Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/70b33b-d1eb-4bbb-97d6-0592453df7d2/1/X2AF0wk6E2kjIj2nL8NlNMxzW0w.roa
File:                     X2AF0wk6E2kjIj2nL8NlNMxzW0w.roa (raw, json)
Hash identifier:          LwnHOfwkrCh5Ig67Gwudwi2KovtA9npgRnfwFvGJwik=
Subject key identifier:   5F:60:05:D3:09:3A:13:69:23:22:3D:A7:2F:C3:65:34:CC:73:5B:4C
Certificate issuer:       /CN=04c5f1d1779eb709090365db982917adfd0f8049
Certificate serial:       018E8C17F92146AF7C46738F9901809D78AF
Authority key identifier: 04:C5:F1:D1:77:9E:B7:09:09:03:65:DB:98:29:17:AD:FD:0F:80:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMXx0XeetwkJA2XbmCkXrf0PgEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/70b33b-d1eb-4bbb-97d6-0592453df7d2/1/X2AF0wk6E2kjIj2nL8NlNMxzW0w.roa
Signing time:             Fri 29 Mar 2024 21:22:45 +0000
ROA not before:           Fri 29 Mar 2024 21:22:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        194.126.231.0/24 maxlen: 24
                          195.114.106.0/24 maxlen: 24
                          195.114.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/70b33b-d1eb-4bbb-97d6-0592453df7d2/1/BMXx0XeetwkJA2XbmCkXrf0PgEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/70b33b-d1eb-4bbb-97d6-0592453df7d2/1/BMXx0XeetwkJA2XbmCkXrf0PgEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMXx0XeetwkJA2XbmCkXrf0PgEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8c:17:f9:21:46:af:7c:46:73:8f:99:01:80:9d:78:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04c5f1d1779eb709090365db982917adfd0f8049
        Validity
            Not Before: Mar 29 21:22:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f6005d3093a136923223da72fc36534cc735b4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:be:02:da:84:21:ed:de:76:90:71:8d:16:1c:
                    1d:fd:cb:ab:ca:ab:a6:2f:e6:39:29:d3:c0:d1:db:
                    4f:d5:47:7d:85:c4:d7:36:1f:a2:2f:80:1c:a5:40:
                    86:5a:4c:9a:b5:84:6a:26:22:21:c3:c8:27:9f:66:
                    66:ab:54:6b:6e:4c:1b:f5:9a:ff:a6:29:e4:cc:cf:
                    9e:01:16:a2:76:03:a0:6b:9e:2f:fb:3e:b6:5e:83:
                    09:f8:b3:47:7a:82:c5:42:7c:b3:b3:4c:c2:07:bc:
                    04:8e:de:30:ff:b4:c7:9a:8b:8c:ea:84:28:aa:02:
                    94:ce:11:8a:9d:53:8f:cb:c6:63:6a:02:90:b1:6f:
                    08:c8:f3:e2:56:cb:23:8d:b2:eb:c9:d6:fd:4b:87:
                    a4:af:d6:3e:dc:71:76:7c:25:cf:26:c2:da:6e:12:
                    1b:57:70:ae:1d:9f:a0:d7:39:db:8f:70:03:d9:4b:
                    72:58:9a:d2:6c:b6:20:86:12:a6:0c:4f:1b:7e:c3:
                    c8:13:f4:96:bc:c6:7b:5b:3f:8d:bf:ed:26:f8:d8:
                    60:30:03:40:75:79:35:a4:52:b3:1a:5a:d9:85:97:
                    a0:a6:fa:a5:7e:05:d5:5e:60:7e:b1:fc:e4:90:7c:
                    54:99:b1:3e:19:da:8a:3b:8d:ba:61:f7:ac:e8:80:
                    fa:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:60:05:D3:09:3A:13:69:23:22:3D:A7:2F:C3:65:34:CC:73:5B:4C
            X509v3 Authority Key Identifier:
