Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/oOjqdv7mEm1pUVc8jNnBakuK7bw.roa
File:                     oOjqdv7mEm1pUVc8jNnBakuK7bw.roa (raw, json)
Hash identifier:          U1LftcMLghfrDMPsdpCRGHeqpuOyOQGOsmI6aMfF3tU=
Subject key identifier:   A0:E8:EA:76:FE:E6:12:6D:69:51:57:3C:8C:D9:C1:6A:4B:8A:ED:BC
Certificate issuer:       /CN=728c2bfd6bb503a01d018602bda152d734ed56f0
Certificate serial:       018CCA99FBC34BC5045C3A16B5A90385667E
Authority key identifier: 72:8C:2B:FD:6B:B5:03:A0:1D:01:86:02:BD:A1:52:D7:34:ED:56:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cowr_Wu1A6AdAYYCvaFS1zTtVvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/oOjqdv7mEm1pUVc8jNnBakuK7bw.roa
Signing time:             Tue 02 Jan 2024 14:35:38 +0000
ROA not before:           Tue 02 Jan 2024 14:35:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207357
IP address blocks:        5.182.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/cowr_Wu1A6AdAYYCvaFS1zTtVvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/cowr_Wu1A6AdAYYCvaFS1zTtVvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cowr_Wu1A6AdAYYCvaFS1zTtVvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:fb:c3:4b:c5:04:5c:3a:16:b5:a9:03:85:66:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=728c2bfd6bb503a01d018602bda152d734ed56f0
        Validity
            Not Before: Jan  2 14:35:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0e8ea76fee6126d6951573c8cd9c16a4b8aedbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7c:b0:28:b7:a0:a6:65:b6:87:34:ff:d2:97:
                    59:ba:68:82:a0:82:73:c9:10:6c:e0:5a:00:0c:d3:
                    82:0b:c7:9e:e2:a2:58:f2:cc:02:1a:0e:f9:df:d3:
                    45:18:5b:bf:01:75:26:df:c7:3b:41:34:40:e5:7d:
                    bc:07:79:a2:96:66:3d:2e:be:34:21:76:3a:2b:43:
                    72:2e:bf:ac:cb:c9:55:fc:3a:da:dc:b2:99:83:b5:
                    0d:b8:fa:44:b8:08:38:4c:bc:0a:02:fd:5a:ed:61:
                    9d:28:36:d9:c3:81:40:b1:48:3e:64:df:15:a7:f4:
                    7c:92:77:31:a1:9c:30:7d:be:c6:86:90:60:40:20:
                    8f:79:56:c4:d0:fb:f8:7c:d0:cc:3b:f9:8c:5b:85:
                    7e:de:12:81:eb:25:a3:dc:f0:c6:15:ce:d8:c7:89:
                    24:6c:8d:1b:ae:bb:f7:fb:d8:ee:75:89:b7:b3:07:
                    e1:60:19:59:98:82:f5:f2:0f:0f:55:d1:af:c2:a4:
                    b4:56:00:56:ad:a4:12:27:fb:89:6a:c9:01:99:b2:
                    e8:3a:77:33:70:27:8f:8a:4a:74:93:e9:29:51:36:
                    f9:ca:c8:05:68:db:03:6b:f6:0b:16:45:99:86:44:
                    35:48:f7:4e:47:66:36:39:92:fa:4f:53:cf:e1:f6:
                    f3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:E8:EA:76:FE:E6:12:6D:69:51:57:3C:8C:D9:C1:6A:4B:8A:ED:BC
            X509v3 Authority Key Identifier:
