Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/DblzvmOUn-W5AhEyDbmY3osEAPo.roa
File:                     DblzvmOUn-W5AhEyDbmY3osEAPo.roa (raw, json)
Hash identifier:          9TU3Heu/Z4sQ70pWRuevZRaedKCs/K22cRYi/I4wTNs=
Subject key identifier:   0D:B9:73:BE:63:94:9F:E5:B9:02:11:32:0D:B9:98:DE:8B:04:00:FA
Certificate issuer:       /CN=12694f6945a21d08d30192cfc1a6b780de728e3b
Certificate serial:       018CC8707FD192152D6363A6803E21EFCF07
Authority key identifier: 12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/DblzvmOUn-W5AhEyDbmY3osEAPo.roa
Signing time:             Tue 02 Jan 2024 04:31:05 +0000
ROA not before:           Tue 02 Jan 2024 04:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35775
IP address blocks:        5.83.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 21:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:7f:d1:92:15:2d:63:63:a6:80:3e:21:ef:cf:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12694f6945a21d08d30192cfc1a6b780de728e3b
        Validity
            Not Before: Jan  2 04:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0db973be63949fe5b90211320db998de8b0400fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1a:14:a8:78:cd:b2:45:8b:72:b3:a2:7f:ff:
                    be:67:4c:60:7d:4c:91:0a:91:df:77:f8:40:a0:f8:
                    92:d9:61:aa:05:46:38:f0:3a:9b:5f:95:2b:92:fe:
                    74:45:e8:ab:ba:d2:5d:49:0e:67:d3:3d:b2:a4:4c:
                    23:46:47:dd:6b:b3:1a:02:d9:9e:e9:3f:4e:9f:6a:
                    30:35:8d:3f:f8:9f:03:e0:b6:ed:09:33:18:6b:bc:
                    31:9e:c7:c9:f0:16:fc:69:76:69:b4:16:dd:5e:9c:
                    d3:45:51:10:1d:e1:f8:00:c5:b7:81:4f:e5:67:a4:
                    f9:8f:08:52:ef:c8:cf:1a:02:2d:cb:fd:0a:57:89:
                    16:f7:c6:69:fb:34:c6:06:c0:fa:52:af:f1:73:b2:
                    5b:c6:e0:25:ae:1b:13:d6:3b:49:25:02:f2:c5:90:
                    39:3a:46:2e:73:e1:10:35:92:01:ef:19:13:1b:69:
                    ad:1a:22:29:a9:34:ef:27:8e:bf:bb:d7:01:a8:89:
                    4f:bf:15:80:4a:10:84:fc:a1:79:46:f3:e7:d2:3f:
                    3e:73:5e:36:d9:64:2f:95:95:31:a4:98:b7:36:af:
                    8e:5d:b1:9f:b3:11:a7:75:d5:97:f4:8a:ea:eb:a0:
                    35:be:32:8b:47:8e:cd:48:89:2b:1a:4c:e8:4d:a6:
                    12:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B9:73:BE:63:94:9F:E5:B9:02:11:32:0D:B9:98:DE:8B:04:00:FA
            X509v3 Authority Key Identifier:
                keyid:12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/DblzvmOUn-W5AhEyDbmY3osEAPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:22:17:77:ae:78:07:dd:63:9e:a9:5b:cb:1a:1d:05:dc:27:
         42:b0:6c:3c:a4:01:ef:9d:77:6e:fd:55:5e:c3:1e:98:52:80:
         1f:64:df:15:e9:77:15:53:83:4e:b0:2f:00:4c:2a:0e:31:9d:
         7f:bc:a1:69:e0:b1:03:5b:68:eb:87:96:7e:90:85:92:9c:41:
         21:11:9e:c6:25:ff:5b:b4:fc:cd:0f:92:07:2a:a0:f8:10:d8:
         ae:f5:35:47:42:0f:c0:09:73:d7:85:11:1c:a7:08:11:c1:36:
         41:21:16:22:91:dc:10:51:29:bb:5f:9f:b5:ab:ab:08:e8:db:
         e9:0e:7a:98:c6:c6:3b:e8:c4:3a:d6:79:c0:43:bf:35:d9:3e:
         19:a1:db:e9:04:e3:38:a3:74:ec:c2:8f:62:5f:f2:46:7f:ea:
         44:87:1c:c5:86:98:2c:56:1e:df:8c:32:4b:dc:5a:1b:63:72:
         35:c5:4a:5e:c4:91:e9:e5:b9:61:f0:63:84:4a:3b:05:57:92:
         16:25:a4:c2:63:22:64:37:b9:6a:86:03:4e:a5:d1:c0:65:ec:
         ee:35:56:e5:3d:ae:24:f6:cd:4a:74:6a:54:39:1d:5b:81:b5:
         85:e0:e5:c8:c2:4d:67:2d:80:75:89:78:38:87:7d:c7:63:33:
         6a:40:23:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcH/RkhUtY2OmgD4h788HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNjk0ZjY5NDVhMjFkMDhkMzAxOTJjZmMxYTZiNzgwZGU3
MjhlM2IwHhcNMjQwMTAyMDQzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI5NzNiZTYzOTQ5ZmU1YjkwMjExMzIwZGI5OThkZThiMDQwMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hoUqHjNskWLcrOif/++Z0xgfUyR
CpHfd/hAoPiS2WGqBUY48DqbX5Urkv50ReirutJdSQ5n0z2ypEwjRkfda7MaAtme
6T9On2owNY0/+J8D4LbtCTMYa7wxnsfJ8Bb8aXZptBbdXpzTRVEQHeH4AMW3gU/l
Z6T5jwhS78jPGgIty/0KV4kW98Zp+zTGBsD6Uq/xc7JbxuAlrhsT1jtJJQLyxZA5
OkYuc+EQNZIB7xkTG2mtGiIpqTTvJ46/u9cBqIlPvxWAShCE/KF5RvPn0j8+c142
2WQvlZUxpJi3Nq+OXbGfsxGnddWX9Irq66A1vjKLR47NSIkrGkzoTaYSUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA25c75jlJ/luQIRMg25mN6LBAD6MB8GA1UdIwQY
MBaAFBJpT2lFoh0I0wGSz8Gmt4Deco47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDkt
NjU5OGI0Y2ViMDY5LzEvRGJsenZtT1VuLVc1QWhFeURibVkzb3NFQVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDktNjU5OGI0Y2ViMDY5
LzEvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABVMuMA0G
CSqGSIb3DQEBCwUAA4IBAQARIhd3rngH3WOeqVvLGh0F3CdCsGw8pAHvnXdu/VVe
wx6YUoAfZN8V6XcVU4NOsC8ATCoOMZ1/vKFp4LEDW2jrh5Z+kIWSnEEhEZ7GJf9b
tPzND5IHKqD4ENiu9TVHQg/ACXPXhREcpwgRwTZBIRYikdwQUSm7X5+1q6sI6Nvp
DnqYxsY76MQ61nnAQ7812T4ZodvpBOM4o3Tswo9iX/JGf+pEhxzFhpgsVh7fjDJL
3FobY3I1xUpexJHp5blh8GOESjsFV5IWJaTCYyJkN7lqhgNOpdHAZezuNVblPa4k
9s1KdGpUOR1bgbWF4OXIwk1nLYB1iXg4h33HYzNqQCOq
-----END CERTIFICATE-----