Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/OWr1QTZaI_duPiZFeXmddZCjzu0.roa
File:                     OWr1QTZaI_duPiZFeXmddZCjzu0.roa (raw, json)
Hash identifier:          Apo+DpOY1yhu6e7HNO4Ld4fs3s94WrSCPQAGXhgWuaI=
Subject key identifier:   39:6A:F5:41:36:5A:23:F7:6E:3E:26:45:79:79:9D:75:90:A3:CE:ED
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945D191858F7FD000B5BA5C7961F57
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/OWr1QTZaI_duPiZFeXmddZCjzu0.roa
Signing time:             Tue 02 Jan 2024 00:30:38 +0000
ROA not before:           Tue 02 Jan 2024 00:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202813
IP address blocks:        5.59.64.0/22 maxlen: 24
                          5.59.172.0/24 maxlen: 24
                          5.59.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5d:19:18:58:f7:fd:00:0b:5b:a5:c7:96:1f:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396af541365a23f76e3e264579799d7590a3ceed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b5:a4:61:1a:69:fd:c4:73:f3:d0:29:13:d3:
                    ce:1b:cb:3f:c1:2e:32:3f:58:ee:cb:41:73:77:10:
                    43:8a:54:eb:80:09:9f:bb:54:df:37:03:51:6f:d9:
                    a5:56:34:06:1c:78:4f:49:83:08:5f:cb:6d:52:4a:
                    18:b2:56:0d:f3:16:dc:a7:3b:3d:6d:00:17:c7:90:
                    df:56:51:07:99:22:57:e4:d9:6d:bf:d4:0b:26:60:
                    ad:bd:74:01:de:b0:b1:d7:fc:f0:41:e0:0f:88:0f:
                    e3:76:41:d8:9a:19:79:df:56:b1:6c:70:c0:24:93:
                    14:1e:df:c2:0d:6b:d4:f9:7a:37:a0:3f:52:36:a2:
                    8a:36:e1:9b:42:6c:95:3f:59:bf:56:24:0b:4b:a7:
                    5b:66:4f:bc:b2:80:2b:4e:6f:1c:d2:cd:0d:ba:3a:
                    3b:1a:ac:75:01:75:6e:bb:22:ac:5e:38:54:49:66:
                    0c:bf:b1:b9:43:1f:b7:bc:92:c3:73:ce:f6:20:e5:
                    ef:64:8a:3f:20:53:a2:d0:d3:23:35:85:53:3e:6f:
                    1c:13:32:51:7b:7d:97:3a:b1:1d:82:23:ea:b4:f9:
                    d9:ac:68:2c:a2:59:e5:50:e4:04:de:cf:38:99:1a:
                    fb:8d:4a:17:0f:a6:ed:15:0c:eb:c2:d5:0c:3a:2c:
                    e9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6A:F5:41:36:5A:23:F7:6E:3E:26:45:79:79:9D:75:90:A3:CE:ED
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/OWr1QTZaI_duPiZFeXmddZCjzu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.64.0/22
                  5.59.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:2f:e6:11:a1:fb:28:c3:92:92:06:3e:8d:b4:51:73:5a:55:
         82:4d:fd:c9:b9:7c:56:3a:73:77:32:df:48:9e:fd:c9:ca:1c:
         73:03:c5:8c:32:d9:a7:3a:2c:35:66:44:89:ec:68:be:dd:fc:
         7c:67:f3:8c:9a:4f:7d:e4:1b:2c:cd:f6:86:de:4b:ac:86:38:
         18:df:e7:ae:17:9d:92:9e:ff:be:79:72:06:c6:93:8a:b8:e8:
         cc:75:71:b6:21:c8:fe:a9:48:a1:38:48:57:f2:36:9c:fe:cb:
         4c:b8:81:d2:74:a8:94:c6:fc:4c:34:07:06:b2:9f:61:f9:d3:
         02:ec:e7:b8:e7:eb:f2:dc:48:d8:b3:4d:16:d3:bb:e9:a7:79:
         9a:be:66:fb:d4:eb:5d:2e:2b:fa:ee:11:f5:cc:5e:7b:20:61:
         84:ae:f1:75:9b:ad:64:97:ca:e2:55:15:7c:86:84:a9:15:3e:
         c3:64:1a:5a:a6:d1:9e:04:0a:ba:74:10:60:00:06:93:de:81:
         4a:9d:7e:8d:cb:5c:91:c0:68:22:13:84:57:85:ff:d8:2d:fc:
         7f:a6:d2:30:b2:f0:ac:a4:05:06:56:8a:b8:c3:62:01:c1:11:
         8f:64:25:57:b7:dc:c0:3e:a6:78:33:80:92:f7:5b:6a:7c:de:
         52:90:e5:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlF0ZGFj3/QALW6XHlh9XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZhZjU0MTM2NWEyM2Y3NmUzZTI2NDU3OTc5OWQ3NTkwYTNjZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLWkYRpp/cRz89ApE9POG8s/wS4y
P1juy0FzdxBDilTrgAmfu1TfNwNRb9mlVjQGHHhPSYMIX8ttUkoYslYN8xbcpzs9
bQAXx5DfVlEHmSJX5Nltv9QLJmCtvXQB3rCx1/zwQeAPiA/jdkHYmhl531axbHDA
JJMUHt/CDWvU+Xo3oD9SNqKKNuGbQmyVP1m/ViQLS6dbZk+8soArTm8c0s0Nujo7
Gqx1AXVuuyKsXjhUSWYMv7G5Qx+3vJLDc872IOXvZIo/IFOi0NMjNYVTPm8cEzJR
e32XOrEdgiPqtPnZrGgsolnlUOQE3s84mRr7jUoXD6btFQzrwtUMOizpRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlq9UE2WiP3bj4mRXl5nXWQo87tMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvT1dyMVFUWmFJX2R1UGlaRmVYbWRkWkNqenUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBTtAAwQB
BTusMA0GCSqGSIb3DQEBCwUAA4IBAQAxL+YRofsow5KSBj6NtFFzWlWCTf3JuXxW
OnN3Mt9Inv3JyhxzA8WMMtmnOiw1ZkSJ7Gi+3fx8Z/OMmk995BsszfaG3kushjgY
3+euF52Snv++eXIGxpOKuOjMdXG2Icj+qUihOEhX8jac/stMuIHSdKiUxvxMNAcG
sp9h+dMC7Oe45+vy3EjYs00W07vpp3mavmb71OtdLiv67hH1zF57IGGErvF1m61k
l8riVRV8hoSpFT7DZBpaptGeBAq6dBBgAAaT3oFKnX6Ny1yRwGgiE4RXhf/YLfx/
ptIwsvCspAUGVoq4w2IBwRGPZCVXt9zAPqZ4M4CS91tqfN5SkOWZ
-----END CERTIFICATE-----