Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/09b6c7-52ef-4897-bfa6-5e0e281d7da3/1/shuuxOqTDnopQctscatE8jTFogI.roa
File:                     shuuxOqTDnopQctscatE8jTFogI.roa (raw, json)
Hash identifier:          2NaTb3EJ29ysZmwOvtdwCcJEfdi3eB9zZAsDBCNbWR8=
Subject key identifier:   B2:1B:AE:C4:EA:93:0E:7A:29:41:CB:6C:71:AB:44:F2:34:C5:A2:02
Certificate issuer:       /CN=5f86a7141f6fb7b4c28bce314467b6154e0f9377
Certificate serial:       018CC56E5B93912A8047A0F78B43791641C4
Authority key identifier: 5F:86:A7:14:1F:6F:B7:B4:C2:8B:CE:31:44:67:B6:15:4E:0F:93:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X4anFB9vt7TCi84xRGe2FU4Pk3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/09b6c7-52ef-4897-bfa6-5e0e281d7da3/1/shuuxOqTDnopQctscatE8jTFogI.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12965
IP address blocks:        193.178.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/09b6c7-52ef-4897-bfa6-5e0e281d7da3/1/X4anFB9vt7TCi84xRGe2FU4Pk3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/09b6c7-52ef-4897-bfa6-5e0e281d7da3/1/X4anFB9vt7TCi84xRGe2FU4Pk3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X4anFB9vt7TCi84xRGe2FU4Pk3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5b:93:91:2a:80:47:a0:f7:8b:43:79:16:41:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f86a7141f6fb7b4c28bce314467b6154e0f9377
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b21baec4ea930e7a2941cb6c71ab44f234c5a202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a5:77:de:ab:f8:d8:b5:8c:aa:5f:b2:29:78:
                    6a:b4:ca:8b:a4:7a:db:18:1f:d5:40:78:65:ac:1d:
                    0a:7e:91:31:09:61:50:1e:3a:f5:62:9a:4f:40:3b:
                    4b:1d:34:8c:a0:86:32:42:b2:7d:d8:a0:ff:cd:16:
                    47:2e:db:8a:16:bd:5d:86:74:17:26:f6:d8:09:3f:
                    37:54:21:40:15:c0:ee:13:4e:5a:af:9c:95:39:eb:
                    cd:98:c4:54:d2:75:92:7f:5e:73:a1:bd:df:e3:c0:
                    47:e3:98:49:ac:ef:f6:ba:9d:b5:92:19:9d:4a:2c:
                    ce:79:8b:08:c6:f4:7b:cd:74:96:4e:9b:8b:11:99:
                    2b:1a:a7:f0:a9:e6:be:e3:43:fd:ba:e4:ce:bf:5d:
                    af:57:86:66:a0:bc:70:99:e1:0c:f7:05:48:07:3e:
                    a7:f0:25:ed:e9:86:d9:99:20:48:ce:fa:65:01:e8:
                    1c:79:f4:26:27:43:d9:f4:0e:5c:96:7b:92:50:eb:
                    04:63:1d:a0:a0:2a:fd:ab:3c:35:54:6e:46:79:84:
                    df:6d:5e:23:41:07:25:e5:d9:fa:f8:42:94:20:0e:
                    b0:c7:9a:b3:ef:87:42:13:5b:a4:df:23:5e:97:96:
                    43:1d:b3:51:47:52:da:2c:af:2b:fb:73:44:5d:91:
                    6e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:1B:AE:C4:EA:93:0E:7A:29:41:CB:6C:71:AB:44:F2:34:C5:A2:02
            X509v3 Authority Key Identifier:
