Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UiwtNw1mOxoOOgxGRaJ3lkTo0lc.roa
File:                     UiwtNw1mOxoOOgxGRaJ3lkTo0lc.roa (raw, json)
Hash identifier:          LdvUrEWGpOsjMC9oRJ1Ua8PnJ+S2zixAD1TY1lDj+7k=
Subject key identifier:   52:2C:2D:37:0D:66:3B:1A:0E:3A:0C:46:45:A2:77:96:44:E8:D2:57
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE91705108CD810EE4FCFA1575CA86
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UiwtNw1mOxoOOgxGRaJ3lkTo0lc.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210574
IP address blocks:        5.180.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:91:70:51:08:cd:81:0e:e4:fc:fa:15:75:ca:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=522c2d370d663b1a0e3a0c4645a2779644e8d257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b4:c0:57:24:a6:ee:49:ae:52:69:78:a3:8f:
                    dd:70:e3:05:7e:bf:04:b2:72:3c:54:2d:2b:e3:32:
                    d3:89:89:24:d1:75:af:cd:21:5e:e5:06:5d:c9:c6:
                    57:5c:e1:62:d6:64:9d:ae:c5:49:c8:cd:f7:72:e6:
                    ea:28:e6:1c:0f:6f:e7:79:f2:47:65:ae:f1:ff:07:
                    06:7a:67:3a:6e:9b:9c:62:23:eb:1b:19:9d:c2:ea:
                    55:f3:45:6e:f0:44:72:7d:c9:0f:56:0e:37:39:5f:
                    bc:e4:95:55:8b:46:03:fe:31:83:20:17:47:10:09:
                    61:3b:b6:51:cb:a3:c6:51:cb:58:d6:ae:c0:1e:9f:
                    ac:4b:2f:54:55:95:ff:5e:e8:c1:87:4b:6d:8b:40:
                    92:51:17:0c:90:3c:dc:9b:14:ba:69:de:a1:ff:98:
                    03:e2:86:7d:ac:0c:ee:32:8b:d4:cb:3b:a2:0e:32:
                    1a:27:ca:fd:db:86:90:18:3e:8b:51:fa:2b:36:87:
                    6f:23:ba:f4:f1:ed:3c:10:d3:17:69:43:05:51:cc:
                    2f:44:7b:b2:d7:4e:d4:84:40:df:cf:2e:13:17:0a:
                    3b:5e:4e:a2:ef:0d:d3:97:64:49:1c:1c:67:f4:d3:
                    4d:8e:cb:4d:a9:61:c4:e8:48:63:93:4c:af:03:fd:
                    0d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:2C:2D:37:0D:66:3B:1A:0E:3A:0C:46:45:A2:77:96:44:E8:D2:57
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UiwtNw1mOxoOOgxGRaJ3lkTo0lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:73:cc:80:51:6d:d4:d4:39:3c:86:06:3a:7b:81:49:35:4a:
         fe:cd:0c:ea:66:6b:3f:7f:97:3e:5c:c5:da:e5:e1:61:81:93:
         b7:a8:20:e4:08:7e:43:99:69:3f:df:f8:fc:5d:a0:94:33:e9:
         3a:92:46:d0:0f:3e:86:ef:e2:da:45:5f:ea:0e:19:a5:e4:e8:
         59:0b:e2:91:d1:3c:f1:57:01:2f:86:c3:94:ee:ef:ac:ac:db:
         11:14:b3:26:fa:ed:42:31:4a:0d:6a:4e:dd:00:2e:67:7d:89:
         f3:73:76:fc:ca:3e:91:99:47:5f:92:d3:08:0c:37:1a:0e:7e:
         d4:26:e4:3e:00:4d:e2:5b:98:dc:9d:e8:bf:90:76:97:ea:11:
         5a:b8:2f:3a:1d:61:2f:2e:55:ea:0d:f0:5b:49:54:1e:13:18:
         6a:88:af:25:0d:f9:b8:9b:fb:ef:db:2d:04:a6:72:53:f5:fe:
         33:4b:10:f1:76:4b:99:e1:49:0f:6c:14:6b:04:5f:00:36:f9:
         74:0c:90:38:7f:67:1c:f4:cc:b6:13:d2:16:36:91:20:f0:e5:
         11:f9:8d:cd:ab:23:53:c0:3f:5e:16:de:14:ac:f5:11:df:2c:
         1a:ca:44:b4:b6:65:2a:9c:45:52:e5:88:ba:75:cf:ff:19:de:
         5a:41:e5:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pFwUQjNgQ7k/PoVdcqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJjMmQzNzBkNjYzYjFhMGUzYTBjNDY0NWEyNzc5NjQ0ZThkMjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37TAVySm7kmuUml4o4/dcOMFfr8E
snI8VC0r4zLTiYkk0XWvzSFe5QZdycZXXOFi1mSdrsVJyM33cubqKOYcD2/nefJH
Za7x/wcGemc6bpucYiPrGxmdwupV80Vu8ERyfckPVg43OV+85JVVi0YD/jGDIBdH
EAlhO7ZRy6PGUctY1q7AHp+sSy9UVZX/XujBh0tti0CSURcMkDzcmxS6ad6h/5gD
4oZ9rAzuMovUyzuiDjIaJ8r924aQGD6LUforNodvI7r08e08ENMXaUMFUcwvRHuy
107UhEDfzy4TFwo7Xk6i7w3Tl2RJHBxn9NNNjstNqWHE6Ehjk0yvA/0NvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIsLTcNZjsaDjoMRkWid5ZE6NJXMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVWl3dE53MW1PeG9PT2d4R1JhSjNsa1RvMGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbRRMA0G
CSqGSIb3DQEBCwUAA4IBAQB9c8yAUW3U1Dk8hgY6e4FJNUr+zQzqZms/f5c+XMXa
5eFhgZO3qCDkCH5DmWk/3/j8XaCUM+k6kkbQDz6G7+LaRV/qDhml5OhZC+KR0Tzx
VwEvhsOU7u+srNsRFLMm+u1CMUoNak7dAC5nfYnzc3b8yj6RmUdfktMIDDcaDn7U
JuQ+AE3iW5jcnei/kHaX6hFauC86HWEvLlXqDfBbSVQeExhqiK8lDfm4m/vv2y0E
pnJT9f4zSxDxdkuZ4UkPbBRrBF8ANvl0DJA4f2cc9My2E9IWNpEg8OUR+Y3NqyNT
wD9eFt4UrPUR3ywaykS0tmUqnEVS5Yi6dc//Gd5aQeUl
-----END CERTIFICATE-----