Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-5eUrXFS-mBvBFAzMBYr7thfm9g.roa
File:                     1-5eUrXFS-mBvBFAzMBYr7thfm9g.roa (raw, json)
Hash identifier:          RJYu6dco2QdzYib1CpLJ1XzU7TkYn7kM5vZDgj+Qfq4=
Subject key identifier:   FB:97:94:AD:71:52:FA:60:6F:04:50:33:30:16:2B:EE:D8:5F:9B:D8
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019427B67D12AB2295A9ACB9086C3DCE2261
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-5eUrXFS-mBvBFAzMBYr7thfm9g.roa
Signing time:             Thu 02 Jan 2025 15:50:58 +0000
ROA not before:           Thu 02 Jan 2025 15:50:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15897
IP address blocks:        2.18.4.0/22 maxlen: 22
                          2.22.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:7d:12:ab:22:95:a9:ac:b9:08:6c:3d:ce:22:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 15:50:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb9794ad7152fa606f04503330162beed85f9bd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a6:7d:9e:ea:1e:d2:e6:75:72:64:20:e5:e9:
                    17:f2:c5:ac:3a:55:1b:47:c5:51:d3:b5:56:c5:80:
                    ab:a4:c0:bd:d4:d3:d5:ff:28:81:11:49:e9:3a:ae:
                    8e:4d:c0:9d:0b:f7:87:3a:35:86:e4:30:0a:af:af:
                    d7:45:cf:cd:38:47:53:cb:b2:f6:ed:4f:a3:be:81:
                    80:ae:2d:43:a8:3e:50:e7:37:a5:a6:77:04:45:cd:
                    e1:df:c0:d9:e5:1b:7b:aa:c2:e8:74:62:88:b4:ad:
                    18:e7:23:99:5f:de:6e:83:bc:20:2a:ec:bf:cf:d5:
                    c5:33:88:2b:c1:c0:0d:18:3c:01:89:9e:db:04:65:
                    3f:6d:a6:50:2a:b6:5f:3c:e6:2c:48:7b:2b:29:2e:
                    33:4a:49:d8:9f:e4:c1:dd:ff:59:e6:da:43:8e:da:
                    f8:55:3c:04:bc:9b:20:4d:ea:16:77:88:11:43:e2:
                    e7:ee:d3:9d:1d:7c:f5:86:52:e9:30:38:f4:1d:52:
                    6d:73:7c:44:35:e3:c4:91:f5:eb:85:1e:48:d4:e5:
                    08:27:37:79:17:d4:c7:79:1a:49:f9:5e:45:72:bd:
                    37:f6:ba:20:75:20:97:3d:f4:f5:4e:2e:57:d7:ed:
                    32:05:44:b8:41:76:7f:36:d1:5e:f5:92:76:e3:b6:
                    4e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:97:94:AD:71:52:FA:60:6F:04:50:33:30:16:2B:EE:D8:5F:9B:D8
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-5eUrXFS-mBvBFAzMBYr7thfm9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.18.4.0/22
                  2.22.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:1c:38:59:95:4c:6c:e8:ad:42:87:89:18:88:0b:d1:52:da:
         3e:1a:c7:c7:66:18:c4:0a:f0:f6:4b:41:18:75:a7:46:52:35:
         a9:27:17:bb:05:9c:b5:3f:f6:57:6f:a7:23:b3:30:b8:f6:8a:
         25:1f:e4:9b:f9:b6:98:30:f2:fd:cf:81:10:dd:35:46:76:4a:
         e7:f5:71:52:7c:2e:43:f9:fb:1b:c4:8a:13:ab:6e:90:52:48:
         ff:b0:d9:d3:ba:79:39:99:52:4a:63:c3:f4:a4:c1:3a:09:81:
         1f:81:b7:6e:2e:88:f7:b4:3c:5c:54:fa:89:15:fd:db:a7:04:
         55:37:05:e5:92:ec:ab:e1:70:1a:cb:16:dc:8d:36:6a:12:46:
         b6:0f:26:8c:38:77:d3:57:6a:8f:ea:7d:e5:75:36:41:90:92:
         95:ce:d1:be:6d:74:39:f7:62:91:6d:4c:ef:06:88:76:cd:ce:
         3a:51:7d:82:19:7e:f6:83:5f:95:85:42:4f:7e:27:43:bd:e3:
         87:43:38:f5:d0:59:31:92:0f:a8:e7:23:a7:04:3c:fd:35:57:
         e9:12:ca:0a:ed:70:1f:ab:49:7d:16:c2:b7:ef:b3:55:ea:c9:
         9b:74:c6:22:07:44:9b:4c:ec:c5:19:db:77:75:62:ae:b2:42:
         16:0e:93:80
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQntn0SqyKVqay5CGw9ziJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjk3OTRhZDcxNTJmYTYwNmYwNDUwMzMzMDE2MmJlZWQ4NWY5YmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqZ9nuoe0uZ1cmQg5ekX8sWsOlUb
R8VR07VWxYCrpMC91NPV/yiBEUnpOq6OTcCdC/eHOjWG5DAKr6/XRc/NOEdTy7L2
7U+jvoGAri1DqD5Q5zelpncERc3h38DZ5Rt7qsLodGKItK0Y5yOZX95ug7wgKuy/
z9XFM4grwcANGDwBiZ7bBGU/baZQKrZfPOYsSHsrKS4zSknYn+TB3f9Z5tpDjtr4
VTwEvJsgTeoWd4gRQ+Ln7tOdHXz1hlLpMDj0HVJtc3xENePEkfXrhR5I1OUIJzd5
F9THeRpJ+V5Fcr039rogdSCXPfT1Ti5X1+0yBUS4QXZ/NtFe9ZJ247ZOPwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPuXlK1xUvpgbwRQMzAWK+7YX5vYMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvMS01ZVVyWEZTLW1CdkJGQXpNQllyN3RoZm05Zy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzAvMDQyMTg4LWRmYjYtNGFkNC05MWE0LTg4ZDFjYWM5ZTRm
MS8xL2ExX0x2cVNKTjZSQ3VyMnpNQ0V5eEx5YjFxby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAgISBAME
AgIWqDANBgkqhkiG9w0BAQsFAAOCAQEAIxw4WZVMbOitQoeJGIgL0VLaPhrHx2YY
xArw9ktBGHWnRlI1qScXuwWctT/2V2+nI7MwuPaKJR/km/m2mDDy/c+BEN01RnZK
5/VxUnwuQ/n7G8SKE6tukFJI/7DZ07p5OZlSSmPD9KTBOgmBH4G3bi6I97Q8XFT6
iRX926cEVTcF5ZLsq+FwGssW3I02ahJGtg8mjDh301dqj+p95XU2QZCSlc7Rvm10
OfdikW1M7waIds3OOlF9ghl+9oNflYVCT34nQ73jh0M49dBZMZIPqOcjpwQ8/TVX
6RLKCu1wH6tJfRbCt++zVerJm3TGIgdEm0zsxRnbd3VirrJCFg6TgA==
-----END CERTIFICATE-----