Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/_5DxvreoiR_gEjhH1tzhfehRcLI.roa
File:                     _5DxvreoiR_gEjhH1tzhfehRcLI.roa (raw, json)
Hash identifier:          A+Nf2T+g33EwB3SalIrMQzh/HxEr9PX6iN3KRyusPKA=
Subject key identifier:   FF:90:F1:BE:B7:A8:89:1F:E0:12:38:47:D6:DC:E1:7D:E8:51:70:B2
Certificate issuer:       /CN=1954e32570bbfb9af11c2381e81c797c2f40087c
Certificate serial:       018CC2DADDE4064C8F5EA70E46DFCD98F761
Authority key identifier: 19:54:E3:25:70:BB:FB:9A:F1:1C:23:81:E8:1C:79:7C:2F:40:08:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/_5DxvreoiR_gEjhH1tzhfehRcLI.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213050
IP address blocks:        149.3.168.0/24 maxlen: 24
                          144.2.168.0/22 maxlen: 24
                          2a0c:6ac0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dd:e4:06:4c:8f:5e:a7:0e:46:df:cd:98:f7:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1954e32570bbfb9af11c2381e81c797c2f40087c
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff90f1beb7a8891fe0123847d6dce17de85170b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:03:dd:bc:db:21:82:4b:19:7e:eb:4c:f9:e9:
                    76:5d:5b:84:f2:fc:0b:5b:52:ab:09:2f:ce:41:74:
                    e3:95:cd:d0:00:57:3f:ef:c8:df:50:3b:c3:da:c1:
                    98:46:96:f6:69:ef:d1:3e:8a:3d:7d:ac:1f:51:0a:
                    47:03:3c:26:99:2b:c0:e0:08:8d:4f:08:fb:b0:18:
                    df:9a:c1:58:fc:dc:5e:46:4f:42:d1:b6:b8:01:df:
                    ca:3b:40:53:36:ef:bc:5c:fa:40:f6:b6:b5:2b:67:
                    81:7d:e8:9b:33:75:2a:da:a1:b7:bf:30:04:be:c8:
                    c3:bb:c9:a3:ad:21:c7:49:09:61:b6:e8:f5:40:25:
                    24:78:f3:d8:c6:19:84:d7:42:3c:a2:09:82:5a:9e:
                    ea:05:6c:e1:26:44:b5:1d:5c:a1:ae:69:28:9f:a8:
                    a3:83:db:49:2f:e3:a3:f8:09:1d:27:49:b3:d4:ec:
                    e1:bc:07:e9:4b:d3:ac:c0:e9:13:68:62:5d:32:25:
                    87:89:df:fc:da:47:05:51:0f:5e:32:c8:5b:29:d5:
                    b4:bf:a1:8c:93:af:1a:09:a6:56:ed:ed:41:cf:b1:
                    6a:c2:70:eb:9b:44:d5:04:d2:f4:98:7d:8e:91:3e:
                    bf:25:2d:32:59:6d:9d:17:2e:c0:34:6d:bd:ee:23:
                    8d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:90:F1:BE:B7:A8:89:1F:E0:12:38:47:D6:DC:E1:7D:E8:51:70:B2
            X509v3 Authority Key Identifier:
                keyid:19:54:E3:25:70:BB:FB:9A:F1:1C:23:81:E8:1C:79:7C:2F:40:08:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/_5DxvreoiR_gEjhH1tzhfehRcLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.168.0/22
                  149.3.168.0/24
