Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/AD1p4NnF5wDnhjXQo2k3Fn438Oo.roa
File:                     AD1p4NnF5wDnhjXQo2k3Fn438Oo.roa (raw, json)
Hash identifier:          iffjBDuoJtEGSD5y7/7LmQTRPqFhYSnSt1aI8ZytvuQ=
Subject key identifier:   00:3D:69:E0:D9:C5:E7:00:E7:86:35:D0:A3:69:37:16:7E:37:F0:EA
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       018CC3B6DD42E11EA359A15832DB6B7CB4EF
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/AD1p4NnF5wDnhjXQo2k3Fn438Oo.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140885
IP address blocks:        194.50.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dd:42:e1:1e:a3:59:a1:58:32:db:6b:7c:b4:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=003d69e0d9c5e700e78635d0a36937167e37f0ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d2:f0:76:ae:02:31:fa:de:5d:f7:7e:94:45:
                    b0:1b:ab:01:4c:42:c3:db:fb:cf:70:78:ed:ce:44:
                    39:d0:3f:43:56:14:6a:f0:14:3f:a1:ce:57:f7:cf:
                    7e:27:45:72:5f:38:81:44:88:a9:72:2e:f5:86:a2:
                    25:91:58:76:da:8b:b8:7a:01:0a:00:f7:5c:86:4b:
                    6c:f3:c4:2b:e1:9f:97:3e:22:d9:c4:84:cb:17:45:
                    d5:69:43:cb:85:b8:a6:90:51:f8:98:5b:91:ac:3f:
                    c6:ea:ec:16:25:96:f0:be:e4:6b:45:a6:44:9f:98:
                    35:92:b0:26:a9:e6:57:87:d0:2e:60:78:88:67:8e:
                    f2:68:39:95:4d:2b:47:71:f3:fc:23:6c:f2:68:c9:
                    9b:fa:d2:74:f0:9f:88:98:fc:21:af:5f:68:50:f5:
                    4d:08:6f:50:0c:1e:96:67:32:66:1a:77:fb:51:02:
                    03:c1:a9:d6:58:d1:ec:02:51:02:e6:86:95:99:69:
                    9a:81:7a:5f:30:c1:de:3e:81:5d:45:fb:48:59:d9:
                    74:51:ac:0f:d1:15:45:86:70:06:a0:87:7a:6c:c2:
                    26:ae:c0:c0:53:5e:3d:aa:f5:f4:93:b3:ed:96:b2:
                    40:be:ff:af:18:b8:b3:21:cc:86:8a:4f:31:fa:46:
                    dc:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3D:69:E0:D9:C5:E7:00:E7:86:35:D0:A3:69:37:16:7E:37:F0:EA
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/AD1p4NnF5wDnhjXQo2k3Fn438Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:40:61:8f:99:f4:89:84:1e:ce:59:23:27:38:b1:78:9d:27:
         6a:3f:5b:87:ba:9b:53:93:53:61:79:c8:39:fe:90:aa:00:42:
         cc:50:40:3d:86:a3:0f:80:b5:66:6e:45:72:5a:21:57:68:cd:
         78:76:6f:1d:76:20:90:52:19:e2:f7:35:c2:ef:e9:4c:ea:8b:
         76:3d:1c:2a:70:4c:4a:34:d6:36:51:f3:1f:71:8a:12:28:f0:
         44:d1:b4:0b:4c:9d:a3:bd:61:16:7f:49:cd:eb:f7:a2:da:6e:
         d3:d6:45:28:9c:74:e6:f1:61:9b:1a:4c:6c:63:d7:99:ee:25:
         f5:c7:29:fb:60:ac:ab:f3:43:d4:70:0a:70:c4:99:a6:06:f1:
         1d:47:df:30:5b:6a:96:4a:fd:7b:03:07:6b:7c:8a:4e:fe:51:
         f2:c3:47:ff:ae:0c:ca:c8:0c:00:c1:56:04:74:07:03:21:eb:
         61:99:9b:6a:df:9f:c9:b7:b0:3f:e8:79:81:3a:22:e3:7e:8a:
         9f:d8:34:2d:13:07:79:b2:14:4a:de:30:7e:02:be:92:51:62:
         73:1e:21:d3:3c:5f:83:f5:5b:64:7e:c9:cd:e8:f3:54:a9:bb:
         db:c3:2f:30:f4:65:b4:9a:32:ce:a2:b4:82:30:80:3e:48:e1:
         34:3b:df:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt1C4R6jWaFYMttrfLTvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDNkNjllMGQ5YzVlNzAwZTc4NjM1ZDBhMzY5MzcxNjdlMzdmMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NLwdq4CMfreXfd+lEWwG6sBTELD
2/vPcHjtzkQ50D9DVhRq8BQ/oc5X989+J0VyXziBRIipci71hqIlkVh22ou4egEK
APdchkts88Qr4Z+XPiLZxITLF0XVaUPLhbimkFH4mFuRrD/G6uwWJZbwvuRrRaZE
n5g1krAmqeZXh9AuYHiIZ47yaDmVTStHcfP8I2zyaMmb+tJ08J+ImPwhr19oUPVN
CG9QDB6WZzJmGnf7UQIDwanWWNHsAlEC5oaVmWmagXpfMMHePoFdRftIWdl0UawP
0RVFhnAGoId6bMImrsDAU149qvX0k7PtlrJAvv+vGLizIcyGik8x+kbczQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAA9aeDZxecA54Y10KNpNxZ+N/DqMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvQUQxcDRObkY1d0RuaGpYUW8yazNGbjQzOE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIFMA0G
CSqGSIb3DQEBCwUAA4IBAQBBQGGPmfSJhB7OWSMnOLF4nSdqP1uHuptTk1Nhecg5
/pCqAELMUEA9hqMPgLVmbkVyWiFXaM14dm8ddiCQUhni9zXC7+lM6ot2PRwqcExK
NNY2UfMfcYoSKPBE0bQLTJ2jvWEWf0nN6/ei2m7T1kUonHTm8WGbGkxsY9eZ7iX1
xyn7YKyr80PUcApwxJmmBvEdR98wW2qWSv17AwdrfIpO/lHyw0f/rgzKyAwAwVYE
dAcDIethmZtq35/Jt7A/6HmBOiLjfoqf2DQtEwd5shRK3jB+Ar6SUWJzHiHTPF+D
9VtkfsnN6PNUqbvbwy8w9GW0mjLOorSCMIA+SOE0O99d
-----END CERTIFICATE-----