Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/d9-yqSmBsUkETAOLhwmVV4FLxnc.roa
File:                     d9-yqSmBsUkETAOLhwmVV4FLxnc.roa (raw, json)
Hash identifier:          Vk0vvrHYbQAAJho2O9Z8foCUNfv58BHGfp81MsW2E1o=
Subject key identifier:   77:DF:B2:A9:29:81:B1:49:04:4C:03:8B:87:09:95:57:81:4B:C6:77
Certificate issuer:       /CN=137f3372df57c814aba8b51a907861d92b9e4f55
Certificate serial:       0192D77624B4EFC870D5AE99578F5FFAEEAA
Authority key identifier: 13:7F:33:72:DF:57:C8:14:AB:A8:B5:1A:90:78:61:D9:2B:9E:4F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/d9-yqSmBsUkETAOLhwmVV4FLxnc.roa
Signing time:             Tue 29 Oct 2024 08:48:17 +0000
ROA not before:           Tue 29 Oct 2024 08:48:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202468
IP address blocks:        5.253.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:76:24:b4:ef:c8:70:d5:ae:99:57:8f:5f:fa:ee:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137f3372df57c814aba8b51a907861d92b9e4f55
        Validity
            Not Before: Oct 29 08:48:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77dfb2a92981b149044c038b87099557814bc677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:08:e1:1b:f5:3e:91:77:99:f8:2d:94:55:70:
                    81:e3:fe:4e:13:b1:ff:ad:c1:39:69:4f:c8:6a:77:
                    ad:54:77:80:b0:d7:fe:c0:0e:c1:31:49:b9:90:79:
                    8d:a2:43:f4:17:01:c9:4a:ac:e6:75:7c:84:04:c5:
                    1d:db:cb:e0:18:0d:e7:f2:c7:3a:97:2e:a5:80:2e:
                    12:c2:b1:ce:77:9d:11:dd:3e:3e:25:4d:59:43:9e:
                    50:83:8b:d3:39:05:91:47:4b:67:d2:fa:4f:e9:94:
                    19:b1:dd:67:dd:f7:23:a7:55:7d:4b:5c:1d:78:19:
                    07:39:b4:88:34:dd:18:d0:b9:99:d9:a1:2a:aa:c2:
                    2a:4b:f9:d0:a4:cc:e4:76:0b:b1:ad:c9:1b:2e:eb:
                    91:9e:ff:41:45:e5:8d:1e:00:c2:57:1e:db:e7:ec:
                    0c:7c:44:c1:ae:17:a9:b4:73:c2:df:f2:52:21:a2:
                    50:96:4a:81:44:7e:62:33:0b:d8:ff:fb:63:b4:11:
                    c3:47:55:ae:60:bc:f3:d0:d9:a5:82:d8:fb:a7:ed:
                    9e:76:86:50:59:fc:72:0d:da:13:60:7e:79:97:1a:
                    14:1e:0f:3b:fa:50:66:1d:ad:e7:c9:b4:b3:ae:70:
                    79:e7:a8:7b:ea:30:8e:8a:9f:17:bc:7b:8a:d0:e2:
                    c3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:DF:B2:A9:29:81:B1:49:04:4C:03:8B:87:09:95:57:81:4B:C6:77
            X509v3 Authority Key Identifier:
                keyid:13:7F:33:72:DF:57:C8:14:AB:A8:B5:1A:90:78:61:D9:2B:9E:4F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/d9-yqSmBsUkETAOLhwmVV4FLxnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:4f:55:44:7a:7d:4b:46:c7:6a:11:8b:86:d5:01:f3:d9:83:
