Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/s5EC7AHkvceoRkWAQt_dFA3VUhQ.roa
File:                     s5EC7AHkvceoRkWAQt_dFA3VUhQ.roa (raw, json)
Hash identifier:          GaNkGcUWgwo54m5AfNqgKpd6K16/xjyHWX1yl/8EtQM=
Subject key identifier:   B3:91:02:EC:01:E4:BD:C7:A8:46:45:80:42:DF:DD:14:0D:D5:52:14
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       018F8151FAFA0D7DA48122C5D6DE77CAF281
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/s5EC7AHkvceoRkWAQt_dFA3VUhQ.roa
Signing time:             Thu 16 May 2024 12:13:04 +0000
ROA not before:           Thu 16 May 2024 12:13:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        45.140.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:51:fa:fa:0d:7d:a4:81:22:c5:d6:de:77:ca:f2:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: May 16 12:13:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b39102ec01e4bdc7a846458042dfdd140dd55214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bb:ab:52:62:41:8d:71:23:77:7a:bc:6a:5e:
                    0d:41:7c:8e:ec:7c:1b:fa:ac:32:13:b6:71:ed:c8:
                    30:41:d9:1c:be:20:48:36:42:8c:3f:fa:31:03:7a:
                    4e:dc:90:74:71:cb:b0:ed:fc:82:c0:8f:de:71:af:
                    ae:73:51:3c:be:f7:2f:c0:ca:9e:cf:c8:91:b8:11:
                    89:77:e4:9a:15:53:88:ab:d7:a6:9d:3c:40:a4:5c:
                    23:d8:ac:43:44:ce:6a:88:6b:7c:23:cb:6b:5e:6e:
                    8c:cf:2a:3a:09:21:50:69:34:42:fd:32:24:02:78:
                    f0:c0:3d:56:be:aa:56:d5:53:75:56:b6:80:36:53:
                    df:4f:d6:5c:45:03:0c:36:69:da:cc:fb:4a:c2:66:
                    93:7b:e7:a2:fe:4f:73:d9:1d:e8:38:39:6c:10:3f:
                    8a:5a:4e:41:38:0e:82:b5:c4:e1:d6:a8:84:59:88:
                    f9:ba:2a:e4:14:3d:bb:db:75:64:2e:34:23:e5:5c:
                    65:59:ee:3f:c3:94:c0:2d:b2:12:09:3f:5a:f3:0b:
                    bb:72:ca:75:4f:0b:e5:cd:1c:d9:a9:d8:b5:c9:6e:
                    22:e2:0a:63:c8:54:13:00:2b:e5:de:23:ac:50:ef:
                    61:4b:b6:66:e0:25:d7:a5:e1:7b:8b:7c:df:ae:d2:
                    45:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:91:02:EC:01:E4:BD:C7:A8:46:45:80:42:DF:DD:14:0D:D5:52:14
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/s5EC7AHkvceoRkWAQt_dFA3VUhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ed:2e:71:ba:da:08:d7:fe:fd:43:16:a5:1e:05:75:41:0c:
         13:da:97:a2:66:60:07:9c:b8:01:70:f8:27:11:b0:fd:05:de:
         06:59:29:c4:7b:30:11:07:e1:45:cd:23:36:41:24:d9:37:4b:
         71:47:3a:ad:08:5e:04:64:8e:92:6b:7b:68:03:dc:78:ec:48:
         be:f2:37:20:78:fa:f0:7d:11:d6:ae:02:e7:f4:e5:6c:57:55:
         ce:ec:0f:c9:dd:f2:ce:e8:a3:a2:bd:f6:62:f1:90:63:c5:ab:
         30:4b:ba:2b:08:c1:e9:00:b7:ab:46:17:88:63:37:57:8a:28:
         62:63:a1:be:5c:89:cc:d2:bf:31:f7:9b:b0:66:44:96:bb:1f:
         c9:fb:05:6b:f0:41:f8:3c:33:82:5a:7b:35:5b:4e:c6:9a:8e:
         fc:24:95:50:03:91:bc:86:61:24:f4:0a:e2:87:7c:8f:75:09:
         3f:26:3f:68:90:01:a1:ba:20:b4:b9:d6:a6:30:95:80:db:b7:
         fc:62:56:cf:d7:7c:68:22:99:2f:f4:7c:eb:c7:b0:a6:43:e8:
         d5:dd:c5:09:74:90:66:b1:02:36:71:18:26:6e:c0:57:f1:26:
         0c:e2:34:4f:8f:48:ba:e2:8b:2c:3e:1b:4e:3b:a0:bb:e5:05:
         48:0f:ae:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+BUfr6DX2kgSLF1t53yvKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjQwNTE2MTIxMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzkxMDJlYzAxZTRiZGM3YTg0NjQ1ODA0MmRmZGQxNDBkZDU1MjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLurUmJBjXEjd3q8al4NQXyO7Hwb
+qwyE7Zx7cgwQdkcviBINkKMP/oxA3pO3JB0ccuw7fyCwI/eca+uc1E8vvcvwMqe
z8iRuBGJd+SaFVOIq9emnTxApFwj2KxDRM5qiGt8I8trXm6Mzyo6CSFQaTRC/TIk
AnjwwD1WvqpW1VN1VraANlPfT9ZcRQMMNmnazPtKwmaTe+ei/k9z2R3oODlsED+K
Wk5BOA6CtcTh1qiEWYj5uirkFD2723VkLjQj5VxlWe4/w5TALbISCT9a8wu7csp1
TwvlzRzZqdi1yW4i4gpjyFQTACvl3iOsUO9hS7Zm4CXXpeF7i3zfrtJF8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLORAuwB5L3HqEZFgELf3RQN1VIUMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvczVFQzdBSGt2Y2VvUmtXQVF0X2RGQTNWVWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYzDMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ7S5xutoI1/79QxalHgV1QQwT2peiZmAHnLgBcPgn
EbD9Bd4GWSnEezARB+FFzSM2QSTZN0txRzqtCF4EZI6Sa3toA9x47Ei+8jcgePrw
fRHWrgLn9OVsV1XO7A/J3fLO6KOivfZi8ZBjxaswS7orCMHpALerRheIYzdXiihi
Y6G+XInM0r8x95uwZkSWux/J+wVr8EH4PDOCWns1W07Gmo78JJVQA5G8hmEk9Ari
h3yPdQk/Jj9okAGhuiC0udamMJWA27f8YlbP13xoIpkv9Hzrx7CmQ+jV3cUJdJBm
sQI2cRgmbsBX8SYM4jRPj0i64ossPhtOO6C75QVID670
-----END CERTIFICATE-----