Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1970d-9f7e-4c4a-8b04-5cee6d5f1a12/1/S5DgK0KnXN1nUPwEHrNb29NenXk.roa
File:                     S5DgK0KnXN1nUPwEHrNb29NenXk.roa (raw, json)
Hash identifier:          dpHJ7BNk0u1CL3hOerDNaFpCRMBzimjjXyQ3Ikr6uPs=
Subject key identifier:   4B:90:E0:2B:42:A7:5C:DD:67:50:FC:04:1E:B3:5B:DB:D3:5E:9D:79
Certificate issuer:       /CN=5d34ddbf7dcab10cbf682297921eb5812d905071
Certificate serial:       018EA8C7E9257DC34455591B96B178BE7966
Authority key identifier: 5D:34:DD:BF:7D:CA:B1:0C:BF:68:22:97:92:1E:B5:81:2D:90:50:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTTdv33KsQy_aCKXkh61gS2QUHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1970d-9f7e-4c4a-8b04-5cee6d5f1a12/1/S5DgK0KnXN1nUPwEHrNb29NenXk.roa
Signing time:             Thu 04 Apr 2024 11:04:17 +0000
ROA not before:           Thu 04 Apr 2024 11:04:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42094
IP address blocks:        194.169.235.0/24 maxlen: 24
                          195.42.138.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1970d-9f7e-4c4a-8b04-5cee6d5f1a12/1/XTTdv33KsQy_aCKXkh61gS2QUHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1970d-9f7e-4c4a-8b04-5cee6d5f1a12/1/XTTdv33KsQy_aCKXkh61gS2QUHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTTdv33KsQy_aCKXkh61gS2QUHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:c7:e9:25:7d:c3:44:55:59:1b:96:b1:78:be:79:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d34ddbf7dcab10cbf682297921eb5812d905071
        Validity
            Not Before: Apr  4 11:04:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b90e02b42a75cdd6750fc041eb35bdbd35e9d79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:37:92:9a:80:ee:fa:7d:95:5c:cd:63:89:a9:
                    96:9e:d8:3b:34:fc:02:e6:a0:40:bc:0f:7e:e4:05:
                    cf:cc:68:50:e2:60:43:d9:57:64:5f:2b:32:94:a0:
                    b1:c2:98:e5:fd:bf:9b:df:0e:fc:7e:a2:c9:fb:70:
                    59:89:3b:03:dc:e6:65:33:c4:76:e2:f5:53:e3:9f:
                    bd:c5:33:da:a1:01:d1:57:b6:67:09:1e:fa:c0:ab:
                    50:a3:a9:c2:ad:b1:29:77:ca:66:8d:c5:c6:6a:c9:
                    ba:f1:b5:9a:0e:4a:bf:b9:bd:28:78:cc:81:1f:b5:
                    8a:50:14:bc:fe:04:ad:7a:43:31:b4:f2:6a:d4:5a:
                    37:00:0a:19:c1:59:4a:05:e1:b3:ba:43:89:e7:c4:
                    70:20:ff:a6:38:f7:64:17:67:c3:eb:c1:b8:6f:f7:
                    5a:8b:f5:45:bf:43:57:b6:c1:49:d1:bb:97:fe:9a:
                    17:7b:ad:2b:de:d7:62:50:ca:6a:fc:5f:dd:c8:40:
                    81:ae:f7:9b:23:1f:64:2c:6f:5e:28:7e:74:15:64:
                    37:30:bd:0f:9a:15:87:87:67:c3:cd:52:63:fc:bf:
                    a6:fa:e1:7e:d6:e3:dc:86:60:b0:e3:3b:93:c0:c4:
                    f6:84:33:b8:73:60:7c:f3:0a:62:b0:fd:ff:5b:b0:
                    59:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:90:E0:2B:42:A7:5C:DD:67:50:FC:04:1E:B3:5B:DB:D3:5E:9D:79
            X509v3 Authority Key Identifier:
                keyid:5D:34:DD:BF:7D:CA:B1:0C:BF:68:22:97:92:1E:B5:81:2D:90:50:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTTdv33KsQy_aCKXkh61gS2QUHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1970d-9f7e-4c4a-8b04-5cee6d5f1a12/1/S5DgK0KnXN1nUPwEHrNb29NenXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1970d-9f7e-4c4a-8b04-5cee6d5f1a12/1/XTTdv33KsQy_aCKXkh61gS2QUHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.235.0/24
                  195.42.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:f1:68:cb:17:7d:04:36:67:83:02:4d:06:de:4d:c1:a3:6d:
         c8:e6:f4:5d:14:95:59:f8:5d:96:94:24:50:88:2b:6b:9b:47:
         19:21:50:db:1b:7c:28:54:c3:69:d6:9e:33:8f:f4:12:35:c2:
         26:f3:25:c1:8e:66:92:9f:c1:89:9c:2b:f9:bf:31:ed:5a:87:
         0b:c3:14:91:bd:86:e4:9e:df:47:37:ce:2e:76:5b:3d:92:03:
         9c:af:a7:7f:86:06:56:cf:df:6d:6f:88:82:28:6f:b4:bf:e9:
         0e:45:8a:f3:2b:92:51:8e:4e:81:78:02:59:4b:26:a0:6f:60:
         67:2f:f8:98:94:54:f0:e1:60:a3:56:c7:3f:66:16:dc:db:ea:
         7e:0d:70:aa:29:e8:13:2e:f9:45:8f:e8:81:1e:e5:e3:b2:d5:
         c1:11:cf:a5:07:8e:84:1e:d8:3e:1a:0f:82:db:cb:6a:22:63:
         42:63:09:3b:ec:72:de:5f:bb:c4:8d:25:26:83:2d:14:d7:1d:
         b2:ac:3b:25:fa:02:bb:4a:4c:94:e3:84:73:52:12:f9:0f:e9:
         58:da:69:ac:ba:fe:45:f5:3d:76:0f:07:6c:2b:7b:0b:bb:8d:
         16:bb:4c:13:2f:c6:bb:b7:b6:79:78:d4:36:de:f1:da:f5:4b:
         35:15:9f:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6ox+klfcNEVVkblrF4vnlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzRkZGJmN2RjYWIxMGNiZjY4MjI5NzkyMWViNTgxMmQ5
MDUwNzEwHhcNMjQwNDA0MTEwNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjkwZTAyYjQyYTc1Y2RkNjc1MGZjMDQxZWIzNWJkYmQzNWU5ZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzeSmoDu+n2VXM1jiamWntg7NPwC
5qBAvA9+5AXPzGhQ4mBD2VdkXysylKCxwpjl/b+b3w78fqLJ+3BZiTsD3OZlM8R2
4vVT45+9xTPaoQHRV7ZnCR76wKtQo6nCrbEpd8pmjcXGasm68bWaDkq/ub0oeMyB
H7WKUBS8/gStekMxtPJq1Fo3AAoZwVlKBeGzukOJ58RwIP+mOPdkF2fD68G4b/da
i/VFv0NXtsFJ0buX/poXe60r3tdiUMpq/F/dyECBrvebIx9kLG9eKH50FWQ3ML0P
mhWHh2fDzVJj/L+m+uF+1uPchmCw4zuTwMT2hDO4c2B88wpisP3/W7BZfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEuQ4CtCp1zdZ1D8BB6zW9vTXp15MB8GA1UdIwQY
MBaAFF003b99yrEMv2gil5IetYEtkFBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRUZHYzM0tzUXlfYUNLWGtoNjFnUzJRVUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMTk3MGQtOWY3ZS00YzRhLThiMDQt
NWNlZTZkNWYxYTEyLzEvUzVEZ0swS25YTjFuVVB3RUhyTmIyOU5lblhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMTk3MGQtOWY3ZS00YzRhLThiMDQtNWNlZTZkNWYxYTEy
LzEvWFRUZHYzM0tzUXlfYUNLWGtoNjFnUzJRVUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwqnrAwQB
wyqKMA0GCSqGSIb3DQEBCwUAA4IBAQAg8WjLF30ENmeDAk0G3k3Bo23I5vRdFJVZ
+F2WlCRQiCtrm0cZIVDbG3woVMNp1p4zj/QSNcIm8yXBjmaSn8GJnCv5vzHtWocL
wxSRvYbknt9HN84udls9kgOcr6d/hgZWz99tb4iCKG+0v+kORYrzK5JRjk6BeAJZ
Syagb2BnL/iYlFTw4WCjVsc/Zhbc2+p+DXCqKegTLvlFj+iBHuXjstXBEc+lB46E
Htg+Gg+C28tqImNCYwk77HLeX7vEjSUmgy0U1x2yrDsl+gK7SkyU44RzUhL5D+lY
2mmsuv5F9T12DwdsK3sLu40Wu0wTL8a7t7Z5eNQ23vHa9Us1FZ8L
-----END CERTIFICATE-----