Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/OqeWW29XF3TV4JiYZMshFmcOmPI.roa
File:                     OqeWW29XF3TV4JiYZMshFmcOmPI.roa (raw, json)
Hash identifier:          2zF8zdAiY1Vu65/7ReYALXmK4T7KsELGCYBnuIV1JXw=
Subject key identifier:   3A:A7:96:5B:6F:57:17:74:D5:E0:98:98:64:CB:21:16:67:0E:98:F2
Certificate issuer:       /CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Certificate serial:       018CC6B7A033298D9F33AE28F74DA4411F3A
Authority key identifier: 4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/OqeWW29XF3TV4JiYZMshFmcOmPI.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205076
IP address blocks:        5.129.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a0:33:29:8d:9f:33:ae:28:f7:4d:a4:41:1f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3aa7965b6f571774d5e0989864cb2116670e98f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6f:6d:9d:44:f5:4d:cf:2d:3e:97:cc:0b:f1:
                    d6:64:51:d2:89:1b:d1:6a:87:09:bc:ed:73:48:f2:
                    be:db:3b:37:89:0e:e1:89:36:1f:1b:bb:6d:46:a7:
                    7d:ca:5d:df:0c:59:28:43:b1:dc:2d:9e:14:b8:da:
                    be:5b:e1:af:d2:87:14:e0:9b:a5:b2:42:a9:e2:80:
                    5f:16:32:36:90:07:3d:27:53:a2:15:9b:c0:da:e1:
                    40:44:75:5e:05:3f:54:5a:b0:6d:a9:be:d8:37:0d:
                    3d:8d:b3:83:ac:21:62:d3:1a:01:a7:32:b4:5c:4a:
                    c6:7d:ae:80:45:73:8e:da:f1:62:18:56:8c:30:d3:
                    8c:4c:e3:54:16:31:59:30:cc:fd:6a:69:ed:81:a9:
                    0f:48:17:ad:67:62:02:1f:89:29:36:fb:00:6c:d2:
                    59:86:3c:85:d4:84:d3:ba:42:98:b7:02:fe:cb:92:
                    1d:da:4a:bf:2a:7f:40:a3:d7:0c:31:42:1f:cb:3d:
                    85:5b:59:2f:2e:48:08:ad:8a:16:a4:7b:0e:11:92:
                    00:4e:64:3f:4d:d8:9b:a4:75:ef:99:36:4d:0f:fb:
                    54:e6:27:7a:e0:76:ad:b0:98:f1:14:b4:b6:09:ce:
                    50:da:3c:ba:9f:88:ec:bc:18:77:91:44:a8:cb:88:
                    2c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:A7:96:5B:6F:57:17:74:D5:E0:98:98:64:CB:21:16:67:0E:98:F2
            X509v3 Authority Key Identifier:
                keyid:4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/OqeWW29XF3TV4JiYZMshFmcOmPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.129.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:8c:c6:35:ce:82:ce:cb:03:6b:5a:1e:c6:85:34:1c:05:46:
         70:50:24:1d:36:79:aa:3d:1b:92:56:0b:ec:30:1b:47:2e:49:
         62:79:32:36:c2:56:1c:0c:e2:ba:f3:c6:75:b0:63:30:a4:f8:
         8e:26:22:fc:5c:11:b1:f2:12:c7:6f:7d:a7:d3:6b:b6:cd:64:
         fb:a5:d9:12:37:a7:09:d9:4a:c8:40:26:3a:89:1f:5d:49:e6:
         49:d0:b9:ed:81:c1:29:14:87:92:39:9a:3c:bd:e3:b4:ae:7b:
         8a:da:12:ff:24:5b:4e:8b:65:67:f0:65:bb:31:ef:98:a0:ca:
         7a:bf:38:90:8c:01:3c:a5:a8:25:79:b8:6d:94:eb:85:03:c3:
         1c:3a:05:65:79:21:dd:f1:5b:4d:f9:81:cd:3d:f9:82:e9:5a:
         52:d7:be:96:8d:24:6d:de:92:20:c9:55:06:09:56:d7:6d:20:
         fb:39:9b:e9:62:e3:83:55:ae:5e:21:00:0a:7a:6f:c5:f1:39:
         2f:59:45:02:99:86:fd:e6:91:16:62:d6:8a:c8:23:2a:94:20:
         c1:f0:35:7e:44:56:56:d6:d6:41:ee:6c:c6:b5:0c:a0:07:41:
         98:4e:24:21:62:88:9b:c3:ab:fd:de:a9:2a:45:6c:7f:27:93:
         bc:94:3b:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6AzKY2fM64o902kQR86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGIzZGNkZjVlNmJlZTA5ODI1YzM3YmYzYjhiZGYyOGI2
ZmI1OTMwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWE3OTY1YjZmNTcxNzc0ZDVlMDk4OTg2NGNiMjExNjY3MGU5OGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiW9tnUT1Tc8tPpfMC/HWZFHSiRvR
aocJvO1zSPK+2zs3iQ7hiTYfG7ttRqd9yl3fDFkoQ7HcLZ4UuNq+W+Gv0ocU4Jul
skKp4oBfFjI2kAc9J1OiFZvA2uFARHVeBT9UWrBtqb7YNw09jbODrCFi0xoBpzK0
XErGfa6ARXOO2vFiGFaMMNOMTONUFjFZMMz9amntgakPSBetZ2ICH4kpNvsAbNJZ
hjyF1ITTukKYtwL+y5Id2kq/Kn9Ao9cMMUIfyz2FW1kvLkgIrYoWpHsOEZIATmQ/
TdibpHXvmTZND/tU5id64HatsJjxFLS2Cc5Q2jy6n4jsvBh3kUSoy4gsfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqnlltvVxd01eCYmGTLIRZnDpjyMB8GA1UdIwQY
MBaAFE3bPc315r7gmCXDe/O4vfKLb7WTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEt
MjE3MGM1YzFkM2VkLzEvT3FlV1cyOVhGM1RWNEppWVpNc2hGbWNPbVBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEtMjE3MGM1YzFkM2Vk
LzEvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYG7MA0G
CSqGSIb3DQEBCwUAA4IBAQANjMY1zoLOywNrWh7GhTQcBUZwUCQdNnmqPRuSVgvs
MBtHLklieTI2wlYcDOK688Z1sGMwpPiOJiL8XBGx8hLHb32n02u2zWT7pdkSN6cJ
2UrIQCY6iR9dSeZJ0LntgcEpFIeSOZo8veO0rnuK2hL/JFtOi2Vn8GW7Me+YoMp6
vziQjAE8paglebhtlOuFA8McOgVleSHd8VtN+YHNPfmC6VpS176WjSRt3pIgyVUG
CVbXbSD7OZvpYuODVa5eIQAKem/F8TkvWUUCmYb95pEWYtaKyCMqlCDB8DV+RFZW
1tZB7mzGtQygB0GYTiQhYoibw6v93qkqRWx/J5O8lDs7
-----END CERTIFICATE-----