Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/N5sCKXaV9sj5eBS6nRLIOx8QTrs.roa
File:                     N5sCKXaV9sj5eBS6nRLIOx8QTrs.roa (raw, json)
Hash identifier:          Ec4e7B0vKDykNqfifGngau71+NHSMaEvP84oTeQbKaM=
Subject key identifier:   37:9B:02:29:76:95:F6:C8:F9:78:14:BA:9D:12:C8:3B:1F:10:4E:BB
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       018CC64ADD1BA356A2B9FCC7961B97946C02
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/N5sCKXaV9sj5eBS6nRLIOx8QTrs.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22604
IP address blocks:        157.23.224.0/20 maxlen: 24
                          2a0e:bbc0:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:1b:a3:56:a2:b9:fc:c7:96:1b:97:94:6c:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=379b02297695f6c8f97814ba9d12c83b1f104ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:91:b7:fe:06:fc:34:e8:21:6f:e6:e8:cb:b0:
                    4b:c0:3e:b5:5b:2f:a9:2e:e3:b8:c1:43:d7:f3:cd:
                    c2:fb:57:0b:51:74:be:1f:3e:be:35:c8:f1:6e:44:
                    ee:b2:07:dd:3c:e4:62:e1:bc:55:9e:d0:72:34:40:
                    9d:90:76:f0:c6:57:96:44:18:d2:0c:7a:fe:b3:f5:
                    a3:ec:c4:ca:06:00:aa:43:be:0f:4a:e4:46:70:a3:
                    a5:e4:e5:ff:ac:24:da:6c:35:0d:33:bf:22:90:31:
                    54:2c:78:b6:04:7a:0d:77:18:b0:03:93:f7:11:47:
                    0a:f4:36:64:da:9e:4a:e0:1c:6b:c9:53:10:2d:c8:
                    bf:cb:9c:6f:0b:3f:2b:59:7e:ab:c4:0a:c7:a5:43:
                    88:70:30:27:fa:46:74:ae:18:4d:6c:41:42:56:21:
                    c9:d8:c7:68:68:fb:4b:15:3e:34:da:b2:18:38:c7:
                    a7:b9:32:f6:10:01:10:94:7b:a3:07:92:88:f9:29:
                    44:b0:3b:50:c7:b3:8d:31:59:63:ab:b9:a1:7e:c5:
                    d0:49:06:ab:a8:e7:0e:d9:e1:aa:5e:8a:70:99:19:
                    bd:20:f5:33:2c:ac:95:79:f3:8b:9c:2f:9a:96:38:
                    ad:5e:07:7e:e9:61:fc:aa:f5:1f:2a:a3:4a:bf:1c:
                    50:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:9B:02:29:76:95:F6:C8:F9:78:14:BA:9D:12:C8:3B:1F:10:4E:BB
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/N5sCKXaV9sj5eBS6nRLIOx8QTrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.224.0/20
                IPv6:
                  2a0e:bbc0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:59:29:8d:f8:0d:1c:3c:30:11:42:d1:a8:b1:df:d0:e5:88:
         55:37:c3:2d:5b:ca:96:08:16:7f:81:e6:d9:c8:22:85:04:58:
         6b:a4:a3:f5:e0:7f:5f:bd:ba:f2:3b:07:51:d8:c1:fe:62:3c:
         cb:f2:47:b8:f1:8f:09:c0:0c:0c:11:3a:f6:f3:cf:a5:4f:ca:
         c3:3e:30:58:a6:75:90:30:8f:58:e7:f4:3a:2e:3d:83:29:dd:
         25:f9:e6:90:48:d0:98:6b:35:d6:16:8b:05:b9:2e:41:17:99:
         2a:e4:cf:2b:3e:70:ca:75:1c:d6:7b:70:43:78:5a:b3:f9:c3:
         29:11:14:f0:1d:d2:0a:39:bd:4d:32:1c:2c:47:75:eb:f0:08:
         58:e7:20:27:c2:35:29:fa:9e:7b:bd:1a:cb:2b:ac:0b:b1:07:
         13:dd:13:98:da:b8:67:22:bb:fe:b6:16:5b:a2:7e:cc:3d:d9:
         16:b0:bf:4e:f1:f6:0c:53:a3:b0:a1:30:56:55:fd:cc:46:aa:
         11:e2:1f:f0:71:7c:6c:7c:d8:4b:3e:0c:cf:3d:79:ed:aa:5e:
         85:0b:a0:bd:c8:fa:3b:6c:42:21:eb:c2:f5:1b:23:cc:cf:55:
         38:07:f6:9f:f2:f2:04:f9:bb:f5:69:29:73:c7:e7:97:7b:6f:
         03:7b:02:a8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGSt0bo1aiufzHlhuXlGwCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzliMDIyOTc2OTVmNmM4Zjk3ODE0YmE5ZDEyYzgzYjFmMTA0ZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJG3/gb8NOghb+boy7BLwD61Wy+p
LuO4wUPX883C+1cLUXS+Hz6+NcjxbkTusgfdPORi4bxVntByNECdkHbwxleWRBjS
DHr+s/Wj7MTKBgCqQ74PSuRGcKOl5OX/rCTabDUNM78ikDFULHi2BHoNdxiwA5P3
EUcK9DZk2p5K4BxryVMQLci/y5xvCz8rWX6rxArHpUOIcDAn+kZ0rhhNbEFCViHJ
2MdoaPtLFT402rIYOMenuTL2EAEQlHujB5KI+SlEsDtQx7ONMVljq7mhfsXQSQar
qOcO2eGqXopwmRm9IPUzLKyVefOLnC+aljitXgd+6WH8qvUfKqNKvxxQjwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDebAil2lfbI+XgUup0SyDsfEE67MB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvTjVzQ0tYYVY5c2o1ZUJTNm5STElPeDhRVHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQEnRfgMA4E
AgACMAgDBgAqDrvAgDANBgkqhkiG9w0BAQsFAAOCAQEAf1kpjfgNHDwwEULRqLHf
0OWIVTfDLVvKlggWf4Hm2cgihQRYa6Sj9eB/X7268jsHUdjB/mI8y/JHuPGPCcAM
DBE69vPPpU/Kwz4wWKZ1kDCPWOf0Oi49gyndJfnmkEjQmGs11haLBbkuQReZKuTP
Kz5wynUc1ntwQ3has/nDKREU8B3SCjm9TTIcLEd16/AIWOcgJ8I1Kfqee70ayyus
C7EHE90TmNq4ZyK7/rYWW6J+zD3ZFrC/TvH2DFOjsKEwVlX9zEaqEeIf8HF8bHzY
Sz4Mzz157apehQugvcj6O2xCIevC9RsjzM9VOAf2n/LyBPm79Wkpc8fnl3tvA3sC
qA==
-----END CERTIFICATE-----