Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/_O5bjJiVaXMFKPpYQjl8VpgK4Oo.roa
File:                     _O5bjJiVaXMFKPpYQjl8VpgK4Oo.roa (raw, json)
Hash identifier:          WXSCPn0zkr+kKrUE/5mmjZAIM2jtdnPY7LRIL6YD/p4=
Subject key identifier:   FC:EE:5B:8C:98:95:69:73:05:28:FA:58:42:39:7C:56:98:0A:E0:EA
Certificate issuer:       /CN=9a78fd4d41a49384bdf6e7dc3ebbc500bf66d9d5
Certificate serial:       018CC5DCC66A17D1A8A4214A23C20D13DAAB
Authority key identifier: 9A:78:FD:4D:41:A4:93:84:BD:F6:E7:DC:3E:BB:C5:00:BF:66:D9:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/_O5bjJiVaXMFKPpYQjl8VpgK4Oo.roa
Signing time:             Mon 01 Jan 2024 16:30:29 +0000
ROA not before:           Mon 01 Jan 2024 16:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.8.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c6:6a:17:d1:a8:a4:21:4a:23:c2:0d:13:da:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a78fd4d41a49384bdf6e7dc3ebbc500bf66d9d5
        Validity
            Not Before: Jan  1 16:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcee5b8c989569730528fa5842397c56980ae0ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:21:0e:42:b6:91:79:e9:9d:35:ba:e0:ac:b0:
                    ae:62:f1:17:f7:cb:cb:93:42:a2:32:49:a2:d4:28:
                    b3:91:dd:b2:6a:f5:6f:83:1e:9e:62:74:72:7f:3c:
                    60:27:0f:7d:16:a6:cf:c4:a8:0d:ad:9d:ba:77:47:
                    a8:4f:a6:fd:30:45:41:39:06:19:53:19:f1:f4:1b:
                    37:47:74:db:69:87:4e:14:9f:4e:14:8a:fe:a7:bd:
                    ad:89:2b:95:2c:14:f7:5f:2d:29:32:3d:2b:a0:11:
                    d1:6a:62:67:42:11:ac:0e:9d:8b:fb:4a:bd:96:6f:
                    86:fb:79:6e:2b:ae:5f:fa:33:8b:33:06:fe:3f:09:
                    c9:09:e5:9a:93:f3:db:f6:bf:33:37:61:d5:17:d6:
                    74:96:c0:df:a3:50:a6:19:8a:73:90:19:79:1b:31:
                    33:78:27:73:72:6d:a6:1a:85:6d:5e:ed:bf:98:6a:
                    8b:47:ec:9d:64:f4:3d:7d:eb:9a:5b:6c:40:7a:f1:
                    59:dd:20:a5:77:a5:4d:be:d7:22:37:2c:b1:81:73:
                    1a:59:1c:a5:b0:0f:4c:37:46:75:c5:1a:a4:7a:e4:
                    1a:74:2c:02:52:31:53:3a:6b:bf:d2:84:8a:36:3d:
                    82:ae:53:db:2f:e3:ba:38:64:6f:e9:38:d1:42:9f:
                    f3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:EE:5B:8C:98:95:69:73:05:28:FA:58:42:39:7C:56:98:0A:E0:EA
            X509v3 Authority Key Identifier:
                keyid:9A:78:FD:4D:41:A4:93:84:BD:F6:E7:DC:3E:BB:C5:00:BF:66:D9:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/_O5bjJiVaXMFKPpYQjl8VpgK4Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:36:7e:d1:af:bc:ef:3c:33:71:43:bc:89:00:0e:0b:b2:83:
