Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5QmoXo8T_Enop3a0zmbtbPx8xZU.roa
File:                     5QmoXo8T_Enop3a0zmbtbPx8xZU.roa (raw, json)
Hash identifier:          4s8HEbitwruGyEceFSUS1K5zOKdlo1tNTZ4Dqn6PS/U=
Subject key identifier:   E5:09:A8:5E:8F:13:FC:49:E8:A7:76:B4:CE:66:ED:6C:FC:7C:C5:95
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B57EB46D001F222EA55785BF888AC
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5QmoXo8T_Enop3a0zmbtbPx8xZU.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55081
IP address blocks:        185.114.226.0/24 maxlen: 32
                          87.239.51.0/24 maxlen: 32
                          185.166.236.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:57:eb:46:d0:01:f2:22:ea:55:78:5b:f8:88:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e509a85e8f13fc49e8a776b4ce66ed6cfc7cc595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:15:86:7a:f6:ac:b4:44:a3:aa:3d:ea:a9:6a:
                    f7:83:8c:a6:a5:d3:e6:28:59:c0:6e:79:b8:b4:de:
                    0c:e0:63:17:c6:71:f3:84:6e:d7:94:22:80:00:3d:
                    21:f6:6d:5c:4a:3b:34:d0:09:2b:74:fa:a9:0b:cc:
                    1d:a6:c7:be:52:2f:ed:7f:2d:65:4e:8c:57:c2:f5:
                    1a:37:30:66:ba:e9:30:6f:45:32:d4:97:10:04:0c:
                    f0:1c:18:8c:0f:cb:fb:d6:07:b8:2d:f2:a5:e2:c0:
                    53:0b:e9:17:11:1c:ee:6d:b5:f8:af:e9:48:8d:6f:
                    11:82:78:3f:3d:1b:3f:d6:d1:60:0f:a5:b5:97:d0:
                    84:68:66:be:4e:c3:3d:55:4b:1f:db:0a:af:af:22:
                    20:a9:88:38:24:42:5b:af:5b:f1:4f:21:ea:c8:91:
                    16:ca:a9:f3:d1:7d:bf:cd:d8:4b:58:5a:5d:ee:76:
                    33:78:89:00:d5:3a:a1:b0:7a:4c:95:f9:e5:1a:f5:
                    41:46:c9:e7:9a:b2:5e:5f:fb:de:1c:df:4e:7c:c6:
                    22:ce:0d:0b:e9:91:35:e2:74:e9:84:b8:0f:03:e8:
                    44:be:fd:32:6e:1b:93:e1:63:ef:47:3a:cc:e6:90:
                    ba:84:c7:7c:cc:19:ec:7a:4f:7e:d4:c9:7b:fa:d2:
                    0c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:09:A8:5E:8F:13:FC:49:E8:A7:76:B4:CE:66:ED:6C:FC:7C:C5:95
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5QmoXo8T_Enop3a0zmbtbPx8xZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.51.0/24
                  185.114.226.0/24
                  185.166.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d5:3f:54:01:d8:7c:4b:6a:23:ca:37:fa:9b:6e:55:d0:97:
         8c:12:93:d9:11:98:6e:78:ff:10:6b:fc:96:00:2f:82:09:41:
         0f:fc:1f:74:31:34:21:71:cb:f7:d6:76:7a:3f:3a:96:0d:7d:
         d4:0e:13:b6:b8:ec:9e:c3:0e:1e:a4:98:88:5c:d0:36:7b:8d:
         7c:e5:d8:6a:32:50:b8:5f:1e:e8:10:76:5b:9d:19:bc:e7:c8:
         4e:55:a6:91:61:f6:6c:aa:0a:15:3d:bc:b0:30:e7:fd:5b:fa:
         59:d6:f9:e0:f3:be:9e:4f:9c:44:d6:1e:09:ab:94:72:ee:33:
         ed:01:42:08:97:a1:41:c4:65:58:3e:2d:e7:3d:83:e9:36:b1:
         f2:bc:4c:b7:88:16:c7:cc:97:65:b3:c8:64:95:2e:03:fa:ea:
         17:a4:e6:ba:75:5c:4f:1e:38:c3:6e:bd:21:a6:eb:d2:74:48:
         e6:44:ce:96:51:be:91:1d:4c:a3:ee:6b:a3:0d:ed:8e:21:ae:
         a9:f1:fd:02:57:c4:e6:70:ed:9a:b1:2a:6a:d1:68:f9:07:b2:
         2f:12:2c:1d:2c:0c:66:49:5a:c4:90:bc:79:53:96:d0:6a:d5:
         e3:ac:84:49:29:ca:ef:ee:b0:a8:88:67:93:84:1e:97:34:c4:
         48:27:5e:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKK1frRtAB8iLqVXhb+IisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA5YTg1ZThmMTNmYzQ5ZThhNzc2YjRjZTY2ZWQ2Y2ZjN2NjNTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBWGevastESjqj3qqWr3g4ympdPm
KFnAbnm4tN4M4GMXxnHzhG7XlCKAAD0h9m1cSjs00AkrdPqpC8wdpse+Ui/tfy1l
ToxXwvUaNzBmuukwb0Uy1JcQBAzwHBiMD8v71ge4LfKl4sBTC+kXERzubbX4r+lI
jW8Rgng/PRs/1tFgD6W1l9CEaGa+TsM9VUsf2wqvryIgqYg4JEJbr1vxTyHqyJEW
yqnz0X2/zdhLWFpd7nYzeIkA1TqhsHpMlfnlGvVBRsnnmrJeX/veHN9OfMYizg0L
6ZE14nTphLgPA+hEvv0ybhuT4WPvRzrM5pC6hMd8zBnsek9+1Ml7+tIMIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOUJqF6PE/xJ6Kd2tM5m7Wz8fMWVMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvNVFtb1hvOFRfRW5vcDNhMHptYnRiUHg4eFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV+8zAwQA
uXLiAwQAuabsMA0GCSqGSIb3DQEBCwUAA4IBAQBI1T9UAdh8S2ojyjf6m25V0JeM
EpPZEZhueP8Qa/yWAC+CCUEP/B90MTQhccv31nZ6PzqWDX3UDhO2uOyeww4epJiI
XNA2e4185dhqMlC4Xx7oEHZbnRm858hOVaaRYfZsqgoVPbywMOf9W/pZ1vng876e
T5xE1h4Jq5Ry7jPtAUIIl6FBxGVYPi3nPYPpNrHyvEy3iBbHzJdls8hklS4D+uoX
pOa6dVxPHjjDbr0hpuvSdEjmRM6WUb6RHUyj7mujDe2OIa6p8f0CV8TmcO2asSpq
0Wj5B7IvEiwdLAxmSVrEkLx5U5bQatXjrIRJKcrv7rCoiGeThB6XNMRIJ17/
-----END CERTIFICATE-----