Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/ktEa_Sl89FzQVyDKTCAXy7nVLHM.roa
File:                     ktEa_Sl89FzQVyDKTCAXy7nVLHM.roa (raw, json)
Hash identifier:          y31J/WPUlET+OKiFizijwzUzZh3eiSsVYiadH0ZjDXM=
Subject key identifier:   92:D1:1A:FD:29:7C:F4:5C:D0:57:20:CA:4C:20:17:CB:B9:D5:2C:73
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EE157BB9CCE9F95E150200264EC1D1F06
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/ktEa_Sl89FzQVyDKTCAXy7nVLHM.roa
Signing time:             Mon 15 Apr 2024 10:40:06 +0000
ROA not before:           Mon 15 Apr 2024 10:40:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34168
IP address blocks:        84.53.192.0/18 maxlen: 18
                          2a02:960::/32 maxlen: 32
                          2a02:960:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:57:bb:9c:ce:9f:95:e1:50:20:02:64:ec:1d:1f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 15 10:40:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92d11afd297cf45cd05720ca4c2017cbb9d52c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7c:b8:ec:c5:75:95:d3:3a:ac:59:54:a6:dd:
                    b1:bd:9a:15:eb:63:bf:73:29:42:5d:09:17:e9:75:
                    fd:26:66:2e:d2:f5:f6:6f:77:d6:ab:fc:1c:d7:45:
                    58:78:aa:e4:84:50:a3:ae:32:9f:c0:50:4c:d7:ea:
                    a2:50:4b:04:f0:16:94:17:73:18:79:a9:26:69:60:
                    b0:3a:f7:ed:09:4a:c3:e8:9d:83:cd:3e:2b:99:be:
                    f2:5f:79:73:ca:69:d7:20:ca:ba:65:f3:51:d1:b5:
                    73:9b:cf:32:1c:a0:03:cb:8b:91:3c:06:b4:2d:7d:
                    ef:35:60:6b:90:00:63:b4:97:6c:92:d9:55:04:7a:
                    87:98:b3:ee:f6:6d:eb:15:52:27:b4:26:af:85:da:
                    11:e9:2a:05:89:f9:85:4a:8a:93:00:1e:df:eb:f8:
                    65:3a:01:4b:c3:14:c2:58:a3:49:e0:ae:85:de:a9:
                    e8:17:03:6f:38:fe:d3:66:31:27:7a:3e:bc:6a:8c:
                    b6:7c:53:95:bc:91:01:18:5d:2e:fc:95:5a:20:86:
                    4f:16:c1:04:95:98:10:01:a7:69:25:b5:83:a8:e7:
                    b2:bd:0d:71:db:1e:90:bd:13:96:75:01:7d:c2:6c:
                    10:05:00:81:0a:4f:5a:84:bc:12:45:48:7b:f8:fa:
                    ef:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D1:1A:FD:29:7C:F4:5C:D0:57:20:CA:4C:20:17:CB:B9:D5:2C:73
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/ktEa_Sl89FzQVyDKTCAXy7nVLHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.53.192.0/18
                IPv6:
                  2a02:960::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:ef:4b:d6:11:05:df:74:3f:44:c4:b6:20:77:c3:9c:11:51:
         dd:8e:c3:0d:cc:5f:fc:3f:e1:be:d8:6e:8f:6f:34:9c:16:67:
         b3:f3:a1:17:8c:00:37:16:25:4e:1b:13:0a:51:03:31:a1:a8:
         ce:e4:3a:cf:d1:98:57:d2:0c:60:4b:ae:bd:28:b7:dc:0e:a7:
         ff:c9:80:ea:22:0a:d7:72:8c:8b:63:fd:98:fd:83:f4:34:5d:
         d6:49:07:4f:eb:ef:c1:65:32:26:d1:b8:46:b9:94:79:87:d0:
         71:7f:a2:03:72:4e:f1:10:7c:d0:8a:a9:b3:69:5d:3b:64:ad:
         3a:62:28:f0:fc:b2:73:f3:c9:f8:87:f3:7d:cf:82:41:c3:0f:
         db:8e:a2:3d:38:05:9b:3f:7a:43:30:fe:45:c0:27:1f:eb:c3:
         bb:a2:01:e4:2c:59:c7:79:07:25:73:13:56:a1:f1:3d:b1:3f:
         60:d6:1a:3b:d9:7d:39:37:b6:98:28:f0:97:53:b2:b9:27:16:
         c1:86:eb:46:e4:24:1e:21:03:36:c8:b0:de:8a:9d:73:7a:99:
         ab:fa:ec:b4:60:df:32:97:98:77:4c:6f:8b:d3:d6:bd:08:b0:
         1b:f4:60:a2:83:9d:78:6c:d9:41:d7:0b:8b:79:2e:68:5a:ea:
         98:bf:28:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7hV7uczp+V4VAgAmTsHR8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDE1MTA0MDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQxMWFmZDI5N2NmNDVjZDA1NzIwY2E0YzIwMTdjYmI5ZDUyYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Hy47MV1ldM6rFlUpt2xvZoV62O/
cylCXQkX6XX9JmYu0vX2b3fWq/wc10VYeKrkhFCjrjKfwFBM1+qiUEsE8BaUF3MY
eakmaWCwOvftCUrD6J2DzT4rmb7yX3lzymnXIMq6ZfNR0bVzm88yHKADy4uRPAa0
LX3vNWBrkABjtJdsktlVBHqHmLPu9m3rFVIntCavhdoR6SoFifmFSoqTAB7f6/hl
OgFLwxTCWKNJ4K6F3qnoFwNvOP7TZjEnej68aoy2fFOVvJEBGF0u/JVaIIZPFsEE
lZgQAadpJbWDqOeyvQ1x2x6QvROWdQF9wmwQBQCBCk9ahLwSRUh7+PrvLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJLRGv0pfPRc0FcgykwgF8u51SxzMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEva3RFYV9TbDg5RnpRVnlES1RDQVh5N25WTEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGVDXAMA0E
AgACMAcDBQAqAglgMA0GCSqGSIb3DQEBCwUAA4IBAQBn70vWEQXfdD9ExLYgd8Oc
EVHdjsMNzF/8P+G+2G6PbzScFmez86EXjAA3FiVOGxMKUQMxoajO5DrP0ZhX0gxg
S669KLfcDqf/yYDqIgrXcoyLY/2Y/YP0NF3WSQdP6+/BZTIm0bhGuZR5h9Bxf6ID
ck7xEHzQiqmzaV07ZK06Yijw/LJz88n4h/N9z4JBww/bjqI9OAWbP3pDMP5FwCcf
68O7ogHkLFnHeQclcxNWofE9sT9g1ho72X05N7aYKPCXU7K5JxbBhutG5CQeIQM2
yLDeip1zepmr+uy0YN8yl5h3TG+L09a9CLAb9GCig514bNlB1wuLeS5oWuqYvyhT
-----END CERTIFICATE-----