Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/iqqeYY51DTF9rkXLQFuDyzmvEvg.roa
File:                     iqqeYY51DTF9rkXLQFuDyzmvEvg.roa (raw, json)
Hash identifier:          j1zsk7JGZWdA28UJWEKsdttbruSv3qHTp0B9SarXgrA=
Subject key identifier:   8A:AA:9E:61:8E:75:0D:31:7D:AE:45:CB:40:5B:83:CB:39:AF:12:F8
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018E2211B81EFA4E386B5CDDE9947F3545B1
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/iqqeYY51DTF9rkXLQFuDyzmvEvg.roa
Signing time:             Sat 09 Mar 2024 07:16:10 +0000
ROA not before:           Sat 09 Mar 2024 07:16:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200645
IP address blocks:        5.202.208.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:22:11:b8:1e:fa:4e:38:6b:5c:dd:e9:94:7f:35:45:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Mar  9 07:16:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8aaa9e618e750d317dae45cb405b83cb39af12f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:78:65:06:e3:00:c4:92:e7:eb:a7:23:3b:9e:
                    f9:2e:50:cd:31:e2:fe:4e:a2:a7:e6:13:aa:be:35:
                    73:2b:9d:33:98:79:ce:25:ab:84:3a:9b:17:7d:ac:
                    f3:8a:84:bb:bb:c9:41:76:3c:04:cc:62:2d:ae:c4:
                    4a:65:e3:97:8c:7f:be:f3:82:6d:1e:0a:45:b2:c6:
                    f9:4d:48:46:87:84:66:6f:1f:8d:fc:97:bb:e5:7a:
                    9f:42:e7:de:20:d7:31:51:0d:06:de:f7:28:59:82:
                    fc:c7:ef:9b:3f:74:93:61:84:10:4b:fc:6a:1c:80:
                    eb:de:fd:58:91:46:3a:99:38:77:3e:4e:10:44:93:
                    d5:aa:36:cd:70:d0:f2:1e:22:ba:e7:04:d9:bb:2e:
                    c8:5a:d0:fe:8e:09:86:c9:e9:10:d2:87:a6:0f:25:
                    1f:22:a4:24:8d:5c:d0:95:44:bd:36:36:c5:7a:09:
                    ab:80:03:14:d0:4f:a0:8e:0a:8e:09:49:60:f8:d2:
                    68:fb:9a:dc:d7:54:c8:66:a4:2a:f0:b8:8a:33:27:
                    27:f2:0a:7e:ea:37:49:c1:68:7b:1a:e8:71:36:c9:
                    5b:a8:90:53:f7:e9:0c:ad:7d:5b:a5:38:63:9d:4b:
                    10:ee:78:9f:46:48:e9:9b:ed:13:0e:e2:bc:a1:fb:
                    64:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:AA:9E:61:8E:75:0D:31:7D:AE:45:CB:40:5B:83:CB:39:AF:12:F8
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/iqqeYY51DTF9rkXLQFuDyzmvEvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         88:02:f8:08:e2:c9:fb:60:0c:c2:1c:5e:cb:5e:e5:52:a9:6e:
         4f:d4:f7:0b:9c:5b:f3:80:ce:af:7d:5d:08:1e:d0:7b:6d:dd:
         80:87:f8:67:c4:33:52:30:ef:a5:a5:92:54:aa:bc:74:cf:61:
         47:27:f6:23:d6:77:0d:b8:36:bc:b6:83:7e:cc:95:b8:32:97:
         cb:be:d5:1f:9c:41:e9:71:e7:a3:59:8f:39:f7:81:24:88:e4:
         b8:39:bd:f9:f3:5c:ac:f3:d0:09:17:d8:a8:cc:41:5e:9c:73:
         a1:5f:18:e4:af:bc:37:18:be:3e:79:61:73:37:0e:28:f3:65:
         0b:e3:af:c9:1f:e4:29:fa:84:53:b6:c3:ed:49:45:89:ee:2a:
         33:85:24:f0:b6:b9:92:4d:e5:f0:a3:5a:e3:e6:3f:76:88:e0:
         64:7a:76:4d:30:a8:fe:bb:69:0a:79:69:a0:b2:cc:34:08:ab:
         35:88:62:b4:a8:fc:55:b6:88:eb:b0:77:b7:c3:b8:4c:a8:0e:
         cc:18:0d:c8:a3:e2:74:8a:2c:b5:99:9b:76:98:0c:a1:ef:f9:
         d5:f6:6c:a2:05:be:ae:1d:85:c8:ce:3b:ec:8a:c3:9a:f9:0a:
         e1:1d:b5:d1:4b:49:5d:61:fa:51:94:e2:0c:66:e2:d6:c5:5e:
         b0:90:ff:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4iEbge+k44a1zd6ZR/NUWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMzA5MDcxNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWFhOWU2MThlNzUwZDMxN2RhZTQ1Y2I0MDViODNjYjM5YWYxMmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXhlBuMAxJLn66cjO575LlDNMeL+
TqKn5hOqvjVzK50zmHnOJauEOpsXfazzioS7u8lBdjwEzGItrsRKZeOXjH++84Jt
HgpFssb5TUhGh4Rmbx+N/Je75XqfQufeINcxUQ0G3vcoWYL8x++bP3STYYQQS/xq
HIDr3v1YkUY6mTh3Pk4QRJPVqjbNcNDyHiK65wTZuy7IWtD+jgmGyekQ0oemDyUf
IqQkjVzQlUS9NjbFegmrgAMU0E+gjgqOCUlg+NJo+5rc11TIZqQq8LiKMycn8gp+
6jdJwWh7GuhxNslbqJBT9+kMrX1bpThjnUsQ7nifRkjpm+0TDuK8oftkywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqqnmGOdQ0xfa5Fy0Bbg8s5rxL4MB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvaXFxZVlZNTFEVEY5cmtYTFFGdUR5em12RXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEBcrQMA0G
CSqGSIb3DQEBCwUAA4IBAQCIAvgI4sn7YAzCHF7LXuVSqW5P1PcLnFvzgM6vfV0I
HtB7bd2Ah/hnxDNSMO+lpZJUqrx0z2FHJ/Yj1ncNuDa8toN+zJW4MpfLvtUfnEHp
ceejWY8594EkiOS4Ob3581ys89AJF9iozEFenHOhXxjkr7w3GL4+eWFzNw4o82UL
46/JH+Qp+oRTtsPtSUWJ7iozhSTwtrmSTeXwo1rj5j92iOBkenZNMKj+u2kKeWmg
ssw0CKs1iGK0qPxVtojrsHe3w7hMqA7MGA3Io+J0iiy1mZt2mAyh7/nV9myiBb6u
HYXIzjvsisOa+QrhHbXRS0ldYfpRlOIMZuLWxV6wkP8C
-----END CERTIFICATE-----