Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/lECC9QX6a3yapASD46vor2s4log.roa
File:                     lECC9QX6a3yapASD46vor2s4log.roa (raw, json)
Hash identifier:          945ewHr4anlix1uaGCDsB4S4mJAWHcPKdj/9MlQj5Pc=
Subject key identifier:   94:40:82:F5:05:FA:6B:7C:9A:A4:04:83:E3:AB:E8:AF:6B:38:96:88
Certificate issuer:       /CN=43594e55dc96cb9b980a52aa637e48a8d87389c0
Certificate serial:       018CC4253551A45AD0FCAB93F3BBB28201B1
Authority key identifier: 43:59:4E:55:DC:96:CB:9B:98:0A:52:AA:63:7E:48:A8:D8:73:89:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/lECC9QX6a3yapASD46vor2s4log.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35193
IP address blocks:        5.145.120.0/21 maxlen: 21
                          85.239.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:35:51:a4:5a:d0:fc:ab:93:f3:bb:b2:82:01:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43594e55dc96cb9b980a52aa637e48a8d87389c0
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=944082f505fa6b7c9aa40483e3abe8af6b389688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ed:be:24:3b:d0:aa:2c:e9:80:a9:18:fe:fb:
                    c0:9e:6e:40:79:93:72:cd:c3:29:1e:ed:8f:32:4b:
                    80:0f:c3:82:0a:6a:d8:24:ae:31:77:78:19:0f:b1:
                    01:de:da:35:ef:ff:cb:fe:45:87:35:46:63:5f:cb:
                    05:a6:ac:5e:8d:6f:43:4b:0f:8c:70:ed:e0:3d:d4:
                    4c:4a:54:29:4f:44:5d:21:e9:99:3c:53:2f:55:34:
                    63:24:8f:77:95:c9:08:3b:ce:73:56:88:71:70:cf:
                    79:2c:ad:0e:56:78:cd:cb:b4:d4:47:f4:77:11:b0:
                    41:c3:6a:7f:8c:d6:a8:bd:ad:00:73:4c:87:f0:b6:
                    e4:a3:78:cb:d3:4d:5b:a0:38:83:aa:f5:ce:f7:f3:
                    38:bf:61:bf:20:7e:f2:32:f0:6d:77:c9:d7:b4:ac:
                    e9:31:d9:a7:a9:9c:8e:30:1a:15:4f:d9:26:71:55:
                    cc:c6:22:99:22:c6:c0:72:93:1c:62:d7:61:7d:de:
                    1b:b8:d1:cb:6b:04:a4:d4:88:e4:bf:3a:4d:9d:9e:
                    fa:a1:8f:bc:7a:77:ea:08:09:81:6a:48:94:4c:e4:
                    eb:a5:00:1d:d0:c2:f4:2f:f2:f1:98:98:4b:8c:0c:
                    0c:65:32:23:1c:60:51:81:cf:bd:f9:10:6b:8c:84:
                    b2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:40:82:F5:05:FA:6B:7C:9A:A4:04:83:E3:AB:E8:AF:6B:38:96:88
            X509v3 Authority Key Identifier:
                keyid:43:59:4E:55:DC:96:CB:9B:98:0A:52:AA:63:7E:48:A8:D8:73:89:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/lECC9QX6a3yapASD46vor2s4log.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.120.0/21
