Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/ys5vmqUy51MsJ0ygo_iK-V09VLk.roa
File:                     ys5vmqUy51MsJ0ygo_iK-V09VLk.roa (raw, json)
Hash identifier:          0bEBsx5vAAoh9m1hQ5TVct9tCZkHxHVWgyiCpF/cLSU=
Subject key identifier:   CA:CE:6F:9A:A5:32:E7:53:2C:27:4C:A0:A3:F8:8A:F9:5D:3D:54:B9
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       019427B3D915067D51DA334396D2AD53C504
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/ys5vmqUy51MsJ0ygo_iK-V09VLk.roa
Signing time:             Thu 02 Jan 2025 15:48:05 +0000
ROA not before:           Thu 02 Jan 2025 15:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        57.190.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:d9:15:06:7d:51:da:33:43:96:d2:ad:53:c5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 15:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cace6f9aa532e7532c274ca0a3f88af95d3d54b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:41:d6:56:f4:c1:11:6b:9b:b0:c1:71:ce:ba:
                    39:34:40:10:86:48:67:b5:1b:32:c5:cc:4a:03:6e:
                    e0:16:10:d8:eb:06:da:4e:31:75:ed:1e:16:84:63:
                    26:53:29:16:47:52:22:40:60:29:bc:2f:f1:05:b0:
                    c1:0c:98:d2:0d:a5:64:ba:12:5f:53:1f:a7:1b:df:
                    73:6c:4c:4f:95:e2:8d:5f:44:3c:bd:ec:d9:ab:0c:
                    98:b3:ee:f9:af:11:3c:d4:87:4f:05:04:42:e1:a2:
                    ab:7b:a9:51:e0:e0:25:c5:e1:b1:71:44:77:62:38:
                    3a:8d:9a:61:43:fb:ed:f5:a1:13:f0:a1:66:7c:72:
                    13:f0:22:5c:c6:be:14:58:59:2a:fe:84:04:b0:91:
                    4e:33:97:d6:fb:b5:6d:32:ed:39:2b:14:72:4c:91:
                    05:a1:cc:9b:c9:bf:a4:e9:9b:f4:25:3d:24:9b:8b:
                    21:d6:b4:42:86:e2:fb:96:bb:c2:3e:5b:4b:85:54:
                    b3:f5:11:bb:b8:59:9b:b4:11:d0:1e:a7:26:07:61:
                    a9:9a:fd:19:3e:46:c6:95:0a:93:a9:e8:92:39:43:
                    2a:e3:5b:48:38:8c:1c:c8:e1:7e:bc:9f:24:d3:ba:
                    04:2c:58:92:44:e2:64:b7:60:b1:a2:2b:2d:4a:40:
                    f9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CE:6F:9A:A5:32:E7:53:2C:27:4C:A0:A3:F8:8A:F9:5D:3D:54:B9
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/ys5vmqUy51MsJ0ygo_iK-V09VLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.190.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:52:ab:9d:be:f2:b9:09:ba:24:bf:32:60:1d:26:b5:3e:bd:
         4a:35:70:63:55:9e:69:50:2e:a4:80:d6:ce:1d:3a:f0:eb:ab:
         d7:fb:fa:21:44:4d:44:eb:ef:80:2d:25:62:9d:30:61:44:04:
         44:32:88:06:1f:cd:95:7d:87:de:85:c7:b0:75:56:b2:ca:8c:
         e3:42:e7:31:cd:eb:17:4d:d3:67:75:c8:6b:de:aa:bf:81:89:
         c5:80:79:42:13:d7:50:cb:39:fb:05:39:31:22:3c:d6:1b:87:
         ac:ef:1c:35:26:bd:2b:01:ef:17:8f:67:c2:e2:f0:2e:03:f2:
         95:e7:e3:01:1e:9b:f7:a1:17:cf:34:ce:2d:26:23:98:76:45:
         67:52:21:fb:3c:ab:57:42:ad:50:eb:a4:eb:43:67:99:9d:4e:
         31:37:82:51:90:40:67:b1:0b:df:70:77:c3:2a:34:f6:99:9b:
         34:3a:cc:ba:77:bc:81:7a:9a:a0:26:80:de:21:94:76:c5:cb:
         d4:52:5e:be:bc:c7:6d:78:2c:a3:02:9e:bd:aa:d0:b4:fd:4c:
         a2:b8:3a:cd:43:bf:a9:6e:93:fd:6e:5c:72:72:ae:95:45:ae:
         a6:d2:6f:99:45:17:83:59:6d:31:a7:41:5f:fc:72:bf:99:73:
         b5:ec:41:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns9kVBn1R2jNDltKtU8UEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjUwMTAyMTU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWNlNmY5YWE1MzJlNzUzMmMyNzRjYTBhM2Y4OGFmOTVkM2Q1NGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEHWVvTBEWubsMFxzro5NEAQhkhn
tRsyxcxKA27gFhDY6wbaTjF17R4WhGMmUykWR1IiQGApvC/xBbDBDJjSDaVkuhJf
Ux+nG99zbExPleKNX0Q8vezZqwyYs+75rxE81IdPBQRC4aKre6lR4OAlxeGxcUR3
Yjg6jZphQ/vt9aET8KFmfHIT8CJcxr4UWFkq/oQEsJFOM5fW+7VtMu05KxRyTJEF
ocybyb+k6Zv0JT0km4sh1rRChuL7lrvCPltLhVSz9RG7uFmbtBHQHqcmB2Gpmv0Z
PkbGlQqTqeiSOUMq41tIOIwcyOF+vJ8k07oELFiSROJkt2CxoistSkD5awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrOb5qlMudTLCdMoKP4ivldPVS5MB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEveXM1dm1xVXk1MU1zSjB5Z29faUstVjA5VkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAOb48MA0G
CSqGSIb3DQEBCwUAA4IBAQADUqudvvK5CbokvzJgHSa1Pr1KNXBjVZ5pUC6kgNbO
HTrw66vX+/ohRE1E6++ALSVinTBhRAREMogGH82VfYfehcewdVayyozjQucxzesX
TdNndchr3qq/gYnFgHlCE9dQyzn7BTkxIjzWG4es7xw1Jr0rAe8Xj2fC4vAuA/KV
5+MBHpv3oRfPNM4tJiOYdkVnUiH7PKtXQq1Q66TrQ2eZnU4xN4JRkEBnsQvfcHfD
KjT2mZs0Osy6d7yBepqgJoDeIZR2xcvUUl6+vMdteCyjAp69qtC0/UyiuDrNQ7+p
bpP9blxycq6VRa6m0m+ZRReDWW0xp0Ff/HK/mXO17EEo
-----END CERTIFICATE-----