Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/MdHDHQ3oqJJzFSrNEnCuCOCYvPQ.roa
File:                     MdHDHQ3oqJJzFSrNEnCuCOCYvPQ.roa (raw, json)
Hash identifier:          d04Ov7eXSMtS6ell7biOtUWgIAS6h7+pxx5AoEpdNDk=
Subject key identifier:   31:D1:C3:1D:0D:E8:A8:92:73:15:2A:CD:12:70:AE:08:E0:98:BC:F4
Certificate issuer:       /CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
Certificate serial:       018CC3B73FDE1F2D2A4528F374660FF38326
Authority key identifier: EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/MdHDHQ3oqJJzFSrNEnCuCOCYvPQ.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198977
IP address blocks:        5.104.16.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 00:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3f:de:1f:2d:2a:45:28:f3:74:66:0f:f3:83:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31d1c31d0de8a89273152acd1270ae08e098bcf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:23:80:ac:1b:89:15:04:86:09:21:b0:f2:49:
                    f6:95:5d:c8:21:a8:21:bc:62:4a:ce:0c:a8:8a:88:
                    b8:e0:4e:a4:87:68:cd:d5:dd:cf:62:17:8b:26:f4:
                    b4:e6:e6:95:a9:8a:94:05:52:37:ba:85:25:c6:3a:
                    c2:ac:ef:20:5b:5b:21:be:a0:56:5d:9b:cb:c7:6b:
                    43:4f:6f:cf:17:eb:1e:f5:ee:d2:e2:4b:b1:51:e9:
                    13:19:22:50:86:74:e1:55:5e:89:40:c2:02:d1:30:
                    39:06:82:32:3b:2f:66:c5:44:6b:4a:9e:35:9e:ba:
                    bd:7b:c2:70:b8:9e:b7:9d:fd:63:c2:54:aa:28:4f:
                    94:36:f8:15:05:82:33:ab:2d:79:f3:56:00:77:58:
                    c6:aa:5e:2b:fe:63:41:23:96:03:42:03:52:81:46:
                    9a:87:a2:42:47:72:b8:28:ca:29:92:d0:c1:41:fb:
                    57:73:2b:91:8c:f5:ca:d4:97:13:cd:f2:52:ee:cc:
                    c5:1f:2a:4f:c9:a7:19:bb:63:15:06:30:09:f8:58:
                    b0:88:4f:c0:88:72:d6:d4:5b:4a:65:a5:86:30:55:
                    ce:65:b7:b1:7f:bb:b1:d4:da:bb:85:2c:bd:72:6d:
                    7b:01:df:f5:f8:d2:ce:f7:55:6f:59:f2:33:cc:fd:
                    f2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D1:C3:1D:0D:E8:A8:92:73:15:2A:CD:12:70:AE:08:E0:98:BC:F4
            X509v3 Authority Key Identifier:
                keyid:EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/MdHDHQ3oqJJzFSrNEnCuCOCYvPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         14:e8:9c:6c:e3:7b:07:03:59:9f:21:92:d4:76:7f:3f:bd:c1:
         cf:5c:63:de:6a:d2:57:3c:31:1a:fe:0b:2a:d7:45:dc:ed:fc:
         8e:db:4d:5c:5b:60:d2:f3:b2:68:03:09:c0:99:1f:da:e4:e4:
         f2:35:ff:66:b6:c8:ef:0e:ad:04:a7:0f:e5:81:60:0e:73:98:
         1c:8f:e0:44:04:19:41:54:3b:33:b4:96:79:69:d0:29:da:e7:
         dc:1e:75:08:f5:11:22:30:e7:89:c1:f8:d8:b2:34:b9:63:9a:
         b8:9c:be:f4:17:d8:1e:62:08:02:ad:ae:43:aa:ec:e3:d1:8e:
         d4:a7:b6:d5:2e:c2:ad:13:aa:66:a0:83:13:7f:69:e4:d3:14:
         d5:fe:eb:63:60:ce:f9:94:f5:f7:f4:06:9c:07:67:f9:b1:b5:
         e5:16:b1:37:e8:3f:b0:54:89:78:0b:a8:b1:04:b2:7a:41:53:
         b0:e2:6c:ea:8c:d0:f0:53:c2:07:b1:8f:42:0e:ed:7c:31:fe:
         e2:6c:b5:67:7a:57:54:96:9b:66:72:7b:e0:50:5e:c2:e0:e5:
         c3:ac:95:6c:19:d3:e5:6c:66:52:a9:5a:29:a1:4d:c1:0b:88:
         de:4e:32:44:6e:b0:cc:0e:f5:dd:51:28:7c:c4:82:e2:75:88:
         c0:8c:fb:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz/eHy0qRSjzdGYP84MmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTA4MmQzN2ZiYzgxOTk4YmZjZjk0OGE1YmJkZGE2M2Vk
ZmRlZTAwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQxYzMxZDBkZThhODkyNzMxNTJhY2QxMjcwYWUwOGUwOThiY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyOArBuJFQSGCSGw8kn2lV3IIagh
vGJKzgyoioi44E6kh2jN1d3PYheLJvS05uaVqYqUBVI3uoUlxjrCrO8gW1shvqBW
XZvLx2tDT2/PF+se9e7S4kuxUekTGSJQhnThVV6JQMIC0TA5BoIyOy9mxURrSp41
nrq9e8JwuJ63nf1jwlSqKE+UNvgVBYIzqy1581YAd1jGql4r/mNBI5YDQgNSgUaa
h6JCR3K4KMopktDBQftXcyuRjPXK1JcTzfJS7szFHypPyacZu2MVBjAJ+FiwiE/A
iHLW1FtKZaWGMFXOZbexf7ux1Nq7hSy9cm17Ad/1+NLO91VvWfIzzP3yHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHRwx0N6KiScxUqzRJwrgjgmLz0MB8GA1UdIwQY
MBaAFO9QgtN/vIGZi/z5SKW73aY+397gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFDQzAzLThnWm1MX1BsSXBidmRwajdmM3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wYzNjNGQtMDFkMi00NDBhLWE1MWYt
OTE5NWQwMmRlZDU1LzEvTWRIREhRM29xSkp6RlNyTkVuQ3VDT0NZdlBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wYzNjNGQtMDFkMi00NDBhLWE1MWYtOTE5NWQwMmRlZDU1
LzEvNzFDQzAzLThnWm1MX1BsSXBidmRwajdmM3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBWgQMA0G
CSqGSIb3DQEBCwUAA4IBAQAU6Jxs43sHA1mfIZLUdn8/vcHPXGPeatJXPDEa/gsq
10Xc7fyO201cW2DS87JoAwnAmR/a5OTyNf9mtsjvDq0Epw/lgWAOc5gcj+BEBBlB
VDsztJZ5adAp2ufcHnUI9REiMOeJwfjYsjS5Y5q4nL70F9geYggCra5Dquzj0Y7U
p7bVLsKtE6pmoIMTf2nk0xTV/utjYM75lPX39AacB2f5sbXlFrE36D+wVIl4C6ix
BLJ6QVOw4mzqjNDwU8IHsY9CDu18Mf7ibLVneldUlptmcnvgUF7C4OXDrJVsGdPl
bGZSqVopoU3BC4jeTjJEbrDMDvXdUSh8xILidYjAjPuc
-----END CERTIFICATE-----