                  85.239.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0d:36:a7:6e:fc:af:9a:52:52:36:7f:1f:2c:8e:62:d2:c2:7c:
         bd:34:51:18:93:20:96:bc:08:52:01:54:d7:5d:df:8a:87:55:
         7b:26:15:5f:2e:5d:d8:f9:9b:a0:2f:a1:fb:23:1d:6e:d1:9e:
         3b:2c:94:44:d8:e0:dc:d1:0d:68:02:82:34:30:29:60:7a:f4:
         eb:1b:6f:14:71:9a:57:87:01:12:67:c5:00:8e:95:c5:6d:36:
         6d:2d:64:d2:5e:14:8a:22:6a:e4:2e:a5:6b:55:25:b2:e8:57:
         e5:40:2d:be:74:49:23:36:eb:c5:88:7b:bb:f5:1e:06:a6:e2:
         a8:85:51:ba:df:e8:ac:23:9b:5e:11:97:50:04:47:77:9d:ce:
         64:56:4b:ec:0c:9f:1e:46:ee:fe:e5:a8:7c:7b:ce:2c:f2:61:
         d8:26:aa:7a:13:15:e9:51:dd:af:ec:8c:87:fc:aa:59:a1:86:
         e0:43:69:24:17:bf:54:19:4f:27:47:6e:66:ab:d7:54:2c:ef:
         91:2a:5a:44:e7:0a:8e:15:a7:41:f5:9c:23:6b:96:5c:bc:ef:
         a2:9e:af:66:e7:a4:6a:60:2a:25:f9:29:be:06:e8:59:60:fa:
         4c:f3:c2:f8:08:31:73:8b:52:cb:82:82:21:64:b2:a1:62:76:
         97:b7:db:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJTVRpFrQ/KuT87uyggGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTk0ZTU1ZGM5NmNiOWI5ODBhNTJhYTYzN2U0OGE4ZDg3
Mzg5YzAwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDQwODJmNTA1ZmE2YjdjOWFhNDA0ODNlM2FiZThhZjZiMzg5Njg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO2+JDvQqizpgKkY/vvAnm5AeZNy
zcMpHu2PMkuAD8OCCmrYJK4xd3gZD7EB3to17//L/kWHNUZjX8sFpqxejW9DSw+M
cO3gPdRMSlQpT0RdIemZPFMvVTRjJI93lckIO85zVohxcM95LK0OVnjNy7TUR/R3
EbBBw2p/jNaova0Ac0yH8Lbko3jL001boDiDqvXO9/M4v2G/IH7yMvBtd8nXtKzp
MdmnqZyOMBoVT9kmcVXMxiKZIsbAcpMcYtdhfd4buNHLawSk1IjkvzpNnZ76oY+8
enfqCAmBakiUTOTrpQAd0ML0L/LxmJhLjAwMZTIjHGBRgc+9+RBrjISyvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJRAgvUF+mt8mqQEg+Or6K9rOJaIMB8GA1UdIwQY
MBaAFENZTlXclsubmApSqmN+SKjYc4nAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFsT1ZkeVd5NXVZQ2xLcVkzNUlxTmh6aWNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84NWUxMjUtODVkNi00M2YwLTk4YmYt
ZDhmYTBlZGEzYWJlLzEvbEVDQzlRWDZhM3lhcEFTRDQ2dm9yMnM0bG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84NWUxMjUtODVkNi00M2YwLTk4YmYtZDhmYTBlZGEzYWJl
LzEvUTFsT1ZkeVd5NXVZQ2xLcVkzNUlxTmh6aWNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBZF4AwQF
Ve+gMA0GCSqGSIb3DQEBCwUAA4IBAQANNqdu/K+aUlI2fx8sjmLSwny9NFEYkyCW
vAhSAVTXXd+Kh1V7JhVfLl3Y+ZugL6H7Ix1u0Z47LJRE2ODc0Q1oAoI0MClgevTr
G28UcZpXhwESZ8UAjpXFbTZtLWTSXhSKImrkLqVrVSWy6FflQC2+dEkjNuvFiHu7
9R4GpuKohVG63+isI5teEZdQBEd3nc5kVkvsDJ8eRu7+5ah8e84s8mHYJqp6ExXp
Ud2v7IyH/KpZoYbgQ2kkF79UGU8nR25mq9dULO+RKlpE5wqOFadB9Zwja5ZcvO+i
nq9m56RqYCol+Sm+BuhZYPpM88L4CDFzi1LLgoIhZLKhYnaXt9sU
-----END CERTIFICATE-----