         82:91:ec:c8:7a:cb:0b:bd:64:29:79:fa:89:29:ef:c2:81:89:
         16:c5:a2:6c:52:8b:04:f6:78:3e:89:d5:db:b2:24:ed:5d:73:
         02:37:f4:24:92:fe:ac:fa:57:41:75:7c:fa:19:92:ad:4f:c2:
         b7:6b:30:a3:0e:89:c8:b7:99:1a:62:9e:1c:03:fd:6d:17:6c:
         f8:c8:5c:fe:d2:89:43:86:41:09:7f:38:7b:c0:34:fb:5e:b1:
         51:1e:f4:a8:03:7d:7e:d7:02:e2:83:ca:60:ce:88:b0:84:8f:
         62:6e:99:0a:6d:5b:bb:4e:89:aa:d7:a8:07:c0:44:12:cb:1f:
         1e:c8:c0:78:d0:20:6c:53:95:9f:f7:b3:26:11:d5:90:43:54:
         52:21:f3:1c:f9:c6:df:5d:9c:05:26:9f:02:2d:2d:56:e9:e1:
         24:7d:1e:df:d6:f4:15:c7:ed:55:10:e3:85:61:81:71:bf:93:
         b1:d6:25:93:d6:5a:73:be:8a:34:1e:58:2f:1d:3e:a8:15:1f:
         be:25:b7:0d:b3:7c:41:c6:a0:03:9f:e2:0c:8e:61:b6:54:84:
         42:0b:21:61:07:10:f9:e8:f1:71:d4:4b:8a:30:1f:72:ae:5b:
         f4:02:94:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MZqF9GopCFKI8INE9qrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNzhmZDRkNDFhNDkzODRiZGY2ZTdkYzNlYmJjNTAwYmY2
NmQ5ZDUwHhcNMjQwMTAxMTYzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2VlNWI4Yzk4OTU2OTczMDUyOGZhNTg0MjM5N2M1Njk4MGFlMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7CEOQraReemdNbrgrLCuYvEX98vL
k0KiMkmi1Cizkd2yavVvgx6eYnRyfzxgJw99FqbPxKgNrZ26d0eoT6b9MEVBOQYZ
Uxnx9Bs3R3TbaYdOFJ9OFIr+p72tiSuVLBT3Xy0pMj0roBHRamJnQhGsDp2L+0q9
lm+G+3luK65f+jOLMwb+PwnJCeWak/Pb9r8zN2HVF9Z0lsDfo1CmGYpzkBl5GzEz
eCdzcm2mGoVtXu2/mGqLR+ydZPQ9feuaW2xAevFZ3SCld6VNvtciNyyxgXMaWRyl
sA9MN0Z1xRqkeuQadCwCUjFTOmu/0oSKNj2CrlPbL+O6OGRv6TjRQp/zqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzuW4yYlWlzBSj6WEI5fFaYCuDqMB8GA1UdIwQY
MBaAFJp4/U1BpJOEvfbn3D67xQC/ZtnVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW5qOVRVR2trNFM5OXVmY1BydkZBTDltMmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS81Y2I5OGMtZWUwOC00Yjk5LThiNGQt
YzZmNDEwNjBjNWQ3LzEvX081YmpKaVZhWE1GS1BwWVFqbDhWcGdLNE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS81Y2I5OGMtZWUwOC00Yjk5LThiNGQtYzZmNDEwNjBjNWQ3
LzEvbW5qOVRVR2trNFM5OXVmY1BydkZBTDltMmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQhUMA0G
CSqGSIb3DQEBCwUAA4IBAQCDNn7Rr7zvPDNxQ7yJAA4LsoOCkezIessLvWQpefqJ
Ke/CgYkWxaJsUosE9ng+idXbsiTtXXMCN/Qkkv6s+ldBdXz6GZKtT8K3azCjDonI
t5kaYp4cA/1tF2z4yFz+0olDhkEJfzh7wDT7XrFRHvSoA31+1wLig8pgzoiwhI9i
bpkKbVu7Tomq16gHwEQSyx8eyMB40CBsU5Wf97MmEdWQQ1RSIfMc+cbfXZwFJp8C
LS1W6eEkfR7f1vQVx+1VEOOFYYFxv5Ox1iWT1lpzvoo0HlgvHT6oFR++JbcNs3xB
xqADn+IMjmG2VIRCCyFhBxD56PFx1EuKMB9yrlv0ApTR
-----END CERTIFICATE-----