                keyid:72:8C:2B:FD:6B:B5:03:A0:1D:01:86:02:BD:A1:52:D7:34:ED:56:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cowr_Wu1A6AdAYYCvaFS1zTtVvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/oOjqdv7mEm1pUVc8jNnBakuK7bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/cowr_Wu1A6AdAYYCvaFS1zTtVvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f9:c6:25:38:06:b7:f9:03:20:c6:f2:8c:99:6c:76:00:d2:
         e5:0c:cd:e1:81:23:68:55:01:c8:5d:37:17:3f:74:7f:36:f8:
         7a:2d:6c:21:5d:3a:ab:21:ff:5d:31:3f:e7:17:b5:86:e6:93:
         58:e0:03:ba:27:44:82:aa:76:0a:c4:ef:8c:62:3d:fa:bb:35:
         ba:b4:ce:69:bf:48:b4:52:84:a1:76:cd:e4:ce:ac:67:3d:3f:
         b9:f3:81:10:38:8c:65:00:f5:f5:52:f3:cd:fb:90:af:b3:8c:
         37:99:8b:71:8b:d3:f2:e5:ee:e6:cd:4a:cc:47:00:b2:ea:0d:
         f9:6a:3c:a1:6d:6c:7a:70:d8:bf:47:30:38:74:32:c5:3d:b7:
         01:97:67:b9:b5:32:bf:3d:6d:de:8a:13:bf:36:14:c1:a7:8c:
         3c:b5:66:87:33:19:b4:c5:b8:8f:ae:87:4d:30:49:19:05:98:
         71:16:06:d7:e9:10:55:28:6d:f2:be:53:d3:3a:b5:86:b9:7e:
         93:f0:fb:0a:8c:3e:c4:be:5c:e3:99:5b:63:42:ea:4b:11:38:
         d8:83:06:63:9e:c9:5b:34:6b:17:40:41:ae:c4:2d:c5:f1:49:
         29:a0:58:07:ab:8e:0e:80:62:77:ff:a7:36:f2:e3:db:26:11:
         fb:bd:3d:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmfvDS8UEXDoWtakDhWZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOGMyYmZkNmJiNTAzYTAxZDAxODYwMmJkYTE1MmQ3MzRl
ZDU2ZjAwHhcNMjQwMTAyMTQzNTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGU4ZWE3NmZlZTYxMjZkNjk1MTU3M2M4Y2Q5YzE2YTRiOGFlZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnywKLegpmW2hzT/0pdZumiCoIJz
yRBs4FoADNOCC8ee4qJY8swCGg7539NFGFu/AXUm38c7QTRA5X28B3milmY9Lr40
IXY6K0NyLr+sy8lV/Dra3LKZg7UNuPpEuAg4TLwKAv1a7WGdKDbZw4FAsUg+ZN8V
p/R8kncxoZwwfb7GhpBgQCCPeVbE0Pv4fNDMO/mMW4V+3hKB6yWj3PDGFc7Yx4kk
bI0brrv3+9judYm3swfhYBlZmIL18g8PVdGvwqS0VgBWraQSJ/uJaskBmbLoOncz
cCePikp0k+kpUTb5ysgFaNsDa/YLFkWZhkQ1SPdOR2Y2OZL6T1PP4fbzLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDo6nb+5hJtaVFXPIzZwWpLiu28MB8GA1UdIwQY
MBaAFHKMK/1rtQOgHQGGAr2hUtc07VbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY293cl9XdTFBNkFkQVlZQ3ZhRlMxelR0VnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS82N2Y0MmUtNzA2Mi00MTEyLWFkNDIt
OTM0OWYxMGEyNjQ5LzEvb09qcWR2N21FbTFwVVZjOGpObkJha3VLN2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS82N2Y0MmUtNzA2Mi00MTEyLWFkNDItOTM0OWYxMGEyNjQ5
LzEvY293cl9XdTFBNkFkQVlZQ3ZhRlMxelR0VnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABba9MA0G
CSqGSIb3DQEBCwUAA4IBAQBE+cYlOAa3+QMgxvKMmWx2ANLlDM3hgSNoVQHIXTcX
P3R/Nvh6LWwhXTqrIf9dMT/nF7WG5pNY4AO6J0SCqnYKxO+MYj36uzW6tM5pv0i0
UoShds3kzqxnPT+584EQOIxlAPX1UvPN+5Cvs4w3mYtxi9Py5e7mzUrMRwCy6g35
ajyhbWx6cNi/RzA4dDLFPbcBl2e5tTK/PW3eihO/NhTBp4w8tWaHMxm0xbiProdN
MEkZBZhxFgbX6RBVKG3yvlPTOrWGuX6T8PsKjD7EvlzjmVtjQupLETjYgwZjnslb
NGsXQEGuxC3F8UkpoFgHq44OgGJ3/6c28uPbJhH7vT3Q
-----END CERTIFICATE-----