Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/Q9xRecjMfex9Gqb0iWhpzHj176g.roa
File:                     Q9xRecjMfex9Gqb0iWhpzHj176g.roa (raw, json)
Hash identifier:          EfAXd3qPg95T2J/dgz7CHYA7M7YcXvoP2KswehdpefM=
Subject key identifier:   43:DC:51:79:C8:CC:7D:EC:7D:1A:A6:F4:89:68:69:CC:78:F5:EF:A8
Certificate issuer:       /CN=89da60f049dfba34be4b4e8418b9ff492125c449
Certificate serial:       018CC9BC6825132D4ACFE02EC0311A4AAACB
Authority key identifier: 89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/Q9xRecjMfex9Gqb0iWhpzHj176g.roa
Signing time:             Tue 02 Jan 2024 10:33:36 +0000
ROA not before:           Tue 02 Jan 2024 10:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26380
IP address blocks:        5.32.43.128/25 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:68:25:13:2d:4a:cf:e0:2e:c0:31:1a:4a:aa:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89da60f049dfba34be4b4e8418b9ff492125c449
        Validity
            Not Before: Jan  2 10:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43dc5179c8cc7dec7d1aa6f4896869cc78f5efa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:c3:8a:31:4f:d4:35:e6:ce:a6:20:fe:c3:
                    b9:46:2f:0e:1a:dc:ef:89:35:3e:06:88:3c:58:6b:
                    8e:4e:34:1c:09:22:b6:51:0f:c7:be:ac:4e:83:8a:
                    87:69:07:1d:71:a5:08:00:3a:42:8f:0f:37:9e:20:
                    e7:fc:a3:83:32:de:e0:dc:b3:66:0f:55:da:6b:5a:
                    a5:6f:c0:0f:49:bb:fa:ab:a1:35:3d:cf:5b:77:ac:
                    52:b1:76:f5:fd:73:40:f0:d3:58:09:9d:59:4b:d4:
                    47:44:4f:35:f3:eb:18:14:fd:e9:1c:c2:73:db:94:
                    74:f8:19:bd:6b:ae:d3:24:34:f2:7c:bb:58:a4:95:
                    23:32:c5:21:ea:d0:00:30:c7:6b:e2:ac:2a:00:af:
                    71:75:79:92:2f:30:fb:11:64:fd:d2:bc:96:8e:4d:
                    bb:44:c0:e0:4d:72:53:1d:3f:74:80:c9:41:c1:10:
                    a6:12:7d:40:15:86:66:b6:31:d9:be:4f:f2:66:f8:
                    f7:68:3d:f4:a6:c8:cf:b3:4b:31:e8:04:a7:e6:8e:
                    06:44:f0:02:c2:5a:b8:1b:7c:84:b8:15:f2:31:01:
                    57:16:5d:ba:7f:07:2c:07:07:9a:69:ec:8a:7c:a5:
                    fb:d7:f8:a1:94:50:7f:c3:57:ca:b3:83:33:b6:e0:
                    de:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DC:51:79:C8:CC:7D:EC:7D:1A:A6:F4:89:68:69:CC:78:F5:EF:A8
            X509v3 Authority Key Identifier:
                keyid:89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/Q9xRecjMfex9Gqb0iWhpzHj176g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.32.43.128/25

