Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/d4501b-18ea-4280-85a4-9329f9179fda/1/5GbVwvC7-OKgl57tSBlN-mpxXkU.roa
File:                     5GbVwvC7-OKgl57tSBlN-mpxXkU.roa (raw, json)
Hash identifier:          SKVHly9zsRyv2ElCqexph53qCgeqRTNEFDZMY18jDmk=
Subject key identifier:   E4:66:D5:C2:F0:BB:F8:E2:A0:97:9E:ED:48:19:4D:FA:6A:71:5E:45
Certificate issuer:       /CN=4a97bc504f3075fb4f39236408c1c2d547b44c26
Certificate serial:       018CC802E3862250990315E503FC350BAB4E
Authority key identifier: 4A:97:BC:50:4F:30:75:FB:4F:39:23:64:08:C1:C2:D5:47:B4:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Spe8UE8wdftPOSNkCMHC1Ue0TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/d4501b-18ea-4280-85a4-9329f9179fda/1/5GbVwvC7-OKgl57tSBlN-mpxXkU.roa
Signing time:             Tue 02 Jan 2024 02:31:21 +0000
ROA not before:           Tue 02 Jan 2024 02:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20906
IP address blocks:        193.108.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/d4501b-18ea-4280-85a4-9329f9179fda/1/Spe8UE8wdftPOSNkCMHC1Ue0TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/d4501b-18ea-4280-85a4-9329f9179fda/1/Spe8UE8wdftPOSNkCMHC1Ue0TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Spe8UE8wdftPOSNkCMHC1Ue0TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e3:86:22:50:99:03:15:e5:03:fc:35:0b:ab:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a97bc504f3075fb4f39236408c1c2d547b44c26
        Validity
            Not Before: Jan  2 02:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e466d5c2f0bbf8e2a0979eed48194dfa6a715e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4e:57:03:fb:61:1e:b9:77:5f:9f:ba:ff:23:
                    fb:69:fa:fc:b2:6a:25:b3:5d:b5:bb:bc:4f:20:b7:
                    d5:94:81:f5:a4:16:14:c9:2c:82:9c:fa:68:f1:12:
                    f2:85:9d:d8:dc:71:ac:a8:f7:0f:af:bb:25:76:5f:
                    63:6d:20:10:bf:1b:e3:34:3f:f7:c1:8d:1d:d1:cf:
                    e5:34:89:d8:0e:3c:05:22:26:d0:04:45:6e:1b:15:
                    9f:27:23:c8:c6:6e:72:d0:a4:e5:d6:09:d8:92:d7:
                    e7:47:26:e6:28:af:be:34:a5:60:a9:d9:1e:aa:61:
                    78:2f:80:af:1d:4e:a7:d5:b4:39:cd:2a:31:29:b2:
                    e0:a0:87:f8:8c:d4:f7:57:45:db:72:7f:97:17:bb:
                    63:8a:ae:13:27:12:48:ee:65:eb:7b:37:16:f4:a0:
                    dd:5a:f8:de:02:b4:a5:7b:6e:a6:b8:e1:79:f4:90:
                    65:4c:fe:fc:49:dd:15:4f:bc:93:cb:e5:ac:95:63:
                    89:31:20:52:d6:ad:23:45:24:bb:2d:6d:de:30:72:
                    50:4d:81:77:12:96:ad:35:73:ce:be:f4:70:fc:d3:
                    b7:41:60:f8:30:62:4b:ba:01:f5:77:69:a0:94:65:
                    2c:3b:27:5a:19:93:41:a9:78:50:f7:3d:fd:cd:44:
                    15:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:66:D5:C2:F0:BB:F8:E2:A0:97:9E:ED:48:19:4D:FA:6A:71:5E:45
            X509v3 Authority Key Identifier:
                keyid:4A:97:BC:50:4F:30:75:FB:4F:39:23:64:08:C1:C2:D5:47:B4:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Spe8UE8wdftPOSNkCMHC1Ue0TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d4501b-18ea-4280-85a4-9329f9179fda/1/5GbVwvC7-OKgl57tSBlN-mpxXkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d4501b-18ea-4280-85a4-9329f9179fda/1/Spe8UE8wdftPOSNkCMHC1Ue0TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:73:aa:15:f2:fc:e7:b5:0d:4c:79:ec:b3:fc:6d:0a:9f:42:
         8f:9e:f8:be:58:dc:4a:e5:7e:d5:b0:5d:40:4a:d2:13:15:ab:
         09:97:6d:e5:e0:57:99:6b:48:1d:62:90:a3:58:0b:c6:66:0d:
         dc:8b:33:e1:cb:02:ad:fe:ce:e8:c0:17:7c:03:a4:82:d3:96:
         15:27:5a:00:f7:c9:90:c0:ac:bc:50:63:45:06:8a:35:6c:c8:
         6d:e4:88:1c:47:1b:a4:58:93:79:ca:c2:56:75:81:bd:6e:ff:
         01:ef:db:0c:87:7e:8a:08:25:a8:da:05:8c:66:6d:57:03:b9:
         58:7e:6c:ea:f2:29:34:9f:33:fe:44:a9:4c:96:20:c0:7b:19:
         28:2b:de:c5:8c:8c:69:d1:4b:1f:9b:42:7f:2a:43:98:e8:7a:
         9a:08:11:8e:89:8d:c3:5d:21:ad:ce:a9:c7:59:27:e6:66:49:
         d8:af:2e:81:b3:7a:57:0f:08:53:d9:22:85:75:bb:29:70:b1:
         f0:99:be:ef:ad:ae:13:19:4d:25:40:19:73:72:c2:61:4a:83:
         13:2e:d7:29:c6:68:16:84:70:f5:e3:f5:d6:1e:cb:81:95:b1:
         17:b7:db:a1:e8:e9:69:c5:fc:42:43:92:10:cf:01:61:34:ae:
         3e:5c:eb:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAuOGIlCZAxXlA/w1C6tOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOTdiYzUwNGYzMDc1ZmI0ZjM5MjM2NDA4YzFjMmQ1NDdi
NDRjMjYwHhcNMjQwMTAyMDIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY2ZDVjMmYwYmJmOGUyYTA5NzllZWQ0ODE5NGRmYTZhNzE1ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE5XA/thHrl3X5+6/yP7afr8smol
s121u7xPILfVlIH1pBYUySyCnPpo8RLyhZ3Y3HGsqPcPr7sldl9jbSAQvxvjND/3
wY0d0c/lNInYDjwFIibQBEVuGxWfJyPIxm5y0KTl1gnYktfnRybmKK++NKVgqdke
qmF4L4CvHU6n1bQ5zSoxKbLgoIf4jNT3V0Xbcn+XF7tjiq4TJxJI7mXrezcW9KDd
WvjeArSle26muOF59JBlTP78Sd0VT7yTy+WslWOJMSBS1q0jRSS7LW3eMHJQTYF3
EpatNXPOvvRw/NO3QWD4MGJLugH1d2mglGUsOydaGZNBqXhQ9z39zUQVCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORm1cLwu/jioJee7UgZTfpqcV5FMB8GA1UdIwQY
MBaAFEqXvFBPMHX7TzkjZAjBwtVHtEwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3BlOFVFOHdkZnRQT1NOa0NNSEMxVWUwVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9kNDUwMWItMThlYS00MjgwLTg1YTQt
OTMyOWY5MTc5ZmRhLzEvNUdiVnd2QzctT0tnbDU3dFNCbE4tbXB4WGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9kNDUwMWItMThlYS00MjgwLTg1YTQtOTMyOWY5MTc5ZmRh
LzEvU3BlOFVFOHdkZnRQT1NOa0NNSEMxVWUwVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWyuMA0G
CSqGSIb3DQEBCwUAA4IBAQBnc6oV8vzntQ1Meeyz/G0Kn0KPnvi+WNxK5X7VsF1A
StITFasJl23l4FeZa0gdYpCjWAvGZg3cizPhywKt/s7owBd8A6SC05YVJ1oA98mQ
wKy8UGNFBoo1bMht5IgcRxukWJN5ysJWdYG9bv8B79sMh36KCCWo2gWMZm1XA7lY
fmzq8ik0nzP+RKlMliDAexkoK97FjIxp0Usfm0J/KkOY6HqaCBGOiY3DXSGtzqnH
WSfmZknYry6Bs3pXDwhT2SKFdbspcLHwmb7vra4TGU0lQBlzcsJhSoMTLtcpxmgW
hHD14/XWHsuBlbEXt9uh6OlpxfxCQ5IQzwFhNK4+XOsl
-----END CERTIFICATE-----