Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/j5D_vGlaQlddzrVvBZVu09D9Zsc.roa
File:                     j5D_vGlaQlddzrVvBZVu09D9Zsc.roa (raw, json)
Hash identifier:          hUIYMg8l2Mx9iSIngCOzrUTtXerpgubkGlciTCk1DR0=
Subject key identifier:   8F:90:FF:BC:69:5A:42:57:5D:CE:B5:6F:05:95:6E:D3:D0:FD:66:C7
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       018EF1BCCC3B58F09266B904E7B37FF479B2
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/j5D_vGlaQlddzrVvBZVu09D9Zsc.roa
Signing time:             Thu 18 Apr 2024 15:04:25 +0000
ROA not before:           Thu 18 Apr 2024 15:04:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26383
IP address blocks:        103.102.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f1:bc:cc:3b:58:f0:92:66:b9:04:e7:b3:7f:f4:79:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Apr 18 15:04:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f90ffbc695a42575dceb56f05956ed3d0fd66c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a0:c8:e9:8f:d6:a4:d6:e2:20:11:78:6c:b3:
                    a3:ef:40:89:25:b5:9b:b1:d5:34:c0:c6:8e:21:65:
                    86:58:ae:a8:e8:14:26:4b:a3:a0:e2:e4:84:aa:9e:
                    3d:e3:f6:8d:a1:b6:b9:1b:0f:a8:16:0b:ec:c7:a6:
                    48:ac:ad:18:97:d8:68:b1:e8:79:31:4f:14:e6:b3:
                    37:10:7c:3a:3a:da:3f:eb:77:f3:7b:1e:23:49:41:
                    7d:74:f2:2e:e5:4e:2e:fd:ab:72:43:09:ea:47:42:
                    ec:20:80:d8:30:0f:42:19:e3:bc:73:59:98:af:55:
                    65:df:9d:55:c5:9d:19:ef:b7:eb:98:1d:4e:42:6b:
                    2f:62:e7:bd:bc:40:46:19:92:f7:89:9c:31:58:a5:
                    ec:85:94:a9:7a:cf:35:d2:b6:77:a9:21:a3:eb:ac:
                    42:dd:b3:1f:7d:35:26:3a:b7:16:90:f6:28:64:d5:
                    3b:4c:99:d3:49:30:04:e2:06:89:39:03:80:c8:4c:
                    2e:ec:4b:93:91:42:c4:15:14:86:4a:8c:f0:d4:c8:
                    58:ae:ce:e4:50:d5:0c:52:60:18:ac:75:8a:f9:de:
                    71:29:07:42:ad:18:7b:b5:e5:f5:c1:bb:23:c6:e7:
                    4f:5a:f0:3a:78:d2:d1:d1:36:ec:a8:e3:3b:35:7d:
                    76:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:90:FF:BC:69:5A:42:57:5D:CE:B5:6F:05:95:6E:D3:D0:FD:66:C7
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/j5D_vGlaQlddzrVvBZVu09D9Zsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:29:88:e8:80:4f:06:a5:46:2a:da:26:42:69:d7:74:53:91:
         5c:75:27:d1:43:f0:72:0b:be:e2:ae:53:5c:a1:ad:ab:3d:c6:
         9e:de:cb:28:de:69:e9:de:b6:d0:fe:a1:3c:00:8b:5c:66:27:
         2e:f8:25:03:44:8f:7d:49:7f:0f:25:5e:03:24:22:48:29:f3:
         27:a3:9b:d0:41:d2:99:18:f5:a6:45:f2:3c:92:46:45:f7:60:
         5d:69:92:89:c6:87:84:6c:71:fd:3e:d9:26:40:d2:27:f0:db:
         c9:f2:33:bf:d7:e5:bc:46:f9:d0:58:0a:05:36:df:07:5e:bd:
         f5:2a:2c:ad:8f:23:8b:ee:d9:98:b6:f8:3c:b8:22:e6:80:e0:
         47:fd:c0:25:ec:bc:15:8c:a4:c2:4f:d4:95:cf:79:ae:e1:67:
         e2:9e:1c:70:75:71:4b:80:c6:27:e9:52:9b:76:85:8e:8e:88:
         22:7e:a4:b7:a8:b0:a1:df:0f:02:c0:4b:74:c8:73:e0:ac:09:
         4f:8a:f8:1d:5b:11:b1:cd:35:9b:29:2a:d1:26:6d:32:b8:05:
         d5:c7:98:db:35:7c:b1:fa:53:f3:49:6e:fa:6f:2b:ad:18:16:
         6c:8e:62:de:82:32:27:d0:3e:49:ab:cf:a1:15:86:05:c9:72:
         7f:c0:7f:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7xvMw7WPCSZrkE57N/9HmyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjQwNDE4MTUwNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjkwZmZiYzY5NWE0MjU3NWRjZWI1NmYwNTk1NmVkM2QwZmQ2NmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqDI6Y/WpNbiIBF4bLOj70CJJbWb
sdU0wMaOIWWGWK6o6BQmS6Og4uSEqp494/aNoba5Gw+oFgvsx6ZIrK0Yl9hoseh5
MU8U5rM3EHw6Oto/63fzex4jSUF9dPIu5U4u/atyQwnqR0LsIIDYMA9CGeO8c1mY
r1Vl351VxZ0Z77frmB1OQmsvYue9vEBGGZL3iZwxWKXshZSpes810rZ3qSGj66xC
3bMffTUmOrcWkPYoZNU7TJnTSTAE4gaJOQOAyEwu7EuTkULEFRSGSozw1MhYrs7k
UNUMUmAYrHWK+d5xKQdCrRh7teX1wbsjxudPWvA6eNLR0TbsqOM7NX12gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+Q/7xpWkJXXc61bwWVbtPQ/WbHMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvajVEX3ZHbGFRbGRkenJWdkJaVnUwOUQ5WnNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2bnMA0G
CSqGSIb3DQEBCwUAA4IBAQAlKYjogE8GpUYq2iZCadd0U5FcdSfRQ/ByC77irlNc
oa2rPcae3sso3mnp3rbQ/qE8AItcZicu+CUDRI99SX8PJV4DJCJIKfMno5vQQdKZ
GPWmRfI8kkZF92BdaZKJxoeEbHH9PtkmQNIn8NvJ8jO/1+W8RvnQWAoFNt8HXr31
KiytjyOL7tmYtvg8uCLmgOBH/cAl7LwVjKTCT9SVz3mu4WfinhxwdXFLgMYn6VKb
doWOjogifqS3qLCh3w8CwEt0yHPgrAlPivgdWxGxzTWbKSrRJm0yuAXVx5jbNXyx
+lPzSW76byutGBZsjmLegjIn0D5Jq8+hFYYFyXJ/wH9O
-----END CERTIFICATE-----