Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/0OG90JKpUiZ8vwRw-FpHWJE6-ts.roa
File:                     0OG90JKpUiZ8vwRw-FpHWJE6-ts.roa (raw, json)
Hash identifier:          5faaqlrePxTnOzjOX7BX1v7qMWVSLeqxoAkCW0XTFgE=
Subject key identifier:   D0:E1:BD:D0:92:A9:52:26:7C:BF:04:70:F8:5A:47:58:91:3A:FA:DB
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F9873FA18077ADA735F4FC25F8156
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/0OG90JKpUiZ8vwRw-FpHWJE6-ts.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212197
IP address blocks:        94.100.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:98:73:fa:18:07:7a:da:73:5f:4f:c2:5f:81:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e1bdd092a952267cbf0470f85a4758913afadb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ea:a1:d9:4f:0a:46:53:e2:fb:54:9d:e8:b0:
                    70:26:a2:b8:34:7d:b5:b3:15:fb:37:e4:8c:5c:a9:
                    da:06:5e:47:50:9b:a7:b0:18:cb:c1:c2:75:b2:34:
                    35:46:4f:ca:e6:cd:0e:d6:6f:4d:21:bc:e4:8c:71:
                    df:32:dd:aa:73:21:69:46:e5:65:29:0a:80:e0:3a:
                    cc:16:29:7d:63:93:01:7e:5b:12:b1:ea:e7:9a:9d:
                    2f:5d:06:97:bb:de:e0:3d:17:8e:60:a2:d3:9e:68:
                    da:6d:c0:af:5a:bf:d7:a2:07:f3:c3:fb:b5:8a:2c:
                    53:53:c8:bf:09:e8:68:15:5e:30:47:78:d2:d2:83:
                    9d:e2:e1:5e:c8:cb:84:6d:42:80:10:54:b1:e3:37:
                    3a:21:96:15:52:65:bc:3b:3d:38:cd:13:25:5f:b9:
                    26:5e:a9:7e:13:dd:96:5f:d2:d9:e2:b8:e1:38:f8:
                    0e:e5:ef:1e:4b:aa:e1:8b:94:11:ac:6d:d1:3b:a8:
                    2b:6f:2d:db:82:69:2c:be:a8:a3:9b:b9:d0:f8:23:
                    15:f9:f9:16:01:65:55:0e:d8:c5:ec:98:37:f6:95:
                    af:4e:1e:c6:1e:dd:93:95:2f:5b:2d:d4:36:2c:37:
                    76:85:96:4b:58:9a:38:ce:d0:24:ed:b5:71:39:af:
                    c3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E1:BD:D0:92:A9:52:26:7C:BF:04:70:F8:5A:47:58:91:3A:FA:DB
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/0OG90JKpUiZ8vwRw-FpHWJE6-ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.100.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:99:d4:5b:f8:78:08:b0:db:63:b0:b3:ba:5a:66:45:ff:35:
         91:5b:72:9b:e5:ca:36:0e:68:4b:3b:d8:5d:98:21:70:b0:44:
         61:d5:fb:68:af:44:e5:a7:a2:ba:91:12:31:93:fb:c3:ee:14:
         e5:38:c5:26:ff:f5:4b:66:7b:ff:c9:1f:89:d2:11:93:38:be:
         05:3e:b4:65:4c:1d:d6:2e:e7:87:71:0b:d4:62:48:82:f9:52:
         fd:5d:5f:bd:7e:d0:62:0c:4c:1e:06:33:dc:1d:42:a7:04:63:
         30:f9:fb:da:64:2b:ae:e5:a8:3f:8a:2c:24:03:22:6b:18:24:
         16:67:fd:aa:cd:ac:93:99:8f:36:65:b7:bc:a3:79:bf:a4:c8:
         e6:eb:1f:2a:5b:41:af:72:76:66:9c:6f:ce:51:89:20:3b:87:
         8f:4b:63:70:b4:d0:7a:5f:ed:13:f1:14:65:56:31:b6:96:3e:
         80:41:e1:e1:b1:a9:cb:a6:d7:5b:83:a4:89:62:19:a5:02:49:
         04:a4:17:da:b9:b0:30:01:25:9e:4a:8f:fe:d6:c0:7c:7b:0a:
         3f:7f:a7:79:68:0e:40:88:6d:4f:83:d5:7a:45:9d:d3:b1:a1:
         a8:5e:76:c0:5d:43:9f:99:5e:fa:7b:57:a4:3d:cc:5b:80:41:
         80:09:c0:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5hz+hgHetpzX0/CX4FWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGUxYmRkMDkyYTk1MjI2N2NiZjA0NzBmODVhNDc1ODkxM2FmYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+qh2U8KRlPi+1Sd6LBwJqK4NH21
sxX7N+SMXKnaBl5HUJunsBjLwcJ1sjQ1Rk/K5s0O1m9NIbzkjHHfMt2qcyFpRuVl
KQqA4DrMFil9Y5MBflsSsernmp0vXQaXu97gPReOYKLTnmjabcCvWr/Xogfzw/u1
iixTU8i/CehoFV4wR3jS0oOd4uFeyMuEbUKAEFSx4zc6IZYVUmW8Oz04zRMlX7km
Xql+E92WX9LZ4rjhOPgO5e8eS6rhi5QRrG3RO6grby3bgmksvqijm7nQ+CMV+fkW
AWVVDtjF7Jg39pWvTh7GHt2TlS9bLdQ2LDd2hZZLWJo4ztAk7bVxOa/D4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDhvdCSqVImfL8EcPhaR1iROvrbMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvME9HOTBKS3BVaVo4dndSdy1GcEhXSkU2LXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmQFMA0G
CSqGSIb3DQEBCwUAA4IBAQB/mdRb+HgIsNtjsLO6WmZF/zWRW3Kb5co2DmhLO9hd
mCFwsERh1ftor0Tlp6K6kRIxk/vD7hTlOMUm//VLZnv/yR+J0hGTOL4FPrRlTB3W
LueHcQvUYkiC+VL9XV+9ftBiDEweBjPcHUKnBGMw+fvaZCuu5ag/iiwkAyJrGCQW
Z/2qzayTmY82Zbe8o3m/pMjm6x8qW0GvcnZmnG/OUYkgO4ePS2NwtNB6X+0T8RRl
VjG2lj6AQeHhsanLptdbg6SJYhmlAkkEpBfaubAwASWeSo/+1sB8ewo/f6d5aA5A
iG1Pg9V6RZ3TsaGoXnbAXUOfmV76e1ekPcxbgEGACcCX
-----END CERTIFICATE-----