS/xqlkcujqlr5MgyMJISGmhr4/FYVmuXqkKn
szm/yjs51VRLdh8owBVHOCqLvpc0VXPB0+/uHXp/WfHk9V8nQ/sGhiM9/m+zSHRA
HylmnAphjY+4vxJovE6+4D60B7an8eC8vVDutFTjCBUvykxEQJMHtVez2QfKk5zb
V/fB0QKmMcDXmu0vrj17Hr2oONdGPfi2hyUf7UKrhHKIInNeb0kQdbBZcDVJbTgc
Tat5PG57Kx2p8oJoSpbhbyuGzwIFyrPEKbhT9Yg4Wo0vgIHMgNINYDtVOFNuiCMA
B0ud3K35Aa29lUviXgpZt7fYuq7AIVmha76Na8+ereec
-----END CERTIFICATE-----