Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/UsFPEgYS2MXX7PLk2O29Hq2Ex90.roa
File:                     UsFPEgYS2MXX7PLk2O29Hq2Ex90.roa (raw, json)
Hash identifier:          qVrcD28O7YNX9TkR4PF8VcsOPFsBccCpM1UTeIHN1ik=
Subject key identifier:   52:C1:4F:12:06:12:D8:C5:D7:EC:F2:E4:D8:ED:BD:1E:AD:84:C7:DD
Certificate issuer:       /CN=dae6bdfe4278008f716d4d7b0b9f92f7e036eb26
Certificate serial:       018DC01E844795AD03DD731E3FD82598A502
Authority key identifier: DA:E6:BD:FE:42:78:00:8F:71:6D:4D:7B:0B:9F:92:F7:E0:36:EB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ua9_kJ4AI9xbU17C5-S9-A26yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/UsFPEgYS2MXX7PLk2O29Hq2Ex90.roa
Signing time:             Mon 19 Feb 2024 06:47:21 +0000
ROA not before:           Mon 19 Feb 2024 06:47:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     37284
IP address blocks:        5.63.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/2ua9_kJ4AI9xbU17C5-S9-A26yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/2ua9_kJ4AI9xbU17C5-S9-A26yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ua9_kJ4AI9xbU17C5-S9-A26yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:1e:84:47:95:ad:03:dd:73:1e:3f:d8:25:98:a5:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dae6bdfe4278008f716d4d7b0b9f92f7e036eb26
        Validity
            Not Before: Feb 19 06:47:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52c14f120612d8c5d7ecf2e4d8edbd1ead84c7dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:88:4c:a7:00:59:a3:6b:d7:75:78:9c:dd:43:
                    14:46:bd:b5:be:ee:94:ba:7b:6f:6b:e2:bb:62:99:
                    e3:ad:a2:56:d0:fd:34:fc:80:a7:06:da:93:fc:56:
                    4e:b8:56:91:5b:82:a2:3a:69:5b:6b:b3:8b:f8:6e:
                    7c:aa:d4:b3:bb:8d:7b:76:c4:9a:2b:54:b2:2c:e1:
                    cd:a4:07:d9:01:5a:aa:43:2e:4b:df:84:ef:cc:f3:
                    3d:a5:cd:5e:80:99:6e:b4:51:12:d5:35:3d:cf:23:
                    2f:e5:ac:ba:ba:d0:19:d8:27:f8:01:86:12:ca:85:
                    3c:27:7b:3a:1f:b0:e0:30:7a:19:5e:a4:87:f2:34:
                    1b:38:73:8c:94:56:00:5c:50:e4:b4:34:2d:37:2a:
                    bb:c7:1e:c9:5e:80:bd:47:0b:8d:d6:2e:d6:83:16:
                    53:d6:f6:c9:29:c9:bc:5b:18:75:40:88:29:d0:0a:
                    1d:00:fc:e9:ba:0e:99:54:d6:5f:35:19:ce:1e:b3:
                    2b:35:8d:03:c0:7f:87:c5:8f:2c:ef:b7:24:4f:a7:
                    c5:41:a3:a8:b1:ff:b3:b8:00:ac:a2:bc:3f:09:19:
                    35:d1:9a:2f:7f:26:f6:b4:22:08:40:8e:36:f7:d6:
                    0c:fd:67:d0:64:a2:48:c6:96:05:5f:21:96:4b:a6:
                    c4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C1:4F:12:06:12:D8:C5:D7:EC:F2:E4:D8:ED:BD:1E:AD:84:C7:DD
            X509v3 Authority Key Identifier:
