Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/xMGhjw2ojT0JT_rheb-ZlnOKcBI.roa
File:                     xMGhjw2ojT0JT_rheb-ZlnOKcBI.roa (raw, json)
Hash identifier:          jp2kHg+EUaatxFBHhYfVSn5VEEThtiRjU2CdVrsxsVM=
Subject key identifier:   C4:C1:A1:8F:0D:A8:8D:3D:09:4F:FA:E1:79:BF:99:96:73:8A:70:12
Certificate issuer:       /CN=12694f6945a21d08d30192cfc1a6b780de728e3b
Certificate serial:       018CC87080B28C3D50DDFE06E2FC2FF896FF
Authority key identifier: 12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/xMGhjw2ojT0JT_rheb-ZlnOKcBI.roa
Signing time:             Tue 02 Jan 2024 04:31:05 +0000
ROA not before:           Tue 02 Jan 2024 04:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56553
IP address blocks:        5.83.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:80:b2:8c:3d:50:dd:fe:06:e2:fc:2f:f8:96:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12694f6945a21d08d30192cfc1a6b780de728e3b
        Validity
            Not Before: Jan  2 04:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4c1a18f0da88d3d094ffae179bf9996738a7012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:14:e8:0f:66:46:2a:90:00:34:58:38:f8:34:
                    fc:fd:9c:9c:7d:0e:d7:09:63:db:9d:e0:8a:29:b2:
                    85:55:85:a6:38:8e:2d:61:0c:f5:a2:7b:01:ad:8d:
                    42:0e:30:77:a5:00:ff:4b:c8:2a:a9:e5:50:ce:39:
                    6f:fe:80:92:48:ae:99:c8:de:e8:f7:93:2a:5d:ed:
                    90:c4:30:f7:9c:d7:20:db:64:bb:19:bc:30:e0:47:
                    7c:c8:84:b3:cc:da:af:e5:61:2a:3d:26:0c:d1:5f:
                    35:29:42:08:f4:e9:8e:ac:90:e3:2b:fe:59:bd:cf:
                    ce:6f:2f:b3:a3:76:1b:5c:89:02:20:30:0d:d4:7f:
                    99:e4:9e:97:77:e3:2f:8d:35:d2:7e:b6:ec:88:48:
                    78:ba:51:39:d3:4b:4d:cb:52:72:6a:b4:0b:58:ee:
                    f9:fe:1d:c8:25:32:15:be:89:21:67:10:85:ed:24:
                    3e:5d:6e:8d:ea:9e:e4:89:49:aa:84:a4:9c:97:26:
                    3f:15:50:cd:28:c6:64:cb:90:e2:0c:f0:1d:0b:cf:
                    e8:af:52:26:48:db:b7:fd:cf:fa:0c:64:a9:2a:aa:
                    54:59:9a:38:42:a8:f9:f5:1f:b4:1f:db:46:3c:86:
                    0f:8d:c3:9a:28:a1:86:13:d1:28:fa:48:7e:56:e5:
                    c0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:C1:A1:8F:0D:A8:8D:3D:09:4F:FA:E1:79:BF:99:96:73:8A:70:12
            X509v3 Authority Key Identifier:
                keyid:12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/xMGhjw2ojT0JT_rheb-ZlnOKcBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c8:23:12:8b:b6:82:bd:b2:9e:58:7c:96:e6:37:a6:7c:72:
         72:87:4f:8b:57:83:fd:eb:21:12:e6:d4:29:32:b4:2a:7a:4e:
         15:f2:eb:60:1d:12:42:e3:8e:08:06:e4:5e:24:c8:50:cb:90:
         11:f7:1f:10:30:ab:d4:04:5b:98:f1:b0:c9:1c:34:79:07:48:
         98:13:f1:97:57:76:65:8d:1e:df:7d:5d:2c:ba:14:ab:27:41:
         5c:1e:20:b5:37:a2:5e:ac:a6:60:78:b8:ef:f6:ac:99:45:03:
         68:d1:3b:85:f6:32:5e:a6:3a:62:97:dc:b3:06:24:4a:0e:98:
         93:c1:0c:c8:85:e7:fe:bf:a3:61:da:fb:b8:97:2f:6a:2f:e6:
         7f:e6:9e:57:62:1e:d6:07:21:eb:2f:56:ba:15:94:b7:1d:65:
         fd:56:28:28:e3:47:fd:2c:bb:f5:ff:d9:d0:c1:87:14:1c:db:
         88:b7:ef:1d:a8:1d:bf:6d:d3:b9:27:ec:af:f9:e5:de:d2:d2:
         df:0c:d4:81:33:48:95:61:ce:41:2b:4b:41:27:70:c0:74:e6:
         d4:e4:88:3a:56:18:fc:10:50:1c:0d:7f:7b:e6:bd:26:3b:a2:
         63:ea:54:af:df:43:51:e1:d0:ea:4b:47:0f:7e:7a:a5:d1:c9:
         bc:25:dc:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcICyjD1Q3f4G4vwv+Jb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNjk0ZjY5NDVhMjFkMDhkMzAxOTJjZmMxYTZiNzgwZGU3
MjhlM2IwHhcNMjQwMTAyMDQzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGMxYTE4ZjBkYTg4ZDNkMDk0ZmZhZTE3OWJmOTk5NjczOGE3MDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRToD2ZGKpAANFg4+DT8/ZycfQ7X
CWPbneCKKbKFVYWmOI4tYQz1onsBrY1CDjB3pQD/S8gqqeVQzjlv/oCSSK6ZyN7o
95MqXe2QxDD3nNcg22S7Gbww4Ed8yISzzNqv5WEqPSYM0V81KUII9OmOrJDjK/5Z
vc/Oby+zo3YbXIkCIDAN1H+Z5J6Xd+MvjTXSfrbsiEh4ulE500tNy1JyarQLWO75
/h3IJTIVvokhZxCF7SQ+XW6N6p7kiUmqhKSclyY/FVDNKMZky5DiDPAdC8/or1Im
SNu3/c/6DGSpKqpUWZo4Qqj59R+0H9tGPIYPjcOaKKGGE9Eo+kh+VuXAeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTBoY8NqI09CU/64Xm/mZZzinASMB8GA1UdIwQY
MBaAFBJpT2lFoh0I0wGSz8Gmt4Deco47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDkt
NjU5OGI0Y2ViMDY5LzEveE1HaGp3Mm9qVDBKVF9yaGViLVpsbk9LY0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDktNjU5OGI0Y2ViMDY5
LzEvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABVMmMA0G
CSqGSIb3DQEBCwUAA4IBAQBHyCMSi7aCvbKeWHyW5jemfHJyh0+LV4P96yES5tQp
MrQqek4V8utgHRJC444IBuReJMhQy5AR9x8QMKvUBFuY8bDJHDR5B0iYE/GXV3Zl
jR7ffV0suhSrJ0FcHiC1N6JerKZgeLjv9qyZRQNo0TuF9jJepjpil9yzBiRKDpiT
wQzIhef+v6Nh2vu4ly9qL+Z/5p5XYh7WByHrL1a6FZS3HWX9Vigo40f9LLv1/9nQ
wYcUHNuIt+8dqB2/bdO5J+yv+eXe0tLfDNSBM0iVYc5BK0tBJ3DAdObU5Ig6Vhj8
EFAcDX975r0mO6Jj6lSv30NR4dDqS0cPfnql0cm8Jdxt
-----END CERTIFICATE-----