Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/0s0zJRP-fEL-qCCDozdUGmr3Bu4.roa
File:                     0s0zJRP-fEL-qCCDozdUGmr3Bu4.roa (raw, json)
Hash identifier:          eWixYgiBqsGT7OxguEnkAe6LyWpDdZP70oLdfERdbis=
Subject key identifier:   D2:CD:33:25:13:FE:7C:42:FE:A8:20:83:A3:37:54:1A:6A:F7:06:EE
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC6A1A79F2B039CAC21B08E791ADF0
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/0s0zJRP-fEL-qCCDozdUGmr3Bu4.roa
Signing time:             Tue 02 Jan 2024 10:33:37 +0000
ROA not before:           Tue 02 Jan 2024 10:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        5.181.200.0/24 maxlen: 24
                          45.158.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6a:1a:79:f2:b0:39:ca:c2:1b:08:e7:91:ad:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2cd332513fe7c42fea82083a337541a6af706ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:fc:01:45:73:51:e6:09:f2:79:56:9c:27:43:
                    be:2d:99:c2:92:ff:8f:49:73:d4:86:c6:46:de:ad:
                    1b:99:ee:b7:9c:04:b1:01:fa:6d:3a:66:b2:24:f1:
                    0e:a9:66:50:1e:30:cc:dd:26:04:b7:70:a1:d2:eb:
                    31:fb:48:36:d0:b9:fc:b2:1e:08:77:ff:a1:30:d5:
                    2b:2c:96:aa:87:f5:01:e7:c1:15:59:a2:48:ba:4a:
                    90:88:4f:04:cd:15:13:c1:3e:7f:9e:50:59:0a:c9:
                    9b:f1:88:40:16:96:ee:76:c1:22:43:e7:a2:fc:85:
                    56:9a:a8:70:06:13:87:1b:39:38:77:5a:91:35:77:
                    68:07:fc:1e:8a:48:68:fd:a5:b1:84:f6:f8:fb:20:
                    ed:22:82:8c:cd:32:9a:2d:29:f3:f9:de:2d:6a:ff:
                    5b:65:f8:86:eb:27:8a:04:38:1a:dd:a2:03:5b:37:
                    e3:14:92:2d:7a:5c:b9:98:15:bf:8b:1b:41:7f:78:
                    78:44:cf:4d:41:92:cb:5b:5b:34:81:89:6f:c9:1a:
                    e5:07:53:c0:d6:24:60:6e:ec:9b:f5:f1:76:4e:e5:
                    a2:db:97:cf:2b:53:21:11:e5:a7:44:7f:ee:12:8b:
                    60:b6:2f:9e:20:a5:ac:4a:b5:6f:0d:02:89:b5:85:
                    40:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:CD:33:25:13:FE:7C:42:FE:A8:20:83:A3:37:54:1A:6A:F7:06:EE
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/0s0zJRP-fEL-qCCDozdUGmr3Bu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.200.0/24
                  45.158.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:e0:95:9d:f1:f0:74:03:46:db:16:75:c9:52:85:b7:17:0f:
         91:b3:1f:6e:5f:98:0f:7d:ca:ac:86:d5:55:36:d0:d8:eb:93:
         50:db:d5:a0:8d:4b:c1:15:88:4c:fb:da:07:94:e9:20:3b:a6:
         e0:21:4f:53:d3:4a:eb:d2:17:cc:42:81:52:c2:7b:b7:fc:0f:
         4f:df:8a:48:4b:a7:0d:26:05:4d:7d:1a:c9:18:42:3b:d6:2b:
         d2:74:f1:d3:15:47:76:2f:ef:c8:35:8e:98:e1:45:4f:c5:04:
         28:2c:57:a3:61:5a:67:de:fe:d7:fd:81:30:fb:7c:a0:41:15:
         90:26:47:c0:7f:2d:af:50:46:a6:33:3b:0e:4d:f5:c8:fb:1f:
         68:b3:4e:8c:5a:4d:7b:77:b9:fd:4d:0d:76:e1:7c:01:e6:8c:
         46:32:de:44:76:c9:27:b2:94:dc:a7:4b:0d:49:f9:30:d8:40:
         98:90:b6:73:2b:77:b9:38:8e:a9:70:12:64:be:33:47:0a:63:
         e8:35:b3:df:28:25:88:e3:2f:ad:60:ce:55:8d:84:aa:1e:f7:
         2f:da:09:32:e6:47:2f:f1:50:1a:96:b5:25:a8:c5:aa:03:40:
         3c:32:d0:2e:f5:8b:ac:38:f3:1a:74:20:2e:bd:a9:28:7b:44:
         f0:2f:d4:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvGoaefKwOcrCGwjnka3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmNkMzMyNTEzZmU3YzQyZmVhODIwODNhMzM3NTQxYTZhZjcwNmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvwBRXNR5gnyeVacJ0O+LZnCkv+P
SXPUhsZG3q0bme63nASxAfptOmayJPEOqWZQHjDM3SYEt3Ch0usx+0g20Ln8sh4I
d/+hMNUrLJaqh/UB58EVWaJIukqQiE8EzRUTwT5/nlBZCsmb8YhAFpbudsEiQ+ei
/IVWmqhwBhOHGzk4d1qRNXdoB/weikho/aWxhPb4+yDtIoKMzTKaLSnz+d4tav9b
ZfiG6yeKBDga3aIDWzfjFJItely5mBW/ixtBf3h4RM9NQZLLW1s0gYlvyRrlB1PA
1iRgbuyb9fF2TuWi25fPK1MhEeWnRH/uEotgti+eIKWsSrVvDQKJtYVAIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNLNMyUT/nxC/qggg6M3VBpq9wbuMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvMHMwekpSUC1mRUwtcUNDRG96ZFVHbXIzQnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbXIAwQA
LZ5TMA0GCSqGSIb3DQEBCwUAA4IBAQBj4JWd8fB0A0bbFnXJUoW3Fw+Rsx9uX5gP
fcqshtVVNtDY65NQ29WgjUvBFYhM+9oHlOkgO6bgIU9T00rr0hfMQoFSwnu3/A9P
34pIS6cNJgVNfRrJGEI71ivSdPHTFUd2L+/INY6Y4UVPxQQoLFejYVpn3v7X/YEw
+3ygQRWQJkfAfy2vUEamMzsOTfXI+x9os06MWk17d7n9TQ124XwB5oxGMt5Edskn
spTcp0sNSfkw2ECYkLZzK3e5OI6pcBJkvjNHCmPoNbPfKCWI4y+tYM5VjYSqHvcv
2gky5kcv8VAalrUlqMWqA0A8MtAu9YusOPMadCAuvakoe0TwL9QK
-----END CERTIFICATE-----