Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/1-i_ESwYWDKjvxe-cLQFb33q5Qu0.roa
File:                     1-i_ESwYWDKjvxe-cLQFb33q5Qu0.roa (raw, json)
Hash identifier:          MWN71QN/v297mIABIQi0BIqexEx6vQv3LxWHulQ1lh0=
Subject key identifier:   FA:2F:C4:4B:06:16:0C:A8:EF:C5:EF:9C:2D:01:5B:DF:7A:B9:42:ED
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       01941FFA98F87BA8149E886F8630BA2FEA86
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/1-i_ESwYWDKjvxe-cLQFb33q5Qu0.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        5.182.120.0/22 maxlen: 22
                          45.135.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:98:f8:7b:a8:14:9e:88:6f:86:30:ba:2f:ea:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa2fc44b06160ca8efc5ef9c2d015bdf7ab942ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fb:97:7d:2c:68:e6:bd:b4:22:2d:00:d4:df:
                    47:d8:9e:31:35:bf:00:86:ff:ac:3f:b7:08:6c:9a:
                    d4:6a:bf:fd:4d:f3:23:31:0d:3c:8a:ec:ab:dd:4c:
                    41:49:7e:f7:8c:d6:82:63:dd:ee:a0:20:0c:a9:b6:
                    ee:be:2f:1b:83:79:e0:a1:03:e1:95:24:ad:dd:f3:
                    eb:8b:f4:8a:e4:10:05:3c:ea:1e:e7:b8:44:ed:a8:
                    80:b0:3e:10:a3:35:9a:44:79:da:03:b6:d0:70:4c:
                    e1:50:a3:e7:73:2a:60:f5:75:83:15:c3:03:cd:53:
                    55:21:17:6c:58:88:45:4b:7f:f3:0f:02:6e:50:4c:
                    98:b6:21:5d:1f:82:28:09:9e:99:40:6e:a3:36:1c:
                    d0:f8:d0:5d:58:e4:d3:80:66:c4:4f:6b:dc:c2:b5:
                    96:6f:fe:57:48:ee:72:7c:67:68:52:5e:cc:95:93:
                    8b:b9:1b:cc:63:17:5a:57:3d:9f:48:06:a8:9d:01:
                    4b:39:c9:2f:d2:f7:e8:7b:d3:e9:0a:59:8f:7a:82:
                    c7:b1:16:d0:b5:e0:66:5f:4a:5a:d4:d0:1c:47:80:
                    ad:e3:76:ab:1a:3e:1e:a8:12:2a:ae:ac:c2:37:07:
                    7b:e6:16:96:42:cf:38:4c:9c:49:67:82:23:04:f7:
                    b7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:2F:C4:4B:06:16:0C:A8:EF:C5:EF:9C:2D:01:5B:DF:7A:B9:42:ED
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/1-i_ESwYWDKjvxe-cLQFb33q5Qu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.120.0/22
                  45.135.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:c1:2a:07:be:1e:51:e8:04:17:46:09:d2:71:00:8b:4a:15:
         1a:51:74:7d:34:be:68:4f:3e:3f:2c:61:95:ba:21:18:3c:c1:
         75:aa:10:d9:38:cc:b3:63:47:de:2c:69:5d:7c:21:9e:14:56:
         43:c0:e3:26:12:40:c5:da:72:0f:3e:2f:d5:16:71:eb:66:9a:
         54:84:8d:3f:c2:60:8f:5a:92:f9:74:28:d1:df:37:56:f7:d7:
         71:c5:f2:8d:36:0e:cb:59:cf:e3:20:c1:8a:56:4e:f6:1d:f2:
         b3:19:9c:49:16:70:1e:27:e5:fb:70:73:34:8b:5d:70:a2:79:
         30:8e:9c:80:0c:8f:33:17:ab:7c:e1:75:65:8f:08:56:1a:a4:
         02:55:e0:5d:28:58:8a:32:4a:65:bf:be:bd:62:3b:aa:8d:fd:
         40:69:ae:9a:8b:8c:12:45:ee:37:68:4b:2b:39:f9:98:6c:de:
         d2:99:61:9a:78:cd:03:1f:d6:e9:64:81:04:ac:6d:e7:00:9f:
         5e:cb:f0:28:59:03:ed:9d:bf:66:b9:11:41:af:cc:95:61:53:
         f9:f9:52:71:ca:3b:fd:fb:5d:aa:d5:be:d1:8c:33:95:77:63:
         3b:02:fa:9b:a6:51:d9:ed:f6:33:6f:b3:98:d7:d6:da:9e:25:
         72:34:35:52
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQf+pj4e6gUnohvhjC6L+qGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTJmYzQ0YjA2MTYwY2E4ZWZjNWVmOWMyZDAxNWJkZjdhYjk0MmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fuXfSxo5r20Ii0A1N9H2J4xNb8A
hv+sP7cIbJrUar/9TfMjMQ08iuyr3UxBSX73jNaCY93uoCAMqbbuvi8bg3ngoQPh
lSSt3fPri/SK5BAFPOoe57hE7aiAsD4QozWaRHnaA7bQcEzhUKPncypg9XWDFcMD
zVNVIRdsWIhFS3/zDwJuUEyYtiFdH4IoCZ6ZQG6jNhzQ+NBdWOTTgGbET2vcwrWW
b/5XSO5yfGdoUl7MlZOLuRvMYxdaVz2fSAaonQFLOckv0vfoe9PpClmPeoLHsRbQ
teBmX0pa1NAcR4Ct43arGj4eqBIqrqzCNwd75haWQs84TJxJZ4IjBPe3QwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPovxEsGFgyo78XvnC0BW996uULtMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvMS1pX0VTd1lXREtqdnhlLWNMUUZiMzNxNVF1MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGYvM2RiYjNkLWYzMjgtNGIyNy05NWQ5LWJkM2JmYzk5YmRh
OS8xLzUyME5xelI2T09LNGUxb2lvdmZKNGh3WXlidy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAgW2eAME
AC2HiDANBgkqhkiG9w0BAQsFAAOCAQEAb8EqB74eUegEF0YJ0nEAi0oVGlF0fTS+
aE8+PyxhlbohGDzBdaoQ2TjMs2NH3ixpXXwhnhRWQ8DjJhJAxdpyDz4v1RZx62aa
VISNP8Jgj1qS+XQo0d83VvfXccXyjTYOy1nP4yDBilZO9h3ysxmcSRZwHifl+3Bz
NItdcKJ5MI6cgAyPMxerfOF1ZY8IVhqkAlXgXShYijJKZb++vWI7qo39QGmumouM
EkXuN2hLKzn5mGze0plhmnjNAx/W6WSBBKxt5wCfXsvwKFkD7Z2/ZrkRQa/MlWFT
+flScco7/ftdqtW+0YwzlXdjOwL6m6ZR2e32M2+zmNfW2p4lcjQ1Ug==
-----END CERTIFICATE-----