Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/5vgRN93Ikx6vDyOuxjecwfDMpQo.roa
File:                     5vgRN93Ikx6vDyOuxjecwfDMpQo.roa (raw, json)
Hash identifier:          Nm0/LoBBPkWnuWn59UFBPJeNenuNXFQpk38gCTpN7ng=
Subject key identifier:   E6:F8:11:37:DD:C8:93:1E:AF:0F:23:AE:C6:37:9C:C1:F0:CC:A5:0A
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       019424B3EE3C099AF509A665C2614E081555
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/5vgRN93Ikx6vDyOuxjecwfDMpQo.roa
Signing time:             Thu 02 Jan 2025 01:49:19 +0000
ROA not before:           Thu 02 Jan 2025 01:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212271
IP address blocks:        152.89.168.0/24 maxlen: 24
                          152.89.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ee:3c:09:9a:f5:09:a6:65:c2:61:4e:08:15:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 01:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6f81137ddc8931eaf0f23aec6379cc1f0cca50a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:db:4e:cd:4d:fa:b2:cd:27:ec:43:0d:a0:b6:
                    96:ea:10:cb:ef:4c:73:93:c8:4a:e6:c7:d8:ce:b1:
                    c7:dd:d9:18:95:6b:7f:c8:80:33:54:63:39:d3:51:
                    00:58:4e:0e:8b:7b:14:b1:1c:3a:31:19:97:e3:12:
                    0b:d2:a5:bb:19:ef:39:3a:a1:d3:6d:35:ca:a9:bc:
                    de:0b:c3:fc:60:b0:05:c2:76:7f:f5:8a:c9:42:f3:
                    2a:4f:52:d9:b7:ee:12:93:49:4f:79:9f:b6:a5:8a:
                    0c:c6:2b:ea:f7:9c:41:5b:a6:83:8b:98:6b:83:57:
                    5e:48:e2:80:ae:f4:b6:15:fd:97:f0:d3:e4:fc:b1:
                    48:87:3d:94:21:77:f3:cb:b2:fb:cf:c6:46:6a:c0:
                    72:10:8f:69:00:1d:3d:c1:3d:23:2b:19:fd:24:df:
                    b4:4b:e0:6a:74:ef:b3:4f:11:9e:77:4c:f7:25:20:
                    55:83:b7:17:ae:b3:a2:d5:d7:02:e8:e3:b3:3b:ae:
                    b8:fd:8a:4c:1e:61:d6:64:0b:b7:99:7b:1e:86:46:
                    43:4c:d4:fe:54:b0:e6:97:1b:05:52:ec:45:d3:3f:
                    1f:54:09:8b:57:78:d9:39:10:fb:41:eb:62:a3:64:
                    4a:e0:d3:ed:e7:97:9e:61:fe:0f:af:d9:23:2c:8b:
                    92:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F8:11:37:DD:C8:93:1E:AF:0F:23:AE:C6:37:9C:C1:F0:CC:A5:0A
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/5vgRN93Ikx6vDyOuxjecwfDMpQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:1a:1a:88:11:46:ee:cb:9e:74:bb:19:2a:58:a0:88:cb:2b:
         69:e4:68:4f:7c:0d:86:7b:73:14:41:db:01:0b:1d:b6:09:5d:
         5c:f6:4b:55:95:96:0a:ab:1c:ab:fe:c1:09:8d:d7:c3:d6:16:
         f1:2c:16:e4:12:80:b0:d1:5c:5b:61:45:c9:13:54:23:9b:1b:
         b2:54:c2:c5:ba:05:60:82:90:5b:44:3b:08:36:87:70:b7:f1:
         a9:54:b5:6b:10:f8:dc:a8:83:85:16:15:a0:07:2c:fe:5d:1d:
         f5:b2:20:12:28:98:3b:ca:74:7f:49:79:7c:a4:05:13:4e:31:
         10:cb:44:1f:b6:d0:a2:60:b1:98:0f:2c:98:0d:79:8d:87:14:
         c0:49:cd:d3:28:3d:b2:31:9f:c7:ba:50:47:2d:8a:94:2d:25:
         b6:fb:11:8b:f2:39:6d:57:f6:d2:95:a3:d3:62:92:6f:80:ee:
         4c:82:9e:d9:4c:28:6d:00:ba:5b:ae:09:ea:a2:5b:b3:6c:0c:
         75:a1:28:7a:b1:72:16:c7:18:3b:3e:ac:d4:21:bf:3a:1e:bb:
         39:7a:57:96:c2:2c:3e:dc:9a:42:3e:6a:46:e7:6d:45:5c:31:
         1d:80:b7:9f:a8:9f:25:71:05:b8:9f:ce:2f:80:79:56:60:93:
         70:7e:93:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+48CZr1CaZlwmFOCBVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjUwMTAyMDE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmY4MTEzN2RkYzg5MzFlYWYwZjIzYWVjNjM3OWNjMWYwY2NhNTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNtOzU36ss0n7EMNoLaW6hDL70xz
k8hK5sfYzrHH3dkYlWt/yIAzVGM501EAWE4Oi3sUsRw6MRmX4xIL0qW7Ge85OqHT
bTXKqbzeC8P8YLAFwnZ/9YrJQvMqT1LZt+4Sk0lPeZ+2pYoMxivq95xBW6aDi5hr
g1deSOKArvS2Ff2X8NPk/LFIhz2UIXfzy7L7z8ZGasByEI9pAB09wT0jKxn9JN+0
S+BqdO+zTxGed0z3JSBVg7cXrrOi1dcC6OOzO664/YpMHmHWZAu3mXsehkZDTNT+
VLDmlxsFUuxF0z8fVAmLV3jZORD7Qetio2RK4NPt55eeYf4Pr9kjLIuSIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb4ETfdyJMerw8jrsY3nMHwzKUKMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvNXZnUk45M0lreDZ2RHlPdXhqZWN3ZkRNcFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmFmoMA0G
CSqGSIb3DQEBCwUAA4IBAQAfGhqIEUbuy550uxkqWKCIyytp5GhPfA2Ge3MUQdsB
Cx22CV1c9ktVlZYKqxyr/sEJjdfD1hbxLBbkEoCw0VxbYUXJE1QjmxuyVMLFugVg
gpBbRDsINodwt/GpVLVrEPjcqIOFFhWgByz+XR31siASKJg7ynR/SXl8pAUTTjEQ
y0QfttCiYLGYDyyYDXmNhxTASc3TKD2yMZ/HulBHLYqULSW2+xGL8jltV/bSlaPT
YpJvgO5Mgp7ZTChtALpbrgnqoluzbAx1oSh6sXIWxxg7PqzUIb86Hrs5eleWwiw+
3JpCPmpG521FXDEdgLefqJ8lcQW4n84vgHlWYJNwfpMV
-----END CERTIFICATE-----