Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/Vc9SHcM1ukEbL71ldt-svkYD-GM.roa
File:                     Vc9SHcM1ukEbL71ldt-svkYD-GM.roa (raw, json)
Hash identifier:          XmdHqXrIfCocxLsCwBXj8acE07xiad94T9DBw0zU8K8=
Subject key identifier:   55:CF:52:1D:C3:35:BA:41:1B:2F:BD:65:76:DF:AC:BE:46:03:F8:63
Certificate issuer:       /CN=a952d0d266557385836aab7ae3fdced4ca74ad89
Certificate serial:       018CC64B0FCFB4601B89D09B1176258F7C78
Authority key identifier: A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/Vc9SHcM1ukEbL71ldt-svkYD-GM.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61424
IP address blocks:        5.35.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0f:cf:b4:60:1b:89:d0:9b:11:76:25:8f:7c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a952d0d266557385836aab7ae3fdced4ca74ad89
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55cf521dc335ba411b2fbd6576dfacbe4603f863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a9:82:96:75:df:00:9f:f6:0d:8b:72:9d:0a:
                    87:61:ee:35:c7:13:f8:05:ad:62:10:aa:19:65:3b:
                    9e:7e:eb:0c:37:c8:2f:c5:74:d1:d2:94:a1:c8:24:
                    0d:82:80:7c:6a:85:68:15:6c:e3:ac:eb:12:ec:b0:
                    59:fa:c4:12:36:25:11:0f:a3:38:ce:d7:25:90:f4:
                    70:8d:32:ea:95:89:b5:1c:77:e8:2d:8f:8b:a8:30:
                    ed:73:78:74:0a:b6:5b:37:c7:83:8a:10:69:bc:ab:
                    45:cd:f9:21:ef:38:23:81:8b:7d:1a:b9:f7:87:bc:
                    ae:64:a4:0b:65:15:ca:86:a9:b9:a0:dd:c8:fe:a3:
                    76:c1:c7:b5:16:4a:94:55:70:bf:5c:7e:b9:32:af:
                    d8:5e:c8:04:01:ec:e5:08:22:fd:84:27:5b:4f:e9:
                    a0:a7:d1:2f:5f:01:48:04:52:fd:1f:69:1c:6e:50:
                    51:02:3c:49:c1:4f:bf:40:b6:d0:6b:2d:7a:f9:57:
                    f5:e0:b1:3d:6d:14:f0:b3:54:98:7e:2e:d3:7c:9d:
                    d7:b8:82:6e:2b:8d:8d:ad:c6:23:f0:ab:95:6b:92:
                    b0:3a:4d:77:6b:89:1c:f8:07:8f:f1:67:9a:e6:7b:
                    b7:51:45:42:67:bd:f7:98:51:0a:c9:ef:52:b1:c1:
                    3b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:CF:52:1D:C3:35:BA:41:1B:2F:BD:65:76:DF:AC:BE:46:03:F8:63
            X509v3 Authority Key Identifier:
                keyid:A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/Vc9SHcM1ukEbL71ldt-svkYD-GM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:3b:ae:1b:b9:99:85:e4:2e:a2:91:3e:6c:9f:85:0a:1b:8c:
         fe:66:71:29:c2:da:a3:09:f8:0b:3c:31:5e:0b:23:21:db:9c:
         9f:b9:5a:84:3c:f9:26:77:25:7e:ce:cc:f8:45:6b:16:91:98:
         45:b8:70:16:1c:8a:fb:a5:36:c1:df:e0:2e:b0:cf:cc:ae:d1:
         42:2b:fd:a8:d5:68:3b:db:af:b3:ef:cd:dc:5b:b8:c8:0b:1a:
         6a:ff:e3:3c:9c:5d:72:fd:62:3f:67:ea:ae:b7:e8:ad:d2:97:
         c6:d6:43:7a:2f:f7:f7:11:ab:9b:8e:44:ca:75:25:a9:26:dc:
         d9:22:0d:16:1f:0e:f2:06:02:34:97:91:4b:82:6c:eb:65:cc:
         ff:5b:cb:72:6c:e5:a1:5a:51:eb:31:14:6c:44:43:a8:72:2f:
         f9:1e:af:c0:ff:34:77:73:c6:c8:49:a7:1f:d5:5b:61:09:c0:
         e4:cd:70:d9:9d:54:f5:51:4f:3b:0b:86:77:47:b7:07:80:70:
         ca:16:a8:72:a2:41:ae:2d:9f:3f:a0:04:02:7b:07:0d:a6:ad:
         fe:9d:9a:84:ee:ad:ee:87:a8:d1:6d:60:33:b5:95:d9:06:79:
         e0:8a:92:72:3a:61:fe:e9:53:55:85:0a:02:62:0e:ff:1e:e5:
         fc:19:71:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSw/PtGAbidCbEXYlj3x4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NTJkMGQyNjY1NTczODU4MzZhYWI3YWUzZmRjZWQ0Y2E3
NGFkODkwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWNmNTIxZGMzMzViYTQxMWIyZmJkNjU3NmRmYWNiZTQ2MDNmODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlamClnXfAJ/2DYtynQqHYe41xxP4
Ba1iEKoZZTuefusMN8gvxXTR0pShyCQNgoB8aoVoFWzjrOsS7LBZ+sQSNiURD6M4
ztclkPRwjTLqlYm1HHfoLY+LqDDtc3h0CrZbN8eDihBpvKtFzfkh7zgjgYt9Grn3
h7yuZKQLZRXKhqm5oN3I/qN2wce1FkqUVXC/XH65Mq/YXsgEAezlCCL9hCdbT+mg
p9EvXwFIBFL9H2kcblBRAjxJwU+/QLbQay16+Vf14LE9bRTws1SYfi7TfJ3XuIJu
K42NrcYj8KuVa5KwOk13a4kc+AeP8Wea5nu3UUVCZ733mFEKye9SscE7gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXPUh3DNbpBGy+9ZXbfrL5GA/hjMB8GA1UdIwQY
MBaAFKlS0NJmVXOFg2qreuP9ztTKdK2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAt
NGMyMWE1MDVmMzQ2LzEvVmM5U0hjTTF1a0ViTDcxbGR0LXN2a1lELUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAtNGMyMWE1MDVmMzQ2
LzEvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSNnMA0G
CSqGSIb3DQEBCwUAA4IBAQCqO64buZmF5C6ikT5sn4UKG4z+ZnEpwtqjCfgLPDFe
CyMh25yfuVqEPPkmdyV+zsz4RWsWkZhFuHAWHIr7pTbB3+AusM/MrtFCK/2o1Wg7
26+z783cW7jICxpq/+M8nF1y/WI/Z+qut+it0pfG1kN6L/f3EaubjkTKdSWpJtzZ
Ig0WHw7yBgI0l5FLgmzrZcz/W8tybOWhWlHrMRRsREOoci/5Hq/A/zR3c8bISacf
1VthCcDkzXDZnVT1UU87C4Z3R7cHgHDKFqhyokGuLZ8/oAQCewcNpq3+nZqE7q3u
h6jRbWAztZXZBnngipJyOmH+6VNVhQoCYg7/HuX8GXGf
-----END CERTIFICATE-----