Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/wDA9g9aytMejUZYRvlUJlbh04TQ.roa
File:                     wDA9g9aytMejUZYRvlUJlbh04TQ.roa (raw, json)
Hash identifier:          yO+F1/bmKeOyJZ1meR15GFXP1pSBoETE19VyL+WpKDg=
Subject key identifier:   C0:30:3D:83:D6:B2:B4:C7:A3:51:96:11:BE:55:09:95:B8:74:E1:34
Certificate issuer:       /CN=53129d048deb2e0bf62271399a090b9010160b39
Certificate serial:       018E8B8AFC22AAD23457522EC3F76B3FCE16
Authority key identifier: 53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/wDA9g9aytMejUZYRvlUJlbh04TQ.roa
Signing time:             Fri 29 Mar 2024 18:48:45 +0000
ROA not before:           Fri 29 Mar 2024 18:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        62.233.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8b:8a:fc:22:aa:d2:34:57:52:2e:c3:f7:6b:3f:ce:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53129d048deb2e0bf62271399a090b9010160b39
        Validity
            Not Before: Mar 29 18:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0303d83d6b2b4c7a3519611be550995b874e134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:39:d1:df:6f:78:53:17:9c:4b:40:05:29:e7:
                    97:66:46:b7:71:f6:18:a0:1b:13:2e:1b:0c:31:b3:
                    07:25:49:cd:de:7b:43:a5:03:04:0f:57:48:78:ac:
                    82:b3:68:c6:56:4e:a9:3f:b7:e1:25:0d:a8:df:3d:
                    fe:e1:e9:1f:80:62:ba:82:2d:f0:fc:10:c3:b4:c9:
                    e3:44:6a:7d:2e:43:21:95:ca:b8:87:19:34:df:69:
                    27:57:cb:68:df:4c:9e:a6:9b:41:0d:da:a4:f9:45:
                    fb:4c:42:b4:90:f4:2a:0d:ca:16:1e:00:8a:28:c2:
                    ae:93:21:33:1d:f7:75:0e:f0:77:01:a3:c1:49:c9:
                    23:64:1a:2b:f6:9d:3c:c5:87:96:dd:c4:30:86:d1:
                    9a:40:47:a5:00:bd:16:ab:c0:eb:c3:43:f3:3d:35:
                    a6:3d:f4:b0:b2:83:34:7e:03:ca:1c:6b:ed:18:78:
                    2d:ab:08:b0:b4:ed:f7:57:40:f4:4f:9f:c4:e1:f6:
                    c6:5b:d0:22:91:bd:1a:29:c8:f9:f5:b7:90:dc:21:
                    3a:1c:78:dc:b1:be:b7:97:e6:5f:2f:64:2b:29:36:
                    74:64:8f:db:14:83:60:27:dd:ef:85:38:ed:5b:ca:
                    32:9b:59:e3:31:4c:66:51:aa:4a:0a:ce:86:fa:37:
                    b1:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:30:3D:83:D6:B2:B4:C7:A3:51:96:11:BE:55:09:95:B8:74:E1:34
            X509v3 Authority Key Identifier:
                keyid:53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/wDA9g9aytMejUZYRvlUJlbh04TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:84:ab:31:aa:0e:28:76:15:a5:42:58:cd:20:d5:c6:88:02:
         c9:68:8d:7b:9d:5e:fd:52:38:fb:df:af:6b:5a:f8:a3:a9:ae:
         9b:5d:59:cf:c0:5a:e9:4e:90:63:15:3d:38:62:56:52:8e:90:
         b9:16:40:88:61:5f:49:34:d8:dc:62:e6:b9:f9:93:06:37:59:
         61:ca:a0:3a:2f:93:43:5c:6f:b8:ad:ed:3a:55:12:2f:45:6b:
         6c:6f:99:77:3c:80:af:f3:33:56:80:64:58:f7:ac:69:3f:f2:
         0f:27:0f:5f:31:01:77:09:8d:fc:7c:ea:9e:8d:fb:ec:4e:32:
         af:35:7f:27:68:b3:24:37:f8:a1:84:b3:a7:e8:25:db:d7:c6:
         ff:ef:55:88:9b:f3:a9:e1:ee:61:81:7f:e7:4b:5b:35:70:20:
         62:ad:8a:e9:15:c9:ba:60:26:7f:9f:23:f7:96:cc:d3:c4:22:
         49:80:b0:64:f5:f3:82:c3:65:1a:08:78:3a:fc:33:6f:00:58:
         33:67:61:3f:b3:0e:34:3e:d6:aa:6e:92:10:5c:d0:17:02:0a:
         2a:2e:51:06:e8:6f:6e:64:86:df:ad:5b:5b:73:86:d4:49:12:
         af:7f:15:6d:15:60:72:af:45:83:4c:a4:ab:c8:3a:bb:de:bb:
         48:1b:ca:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6LivwiqtI0V1Iuw/drP84WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTI5ZDA0OGRlYjJlMGJmNjIyNzEzOTlhMDkwYjkwMTAx
NjBiMzkwHhcNMjQwMzI5MTg0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDMwM2Q4M2Q2YjJiNGM3YTM1MTk2MTFiZTU1MDk5NWI4NzRlMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jnR3294UxecS0AFKeeXZka3cfYY
oBsTLhsMMbMHJUnN3ntDpQMED1dIeKyCs2jGVk6pP7fhJQ2o3z3+4ekfgGK6gi3w
/BDDtMnjRGp9LkMhlcq4hxk032knV8to30yepptBDdqk+UX7TEK0kPQqDcoWHgCK
KMKukyEzHfd1DvB3AaPBSckjZBor9p08xYeW3cQwhtGaQEelAL0Wq8Drw0PzPTWm
PfSwsoM0fgPKHGvtGHgtqwiwtO33V0D0T5/E4fbGW9Aikb0aKcj59beQ3CE6HHjc
sb63l+ZfL2QrKTZ0ZI/bFINgJ93vhTjtW8oym1njMUxmUapKCs6G+jexjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAwPYPWsrTHo1GWEb5VCZW4dOE0MB8GA1UdIwQY
MBaAFFMSnQSN6y4L9iJxOZoJC5AQFgs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMt
N2FlNjM1OWQzMTEwLzEvd0RBOWc5YXl0TWVqVVpZUnZsVUpsYmgwNFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMtN2FlNjM1OWQzMTEw
LzEvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPukzMA0G
CSqGSIb3DQEBCwUAA4IBAQBOhKsxqg4odhWlQljNINXGiALJaI17nV79Ujj7369r
Wvijqa6bXVnPwFrpTpBjFT04YlZSjpC5FkCIYV9JNNjcYua5+ZMGN1lhyqA6L5ND
XG+4re06VRIvRWtsb5l3PICv8zNWgGRY96xpP/IPJw9fMQF3CY38fOqejfvsTjKv
NX8naLMkN/ihhLOn6CXb18b/71WIm/Op4e5hgX/nS1s1cCBirYrpFcm6YCZ/nyP3
lszTxCJJgLBk9fOCw2UaCHg6/DNvAFgzZ2E/sw40PtaqbpIQXNAXAgoqLlEG6G9u
ZIbfrVtbc4bUSRKvfxVtFWByr0WDTKSryDq73rtIG8qq
-----END CERTIFICATE-----