                keyid:04:C5:F1:D1:77:9E:B7:09:09:03:65:DB:98:29:17:AD:FD:0F:80:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMXx0XeetwkJA2XbmCkXrf0PgEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/70b33b-d1eb-4bbb-97d6-0592453df7d2/1/X2AF0wk6E2kjIj2nL8NlNMxzW0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/70b33b-d1eb-4bbb-97d6-0592453df7d2/1/BMXx0XeetwkJA2XbmCkXrf0PgEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.231.0/24
                  195.114.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:5b:b6:eb:a3:a7:a2:b1:66:69:fa:2b:28:b3:84:31:37:ce:
         5d:cd:80:9a:f3:b5:f0:63:f2:14:48:a4:6c:36:c1:bb:f7:62:
         c2:af:64:95:b0:c5:9b:3b:6d:29:ca:d6:7f:9d:31:d4:09:96:
         c0:03:c0:ef:a0:83:8c:fa:a5:4d:f5:ea:3d:03:9c:c8:05:88:
         58:17:b3:bc:cf:c9:d9:70:4c:1e:45:21:b7:46:29:80:c5:e8:
         ac:aa:57:06:c1:eb:a4:61:7d:c4:54:53:a7:78:d6:27:77:c9:
         db:ed:d8:f3:5e:cf:38:75:e3:45:da:54:28:4d:6a:20:69:9c:
         e6:21:0f:b1:d7:19:6c:4a:71:17:e0:3d:2e:09:b6:22:c1:fb:
         90:29:79:53:9a:51:66:15:42:6d:6d:7c:b5:d2:79:cf:8d:41:
         e5:58:39:4a:07:d0:10:b9:2a:2a:0e:0a:88:a8:49:57:14:45:
         43:3a:9f:a4:f9:54:6b:bc:ba:b4:60:bf:96:07:f2:06:58:ee:
         57:82:f8:d0:62:4e:2d:4f:2f:cb:e6:4c:85:38:34:53:fb:a0:
         7b:8b:56:61:8d:1a:40:f8:29:ed:c8:14:7e:f4:0e:76:cc:9d:
         18:37:d1:8f:f9:86:7b:58:68:2a:ff:20:0a:8d:d9:f8:a4:ce:
         23:07:50:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6MF/khRq98RnOPmQGAnXivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YzVmMWQxNzc5ZWI3MDkwOTAzNjVkYjk4MjkxN2FkZmQw
ZjgwNDkwHhcNMjQwMzI5MjEyMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjYwMDVkMzA5M2ExMzY5MjMyMjNkYTcyZmMzNjUzNGNjNzM1YjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhb4C2oQh7d52kHGNFhwd/curyqum
L+Y5KdPA0dtP1Ud9hcTXNh+iL4AcpUCGWkyatYRqJiIhw8gnn2Zmq1Rrbkwb9Zr/
pinkzM+eARaidgOga54v+z62XoMJ+LNHeoLFQnyzs0zCB7wEjt4w/7THmouM6oQo
qgKUzhGKnVOPy8ZjagKQsW8IyPPiVssjjbLrydb9S4ekr9Y+3HF2fCXPJsLabhIb
V3CuHZ+g1znbj3AD2UtyWJrSbLYghhKmDE8bfsPIE/SWvMZ7Wz+Nv+0m+NhgMANA
dXk1pFKzGlrZhZegpvqlfgXVXmB+sfzkkHxUmbE+GdqKO426Yfes6ID6KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF9gBdMJOhNpIyI9py/DZTTMc1tMMB8GA1UdIwQY
MBaAFATF8dF3nrcJCQNl25gpF639D4BJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk1YeDBYZWV0d2tKQTJYYm1Da1hyZjBQZ0VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83MGIzM2ItZDFlYi00YmJiLTk3ZDYt
MDU5MjQ1M2RmN2QyLzEvWDJBRjB3azZFMmtqSWoybkw4TmxOTXh6VzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83MGIzM2ItZDFlYi00YmJiLTk3ZDYtMDU5MjQ1M2RmN2Qy
LzEvQk1YeDBYZWV0d2tKQTJYYm1Da1hyZjBQZ0VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwn7nAwQB
w3JqMA0GCSqGSIb3DQEBCwUAA4IBAQC2W7bro6eisWZp+isos4QxN85dzYCa87Xw
Y/IUSKRsNsG792LCr2SVsMWbO20pytZ/nTHUCZbAA8DvoIOM+qVN9eo9A5zIBYhY
F7O8z8nZcEweRSG3RimAxeisqlcGweukYX3EVFOneNYnd8nb7djzXs84deNF2lQo
TWogaZzmIQ+x1xlsSnEX4D0uCbYiwfuQKXlTmlFmFUJtbXy10nnPjUHlWDlKB9AQ
uSoqDgqIqElXFEVDOp+k+VRrvLq0YL+WB/IGWO5XgvjQYk4tTy/L5kyFODRT+6B7
i1ZhjRpA+CntyBR+9A52zJ0YN9GP+YZ7WGgq/yAKjdn4pM4jB1DV
-----END CERTIFICATE-----