Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/5-HMcFvnsCJI33YwXZovEwtQ1oI.roa
File:                     5-HMcFvnsCJI33YwXZovEwtQ1oI.roa (raw, json)
Hash identifier:          dGV417RRGDACdiiN4lkQi5+zvgVsL3BbOULbJ9+eM9Q=
Subject key identifier:   E7:E1:CC:70:5B:E7:B0:22:48:DF:76:30:5D:9A:2F:13:0B:50:D6:82
Certificate issuer:       /CN=37fbdf2f5f855e5e1ca48e77c3bdd33bd47b4438
Certificate serial:       018CC794E5F968B02B91344CB98538BE095C
Authority key identifier: 37:FB:DF:2F:5F:85:5E:5E:1C:A4:8E:77:C3:BD:D3:3B:D4:7B:44:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_vfL1-FXl4cpI53w73TO9R7RDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/5-HMcFvnsCJI33YwXZovEwtQ1oI.roa
Signing time:             Tue 02 Jan 2024 00:31:13 +0000
ROA not before:           Tue 02 Jan 2024 00:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54145
IP address blocks:        193.151.172.0/22 maxlen: 22
                          206.190.220.0/22 maxlen: 24
                          2a0d:e8c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/N_vfL1-FXl4cpI53w73TO9R7RDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/N_vfL1-FXl4cpI53w73TO9R7RDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_vfL1-FXl4cpI53w73TO9R7RDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e5:f9:68:b0:2b:91:34:4c:b9:85:38:be:09:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fbdf2f5f855e5e1ca48e77c3bdd33bd47b4438
        Validity
            Not Before: Jan  2 00:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7e1cc705be7b02248df76305d9a2f130b50d682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:bb:7a:49:73:ab:cb:70:e5:5d:e5:a8:0d:e7:
                    2f:79:ce:7a:36:2d:2e:49:94:b7:bb:38:17:52:22:
                    bf:5e:6f:f0:c0:26:01:32:51:e1:b3:c8:ee:2c:54:
                    81:3b:02:6d:df:23:dd:c6:f3:53:1d:eb:31:14:4c:
                    60:34:73:41:4d:49:3d:9e:6c:f6:d1:49:a3:4f:fd:
                    dd:59:c7:1a:6c:4c:95:91:c0:88:cc:6e:7f:7b:25:
                    e4:58:56:2c:90:ea:35:15:bd:69:78:c5:5a:0e:fa:
                    5d:25:12:14:63:4c:be:00:a0:e2:1d:5b:85:08:5c:
                    ab:df:2c:ad:10:2e:81:7b:2c:b7:b1:75:8f:3f:ef:
                    aa:97:b6:83:1d:7d:7a:a7:7d:cf:e2:cc:51:e3:42:
                    d6:82:5f:42:cc:3f:4e:dd:f5:57:78:73:5c:32:5c:
                    40:dd:eb:7c:3a:72:dd:06:bb:92:ec:d8:c4:cc:3f:
                    39:1e:3e:a5:03:f8:aa:96:81:be:9a:ca:20:60:06:
                    9a:aa:a7:97:f2:69:68:8f:6d:91:31:b1:f8:e3:38:
                    4b:bb:3f:c4:77:6d:e4:66:9e:95:93:b3:d1:ee:bb:
                    0a:1f:0c:42:ab:1e:54:1f:8d:e2:a7:e6:a5:bb:d7:
                    9e:c2:47:30:a9:fa:43:4b:60:0d:8f:62:7a:9b:f9:
                    d1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E1:CC:70:5B:E7:B0:22:48:DF:76:30:5D:9A:2F:13:0B:50:D6:82
            X509v3 Authority Key Identifier:
                keyid:37:FB:DF:2F:5F:85:5E:5E:1C:A4:8E:77:C3:BD:D3:3B:D4:7B:44:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_vfL1-FXl4cpI53w73TO9R7RDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/5-HMcFvnsCJI33YwXZovEwtQ1oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/1336c7-a33f-4ec6-82d7-f44166bb2db0/1/N_vfL1-FXl4cpI53w73TO9R7RDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.172.0/22
                  206.190.220.0/22
                IPv6:
                  2a0d:e8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:c9:df:0e:00:12:e5:2b:61:0b:f7:8d:93:ce:0c:7e:50:7b:
         dd:aa:27:5d:e6:1f:d4:c3:4f:20:78:a8:16:c7:14:cc:bc:33:
         07:3b:f8:5b:c4:bb:26:06:de:86:6a:0d:ef:30:fd:f1:dd:94:
         bf:0c:81:a4:b8:fd:65:34:41:b4:37:0e:d8:87:94:e7:5d:5c:
         71:56:fd:9c:6c:0b:f3:7d:d0:32:6f:8b:4e:79:6c:bb:f0:34:
         dc:61:31:e8:87:94:8d:cd:9d:d6:78:85:73:2b:85:ab:4d:7f:
         6a:66:d8:15:59:01:9a:8e:52:6e:6f:e1:ba:48:68:b4:68:56:
         97:38:1c:07:db:83:4d:6a:72:4b:41:14:e1:d8:3e:2d:ed:98:
         e3:9b:68:9b:f0:c5:15:19:8c:19:4b:26:4b:23:0d:de:16:34:
         40:ab:8f:24:c9:20:ff:62:7e:71:89:89:66:41:14:e4:3d:d4:
         10:b4:58:d3:e2:38:3a:1d:98:bd:ac:0a:19:a8:e9:93:1a:92:
         68:d2:1c:37:a9:eb:7f:6b:b6:99:41:4c:b7:0a:c4:b8:07:3d:
         0b:20:3e:14:aa:25:fd:92:dc:1b:80:5b:34:ad:7a:53:b9:be:
         d0:62:3d:9d:2c:c2:0e:e5:6a:a5:4b:3a:df:ee:51:dc:1c:86:
         3a:89:59:3a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHlOX5aLArkTRMuYU4vglcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmJkZjJmNWY4NTVlNWUxY2E0OGU3N2MzYmRkMzNiZDQ3
YjQ0MzgwHhcNMjQwMTAyMDAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2UxY2M3MDViZTdiMDIyNDhkZjc2MzA1ZDlhMmYxMzBiNTBkNjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLt6SXOry3DlXeWoDecvec56Ni0u
SZS3uzgXUiK/Xm/wwCYBMlHhs8juLFSBOwJt3yPdxvNTHesxFExgNHNBTUk9nmz2
0UmjT/3dWccabEyVkcCIzG5/eyXkWFYskOo1Fb1peMVaDvpdJRIUY0y+AKDiHVuF
CFyr3yytEC6Beyy3sXWPP++ql7aDHX16p33P4sxR40LWgl9CzD9O3fVXeHNcMlxA
3et8OnLdBruS7NjEzD85Hj6lA/iqloG+msogYAaaqqeX8mloj22RMbH44zhLuz/E
d23kZp6Vk7PR7rsKHwxCqx5UH43ip+alu9eewkcwqfpDS2ANj2J6m/nRYwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOfhzHBb57AiSN92MF2aLxMLUNaCMB8GA1UdIwQY
MBaAFDf73y9fhV5eHKSOd8O90zvUe0Q4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl92ZkwxLUZYbDRjcEk1M3c3M1RPOVI3UkRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMzM2YzctYTMzZi00ZWM2LTgyZDct
ZjQ0MTY2YmIyZGIwLzEvNS1ITWNGdm5zQ0pJMzNZd1hab3ZFd3RRMW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMzM2YzctYTMzZi00ZWM2LTgyZDctZjQ0MTY2YmIyZGIw
LzEvTl92ZkwxLUZYbDRjcEk1M3c3M1RPOVI3UkRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCwZesAwQC
zr7cMA0EAgACMAcDBQMqDejAMA0GCSqGSIb3DQEBCwUAA4IBAQAiyd8OABLlK2EL
942Tzgx+UHvdqidd5h/Uw08geKgWxxTMvDMHO/hbxLsmBt6Gag3vMP3x3ZS/DIGk
uP1lNEG0Nw7Yh5TnXVxxVv2cbAvzfdAyb4tOeWy78DTcYTHoh5SNzZ3WeIVzK4Wr
TX9qZtgVWQGajlJub+G6SGi0aFaXOBwH24NNanJLQRTh2D4t7Zjjm2ib8MUVGYwZ
SyZLIw3eFjRAq48kySD/Yn5xiYlmQRTkPdQQtFjT4jg6HZi9rAoZqOmTGpJo0hw3
qet/a7aZQUy3CsS4Bz0LID4UqiX9ktwbgFs0rXpTub7QYj2dLMIO5WqlSzrf7lHc
HIY6iVk6
-----END CERTIFICATE-----