Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/309d57-ec82-4b53-bee4-3403cdad2c67/1/CgZTd4dNmMEgNLwZSzWB6POMS2A.roa
File:                     CgZTd4dNmMEgNLwZSzWB6POMS2A.roa (raw, json)
Hash identifier:          xL/0pgG+LdEE6egw/iFG4LDzKJQvg/stPLrSn62D/Q4=
Subject key identifier:   0A:06:53:77:87:4D:98:C1:20:34:BC:19:4B:35:81:E8:F3:8C:4B:60
Certificate issuer:       /CN=1102fc0d9ff86fe65c14469d55046e2053bfe5ca
Certificate serial:       018CC3B6C92F182DDFC89A811AB63C13F038
Authority key identifier: 11:02:FC:0D:9F:F8:6F:E6:5C:14:46:9D:55:04:6E:20:53:BF:E5:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EQL8DZ_4b-ZcFEadVQRuIFO_5co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/309d57-ec82-4b53-bee4-3403cdad2c67/1/CgZTd4dNmMEgNLwZSzWB6POMS2A.roa
Signing time:             Mon 01 Jan 2024 06:29:45 +0000
ROA not before:           Mon 01 Jan 2024 06:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12795
IP address blocks:        194.246.110.0/24 maxlen: 24
                          194.246.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/309d57-ec82-4b53-bee4-3403cdad2c67/1/EQL8DZ_4b-ZcFEadVQRuIFO_5co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/309d57-ec82-4b53-bee4-3403cdad2c67/1/EQL8DZ_4b-ZcFEadVQRuIFO_5co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EQL8DZ_4b-ZcFEadVQRuIFO_5co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c9:2f:18:2d:df:c8:9a:81:1a:b6:3c:13:f0:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1102fc0d9ff86fe65c14469d55046e2053bfe5ca
        Validity
            Not Before: Jan  1 06:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a065377874d98c12034bc194b3581e8f38c4b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6c:08:88:fc:39:b1:98:8a:60:9a:04:ea:1c:
                    09:7b:2d:01:b1:a2:2b:f9:ef:cb:e5:9f:c3:29:d8:
                    58:84:53:1b:6f:e1:ef:be:07:6f:22:ef:ba:6a:00:
                    56:c4:25:13:73:c9:41:6f:ea:c5:bb:a9:e6:ff:a2:
                    85:f4:7a:d1:0b:b3:fa:b0:3b:93:41:fe:01:ff:6d:
                    60:21:c2:fd:a0:64:c3:28:12:48:a5:9f:90:ec:ac:
                    81:5d:7c:e2:23:6e:60:1f:66:4d:5d:6c:78:b4:89:
                    ec:d1:31:95:6c:54:a1:b0:35:09:d3:e9:a4:82:69:
                    f6:78:ec:3f:dc:fd:40:9f:99:f1:b1:78:1a:ed:00:
                    9a:eb:09:ef:2b:8d:29:62:c5:9c:c4:fc:52:8a:18:
                    a6:54:65:37:b3:9c:6b:4d:79:21:e6:91:c2:75:ef:
                    65:72:3a:2c:03:ca:23:c5:04:9b:d7:8a:76:09:28:
                    98:34:ed:f6:d2:91:69:10:7c:88:81:78:e4:2a:6e:
                    03:2b:67:32:44:3d:9c:f1:68:94:24:b1:90:56:1e:
                    44:9e:ad:38:53:f1:c0:74:0e:c9:3b:4c:ba:2a:14:
                    23:ed:70:45:c3:15:b6:42:eb:16:26:e3:a4:f3:96:
                    8f:94:18:0d:ab:4c:eb:90:54:2b:44:91:ed:d4:f7:
                    36:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:06:53:77:87:4D:98:C1:20:34:BC:19:4B:35:81:E8:F3:8C:4B:60
            X509v3 Authority Key Identifier:
                keyid:11:02:FC:0D:9F:F8:6F:E6:5C:14:46:9D:55:04:6E:20:53:BF:E5:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EQL8DZ_4b-ZcFEadVQRuIFO_5co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/309d57-ec82-4b53-bee4-3403cdad2c67/1/CgZTd4dNmMEgNLwZSzWB6POMS2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/309d57-ec82-4b53-bee4-3403cdad2c67/1/EQL8DZ_4b-ZcFEadVQRuIFO_5co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:30:39:36:5a:cc:96:75:65:14:65:1d:4c:8d:ab:a5:1f:cd:
         67:a2:12:af:7c:35:c6:ea:28:ef:e9:47:34:f7:47:79:6d:43:
         c9:6b:d9:8c:ab:27:ea:85:40:45:21:79:8c:28:f9:11:2c:7f:
         ad:72:e5:db:72:78:25:e3:62:97:7e:0f:c8:7d:a9:b9:c7:1b:
         02:eb:d4:e1:93:7e:ef:8a:72:8d:42:c6:7a:fb:ab:35:29:53:
         73:9f:81:66:c5:c7:da:11:d7:66:54:d5:d7:4c:ec:ff:7c:8d:
         42:3a:6e:f1:73:13:c7:29:cf:ba:00:98:67:62:44:62:db:e5:
         c0:dd:8d:8d:e0:fa:0b:1c:1f:2f:51:00:cf:e9:e8:2a:d2:99:
         0f:ba:9c:78:0c:4c:12:79:71:7b:1c:a5:5a:f7:62:63:2b:15:
         5a:d8:46:e2:ee:14:46:ee:a4:96:bf:0a:06:36:94:e4:f8:1f:
         97:49:c6:9b:c5:b8:89:3c:4c:69:67:40:f9:5c:fd:63:7c:bf:
         6c:49:f4:9c:4b:36:5b:05:de:63:2e:1a:f4:ef:16:53:3c:5c:
         21:b0:12:cd:12:0d:01:eb:3f:30:c0:09:23:93:86:b0:97:e4:
         fd:11:b2:6f:3b:f7:dd:3a:88:3e:d5:1c:10:c1:a1:b5:27:3a:
         98:5c:7f:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtskvGC3fyJqBGrY8E/A4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMDJmYzBkOWZmODZmZTY1YzE0NDY5ZDU1MDQ2ZTIwNTNi
ZmU1Y2EwHhcNMjQwMTAxMDYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTA2NTM3Nzg3NGQ5OGMxMjAzNGJjMTk0YjM1ODFlOGYzOGM0YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2wIiPw5sZiKYJoE6hwJey0BsaIr
+e/L5Z/DKdhYhFMbb+HvvgdvIu+6agBWxCUTc8lBb+rFu6nm/6KF9HrRC7P6sDuT
Qf4B/21gIcL9oGTDKBJIpZ+Q7KyBXXziI25gH2ZNXWx4tIns0TGVbFShsDUJ0+mk
gmn2eOw/3P1An5nxsXga7QCa6wnvK40pYsWcxPxSihimVGU3s5xrTXkh5pHCde9l
cjosA8ojxQSb14p2CSiYNO320pFpEHyIgXjkKm4DK2cyRD2c8WiUJLGQVh5Enq04
U/HAdA7JO0y6KhQj7XBFwxW2QusWJuOk85aPlBgNq0zrkFQrRJHt1Pc2vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoGU3eHTZjBIDS8GUs1gejzjEtgMB8GA1UdIwQY
MBaAFBEC/A2f+G/mXBRGnVUEbiBTv+XKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVFMOERaXzRiLVpjRkVhZFZRUnVJRk9fNWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zMDlkNTctZWM4Mi00YjUzLWJlZTQt
MzQwM2NkYWQyYzY3LzEvQ2daVGQ0ZE5tTUVnTkx3WlN6V0I2UE9NUzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zMDlkNTctZWM4Mi00YjUzLWJlZTQtMzQwM2NkYWQyYzY3
LzEvRVFMOERaXzRiLVpjRkVhZFZRUnVJRk9fNWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvZuMA0G
CSqGSIb3DQEBCwUAA4IBAQBtMDk2WsyWdWUUZR1MjaulH81nohKvfDXG6ijv6Uc0
90d5bUPJa9mMqyfqhUBFIXmMKPkRLH+tcuXbcngl42KXfg/Ifam5xxsC69Thk37v
inKNQsZ6+6s1KVNzn4FmxcfaEddmVNXXTOz/fI1COm7xcxPHKc+6AJhnYkRi2+XA
3Y2N4PoLHB8vUQDP6egq0pkPupx4DEwSeXF7HKVa92JjKxVa2Ebi7hRG7qSWvwoG
NpTk+B+XScabxbiJPExpZ0D5XP1jfL9sSfScSzZbBd5jLhr07xZTPFwhsBLNEg0B
6z8wwAkjk4awl+T9EbJvO/fdOog+1RwQwaG1JzqYXH+s
-----END CERTIFICATE-----