         ed:a6:f7:85:30:2e:74:98:a1:99:98:56:8e:52:ed:b0:e0:3b:
         98:6e:6f:b7:a0:d4:d9:90:4c:66:cf:35:d9:33:b3:4e:4b:ea:
         bb:68:66:0d:af:5b:a9:df:48:2e:2e:b6:86:98:59:09:82:c8:
         2f:5d:37:60:a5:36:98:46:57:96:5b:e3:8b:32:8a:26:d2:b7:
         89:1f:78:10:7c:89:6c:65:69:80:fe:01:e1:4b:e6:0d:b7:32:
         c2:80:77:10:9d:6a:19:07:6a:ba:3a:d9:85:77:36:c4:2a:c5:
         93:2b:47:e0:3a:5f:e9:80:76:4d:bc:eb:86:a7:0e:43:d0:76:
         06:d5:2e:84:5c:af:bf:76:da:92:c8:22:04:83:e3:25:58:53:
         f3:0d:eb:54:af:08:f1:6b:a5:39:5a:a6:51:c3:36:d7:b9:41:
         f8:ee:a3:5b:49:9e:73:3c:37:8b:ed:a4:38:46:ca:38:c0:6e:
         b3:16:b5:7c:79:45:8e:46:bd:2e:9b:4d:49:66:fc:15:81:1c:
         44:8d:bb:4e:79:a1:30:97:90:72:90:34:c2:32:54:f2:ca:35:
         e5:fb:0c:18:e6:e5:b7:e9:a2:7a:54:68:84:a8:3b:c6:3c:5b:
         b4:7a:b1:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLXdiS078hw1a6ZV49f+u6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2YzMzcyZGY1N2M4MTRhYmE4YjUxYTkwNzg2MWQ5MmI5
ZTRmNTUwHhcNMjQxMDI5MDg0ODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2RmYjJhOTI5ODFiMTQ5MDQ0YzAzOGI4NzA5OTU1NzgxNGJjNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwjhG/U+kXeZ+C2UVXCB4/5OE7H/
rcE5aU/IanetVHeAsNf+wA7BMUm5kHmNokP0FwHJSqzmdXyEBMUd28vgGA3n8sc6
ly6lgC4SwrHOd50R3T4+JU1ZQ55Qg4vTOQWRR0tn0vpP6ZQZsd1n3fcjp1V9S1wd
eBkHObSINN0Y0LmZ2aEqqsIqS/nQpMzkdguxrckbLuuRnv9BReWNHgDCVx7b5+wM
fETBrheptHPC3/JSIaJQlkqBRH5iMwvY//tjtBHDR1WuYLzz0Nmlgtj7p+2edoZQ
WfxyDdoTYH55lxoUHg87+lBmHa3nybSzrnB556h76jCOip8XvHuK0OLDHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHffsqkpgbFJBEwDi4cJlVeBS8Z3MB8GA1UdIwQY
MBaAFBN/M3LfV8gUq6i1GpB4Ydkrnk9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM4emN0OVh5QlNycUxVYWtIaGgyU3VlVDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy84YjE0MWItNDk0ZS00NjZiLWEyMmMt
YTIyNGZlZmFjMjE4LzEvZDkteXFTbUJzVWtFVEFPTGh3bVZWNEZMeG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy84YjE0MWItNDk0ZS00NjZiLWEyMmMtYTIyNGZlZmFjMjE4
LzEvRTM4emN0OVh5QlNycUxVYWtIaGgyU3VlVDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf0YMA0G
CSqGSIb3DQEBCwUAA4IBAQAST1VEen1LRsdqEYuG1QHz2YPtpveFMC50mKGZmFaO
Uu2w4DuYbm+3oNTZkExmzzXZM7NOS+q7aGYNr1up30guLraGmFkJgsgvXTdgpTaY
RleWW+OLMoom0reJH3gQfIlsZWmA/gHhS+YNtzLCgHcQnWoZB2q6OtmFdzbEKsWT
K0fgOl/pgHZNvOuGpw5D0HYG1S6EXK+/dtqSyCIEg+MlWFPzDetUrwjxa6U5WqZR
wzbXuUH47qNbSZ5zPDeL7aQ4Rso4wG6zFrV8eUWORr0um01JZvwVgRxEjbtOeaEw
l5BykDTCMlTyyjXl+wwY5uW36aJ6VGiEqDvGPFu0erEp
-----END CERTIFICATE-----