                keyid:DA:E6:BD:FE:42:78:00:8F:71:6D:4D:7B:0B:9F:92:F7:E0:36:EB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ua9_kJ4AI9xbU17C5-S9-A26yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/UsFPEgYS2MXX7PLk2O29Hq2Ex90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/2ua9_kJ4AI9xbU17C5-S9-A26yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7f:25:a0:84:a6:b5:47:e1:6c:3f:96:c8:4c:11:6d:83:b1:23:
         59:7a:d8:b3:6c:c4:f9:65:1d:7e:1d:ab:7f:f5:48:07:9b:ed:
         25:b5:a7:81:49:6f:35:96:8a:40:75:1c:18:d2:59:29:8d:d0:
         ef:29:69:ad:ae:a9:b4:c9:e5:c3:3e:65:c4:75:19:40:42:a9:
         c6:42:4b:e1:af:42:c0:0e:70:19:56:6b:03:a2:99:8f:53:a3:
         cc:60:92:31:32:90:23:91:df:c8:e9:f9:67:ed:4f:8f:8b:8e:
         be:d2:c1:1a:2c:12:78:f7:b9:54:e9:d4:a7:5a:d6:fa:e1:3e:
         ee:45:80:8d:31:b7:c4:c3:24:21:08:c5:61:37:22:6f:21:0f:
         b9:91:5a:fd:5e:ad:5e:0f:a9:60:78:88:4d:d4:8e:f4:6b:9e:
         e6:37:00:67:39:da:7f:24:9a:23:9f:58:f3:52:a6:07:0f:7f:
         60:4c:1a:61:0b:b2:88:f7:e2:40:60:57:6a:d4:88:6e:45:6b:
         0d:70:35:a5:98:63:1f:da:11:5d:da:f9:1d:fe:18:cd:0d:2d:
         91:59:ce:b7:5e:06:cc:58:20:05:29:30:cf:65:fc:f8:0d:58:
         9e:05:a0:5e:7c:ad:83:64:26:b5:72:3f:59:b9:18:c9:68:55:
         f0:7e:89:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3AHoRHla0D3XMeP9glmKUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZTZiZGZlNDI3ODAwOGY3MTZkNGQ3YjBiOWY5MmY3ZTAz
NmViMjYwHhcNMjQwMjE5MDY0NzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmMxNGYxMjA2MTJkOGM1ZDdlY2YyZTRkOGVkYmQxZWFkODRjN2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYhMpwBZo2vXdXic3UMURr21vu6U
untva+K7YpnjraJW0P00/ICnBtqT/FZOuFaRW4KiOmlba7OL+G58qtSzu417dsSa
K1SyLOHNpAfZAVqqQy5L34TvzPM9pc1egJlutFES1TU9zyMv5ay6utAZ2Cf4AYYS
yoU8J3s6H7DgMHoZXqSH8jQbOHOMlFYAXFDktDQtNyq7xx7JXoC9RwuN1i7WgxZT
1vbJKcm8Wxh1QIgp0AodAPzpug6ZVNZfNRnOHrMrNY0DwH+HxY8s77ckT6fFQaOo
sf+zuACsorw/CRk10Zovfyb2tCIIQI4299YM/WfQZKJIxpYFXyGWS6bEHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLBTxIGEtjF1+zy5NjtvR6thMfdMB8GA1UdIwQY
MBaAFNrmvf5CeACPcW1NewufkvfgNusmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnVhOV9rSjRBSTl4YlUxN0M1LVM5LUEyNnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84MGQwODctNDcwMC00ZTg1LWE3ODMt
YmYyNGU3NzViMmJjLzEvVXNGUEVnWVMyTVhYN1BMazJPMjlIcTJFeDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84MGQwODctNDcwMC00ZTg1LWE3ODMtYmYyNGU3NzViMmJj
LzEvMnVhOV9rSjRBSTl4YlUxN0M1LVM5LUEyNnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBT8AMA0G
CSqGSIb3DQEBCwUAA4IBAQB/JaCEprVH4Ww/lshMEW2DsSNZetizbMT5ZR1+Hat/
9UgHm+0ltaeBSW81lopAdRwY0lkpjdDvKWmtrqm0yeXDPmXEdRlAQqnGQkvhr0LA
DnAZVmsDopmPU6PMYJIxMpAjkd/I6fln7U+Pi46+0sEaLBJ497lU6dSnWtb64T7u
RYCNMbfEwyQhCMVhNyJvIQ+5kVr9Xq1eD6lgeIhN1I70a57mNwBnOdp/JJojn1jz
UqYHD39gTBphC7KI9+JAYFdq1IhuRWsNcDWlmGMf2hFd2vkd/hjNDS2RWc63XgbM
WCAFKTDPZfz4DVieBaBefK2DZCa1cj9ZuRjJaFXwfoka
-----END CERTIFICATE-----