Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/53pcZe5SwmFPFOnPPEzX4ZWfKjQ.roa
File:                     53pcZe5SwmFPFOnPPEzX4ZWfKjQ.roa (raw, json)
Hash identifier:          w5CQn3gYJj/M/5D5SbDT+xa9qTmxMVGEtUHwxVf614w=
Subject key identifier:   E7:7A:5C:65:EE:52:C2:61:4F:14:E9:CF:3C:4C:D7:E1:95:9F:2A:34
Certificate issuer:       /CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
Certificate serial:       018CC49365685BB4D55E49420FDD5787D073
Authority key identifier: 38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/53pcZe5SwmFPFOnPPEzX4ZWfKjQ.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29353
IP address blocks:        195.167.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:65:68:5b:b4:d5:5e:49:42:0f:dd:57:87:d0:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e77a5c65ee52c2614f14e9cf3c4cd7e1959f2a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:34:32:46:0f:de:5d:1b:dc:06:bb:c9:99:33:
                    10:59:d4:20:b9:d1:21:84:99:92:84:97:25:fc:5c:
                    3c:50:a6:a9:3a:87:c2:d4:ec:ef:0a:e1:09:95:d1:
                    71:20:17:62:13:1b:08:b9:14:47:28:93:2c:8b:0e:
                    7c:db:70:10:f3:94:74:05:f9:6f:4a:29:81:b8:67:
                    db:26:4b:df:ad:a1:3e:1c:7f:d2:54:ba:88:a1:e5:
                    72:5a:fb:b5:4b:bd:96:eb:96:1a:5c:5a:ab:70:df:
                    bf:4b:06:7f:47:23:37:64:7e:b3:d6:30:d4:84:f9:
                    82:bb:ed:cd:37:9f:64:12:4d:c2:f2:db:58:33:16:
                    33:8e:62:eb:16:9d:ea:52:13:ff:cf:e8:9c:6c:7c:
                    c0:29:96:7a:1a:4f:e1:30:ef:73:30:16:c0:92:b9:
                    33:c7:76:dd:d9:b9:eb:11:45:e3:b0:9c:c9:91:36:
                    1c:e2:79:71:85:72:65:7d:31:ab:05:c3:32:88:19:
                    15:09:bc:4c:4e:d9:36:03:e5:db:4f:2c:ba:ec:62:
                    e2:fa:06:9d:ab:0b:27:2b:9e:cd:30:f4:e7:89:9d:
                    93:43:2e:58:fc:43:b6:f1:a5:cc:9c:ac:15:75:23:
                    39:c2:5e:c4:7b:01:36:4e:ea:ba:04:8b:cd:7a:73:
                    4c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:7A:5C:65:EE:52:C2:61:4F:14:E9:CF:3C:4C:D7:E1:95:9F:2A:34
            X509v3 Authority Key Identifier:
                keyid:38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/53pcZe5SwmFPFOnPPEzX4ZWfKjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.167.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:4d:05:9e:e5:35:14:e3:05:36:a3:d6:46:c2:d8:24:c6:65:
         13:de:e1:76:7b:e8:93:97:67:f5:cc:19:37:40:ba:ec:21:2b:
         d0:dd:dc:f0:e7:3f:e9:c2:ed:3c:8f:ef:13:11:0a:a2:82:91:
         68:a1:6d:9e:80:ba:52:18:0e:6d:04:bd:9d:c2:be:ec:1b:59:
         83:05:9b:46:ab:86:08:e5:c4:e8:e0:47:77:3a:d2:e3:1c:f6:
         76:76:bd:3d:4a:99:53:ce:15:17:11:dc:16:10:de:42:58:3a:
         ff:9f:19:55:16:31:b1:96:88:0d:64:fb:39:a5:4f:7d:66:a1:
         38:75:33:5d:f5:3f:1a:3f:e6:07:6b:92:8e:34:40:5f:19:bd:
         5b:33:a6:0a:71:63:f0:3c:0f:15:a3:23:1a:3e:ab:bf:ef:e8:
         cb:f0:98:34:b4:2b:5c:d7:90:bc:55:9d:12:cc:7e:2f:cd:dd:
         d9:25:ad:e0:12:aa:91:6a:e4:fd:40:60:ea:8f:a1:e2:38:1f:
         e1:66:40:e6:54:81:b9:76:9b:fa:26:1a:90:45:6e:2e:3e:e4:
         0f:10:26:93:63:58:e0:4d:5c:5f:d0:9a:7c:f7:08:d4:63:c3:
         ab:79:98:cb:ea:de:fa:e5:ff:00:fe:dc:50:57:b4:2e:0d:c3:
         18:b0:07:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2VoW7TVXklCD91Xh9BzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZjljNTRmMTkxOTNlMDY1NDgxNjNmODk1YzNhNDZiOWY4
YmZiYjUwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzdhNWM2NWVlNTJjMjYxNGYxNGU5Y2YzYzRjZDdlMTk1OWYyYTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DQyRg/eXRvcBrvJmTMQWdQgudEh
hJmShJcl/Fw8UKapOofC1OzvCuEJldFxIBdiExsIuRRHKJMsiw5823AQ85R0Bflv
SimBuGfbJkvfraE+HH/SVLqIoeVyWvu1S72W65YaXFqrcN+/SwZ/RyM3ZH6z1jDU
hPmCu+3NN59kEk3C8ttYMxYzjmLrFp3qUhP/z+icbHzAKZZ6Gk/hMO9zMBbAkrkz
x3bd2bnrEUXjsJzJkTYc4nlxhXJlfTGrBcMyiBkVCbxMTtk2A+XbTyy67GLi+gad
qwsnK57NMPTniZ2TQy5Y/EO28aXMnKwVdSM5wl7EewE2Tuq6BIvNenNMOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOd6XGXuUsJhTxTpzzxM1+GVnyo0MB8GA1UdIwQY
MBaAFDj5xU8ZGT4GVIFj+JXDpGufi/u1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMt
NzI0OTQ5YjQ2MGU5LzEvNTNwY1plNVN3bUZQRk9uUFBFelg0WldmS2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMtNzI0OTQ5YjQ2MGU5
LzEvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6cpMA0G
CSqGSIb3DQEBCwUAA4IBAQBwTQWe5TUU4wU2o9ZGwtgkxmUT3uF2e+iTl2f1zBk3
QLrsISvQ3dzw5z/pwu08j+8TEQqigpFooW2egLpSGA5tBL2dwr7sG1mDBZtGq4YI
5cTo4Ed3OtLjHPZ2dr09SplTzhUXEdwWEN5CWDr/nxlVFjGxlogNZPs5pU99ZqE4
dTNd9T8aP+YHa5KONEBfGb1bM6YKcWPwPA8VoyMaPqu/7+jL8Jg0tCtc15C8VZ0S
zH4vzd3ZJa3gEqqRauT9QGDqj6HiOB/hZkDmVIG5dpv6JhqQRW4uPuQPECaTY1jg
TVxf0Jp89wjUY8OreZjL6t765f8A/txQV7QuDcMYsAd3
-----END CERTIFICATE-----