Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/2ee229-68c5-4f8c-807e-548e7f024314/1/xt5hOQ_8zf2OB281CbQTKgrVDZ8.roa
File:                     xt5hOQ_8zf2OB281CbQTKgrVDZ8.roa (raw, json)
Hash identifier:          d3zBRzg8rL/TAXPGmSMTeLgChuqBvE1kCTnDas4jG4Q=
Subject key identifier:   C6:DE:61:39:0F:FC:CD:FD:8E:07:6F:35:09:B4:13:2A:0A:D5:0D:9F
Certificate issuer:       /CN=a5c522844498251260c8daabbc2c5e1a9e8f35fe
Certificate serial:       018CC649B00B3908A0C97F2A3312F457381A
Authority key identifier: A5:C5:22:84:44:98:25:12:60:C8:DA:AB:BC:2C:5E:1A:9E:8F:35:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcUihESYJRJgyNqrvCxeGp6PNf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/2ee229-68c5-4f8c-807e-548e7f024314/1/xt5hOQ_8zf2OB281CbQTKgrVDZ8.roa
Signing time:             Mon 01 Jan 2024 18:29:27 +0000
ROA not before:           Mon 01 Jan 2024 18:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20703
IP address blocks:        193.104.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/2ee229-68c5-4f8c-807e-548e7f024314/1/pcUihESYJRJgyNqrvCxeGp6PNf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/2ee229-68c5-4f8c-807e-548e7f024314/1/pcUihESYJRJgyNqrvCxeGp6PNf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcUihESYJRJgyNqrvCxeGp6PNf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:b0:0b:39:08:a0:c9:7f:2a:33:12:f4:57:38:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c522844498251260c8daabbc2c5e1a9e8f35fe
        Validity
            Not Before: Jan  1 18:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6de61390ffccdfd8e076f3509b4132a0ad50d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2e:0d:bd:e0:93:ea:54:99:65:b5:39:1b:96:
                    ae:86:dc:71:0b:09:e1:5b:e6:83:0b:f7:c8:89:64:
                    3a:b8:ca:91:55:08:c5:5a:b1:dc:a0:9f:84:47:bc:
                    9b:a5:88:a0:c2:e9:b2:44:90:52:7e:64:ee:c6:fb:
                    7f:34:64:f7:fb:b8:29:d6:2c:f9:39:3f:56:d9:a3:
                    c7:73:1f:2a:c6:73:5b:47:ca:3c:a8:64:93:5f:5a:
                    4b:a6:da:d1:b7:41:d4:73:3d:41:58:18:a0:c9:fb:
                    9d:6f:55:b4:d7:05:95:ff:ef:6a:7d:43:da:1c:31:
                    e9:bd:11:aa:1a:ca:d7:58:d1:8c:39:d7:f0:a6:7e:
                    6a:8f:45:4b:78:91:16:db:5f:0d:12:82:6d:98:be:
                    c3:af:f4:3e:57:86:d0:47:2d:54:7e:e5:86:08:d5:
                    3e:56:73:7f:4f:87:7e:f3:8f:ab:20:3f:e1:60:ea:
                    14:5d:b2:79:f2:c6:a2:ed:e0:e0:ee:0d:db:fd:69:
                    7f:99:2c:19:c1:40:e2:a7:40:6d:84:b3:7d:ab:6b:
                    2a:d9:01:4a:d8:b7:9a:d5:0c:3d:68:b7:fd:b7:e2:
                    02:50:e6:3d:53:bc:0a:97:0e:83:ee:b8:f6:54:b5:
                    66:6c:65:45:65:c7:38:63:ed:91:a1:b7:a6:87:c0:
                    ea:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DE:61:39:0F:FC:CD:FD:8E:07:6F:35:09:B4:13:2A:0A:D5:0D:9F
            X509v3 Authority Key Identifier:
