Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/vDZZPCTttl9LWfQmyI9VapvAKMs.roa
File:                     vDZZPCTttl9LWfQmyI9VapvAKMs.roa (raw, json)
Hash identifier:          EoSdisfC1jx5m/ary8JcT5Qo55zihyFh/7rGsO9z9sE=
Subject key identifier:   BC:36:59:3C:24:ED:B6:5F:4B:59:F4:26:C8:8F:55:6A:9B:C0:28:CB
Certificate issuer:       /CN=a5abc43afced72fb92778728bee571c678f53853
Certificate serial:       018CC801C1CCA4FE7FBFDE5FE93158661CE2
Authority key identifier: A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/vDZZPCTttl9LWfQmyI9VapvAKMs.roa
Signing time:             Tue 02 Jan 2024 02:30:07 +0000
ROA not before:           Tue 02 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34000
IP address blocks:        83.97.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c1:cc:a4:fe:7f:bf:de:5f:e9:31:58:66:1c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5abc43afced72fb92778728bee571c678f53853
        Validity
            Not Before: Jan  2 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc36593c24edb65f4b59f426c88f556a9bc028cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:84:15:b4:70:f9:29:03:43:9f:59:3f:14:f3:
                    b0:fb:d6:c6:b8:94:8a:3a:7d:59:65:1f:b7:8a:08:
                    43:1f:48:40:42:29:6f:41:5c:43:8b:9e:9e:8f:c5:
                    f1:4a:22:05:c3:46:6e:4d:34:1c:d0:69:0d:cb:c6:
                    44:2a:de:be:b6:5e:d9:e2:bb:aa:99:4d:78:3e:b1:
                    52:45:a5:b0:54:2c:fb:96:cd:f2:78:4a:d6:01:41:
                    7b:cb:75:e0:10:5b:07:cf:4e:f3:f8:d7:1e:12:49:
                    96:cb:67:4c:b5:41:ba:ce:97:bb:11:df:a1:df:09:
                    8f:8e:b3:23:51:49:c6:4f:c0:9a:b4:e5:5d:f9:fb:
                    40:9e:52:73:e8:3e:e8:15:fd:81:ab:80:6a:dc:f2:
                    cd:52:97:b8:2b:4e:02:ad:e0:39:20:10:71:00:18:
                    49:25:f8:46:2c:9b:4e:8e:91:73:d2:a5:1e:f6:e4:
                    d1:64:ea:fc:33:9f:33:3c:70:80:e1:cf:7c:97:c6:
                    ca:8b:9c:0a:13:55:b6:8a:9d:50:ea:ee:3e:fb:8c:
                    05:1e:46:6c:41:e1:e4:dc:18:71:b2:76:37:68:4f:
                    57:11:34:24:e3:81:1a:18:bb:9a:1b:09:63:73:8c:
                    9b:e0:80:9b:81:6b:1a:4b:a6:06:98:59:c2:9c:27:
                    be:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:36:59:3C:24:ED:B6:5F:4B:59:F4:26:C8:8F:55:6A:9B:C0:28:CB
            X509v3 Authority Key Identifier:
                keyid:A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/vDZZPCTttl9LWfQmyI9VapvAKMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:68:cf:c9:cc:98:e4:2e:69:56:df:a1:14:93:4e:84:0a:8a:
         ac:87:5c:90:a1:67:9e:f1:7d:40:d1:38:ca:3a:0d:d7:bf:11:
         5a:9d:b4:15:52:93:6f:36:17:74:dc:dd:17:d9:7a:f9:a1:a4:
         3f:e1:09:1f:c1:12:16:f0:fb:b4:82:e5:fe:ae:2d:bd:8c:97:
         87:99:a0:6f:d5:ba:b0:aa:ea:55:13:d4:f9:3d:97:31:5a:5d:
         9b:48:c6:32:61:c3:d6:6c:b3:0e:cf:db:ad:33:ee:31:63:b2:
         75:1b:48:34:bb:ee:e8:9a:34:c8:6f:48:4d:3a:d5:9f:ad:25:
         68:e5:2e:98:27:68:e7:d9:b1:a4:6f:77:70:de:06:24:db:97:
         e6:90:2c:93:1c:aa:ae:d5:86:a1:eb:fd:03:d5:2e:1d:a1:05:
         27:bd:e1:97:1d:d6:dd:77:6d:09:49:f4:6b:52:03:c1:0b:ce:
         6e:90:d5:b5:5f:d7:8c:9b:a0:e4:2d:e6:d8:88:64:19:03:3b:
         f1:5a:73:03:b6:49:d0:c1:92:e1:2f:02:0f:c7:24:16:f7:31:
         46:00:73:0d:24:64:32:6f:79:94:ae:2c:e2:4a:c5:60:71:51:
         b9:96:e5:2d:f4:2f:84:06:3c:e3:c2:6f:47:8d:81:12:e4:2b:
         4f:33:94:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcHMpP5/v95f6TFYZhziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWJjNDNhZmNlZDcyZmI5Mjc3ODcyOGJlZTU3MWM2Nzhm
NTM4NTMwHhcNMjQwMTAyMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzM2NTkzYzI0ZWRiNjVmNGI1OWY0MjZjODhmNTU2YTliYzAyOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoQVtHD5KQNDn1k/FPOw+9bGuJSK
On1ZZR+3ighDH0hAQilvQVxDi56ej8XxSiIFw0ZuTTQc0GkNy8ZEKt6+tl7Z4ruq
mU14PrFSRaWwVCz7ls3yeErWAUF7y3XgEFsHz07z+NceEkmWy2dMtUG6zpe7Ed+h
3wmPjrMjUUnGT8CatOVd+ftAnlJz6D7oFf2Bq4Bq3PLNUpe4K04CreA5IBBxABhJ
JfhGLJtOjpFz0qUe9uTRZOr8M58zPHCA4c98l8bKi5wKE1W2ip1Q6u4++4wFHkZs
QeHk3BhxsnY3aE9XETQk44EaGLuaGwljc4yb4ICbgWsaS6YGmFnCnCe+jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLw2WTwk7bZfS1n0JsiPVWqbwCjLMB8GA1UdIwQY
MBaAFKWrxDr87XL7kneHKL7lccZ49ThTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTct
YjVlOTFmYzY1MDUxLzEvdkRaWlBDVHR0bDlMV2ZRbXlJOVZhcHZBS01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTctYjVlOTFmYzY1MDUx
LzEvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU2E4MA0G
CSqGSIb3DQEBCwUAA4IBAQACaM/JzJjkLmlW36EUk06ECoqsh1yQoWee8X1A0TjK
Og3XvxFanbQVUpNvNhd03N0X2Xr5oaQ/4QkfwRIW8Pu0guX+ri29jJeHmaBv1bqw
qupVE9T5PZcxWl2bSMYyYcPWbLMOz9utM+4xY7J1G0g0u+7omjTIb0hNOtWfrSVo
5S6YJ2jn2bGkb3dw3gYk25fmkCyTHKqu1Yah6/0D1S4doQUnveGXHdbdd20JSfRr
UgPBC85ukNW1X9eMm6DkLebYiGQZAzvxWnMDtknQwZLhLwIPxyQW9zFGAHMNJGQy
b3mUriziSsVgcVG5luUt9C+EBjzjwm9HjYES5CtPM5Rs
-----END CERTIFICATE-----