Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/d2c08f-5ff3-4982-b57b-631c6d09e845/1/NVvdX4gJb4J3pDfOfj6Cga2rwjw.roa
File:                     NVvdX4gJb4J3pDfOfj6Cga2rwjw.roa (raw, json)
Hash identifier:          tVCtLe0qWVemWVcqhu0nhLmrCDoJ0zcNYEVA6+Rm3FQ=
Subject key identifier:   35:5B:DD:5F:88:09:6F:82:77:A4:37:CE:7E:3E:82:81:AD:AB:C2:3C
Certificate issuer:       /CN=5d0bbeb7833bdc9be725061157c039f2a10f1a80
Certificate serial:       018CC5012E3FB31C9F690A8D81D82E0EA24A
Authority key identifier: 5D:0B:BE:B7:83:3B:DC:9B:E7:25:06:11:57:C0:39:F2:A1:0F:1A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XQu-t4M73JvnJQYRV8A58qEPGoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/d2c08f-5ff3-4982-b57b-631c6d09e845/1/NVvdX4gJb4J3pDfOfj6Cga2rwjw.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50471
IP address blocks:        109.95.216.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/d2c08f-5ff3-4982-b57b-631c6d09e845/1/XQu-t4M73JvnJQYRV8A58qEPGoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/d2c08f-5ff3-4982-b57b-631c6d09e845/1/XQu-t4M73JvnJQYRV8A58qEPGoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XQu-t4M73JvnJQYRV8A58qEPGoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2e:3f:b3:1c:9f:69:0a:8d:81:d8:2e:0e:a2:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d0bbeb7833bdc9be725061157c039f2a10f1a80
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=355bdd5f88096f8277a437ce7e3e8281adabc23c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:1f:a8:98:5c:31:4f:dc:6b:83:d7:25:90:fa:
                    78:ea:c7:71:a7:83:b4:61:7b:5c:2e:6c:e8:0a:01:
                    da:50:0b:a0:d9:4c:ca:2d:98:09:cf:27:65:bd:ff:
                    ef:71:a8:05:b9:2f:d1:24:fb:d9:d8:b0:c4:8f:db:
                    fb:70:9f:6a:02:7f:7f:bc:1d:b0:4d:71:e8:61:d9:
                    05:f9:cf:fc:ce:6a:e3:9f:25:0d:d4:0b:58:0b:43:
                    ef:bc:db:c8:d8:e7:fc:2d:64:8c:0b:e7:d0:bb:64:
                    52:ef:84:38:d7:f0:e0:c7:51:b5:be:35:c8:48:8c:
                    0a:b2:00:02:0e:93:07:68:5d:14:c4:6b:ba:47:34:
                    87:0f:ba:69:3d:9f:2e:51:ba:29:09:75:36:e0:02:
                    6f:f8:1a:10:45:af:98:42:02:5a:44:42:83:a4:7a:
                    5b:b0:06:4c:93:98:9d:3f:97:62:71:7a:b0:1d:be:
                    22:b2:c1:a2:d2:43:ef:08:5b:1b:65:9d:e3:67:1c:
                    6f:30:e4:1e:96:9f:96:df:8a:33:1e:55:26:45:73:
                    51:b0:fc:ca:b1:b2:15:d7:8a:c1:f4:06:ec:b4:99:
                    3b:8f:3b:0a:f6:b9:65:04:46:e7:35:74:c0:9e:0f:
                    b6:85:0f:54:9a:01:11:97:46:32:04:57:f7:da:8a:
                    c8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:5B:DD:5F:88:09:6F:82:77:A4:37:CE:7E:3E:82:81:AD:AB:C2:3C
            X509v3 Authority Key Identifier:
                keyid:5D:0B:BE:B7:83:3B:DC:9B:E7:25:06:11:57:C0:39:F2:A1:0F:1A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XQu-t4M73JvnJQYRV8A58qEPGoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d2c08f-5ff3-4982-b57b-631c6d09e845/1/NVvdX4gJb4J3pDfOfj6Cga2rwjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d2c08f-5ff3-4982-b57b-631c6d09e845/1/XQu-t4M73JvnJQYRV8A58qEPGoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7a:e8:c7:ee:46:be:9b:55:89:a6:21:36:31:90:8b:1f:a6:ca:
         cc:fc:a5:b7:d5:90:c7:86:b6:05:38:87:95:ee:2d:77:80:a4:
         2a:73:f0:1b:c2:37:45:28:31:6d:43:4a:43:d6:85:ff:3c:80:
         21:a3:ba:be:7c:87:d2:c2:7c:35:1d:ab:e0:b0:25:60:a2:ad:
         20:66:db:3d:0d:b2:8a:d5:5c:0c:7a:ab:33:64:9e:75:34:be:
         fc:a9:e6:33:c1:3f:b4:b0:db:36:9a:69:f7:05:b9:ee:dc:a4:
         f9:0c:60:c7:ca:5f:67:73:dd:f5:fe:cf:ec:33:d8:1b:dc:60:
         67:c4:a8:72:a8:b6:9e:8f:98:ad:ca:1e:98:70:9a:00:e3:e0:
         eb:b3:38:6a:99:c7:b4:7b:d6:e6:c7:1b:74:6e:f3:66:50:c9:
         16:f1:e6:35:08:c4:5f:ee:ed:22:2c:d5:b8:57:a0:16:04:88:
         40:62:88:be:da:60:4f:29:b2:c3:d7:89:a7:ef:76:d6:94:9d:
         27:af:68:7e:e0:5e:bf:7c:aa:93:06:a9:e2:9e:cd:2d:bc:f0:
         1b:41:6c:79:0f:96:5a:5d:d1:8f:c1:3e:cf:af:93:77:02:23:
         ff:ee:20:f1:bb:0b:14:03:68:c0:39:a1:38:f8:40:a8:57:45:
         bc:55:c3:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAS4/sxyfaQqNgdguDqJKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMGJiZWI3ODMzYmRjOWJlNzI1MDYxMTU3YzAzOWYyYTEw
ZjFhODAwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTViZGQ1Zjg4MDk2ZjgyNzdhNDM3Y2U3ZTNlODI4MWFkYWJjMjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7x+omFwxT9xrg9clkPp46sdxp4O0
YXtcLmzoCgHaUAug2UzKLZgJzydlvf/vcagFuS/RJPvZ2LDEj9v7cJ9qAn9/vB2w
TXHoYdkF+c/8zmrjnyUN1AtYC0PvvNvI2Of8LWSMC+fQu2RS74Q41/Dgx1G1vjXI
SIwKsgACDpMHaF0UxGu6RzSHD7ppPZ8uUbopCXU24AJv+BoQRa+YQgJaREKDpHpb
sAZMk5idP5dicXqwHb4issGi0kPvCFsbZZ3jZxxvMOQelp+W34ozHlUmRXNRsPzK
sbIV14rB9AbstJk7jzsK9rllBEbnNXTAng+2hQ9UmgERl0YyBFf32orIqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVb3V+ICW+Cd6Q3zn4+goGtq8I8MB8GA1UdIwQY
MBaAFF0LvreDO9yb5yUGEVfAOfKhDxqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFF1LXQ0TTczSnZuSlFZUlY4QTU4cUVQR29BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9kMmMwOGYtNWZmMy00OTgyLWI1N2It
NjMxYzZkMDllODQ1LzEvTlZ2ZFg0Z0piNEozcERmT2ZqNkNnYTJyd2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9kMmMwOGYtNWZmMy00OTgyLWI1N2ItNjMxYzZkMDllODQ1
LzEvWFF1LXQ0TTczSnZuSlFZUlY4QTU4cUVQR29BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbV/YMA0G
CSqGSIb3DQEBCwUAA4IBAQB66MfuRr6bVYmmITYxkIsfpsrM/KW31ZDHhrYFOIeV
7i13gKQqc/AbwjdFKDFtQ0pD1oX/PIAho7q+fIfSwnw1HavgsCVgoq0gZts9DbKK
1VwMeqszZJ51NL78qeYzwT+0sNs2mmn3Bbnu3KT5DGDHyl9nc931/s/sM9gb3GBn
xKhyqLaej5ityh6YcJoA4+Drszhqmce0e9bmxxt0bvNmUMkW8eY1CMRf7u0iLNW4
V6AWBIhAYoi+2mBPKbLD14mn73bWlJ0nr2h+4F6/fKqTBqnins0tvPAbQWx5D5Za
XdGPwT7Pr5N3AiP/7iDxuwsUA2jAOaE4+ECoV0W8VcNd
-----END CERTIFICATE-----