                keyid:A5:C5:22:84:44:98:25:12:60:C8:DA:AB:BC:2C:5E:1A:9E:8F:35:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcUihESYJRJgyNqrvCxeGp6PNf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/2ee229-68c5-4f8c-807e-548e7f024314/1/xt5hOQ_8zf2OB281CbQTKgrVDZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/2ee229-68c5-4f8c-807e-548e7f024314/1/pcUihESYJRJgyNqrvCxeGp6PNf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:22:d5:ba:e8:17:2e:32:0b:7d:6f:90:d4:7e:5f:e0:0f:a0:
         32:c9:25:1c:be:99:f3:c7:d2:87:6b:b9:5e:3e:37:7b:39:8e:
         b7:e9:d2:39:ec:cf:f9:57:ad:74:b9:89:3a:92:ac:24:84:19:
         72:de:65:b5:b5:7a:ae:dd:e2:1a:f2:80:61:cf:63:27:43:2c:
         b4:0d:b1:92:bb:33:7f:0f:bc:4d:ed:0b:d8:bf:37:e8:7d:20:
         ba:56:83:a9:1c:a9:f9:2e:9c:a1:ab:ea:21:c1:ac:a5:ae:2f:
         29:09:0b:cb:ab:d6:f3:10:86:48:bf:43:43:6c:7b:8f:30:f4:
         a9:f5:f5:ac:40:94:c9:20:4b:0a:16:5a:39:c5:cc:ec:87:ed:
         78:f0:06:44:85:5f:56:02:7c:cb:69:7f:f4:e6:25:29:84:1e:
         46:7b:cd:98:24:34:ee:06:66:84:7f:e9:2f:3d:3a:c8:cb:c7:
         fb:65:83:2a:fa:10:a0:ab:da:98:7f:43:c0:dd:6a:85:d5:0f:
         61:69:8c:6a:e0:61:1f:df:cf:b3:89:f9:f9:46:ba:a3:61:97:
         38:70:0e:c0:01:5c:0d:e8:6e:d6:06:06:b8:d3:04:f0:9b:55:
         bf:8f:bb:ba:5c:a4:88:f0:87:15:ce:fb:3e:85:69:38:da:3b:
         7b:4b:02:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSbALOQigyX8qMxL0VzgaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzUyMjg0NDQ5ODI1MTI2MGM4ZGFhYmJjMmM1ZTFhOWU4
ZjM1ZmUwHhcNMjQwMTAxMTgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmRlNjEzOTBmZmNjZGZkOGUwNzZmMzUwOWI0MTMyYTBhZDUwZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC4NveCT6lSZZbU5G5auhtxxCwnh
W+aDC/fIiWQ6uMqRVQjFWrHcoJ+ER7ybpYigwumyRJBSfmTuxvt/NGT3+7gp1iz5
OT9W2aPHcx8qxnNbR8o8qGSTX1pLptrRt0HUcz1BWBigyfudb1W01wWV/+9qfUPa
HDHpvRGqGsrXWNGMOdfwpn5qj0VLeJEW218NEoJtmL7Dr/Q+V4bQRy1UfuWGCNU+
VnN/T4d+84+rID/hYOoUXbJ58sai7eDg7g3b/Wl/mSwZwUDip0BthLN9q2sq2QFK
2Lea1Qw9aLf9t+ICUOY9U7wKlw6D7rj2VLVmbGVFZcc4Y+2Robemh8Dq0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbeYTkP/M39jgdvNQm0EyoK1Q2fMB8GA1UdIwQY
MBaAFKXFIoREmCUSYMjaq7wsXhqejzX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNVaWhFU1lKUkpneU5xcnZDeGVHcDZQTmY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8yZWUyMjktNjhjNS00ZjhjLTgwN2Ut
NTQ4ZTdmMDI0MzE0LzEveHQ1aE9RXzh6ZjJPQjI4MUNiUVRLZ3JWRFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8yZWUyMjktNjhjNS00ZjhjLTgwN2UtNTQ4ZTdmMDI0MzE0
LzEvcGNVaWhFU1lKUkpneU5xcnZDeGVHcDZQTmY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWgeMA0G
CSqGSIb3DQEBCwUAA4IBAQBDItW66BcuMgt9b5DUfl/gD6AyySUcvpnzx9KHa7le
Pjd7OY636dI57M/5V610uYk6kqwkhBly3mW1tXqu3eIa8oBhz2MnQyy0DbGSuzN/
D7xN7QvYvzfofSC6VoOpHKn5Lpyhq+ohwaylri8pCQvLq9bzEIZIv0NDbHuPMPSp
9fWsQJTJIEsKFlo5xczsh+148AZEhV9WAnzLaX/05iUphB5Ge82YJDTuBmaEf+kv
PTrIy8f7ZYMq+hCgq9qYf0PA3WqF1Q9haYxq4GEf38+zifn5RrqjYZc4cA7AAVwN
6G7WBga40wTwm1W/j7u6XKSI8IcVzvs+hWk42jt7SwIl
-----END CERTIFICATE-----