Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/ojEIE9xUeewMY44GWt_SHDeMTAo.roa
File:                     ojEIE9xUeewMY44GWt_SHDeMTAo.roa (raw, json)
Hash identifier:          PgD7SHmkSGiVf1wdkkC/MHTPCWldezQ0mPs6NheMbmo=
Subject key identifier:   A2:31:08:13:DC:54:79:EC:0C:63:8E:06:5A:DF:D2:1C:37:8C:4C:0A
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018CC79469E3653453EDDC2DA07ED84EA612
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/ojEIE9xUeewMY44GWt_SHDeMTAo.roa
Signing time:             Tue 02 Jan 2024 00:30:41 +0000
ROA not before:           Tue 02 Jan 2024 00:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        168.199.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:69:e3:65:34:53:ed:dc:2d:a0:7e:d8:4e:a6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 00:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2310813dc5479ec0c638e065adfd21c378c4c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:12:d0:f8:31:de:e2:10:08:0b:7e:0d:ae:cd:
                    1b:cb:eb:b9:cd:5a:cf:f6:05:3f:12:be:a9:48:d9:
                    8f:2b:7d:4e:c5:5a:4c:07:79:82:12:73:19:9b:f9:
                    ef:bc:55:44:c5:02:c0:21:84:52:e6:ed:01:df:fb:
                    e5:32:d6:16:fb:1e:80:02:42:3e:10:63:81:0c:d3:
                    28:84:2f:8c:c3:39:46:48:3b:48:26:77:11:0f:cb:
                    9f:5f:f2:68:9f:86:42:89:29:c8:71:76:b1:98:76:
                    3b:13:c3:44:3b:da:60:38:a3:33:cd:30:25:44:9a:
                    08:9f:e4:8b:b3:e0:fe:08:ee:f9:a5:6a:14:0d:68:
                    95:b5:ec:e1:af:25:30:2d:9e:dc:a6:af:7d:8d:2b:
                    d4:84:c7:c3:cf:a6:67:69:8a:b7:c3:6e:21:41:ad:
                    6c:d1:98:ae:35:2a:9a:bf:af:28:85:8d:31:52:81:
                    94:87:6c:cf:51:06:89:64:cb:44:03:f3:13:1c:c5:
                    85:70:71:8d:e5:8c:55:b4:f1:f7:c9:d2:9c:e3:82:
                    ac:b8:b5:d5:34:0d:f3:3b:ea:11:b2:1f:51:fd:6a:
                    36:fa:07:74:c9:2c:b1:d4:52:0d:a4:a1:15:f2:bd:
                    a7:d2:85:ce:4b:0f:86:70:e0:ee:18:52:b5:4d:59:
                    aa:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:31:08:13:DC:54:79:EC:0C:63:8E:06:5A:DF:D2:1C:37:8C:4C:0A
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/ojEIE9xUeewMY44GWt_SHDeMTAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:d3:dc:da:1b:9f:98:01:68:49:13:ea:1f:b8:29:8e:53:b1:
         9d:7d:b8:2c:57:c5:08:4d:7f:94:4c:7b:62:a5:a8:8b:5c:2b:
         ce:15:d7:50:2e:d5:b0:75:b3:db:6b:a5:6f:4e:8d:72:09:94:
         76:42:f9:b2:89:d1:f4:ee:b2:ca:6b:e7:49:06:fd:54:76:e6:
         d9:fc:bc:a4:34:cd:4d:b5:dc:b8:2c:7c:02:e1:0f:e1:bd:e5:
         26:6a:f2:e4:22:92:a0:83:f4:c6:1d:f2:59:92:b8:6b:02:9b:
         b8:17:67:2b:70:ac:e4:32:b7:2c:6b:af:58:3c:63:a1:6b:0d:
         be:23:81:2b:7d:6a:66:5e:1d:7c:46:ad:a5:28:b6:44:52:a3:
         1f:17:fe:41:fa:c4:d8:70:3e:dc:09:37:a1:d8:5c:c0:24:fc:
         6e:23:af:84:7c:fe:da:5e:81:78:50:31:c6:b7:f0:d2:3f:be:
         e8:c7:34:e9:e0:10:37:20:46:96:11:68:e6:2a:5f:60:89:dc:
         f3:22:fa:a7:33:a7:14:e3:55:9d:6b:28:a6:b2:b5:e6:d8:d6:
         d7:3e:46:93:6c:90:18:cf:b2:6f:97:8d:b7:1f:22:d5:bb:21:
         3f:f8:25:4d:30:94:33:4a:ad:50:ce:39:9f:a0:82:e7:7c:7e:
         d6:f1:11:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlGnjZTRT7dwtoH7YTqYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwMTAyMDAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjMxMDgxM2RjNTQ3OWVjMGM2MzhlMDY1YWRmZDIxYzM3OGM0YzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRLQ+DHe4hAIC34Nrs0by+u5zVrP
9gU/Er6pSNmPK31OxVpMB3mCEnMZm/nvvFVExQLAIYRS5u0B3/vlMtYW+x6AAkI+
EGOBDNMohC+MwzlGSDtIJncRD8ufX/Jon4ZCiSnIcXaxmHY7E8NEO9pgOKMzzTAl
RJoIn+SLs+D+CO75pWoUDWiVtezhryUwLZ7cpq99jSvUhMfDz6ZnaYq3w24hQa1s
0ZiuNSqav68ohY0xUoGUh2zPUQaJZMtEA/MTHMWFcHGN5YxVtPH3ydKc44KsuLXV
NA3zO+oRsh9R/Wo2+gd0ySyx1FINpKEV8r2n0oXOSw+GcODuGFK1TVmqLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIxCBPcVHnsDGOOBlrf0hw3jEwKMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvb2pFSUU5eFVlZXdNWTQ0R1d0X1NIRGVNVEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqMcTMA0G
CSqGSIb3DQEBCwUAA4IBAQAg09zaG5+YAWhJE+ofuCmOU7GdfbgsV8UITX+UTHti
paiLXCvOFddQLtWwdbPba6VvTo1yCZR2QvmyidH07rLKa+dJBv1UdubZ/LykNM1N
tdy4LHwC4Q/hveUmavLkIpKgg/TGHfJZkrhrApu4F2crcKzkMrcsa69YPGOhaw2+
I4ErfWpmXh18Rq2lKLZEUqMfF/5B+sTYcD7cCTeh2FzAJPxuI6+EfP7aXoF4UDHG
t/DSP77oxzTp4BA3IEaWEWjmKl9gidzzIvqnM6cU41WdayimsrXm2NbXPkaTbJAY
z7Jvl423HyLVuyE/+CVNMJQzSq1QzjmfoILnfH7W8RHf
-----END CERTIFICATE-----