Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/Rm4UhpyggVOWhlCR05sap4Q3uK0.roa
File:                     Rm4UhpyggVOWhlCR05sap4Q3uK0.roa (raw, json)
Hash identifier:          4G0SSBpxcHAsImSQIKsOJjZKmtwLvOFeE8DkWTKXOsg=
Subject key identifier:   46:6E:14:86:9C:A0:81:53:96:86:50:91:D3:9B:1A:A7:84:37:B8:AD
Certificate issuer:       /CN=b464b4523a8972b9e2f46a4f4a1634e97027aedf
Certificate serial:       018D69DDBF250B1BDCB46313E115CE379332
Authority key identifier: B4:64:B4:52:3A:89:72:B9:E2:F4:6A:4F:4A:16:34:E9:70:27:AE:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/Rm4UhpyggVOWhlCR05sap4Q3uK0.roa
Signing time:             Fri 02 Feb 2024 12:49:16 +0000
ROA not before:           Fri 02 Feb 2024 12:49:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        5.61.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:dd:bf:25:0b:1b:dc:b4:63:13:e1:15:ce:37:93:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b464b4523a8972b9e2f46a4f4a1634e97027aedf
        Validity
            Not Before: Feb  2 12:49:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=466e14869ca0815396865091d39b1aa78437b8ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:cd:09:0d:18:ad:68:92:92:f6:bd:54:7c:c4:
                    09:3b:2e:7b:0d:6d:8d:af:36:3c:ad:97:97:9f:38:
                    b5:15:77:66:de:f6:8c:81:51:96:cb:ee:30:4a:46:
                    a2:a9:1e:32:8a:30:ad:54:99:e3:bd:ec:da:57:db:
                    33:58:57:d3:e2:d2:02:37:9b:75:8f:0c:6a:d9:e9:
                    8a:02:ed:5a:4b:fd:d2:7f:19:00:8f:d5:96:2a:13:
                    cb:8e:f9:84:5f:13:c1:6c:69:51:d8:e3:cc:fb:52:
                    78:8d:be:0a:08:f9:94:0d:58:6f:5f:dc:1a:d2:38:
                    06:f6:4c:42:0f:37:8c:ea:8a:9d:c8:48:af:88:13:
                    46:1c:48:44:08:fa:ae:2e:a4:ca:73:46:7b:ed:87:
                    2c:48:da:4d:80:ae:ce:9e:da:b4:e6:d3:43:bf:4d:
                    2d:60:72:c5:67:76:40:44:36:eb:cd:14:f0:f2:dd:
                    da:f6:3d:54:76:c2:e9:54:59:3c:e9:1d:98:36:a1:
                    b3:b9:82:a6:1f:29:11:de:37:99:10:45:1e:92:92:
                    b7:2b:80:da:a0:d2:a7:b8:a7:dd:78:cd:79:a6:51:
                    fd:3c:97:df:cb:7b:e3:51:94:6c:3d:c6:83:8b:2c:
                    45:a1:83:01:28:58:50:26:3c:47:7e:6c:84:75:17:
                    10:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6E:14:86:9C:A0:81:53:96:86:50:91:D3:9B:1A:A7:84:37:B8:AD
            X509v3 Authority Key Identifier:
                keyid:B4:64:B4:52:3A:89:72:B9:E2:F4:6A:4F:4A:16:34:E9:70:27:AE:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/Rm4UhpyggVOWhlCR05sap4Q3uK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:50:c3:4e:6a:5d:e6:b2:ff:f4:f3:7c:18:30:d5:87:9b:9a:
         08:0e:2b:ac:0a:29:fa:b1:94:4b:4e:95:8b:66:b7:85:61:1a:
         9c:ff:91:5e:cc:0f:f4:7a:68:e3:9a:bd:36:c9:bb:98:ef:e2:
         31:cc:18:90:a8:8f:ea:c2:3d:b9:10:1c:98:75:d9:3c:6f:d9:
         a1:cb:ba:b6:d4:2c:3d:93:b3:ae:82:46:0e:ab:6b:c6:5f:63:
         69:b6:4f:7c:c2:0f:3a:22:8c:36:ae:17:b1:ba:8a:d0:31:a4:
         75:7c:b8:11:8c:8a:27:d8:41:c7:e3:8d:a3:6c:3a:82:d9:f6:
         e5:f0:0f:5f:0b:b1:74:e6:20:59:0a:2d:f5:53:20:d6:2f:93:
         bd:e0:30:db:bc:2d:15:10:f4:7c:5b:b9:15:c0:96:d7:05:f6:
         ce:37:b3:ba:b8:39:70:e3:c5:b4:f8:7d:d7:f0:fd:54:5e:57:
         1c:be:81:23:09:ed:a1:e1:37:01:f1:8b:4a:97:f9:85:3e:18:
         77:73:96:8f:08:5e:68:a7:ab:af:1f:f7:b7:c4:04:e1:64:a9:
         1d:e6:01:28:7a:9b:77:49:10:4d:4b:43:8b:dd:a6:76:f6:4a:
         4d:b3:a5:7a:08:28:14:f1:88:bd:c9:66:cb:b9:42:76:11:8b:
         46:6e:52:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1p3b8lCxvctGMT4RXON5MyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjRiNDUyM2E4OTcyYjllMmY0NmE0ZjRhMTYzNGU5NzAy
N2FlZGYwHhcNMjQwMjAyMTI0OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZlMTQ4NjljYTA4MTUzOTY4NjUwOTFkMzliMWFhNzg0MzdiOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgc0JDRitaJKS9r1UfMQJOy57DW2N
rzY8rZeXnzi1FXdm3vaMgVGWy+4wSkaiqR4yijCtVJnjvezaV9szWFfT4tICN5t1
jwxq2emKAu1aS/3SfxkAj9WWKhPLjvmEXxPBbGlR2OPM+1J4jb4KCPmUDVhvX9wa
0jgG9kxCDzeM6oqdyEiviBNGHEhECPquLqTKc0Z77YcsSNpNgK7Ontq05tNDv00t
YHLFZ3ZARDbrzRTw8t3a9j1UdsLpVFk86R2YNqGzuYKmHykR3jeZEEUekpK3K4Da
oNKnuKfdeM15plH9PJffy3vjUZRsPcaDiyxFoYMBKFhQJjxHfmyEdRcQ5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZuFIacoIFTloZQkdObGqeEN7itMB8GA1UdIwQY
MBaAFLRktFI6iXK54vRqT0oWNOlwJ67fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdTMFVqcUpjcm5pOUdwUFNoWTA2WEFucnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jN2NhZjMtZWIwOC00NTU2LWE1Yjct
ZmM2ZTc3ODg0MDU0LzEvUm00VWhweWdnVk9XaGxDUjA1c2FwNFEzdUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jN2NhZjMtZWIwOC00NTU2LWE1YjctZmM2ZTc3ODg0MDU0
LzEvdEdTMFVqcUpjcm5pOUdwUFNoWTA2WEFucnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT13MA0G
CSqGSIb3DQEBCwUAA4IBAQAyUMNOal3msv/083wYMNWHm5oIDiusCin6sZRLTpWL
ZreFYRqc/5FezA/0emjjmr02ybuY7+IxzBiQqI/qwj25EByYddk8b9mhy7q21Cw9
k7OugkYOq2vGX2Nptk98wg86Iow2rhexuorQMaR1fLgRjIon2EHH442jbDqC2fbl
8A9fC7F05iBZCi31UyDWL5O94DDbvC0VEPR8W7kVwJbXBfbON7O6uDlw48W0+H3X
8P1UXlccvoEjCe2h4TcB8YtKl/mFPhh3c5aPCF5op6uvH/e3xAThZKkd5gEoept3
SRBNS0OL3aZ29kpNs6V6CCgU8Yi9yWbLuUJ2EYtGblLr
-----END CERTIFICATE-----