                keyid:5F:86:A7:14:1F:6F:B7:B4:C2:8B:CE:31:44:67:B6:15:4E:0F:93:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X4anFB9vt7TCi84xRGe2FU4Pk3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/09b6c7-52ef-4897-bfa6-5e0e281d7da3/1/shuuxOqTDnopQctscatE8jTFogI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/09b6c7-52ef-4897-bfa6-5e0e281d7da3/1/X4anFB9vt7TCi84xRGe2FU4Pk3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:18:35:0b:a6:f3:1b:f4:57:d4:93:c1:77:6f:38:1b:11:b9:
         75:11:37:30:5a:cb:a0:41:07:fb:92:b4:30:71:77:41:ee:d5:
         6d:8b:90:78:80:11:ba:06:17:48:f8:bd:4c:cb:3e:1a:d6:a9:
         57:8a:35:c1:52:c4:0e:dc:08:c4:72:88:39:d7:b2:68:cc:14:
         9c:e3:47:6e:ff:ad:4f:ff:ee:7d:e7:55:f0:50:20:3c:c7:af:
         1e:c8:20:3f:5a:68:84:5e:b7:95:3c:1e:ac:da:ac:5e:c7:5c:
         bf:af:d9:90:23:79:cb:f7:59:ac:86:9c:91:44:28:15:0f:4e:
         4f:2d:a7:a0:90:aa:20:ca:51:db:cb:a6:19:de:02:56:76:73:
         be:88:6c:18:b6:c1:74:4d:14:53:7f:d2:18:63:26:96:ac:4f:
         c3:09:21:ec:0e:60:4f:e7:b4:13:93:11:9b:21:db:59:e6:19:
         3a:d8:2f:50:99:d5:b9:8a:69:66:71:ae:1d:ed:19:55:62:84:
         02:1e:3e:74:ef:70:c2:89:58:38:44:b6:5a:4f:e0:eb:ee:ed:
         76:fa:cc:8d:5d:49:72:c0:9e:af:70:61:fe:42:c6:fe:7e:e2:
         0c:47:a9:b9:54:a5:6f:22:28:bc:ff:f5:8a:ef:dc:e1:72:ae:
         0f:62:f6:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbluTkSqAR6D3i0N5FkHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmODZhNzE0MWY2ZmI3YjRjMjhiY2UzMTQ0NjdiNjE1NGUw
ZjkzNzcwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjFiYWVjNGVhOTMwZTdhMjk0MWNiNmM3MWFiNDRmMjM0YzVhMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6V33qv42LWMql+yKXhqtMqLpHrb
GB/VQHhlrB0KfpExCWFQHjr1YppPQDtLHTSMoIYyQrJ92KD/zRZHLtuKFr1dhnQX
JvbYCT83VCFAFcDuE05ar5yVOevNmMRU0nWSf15zob3f48BH45hJrO/2up21khmd
SizOeYsIxvR7zXSWTpuLEZkrGqfwqea+40P9uuTOv12vV4ZmoLxwmeEM9wVIBz6n
8CXt6YbZmSBIzvplAegcefQmJ0PZ9A5clnuSUOsEYx2goCr9qzw1VG5GeYTfbV4j
QQcl5dn6+EKUIA6wx5qz74dCE1uk3yNel5ZDHbNRR1LaLK8r+3NEXZFu2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIbrsTqkw56KUHLbHGrRPI0xaICMB8GA1UdIwQY
MBaAFF+GpxQfb7e0wovOMURnthVOD5N3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDRhbkZCOXZ0N1RDaTg0eFJHZTJGVTRQazNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8wOWI2YzctNTJlZi00ODk3LWJmYTYt
NWUwZTI4MWQ3ZGEzLzEvc2h1dXhPcVREbm9wUWN0c2NhdEU4alRGb2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8wOWI2YzctNTJlZi00ODk3LWJmYTYtNWUwZTI4MWQ3ZGEz
LzEvWDRhbkZCOXZ0N1RDaTg0eFJHZTJGVTRQazNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbKWMA0G
CSqGSIb3DQEBCwUAA4IBAQBeGDULpvMb9FfUk8F3bzgbEbl1ETcwWsugQQf7krQw
cXdB7tVti5B4gBG6BhdI+L1Myz4a1qlXijXBUsQO3AjEcog517JozBSc40du/61P
/+5951XwUCA8x68eyCA/WmiEXreVPB6s2qxex1y/r9mQI3nL91mshpyRRCgVD05P
LaegkKogylHby6YZ3gJWdnO+iGwYtsF0TRRTf9IYYyaWrE/DCSHsDmBP57QTkxGb
IdtZ5hk62C9QmdW5imlmca4d7RlVYoQCHj5073DCiVg4RLZaT+Dr7u12+syNXUly
wJ6vcGH+Qsb+fuIMR6m5VKVvIii8//WK79zhcq4PYvat
-----END CERTIFICATE-----