Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/_uVsRpc94dx_TzwURmJT-QsnP78.roa
File:                     _uVsRpc94dx_TzwURmJT-QsnP78.roa (raw, json)
Hash identifier:          b9tjdq7/bNvXP15ojhfo78QMlZ5SewjpGU1jAUczPfg=
Subject key identifier:   FE:E5:6C:46:97:3D:E1:DC:7F:4F:3C:14:46:62:53:F9:0B:27:3F:BF
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018F0A86FB2EC6AAF7010941952D9DA4F6F3
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/_uVsRpc94dx_TzwURmJT-QsnP78.roa
Signing time:             Tue 23 Apr 2024 10:36:09 +0000
ROA not before:           Tue 23 Apr 2024 10:36:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39374
IP address blocks:        46.237.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:86:fb:2e:c6:aa:f7:01:09:41:95:2d:9d:a4:f6:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 23 10:36:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fee56c46973de1dc7f4f3c14466253f90b273fbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c1:ea:45:f9:35:c8:54:44:13:61:8d:d2:05:
                    b1:3f:27:61:93:26:20:ab:96:f1:c0:b1:0b:3d:55:
                    55:fe:06:d9:8d:25:49:b0:87:f9:4c:e0:1e:3e:c7:
                    2c:a6:28:71:37:70:c5:b9:27:77:5c:de:29:31:dc:
                    90:31:56:0f:ad:24:ff:e5:95:62:0e:93:e8:5d:f0:
                    26:e5:87:c4:b1:c8:91:53:7a:27:e0:e9:27:13:3e:
                    2f:3d:27:67:fa:a3:c0:9b:85:ec:9b:da:99:2c:1b:
                    0a:81:47:ea:54:5f:ee:b8:f9:54:c0:a9:9a:9b:c9:
                    66:a5:14:1a:03:98:10:0c:04:27:91:88:ac:13:1a:
                    be:08:22:dc:ce:6f:29:7d:78:c8:83:e3:10:e9:3d:
                    30:ba:5c:66:2b:ac:c8:be:3d:da:3e:ee:be:4c:c5:
                    96:46:2f:42:93:20:bb:07:2f:2a:fa:bf:61:98:c7:
                    f8:2a:9b:18:c0:29:0d:1c:d1:d7:1c:df:2d:0e:78:
                    49:f2:fb:ec:11:19:ea:86:c3:b7:06:3f:10:61:1f:
                    81:d7:ca:16:21:81:a2:89:e3:66:0b:34:16:53:26:
                    65:e3:9a:5e:30:28:27:00:b2:ef:72:5b:3d:37:5b:
                    51:33:3a:c5:19:cc:17:cf:73:8c:77:34:5b:b5:c7:
                    fd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E5:6C:46:97:3D:E1:DC:7F:4F:3C:14:46:62:53:F9:0B:27:3F:BF
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/_uVsRpc94dx_TzwURmJT-QsnP78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.237.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:6c:8b:9d:31:a0:c3:c8:8d:3b:53:f5:1c:0d:e2:22:d9:ad:
         7f:fc:a8:8f:8d:41:c2:01:bd:3d:5e:d4:e5:d9:2b:cb:e6:f6:
         bf:cd:61:9f:c9:5b:00:c2:ab:96:e7:20:81:65:6a:50:2a:a8:
         da:59:31:b5:1d:58:a7:8d:15:41:1d:75:27:07:02:b3:c7:15:
         4a:5f:ea:19:0d:fe:48:b1:4a:11:ce:27:ad:3b:f4:63:e5:39:
         27:e5:b7:60:35:d6:cb:a0:e6:c3:3a:b7:e7:96:18:4a:6e:da:
         65:99:53:ce:b4:91:6d:e7:51:c9:19:48:ef:29:c0:39:6e:20:
         65:fa:af:06:1a:93:2e:f2:bf:c8:68:c9:f4:47:15:20:58:fb:
         c3:f9:b6:e5:85:1f:b8:81:97:c5:10:1e:f6:79:a8:e1:58:e5:
         f2:5b:f3:a9:82:61:07:1f:69:36:2e:dd:72:33:4e:3e:35:ef:
         aa:9f:fc:e0:4b:70:d8:31:59:65:c7:f3:5c:eb:f8:e5:5c:30:
         e1:9a:e1:d4:f9:70:67:31:15:37:4c:34:d2:38:d2:a2:4a:21:
         9c:03:b4:de:f9:08:e6:37:ba:7c:4f:d4:e9:32:9a:16:95:e6:
         c0:ba:0d:3c:f7:5e:60:fe:59:b8:ed:fd:d3:e9:c6:8e:4f:56:
         e7:3f:c0:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Khvsuxqr3AQlBlS2dpPbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDIzMTAzNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWU1NmM0Njk3M2RlMWRjN2Y0ZjNjMTQ0NjYyNTNmOTBiMjczZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsHqRfk1yFREE2GN0gWxPydhkyYg
q5bxwLELPVVV/gbZjSVJsIf5TOAePscspihxN3DFuSd3XN4pMdyQMVYPrST/5ZVi
DpPoXfAm5YfEsciRU3on4OknEz4vPSdn+qPAm4Xsm9qZLBsKgUfqVF/uuPlUwKma
m8lmpRQaA5gQDAQnkYisExq+CCLczm8pfXjIg+MQ6T0wulxmK6zIvj3aPu6+TMWW
Ri9CkyC7By8q+r9hmMf4KpsYwCkNHNHXHN8tDnhJ8vvsERnqhsO3Bj8QYR+B18oW
IYGiieNmCzQWUyZl45peMCgnALLvcls9N1tRMzrFGcwXz3OMdzRbtcf9vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7lbEaXPeHcf088FEZiU/kLJz+/MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvX3VWc1JwYzk0ZHhfVHp3VVJtSlQtUXNuUDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLu0sMA0G
CSqGSIb3DQEBCwUAA4IBAQB0bIudMaDDyI07U/UcDeIi2a1//KiPjUHCAb09XtTl
2SvL5va/zWGfyVsAwquW5yCBZWpQKqjaWTG1HVinjRVBHXUnBwKzxxVKX+oZDf5I
sUoRzietO/Rj5Tkn5bdgNdbLoObDOrfnlhhKbtplmVPOtJFt51HJGUjvKcA5biBl
+q8GGpMu8r/IaMn0RxUgWPvD+bblhR+4gZfFEB72eajhWOXyW/OpgmEHH2k2Lt1y
M04+Ne+qn/zgS3DYMVllx/Nc6/jlXDDhmuHU+XBnMRU3TDTSONKiSiGcA7Te+Qjm
N7p8T9TpMpoWlebAug08915g/lm47f3T6caOT1bnP8DF
-----END CERTIFICATE-----