Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/5jBYn594c3-pWI9qzMmRMQ564M0.roa
File:                     5jBYn594c3-pWI9qzMmRMQ564M0.roa (raw, json)
Hash identifier:          E8SyMy3PCcKnrzfP7ja1gx6iNvtA4T+rwa21a7KWdLg=
Subject key identifier:   E6:30:58:9F:9F:78:73:7F:A9:58:8F:6A:CC:C9:91:31:0E:7A:E0:CD
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       018DC5FF4FC05F6FEFD6801C286D87E4194D
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/5jBYn594c3-pWI9qzMmRMQ564M0.roa
Signing time:             Tue 20 Feb 2024 10:11:00 +0000
ROA not before:           Tue 20 Feb 2024 10:11:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204592
IP address blocks:        82.114.44.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:ff:4f:c0:5f:6f:ef:d6:80:1c:28:6d:87:e4:19:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: Feb 20 10:11:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e630589f9f78737fa9588f6accc991310e7ae0cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b6:c7:a9:e1:da:48:f5:01:cc:41:ee:33:21:
                    98:f6:a0:df:c1:fc:3c:60:7b:57:ab:1a:de:a3:0c:
                    4c:35:44:21:10:05:10:6d:1c:05:8f:f9:e9:a7:74:
                    2d:35:1a:9c:fe:52:93:e2:10:91:ff:e1:8a:93:2e:
                    6c:a5:b3:00:42:02:aa:0a:42:43:5a:0a:17:6f:39:
                    0c:5e:1a:6b:25:f2:a4:46:c0:45:ee:95:c5:74:76:
                    f3:0e:a2:ff:2f:f6:ce:2d:c3:25:ea:be:f0:81:0c:
                    36:75:63:b0:6c:00:42:f1:c6:dd:10:46:08:7e:a4:
                    e4:f9:d9:4d:98:02:b9:f9:b2:af:92:3d:b4:0e:92:
                    18:f7:05:cb:a4:d8:71:41:82:d0:99:a9:df:09:03:
                    8f:d1:9d:f3:6b:fd:72:24:94:1f:c0:d3:51:68:8f:
                    63:3f:0e:33:1b:9d:67:40:61:81:9d:3f:ad:00:55:
                    55:43:a3:99:74:ff:94:51:9c:a2:28:8f:f0:f1:60:
                    2c:d9:dd:c6:e6:1c:9e:c7:af:72:55:6b:88:4b:07:
                    4b:fb:5d:09:b7:01:04:1c:7f:7b:e9:29:b5:6d:9f:
                    e3:a6:1a:02:b5:f1:6c:5f:b1:8a:2e:a7:65:a4:ea:
                    d3:23:a7:6d:ea:b3:12:f8:df:ed:38:3f:6e:06:a0:
                    89:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:30:58:9F:9F:78:73:7F:A9:58:8F:6A:CC:C9:91:31:0E:7A:E0:CD
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/5jBYn594c3-pWI9qzMmRMQ564M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.114.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:9a:3b:e1:0b:90:68:10:37:df:ff:19:f0:ec:27:50:ae:2d:
         98:86:58:e0:c9:31:63:b5:22:4b:e9:ad:bb:28:60:7f:63:04:
         de:1a:b2:fa:8f:46:c6:be:b1:d9:b1:60:5a:85:90:6a:be:1d:
         29:61:5b:f9:54:c8:56:9f:c7:bf:1f:6b:70:81:a2:ae:4e:f8:
         c4:d4:90:4b:bc:68:9d:87:8d:04:16:36:92:f9:2a:29:76:13:
         b9:98:30:14:e9:1b:5a:f7:e8:a8:59:e1:df:a8:54:14:b0:bf:
         ae:f8:c0:90:ca:14:d0:89:ca:24:13:27:39:a9:92:8b:6b:b4:
         a2:a1:6e:73:c7:21:9e:91:62:eb:cf:d1:a2:ab:3f:41:e3:9c:
         07:78:bf:53:dc:25:fa:4b:c8:f4:45:bd:24:49:e6:de:7e:40:
         35:b2:83:3c:6a:25:9f:a0:d9:6e:57:2b:ee:e8:e5:64:c2:cd:
         6e:eb:3d:c4:24:5f:a8:13:5b:bd:b3:d0:c0:ea:dd:a3:d7:6b:
         4a:b7:6c:e7:4a:13:08:21:c9:f3:13:9e:a1:1f:8b:7c:ba:34:
         b6:1c:d0:59:b3:76:18:50:1e:f9:9f:57:b0:14:b8:60:9c:4e:
         5c:f7:e5:0c:ab:b1:30:23:33:3e:37:27:6e:9b:b7:a4:9d:20:
         28:cc:94:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3F/0/AX2/v1oAcKG2H5BlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNDQyOTdlOTI3MWM2ZWRmMDY0OTE1ZjYxODBhZTEyNjkw
ZGRhOGIwHhcNMjQwMjIwMTAxMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjMwNTg5ZjlmNzg3MzdmYTk1ODhmNmFjY2M5OTEzMTBlN2FlMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrbHqeHaSPUBzEHuMyGY9qDfwfw8
YHtXqxreowxMNUQhEAUQbRwFj/npp3QtNRqc/lKT4hCR/+GKky5spbMAQgKqCkJD
WgoXbzkMXhprJfKkRsBF7pXFdHbzDqL/L/bOLcMl6r7wgQw2dWOwbABC8cbdEEYI
fqTk+dlNmAK5+bKvkj20DpIY9wXLpNhxQYLQmanfCQOP0Z3za/1yJJQfwNNRaI9j
Pw4zG51nQGGBnT+tAFVVQ6OZdP+UUZyiKI/w8WAs2d3G5hyex69yVWuISwdL+10J
twEEHH976Sm1bZ/jphoCtfFsX7GKLqdlpOrTI6dt6rMS+N/tOD9uBqCJWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYwWJ+feHN/qViPaszJkTEOeuDNMB8GA1UdIwQY
MBaAFPxEKX6Sccbt8GSRX2GArhJpDdqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUt
YWUwN2YzMmU0MTAyLzEvNWpCWW41OTRjMy1wV0k5cXpNbVJNUTU2NE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUtYWUwN2YzMmU0MTAy
LzEvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUnIsMA0G
CSqGSIb3DQEBCwUAA4IBAQAymjvhC5BoEDff/xnw7CdQri2YhljgyTFjtSJL6a27
KGB/YwTeGrL6j0bGvrHZsWBahZBqvh0pYVv5VMhWn8e/H2twgaKuTvjE1JBLvGid
h40EFjaS+SopdhO5mDAU6Rta9+ioWeHfqFQUsL+u+MCQyhTQicokEyc5qZKLa7Si
oW5zxyGekWLrz9Giqz9B45wHeL9T3CX6S8j0Rb0kSebefkA1soM8aiWfoNluVyvu
6OVkws1u6z3EJF+oE1u9s9DA6t2j12tKt2znShMIIcnzE56hH4t8ujS2HNBZs3YY
UB75n1ewFLhgnE5c9+UMq7EwIzM+Nydum7eknSAozJRk
-----END CERTIFICATE-----