                IPv6:
                  2a0c:6ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:23:52:c2:dd:15:c8:32:62:af:2a:fe:52:af:df:bb:fa:39:
         48:52:7c:46:e1:44:45:2a:3a:53:97:19:a0:c5:b5:3b:f1:24:
         c4:cb:79:1b:9f:b8:0b:5b:55:3f:44:87:5e:14:db:02:0c:07:
         08:05:c1:06:f6:e8:a3:b6:6b:ea:1f:af:08:4f:77:33:4c:9c:
         da:7d:63:36:a3:b5:ef:f4:ab:d4:fc:01:c7:d4:9b:14:a8:11:
         e9:18:01:08:40:9f:12:83:93:1d:58:83:8a:2a:c3:b4:01:1d:
         69:81:c8:88:56:f3:e9:d5:eb:f5:5a:2d:2d:f0:da:e6:d0:20:
         59:71:10:d3:54:22:e6:1f:27:0f:0b:74:d3:15:a4:1c:da:d5:
         24:14:6c:db:8f:58:2a:2e:ee:6d:37:6a:1e:d9:f3:e9:7b:fe:
         34:2a:b8:f9:ed:85:a4:fd:68:e9:0a:74:b4:14:e3:b5:57:67:
         5f:ed:41:d5:53:f8:eb:32:5a:63:ce:af:6c:85:1c:7e:a9:6e:
         06:53:94:87:29:8e:8c:d9:dd:4c:88:ed:ed:c4:f3:5e:53:15:
         4e:35:67:d6:cb:69:e9:a6:39:9b:0a:36:fc:4a:ac:63:e8:a5:
         5b:5d:33:20:89:41:5b:7f:d9:6d:8d:93:88:2f:75:da:fb:9e:
         84:3b:42:6d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2t3kBkyPXqcORt/NmPdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NTRlMzI1NzBiYmZiOWFmMTFjMjM4MWU4MWM3OTdjMmY0
MDA4N2MwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjkwZjFiZWI3YTg4OTFmZTAxMjM4NDdkNmRjZTE3ZGU4NTE3MGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwPdvNshgksZfutM+el2XVuE8vwL
W1KrCS/OQXTjlc3QAFc/78jfUDvD2sGYRpb2ae/RPoo9fawfUQpHAzwmmSvA4AiN
Twj7sBjfmsFY/NxeRk9C0ba4Ad/KO0BTNu+8XPpA9ra1K2eBfeibM3Uq2qG3vzAE
vsjDu8mjrSHHSQlhtuj1QCUkePPYxhmE10I8ogmCWp7qBWzhJkS1HVyhrmkon6ij
g9tJL+Oj+AkdJ0mz1OzhvAfpS9OswOkTaGJdMiWHid/82kcFUQ9eMshbKdW0v6GM
k68aCaZW7e1Bz7FqwnDrm0TVBNL0mH2OkT6/JS0yWW2dFy7ANG297iONdQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP+Q8b63qIkf4BI4R9bc4X3oUXCyMB8GA1UdIwQY
MBaAFBlU4yVwu/ua8RwjgegceXwvQAh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1ZUakpYQzctNXJ4SENPQjZCeDVmQzlBQ0h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81YzdjN2QtNGQyZS00ODNjLTg5Y2Qt
MjY4MTZjYTkyY2EwLzEvXzVEeHZyZW9pUl9nRWpoSDF0emhmZWhSY0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81YzdjN2QtNGQyZS00ODNjLTg5Y2QtMjY4MTZjYTkyY2Ew
LzEvR1ZUakpYQzctNXJ4SENPQjZCeDVmQzlBQ0h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCkAKoAwQA
lQOoMA0EAgACMAcDBQMqDGrAMA0GCSqGSIb3DQEBCwUAA4IBAQB8I1LC3RXIMmKv
Kv5Sr9+7+jlIUnxG4URFKjpTlxmgxbU78STEy3kbn7gLW1U/RIdeFNsCDAcIBcEG
9uijtmvqH68IT3czTJzafWM2o7Xv9KvU/AHH1JsUqBHpGAEIQJ8Sg5MdWIOKKsO0
AR1pgciIVvPp1ev1Wi0t8Nrm0CBZcRDTVCLmHycPC3TTFaQc2tUkFGzbj1gqLu5t
N2oe2fPpe/40Krj57YWk/WjpCnS0FOO1V2df7UHVU/jrMlpjzq9shRx+qW4GU5SH
KY6M2d1MiO3txPNeUxVONWfWy2nppjmbCjb8Sqxj6KVbXTMgiUFbf9ltjZOIL3Xa
+56EO0Jt
-----END CERTIFICATE-----