Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/E3lsB3NDShxkcCWwxzN8fn8FekM.roa
File:                     E3lsB3NDShxkcCWwxzN8fn8FekM.roa (raw, json)
Hash identifier:          5JUOu40VO2rB5yC5bsRBgSGWbn8a6ounu1BfoiAMAlI=
Subject key identifier:   13:79:6C:07:73:43:4A:1C:64:70:25:B0:C7:33:7C:7E:7F:05:7A:43
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029B35BB400E4C9C301F95DFBE1249
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/E3lsB3NDShxkcCWwxzN8fn8FekM.roa
Signing time:             Tue 02 Jan 2024 02:31:03 +0000
ROA not before:           Tue 02 Jan 2024 02:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216396
IP address blocks:        194.5.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9b:35:bb:40:0e:4c:9c:30:1f:95:df:be:12:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13796c0773434a1c647025b0c7337c7e7f057a43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:cb:dc:c0:fe:c0:f4:48:43:8b:d1:3c:9d:c7:
                    67:61:4f:58:c2:fa:d8:07:10:7f:9c:8b:5d:cc:b3:
                    13:92:4d:1e:4a:e9:5d:bc:59:99:4f:98:2e:2a:0f:
                    a4:5e:97:62:1c:f9:e6:c5:88:1b:63:51:df:ce:d7:
                    4e:02:2c:b1:93:5e:2c:28:fc:40:7d:63:ad:23:ba:
                    c7:51:bf:45:e4:e4:84:b9:70:8c:cc:a5:fd:4d:2b:
                    f8:bb:05:00:9f:7a:26:64:9b:0c:f5:8d:e4:19:91:
                    c7:26:2f:12:74:6b:5f:a5:c9:9f:91:5a:83:c2:cb:
                    37:38:40:00:4f:12:02:68:b4:74:7d:0f:27:30:37:
                    03:30:28:65:a6:c6:ed:53:60:2f:b5:14:49:ad:d4:
                    67:12:ad:7c:bb:9c:e1:6f:20:80:82:37:4c:68:fd:
                    1b:f5:48:3f:72:79:cd:ae:03:76:e3:52:9d:60:e2:
                    9b:86:eb:7d:7a:4f:95:e6:e5:e5:5c:7c:29:a6:9d:
                    76:2f:1b:c8:18:b8:a8:d1:a4:22:8f:44:93:65:02:
                    85:5e:35:fa:d4:b4:1d:39:ae:fe:3b:ed:0b:80:34:
                    bf:29:3b:0d:4f:36:98:eb:b6:41:aa:cd:7f:cd:c0:
                    16:28:e5:ae:3f:71:f6:50:7a:62:0e:0b:01:6c:5f:
                    c0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:79:6C:07:73:43:4A:1C:64:70:25:B0:C7:33:7C:7E:7F:05:7A:43
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/E3lsB3NDShxkcCWwxzN8fn8FekM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:89:61:24:bb:10:5a:3d:b2:f5:50:db:c5:e6:c1:7f:93:3f:
         62:2a:d9:5c:4a:76:de:ce:ca:cc:06:5b:9d:58:e7:41:bb:36:
         4f:81:6a:69:b3:62:bc:65:51:a0:9f:f3:4e:33:e9:2a:41:1b:
         af:e5:6c:b3:f0:23:d3:19:37:a4:77:60:4b:4e:e8:d7:10:59:
         90:a0:23:6f:ce:2c:d9:da:01:90:16:c5:2d:f0:8d:b1:9a:c4:
         a9:60:02:d5:6d:1d:fe:e5:0f:99:4b:88:8b:e9:a2:c9:34:21:
         9d:0f:24:ac:49:9f:9c:13:e0:66:2a:89:63:4e:32:45:50:08:
         5d:19:78:9f:01:10:a1:04:69:52:da:cc:1e:b0:72:c7:4e:b1:
         ac:0a:6f:f3:41:67:89:ff:bd:1a:3d:a5:d1:0b:53:d3:76:f9:
         08:21:62:6a:ba:eb:df:e5:1e:d2:ed:27:36:38:26:67:6e:e2:
         8e:74:34:5b:cf:be:52:aa:2c:7a:92:f5:2e:bc:43:83:9a:ed:
         f6:7a:e5:85:f9:42:25:de:1c:a6:34:7e:41:5d:74:ef:85:35:
         eb:18:70:d0:3f:c7:bb:a9:a7:dc:6a:3f:29:d9:84:36:cd:6a:
         00:86:ff:56:00:10:3b:c2:66:32:af:e2:36:67:58:f2:e3:c5:
         4e:f6:6f:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAps1u0AOTJwwH5XfvhJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzc5NmMwNzczNDM0YTFjNjQ3MDI1YjBjNzMzN2M3ZTdmMDU3YTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8vcwP7A9EhDi9E8ncdnYU9YwvrY
BxB/nItdzLMTkk0eSuldvFmZT5guKg+kXpdiHPnmxYgbY1HfztdOAiyxk14sKPxA
fWOtI7rHUb9F5OSEuXCMzKX9TSv4uwUAn3omZJsM9Y3kGZHHJi8SdGtfpcmfkVqD
wss3OEAATxICaLR0fQ8nMDcDMChlpsbtU2AvtRRJrdRnEq18u5zhbyCAgjdMaP0b
9Ug/cnnNrgN241KdYOKbhut9ek+V5uXlXHwppp12LxvIGLio0aQij0STZQKFXjX6
1LQdOa7+O+0LgDS/KTsNTzaY67ZBqs1/zcAWKOWuP3H2UHpiDgsBbF/AKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBN5bAdzQ0ocZHAlsMczfH5/BXpDMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRTNsc0IzTkRTaHhrY0NXd3h6TjhmbjhGZWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVBMA0G
CSqGSIb3DQEBCwUAA4IBAQBPiWEkuxBaPbL1UNvF5sF/kz9iKtlcSnbezsrMBlud
WOdBuzZPgWpps2K8ZVGgn/NOM+kqQRuv5Wyz8CPTGTekd2BLTujXEFmQoCNvzizZ
2gGQFsUt8I2xmsSpYALVbR3+5Q+ZS4iL6aLJNCGdDySsSZ+cE+BmKoljTjJFUAhd
GXifARChBGlS2swesHLHTrGsCm/zQWeJ/70aPaXRC1PTdvkIIWJquuvf5R7S7Sc2
OCZnbuKOdDRbz75Sqix6kvUuvEODmu32euWF+UIl3hymNH5BXXTvhTXrGHDQP8e7
qafcaj8p2YQ2zWoAhv9WABA7wmYyr+I2Z1jy48VO9m/Z
-----END CERTIFICATE-----