Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/4j5U8yNb3ZLFpnChkIO5BL-yKBA.roa
File:                     4j5U8yNb3ZLFpnChkIO5BL-yKBA.roa (raw, json)
Hash identifier:          NNA/b+u3iY9iJfaEG1OVzKY1EGm871k0dA2EF0wbojs=
Subject key identifier:   E2:3E:54:F3:23:5B:DD:92:C5:A6:70:A1:90:83:B9:04:BF:B2:28:10
Certificate issuer:       /CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
Certificate serial:       018CC86FA83A75EFE5BD36514DAB40DBC116
Authority key identifier: 5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/4j5U8yNb3ZLFpnChkIO5BL-yKBA.roa
Signing time:             Tue 02 Jan 2024 04:30:09 +0000
ROA not before:           Tue 02 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33847
IP address blocks:        91.212.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a8:3a:75:ef:e5:bd:36:51:4d:ab:40:db:c1:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
        Validity
            Not Before: Jan  2 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e23e54f3235bdd92c5a670a19083b904bfb22810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6b:c0:1c:2a:17:b7:55:3a:43:33:f9:d2:01:
                    2c:da:87:36:69:27:18:5b:8e:81:98:c6:9d:32:c7:
                    fc:c9:d6:0a:0e:8b:5e:55:de:70:83:ef:30:e0:8c:
                    a6:3a:07:57:59:35:ba:19:20:5c:0d:4e:04:39:5a:
                    3c:9f:a5:8b:b3:7c:d1:e5:6f:a6:99:01:eb:39:d1:
                    ed:f2:7d:6b:97:32:6b:6a:b4:0c:89:6d:e7:6c:55:
                    a0:e4:f5:3b:75:be:c7:b6:2b:f2:6d:65:67:1d:a0:
                    e0:4e:45:72:e1:2a:cd:9e:7a:ce:1e:c1:0c:17:26:
                    0c:ec:a6:b1:c3:4d:be:8e:13:03:99:03:fb:cd:c0:
                    5a:20:a3:72:19:c6:89:c7:23:57:5e:c9:9c:90:2f:
                    44:42:cb:bf:92:87:88:a1:b4:ed:c5:47:6a:de:ef:
                    4c:cc:94:3f:92:a2:a5:5d:ab:10:d1:81:46:62:36:
                    f6:24:f6:8d:13:3a:44:01:80:36:4f:97:35:37:ca:
                    49:4d:8d:fa:71:65:39:b5:97:a2:63:0f:c1:10:44:
                    a3:84:4a:dc:bc:7f:66:ed:f8:12:1b:d8:1c:e7:4f:
                    54:fe:48:ae:a4:61:0b:a4:08:55:ef:2c:43:99:25:
                    91:f4:51:71:f0:b0:56:30:ad:d1:41:79:83:8d:82:
                    c9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3E:54:F3:23:5B:DD:92:C5:A6:70:A1:90:83:B9:04:BF:B2:28:10
            X509v3 Authority Key Identifier:
                keyid:5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/4j5U8yNb3ZLFpnChkIO5BL-yKBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:93:a7:d2:a6:db:98:96:89:44:24:2f:34:f1:32:10:42:53:
         1c:50:dc:34:37:df:82:20:e4:58:6d:40:7f:ee:1c:58:cc:f5:
         df:b9:8a:35:93:a0:30:ce:36:1d:66:6c:60:91:f8:50:89:27:
         ff:b3:5a:2f:8f:bd:87:d2:a0:b6:bb:5e:23:1b:bb:f7:a2:ad:
         6b:80:15:a4:16:c0:f7:19:4b:e8:fa:6c:78:8c:a8:fe:bd:44:
         00:38:45:dc:db:1e:c4:34:03:76:30:bd:d1:ed:60:df:64:a2:
         de:b4:0b:27:cb:6a:02:e2:0e:61:9f:d0:90:7c:93:b2:86:f8:
         bd:3d:88:91:90:fc:0a:35:26:d0:a5:e3:06:7f:8f:b0:80:7d:
         26:35:3e:c7:61:16:12:c1:8d:7c:7e:9d:f6:ad:85:15:a6:0d:
         98:14:68:3b:25:c7:ed:99:fb:5d:07:2c:07:4c:f5:a8:04:f5:
         1b:da:2d:e0:04:c1:3a:21:bf:02:b1:d6:c2:f9:5b:89:86:1c:
         79:9c:aa:e6:2a:83:a6:bf:c0:04:28:5f:1c:50:69:25:87:5b:
         60:e1:32:eb:ab:cc:56:0a:29:1f:c3:6a:cd:9a:23:75:a4:c3:
         14:57:29:03:81:00:84:35:09:95:2b:cb:c0:63:4f:9c:25:4b:
         39:dd:f7:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6g6de/lvTZRTatA28EWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGE0N2Q1ODJiYjBlOTY4MGY4OTI1OGFiOTZkMDU4Njdk
MzUyZWYwHhcNMjQwMTAyMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjNlNTRmMzIzNWJkZDkyYzVhNjcwYTE5MDgzYjkwNGJmYjIyODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGvAHCoXt1U6QzP50gEs2oc2aScY
W46BmMadMsf8ydYKDoteVd5wg+8w4IymOgdXWTW6GSBcDU4EOVo8n6WLs3zR5W+m
mQHrOdHt8n1rlzJrarQMiW3nbFWg5PU7db7HtivybWVnHaDgTkVy4SrNnnrOHsEM
FyYM7Kaxw02+jhMDmQP7zcBaIKNyGcaJxyNXXsmckC9EQsu/koeIobTtxUdq3u9M
zJQ/kqKlXasQ0YFGYjb2JPaNEzpEAYA2T5c1N8pJTY36cWU5tZeiYw/BEESjhErc
vH9m7fgSG9gc509U/kiupGELpAhV7yxDmSWR9FFx8LBWMK3RQXmDjYLJ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOI+VPMjW92SxaZwoZCDuQS/sigQMB8GA1UdIwQY
MBaAFFpKR9WCuw6WgPiSWKuW0Fhn01LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTct
NmIwMDY1NTA4OTk2LzEvNGo1VTh5TmIzWkxGcG5DaGtJTzVCTC15S0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTctNmIwMDY1NTA4OTk2
LzEvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9Q1MA0G
CSqGSIb3DQEBCwUAA4IBAQB1k6fSptuYlolEJC808TIQQlMcUNw0N9+CIORYbUB/
7hxYzPXfuYo1k6AwzjYdZmxgkfhQiSf/s1ovj72H0qC2u14jG7v3oq1rgBWkFsD3
GUvo+mx4jKj+vUQAOEXc2x7ENAN2ML3R7WDfZKLetAsny2oC4g5hn9CQfJOyhvi9
PYiRkPwKNSbQpeMGf4+wgH0mNT7HYRYSwY18fp32rYUVpg2YFGg7JcftmftdBywH
TPWoBPUb2i3gBME6Ib8CsdbC+VuJhhx5nKrmKoOmv8AEKF8cUGklh1tg4TLrq8xW
Cikfw2rNmiN1pMMUVykDgQCENQmVK8vAY0+cJUs53feI
-----END CERTIFICATE-----