    Signature Algorithm: sha256WithRSAEncryption
         58:c8:6d:ea:c5:96:b0:85:3d:a1:22:23:91:0e:51:cd:d4:ad:
         75:e4:23:43:a5:dc:87:b0:24:c1:a8:1a:7d:a7:85:22:b2:98:
         a0:72:94:24:7d:50:2c:c6:b9:e8:82:ed:57:62:42:55:ec:57:
         12:f1:78:95:1d:9a:69:ee:fe:6c:15:be:f6:4c:9a:b8:ae:5e:
         56:ed:ac:04:23:03:15:e0:87:0f:42:65:85:fd:87:3e:1c:86:
         f6:01:58:2a:27:a6:64:b5:a1:92:18:f6:e6:bf:cf:2f:0d:c2:
         73:5b:92:41:8a:41:7f:12:77:7c:54:b4:fb:03:c2:d1:bb:0c:
         c7:ee:7e:ae:4f:90:2a:de:0a:1d:7f:31:de:c9:68:45:31:28:
         8f:1e:69:d2:3b:10:21:93:84:19:83:0a:a0:d0:93:12:2a:05:
         83:fd:72:85:38:62:70:98:61:cc:66:36:59:ef:a4:47:a9:d0:
         0d:38:52:f4:03:e3:bc:31:86:61:b0:2a:6e:43:d2:d3:79:84:
         ac:45:97:a9:18:13:11:c2:f8:ca:4e:84:60:4d:00:98:53:f1:
         d7:e7:05:3a:46:99:18:e1:cd:f8:6a:d5:76:66:5b:0d:69:af:
         46:40:0d:c8:1b:86:ab:52:c0:0a:f0:aa:13:aa:3b:3c:c3:6e:
         2d:24:54:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvGglEy1Kz+AuwDEaSqrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZGE2MGYwNDlkZmJhMzRiZTRiNGU4NDE4YjlmZjQ5MjEy
NWM0NDkwHhcNMjQwMTAyMTAzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2RjNTE3OWM4Y2M3ZGVjN2QxYWE2ZjQ4OTY4NjljYzc4ZjVlZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9bDijFP1DXmzqYg/sO5Ri8OGtzv
iTU+Bog8WGuOTjQcCSK2UQ/HvqxOg4qHaQcdcaUIADpCjw83niDn/KODMt7g3LNm
D1Xaa1qlb8APSbv6q6E1Pc9bd6xSsXb1/XNA8NNYCZ1ZS9RHRE818+sYFP3pHMJz
25R0+Bm9a67TJDTyfLtYpJUjMsUh6tAAMMdr4qwqAK9xdXmSLzD7EWT90ryWjk27
RMDgTXJTHT90gMlBwRCmEn1AFYZmtjHZvk/yZvj3aD30psjPs0sx6ASn5o4GRPAC
wlq4G3yEuBXyMQFXFl26fwcsBweaaeyKfKX71/ihlFB/w1fKs4MztuDeWQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEPcUXnIzH3sfRqm9Iloacx49e+oMB8GA1UdIwQY
MBaAFInaYPBJ37o0vktOhBi5/0khJcRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWRwZzhFbmZ1alMtUzA2RUdMbl9TU0VseEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTQ3N2YtMDc4NS00MDI2LTgzYmUt
Njk4OTBjODI5ZTMzLzEvUTl4UmVjak1mZXg5R3FiMGlXaHB6SGoxNzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTQ3N2YtMDc4NS00MDI2LTgzYmUtNjk4OTBjODI5ZTMz
LzEvaWRwZzhFbmZ1alMtUzA2RUdMbl9TU0VseEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUHBSArgDAN
BgkqhkiG9w0BAQsFAAOCAQEAWMht6sWWsIU9oSIjkQ5RzdStdeQjQ6Xch7Akwaga
faeFIrKYoHKUJH1QLMa56ILtV2JCVexXEvF4lR2aae7+bBW+9kyauK5eVu2sBCMD
FeCHD0Jlhf2HPhyG9gFYKiemZLWhkhj25r/PLw3Cc1uSQYpBfxJ3fFS0+wPC0bsM
x+5+rk+QKt4KHX8x3sloRTEojx5p0jsQIZOEGYMKoNCTEioFg/1yhThicJhhzGY2
We+kR6nQDThS9APjvDGGYbAqbkPS03mErEWXqRgTEcL4yk6EYE0AmFPx1+cFOkaZ
GOHN+GrVdmZbDWmvRkANyBuGq1LACvCqE6o7PMNuLSRUpg==
-----END CERTIFICATE-----