Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/e4rVDqB2eDJyGtT_wIHewbYNCwk.roa
File:                     e4rVDqB2eDJyGtT_wIHewbYNCwk.roa (raw, json)
Hash identifier:          SfKQQ0fYX7pkJUTIyvV4rBrju87AtRhyCjUfxLNQFq4=
Subject key identifier:   7B:8A:D5:0E:A0:76:78:32:72:1A:D4:FF:C0:81:DE:C1:B6:0D:0B:09
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0195D303660B914FB29C9347706340AC8A34
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/e4rVDqB2eDJyGtT_wIHewbYNCwk.roa
Signing time:             Wed 26 Mar 2025 15:12:50 +0000
ROA not before:           Wed 26 Mar 2025 15:12:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57433
IP address blocks:        5.83.157.0/24 maxlen: 24
                          2a02:2fc0::/48 maxlen: 48
                          2a02:2fc0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d3:03:66:0b:91:4f:b2:9c:93:47:70:63:40:ac:8a:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar 26 15:12:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b8ad50ea0767832721ad4ffc081dec1b60d0b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:3c:20:be:e5:f2:95:ba:cf:44:e0:e1:a5:d3:
                    07:7b:89:28:32:18:02:8a:4e:e1:0b:f0:4a:11:6d:
                    3b:e6:b3:18:a6:18:2e:c3:7b:c7:c6:7b:44:e7:12:
                    2d:1b:5a:10:36:31:bc:99:71:f4:86:83:14:8c:7e:
                    08:4e:2f:c4:06:49:ff:e7:de:9c:15:83:37:14:10:
                    4b:03:f3:f8:2f:44:e1:c5:9b:df:02:72:31:c6:61:
                    f1:b5:4e:01:0e:d2:b7:86:bd:32:99:dc:96:09:d8:
                    13:49:34:66:b5:de:58:6e:ce:e1:e1:4e:19:3b:94:
                    68:2d:06:1b:97:2e:ec:c6:d6:70:41:82:e9:d8:f7:
                    fd:c6:03:e2:e9:8a:00:79:d8:b6:b2:25:7f:63:75:
                    34:36:ef:bd:08:f8:c3:65:94:20:86:b7:93:38:52:
                    3c:0a:93:cd:96:fc:21:52:ff:4f:82:72:5a:6d:19:
                    00:a5:34:7c:e0:0c:c2:99:bd:b4:58:bc:bf:9f:e7:
                    28:96:55:58:0a:41:5c:7a:de:01:3f:5c:a5:26:02:
                    21:91:96:0d:21:0f:4f:2d:a6:0d:29:81:95:6d:de:
                    a8:89:85:2c:eb:93:eb:d8:c5:51:a3:77:25:8d:08:
                    78:da:a3:92:25:69:ad:9c:32:02:f7:6b:90:a5:03:
                    e5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:8A:D5:0E:A0:76:78:32:72:1A:D4:FF:C0:81:DE:C1:B6:0D:0B:09
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/e4rVDqB2eDJyGtT_wIHewbYNCwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.157.0/24
                IPv6:
                  2a02:2fc0::/47

    Signature Algorithm: sha256WithRSAEncryption
         71:5d:3b:8c:af:fa:87:0b:13:19:ab:f2:ac:ca:45:1d:f0:1f:
         67:37:da:f8:2f:95:84:b4:2e:05:89:96:ac:6c:b9:b4:6f:bf:
         08:61:bb:80:d2:c2:51:f3:a7:0c:ba:38:f3:b2:55:42:8a:f1:
         94:09:7f:ea:21:71:82:b5:b5:37:79:75:02:91:e3:79:d0:c5:
         a1:54:6c:fb:63:7a:36:79:ac:03:a8:63:3f:c9:7c:f9:da:5a:
         17:8f:a7:48:32:fc:65:de:a1:a7:f6:ca:67:7a:c6:6e:32:30:
         b8:84:d3:48:8a:24:20:61:a4:88:dc:fb:af:e7:d0:58:f6:8a:
         51:3c:e2:ff:7f:31:92:03:b2:ef:0b:e9:1c:2f:d0:fb:96:96:
         e7:2a:aa:f8:2d:eb:45:f1:70:44:0f:93:24:35:c3:95:5a:d2:
         cc:72:66:30:95:ed:4e:87:e2:06:7e:38:5c:46:f7:b4:2e:7b:
         5c:f1:31:9b:23:20:d3:7f:4e:46:c9:14:bb:23:b7:26:5f:f7:
         67:f7:9e:41:93:a9:1d:0b:d6:10:83:cb:f7:98:d7:8c:76:3e:
         d6:42:d1:05:a8:97:ae:c4:b7:22:ef:3b:01:40:c8:8b:d3:83:
         cb:37:26:bd:bc:1b:f8:b1:56:62:36:16:cc:49:45:8b:b9:0b:
         be:b5:41:c6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZXTA2YLkU+ynJNHcGNArIo0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMzI2MTUxMjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjhhZDUwZWEwNzY3ODMyNzIxYWQ0ZmZjMDgxZGVjMWI2MGQwYjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTwgvuXylbrPRODhpdMHe4koMhgC
ik7hC/BKEW075rMYphguw3vHxntE5xItG1oQNjG8mXH0hoMUjH4ITi/EBkn/596c
FYM3FBBLA/P4L0ThxZvfAnIxxmHxtU4BDtK3hr0ymdyWCdgTSTRmtd5Ybs7h4U4Z
O5RoLQYbly7sxtZwQYLp2Pf9xgPi6YoAedi2siV/Y3U0Nu+9CPjDZZQghreTOFI8
CpPNlvwhUv9PgnJabRkApTR84AzCmb20WLy/n+collVYCkFcet4BP1ylJgIhkZYN
IQ9PLaYNKYGVbd6oiYUs65Pr2MVRo3cljQh42qOSJWmtnDIC92uQpQPljwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHuK1Q6gdngychrU/8CB3sG2DQsJMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvZTRyVkRxQjJlREp5R3RUX3dJSGV3YllOQ3drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABVOdMA8E
AgACMAkDBwEqAi/AAAAwDQYJKoZIhvcNAQELBQADggEBAHFdO4yv+ocLExmr8qzK
RR3wH2c32vgvlYS0LgWJlqxsubRvvwhhu4DSwlHzpwy6OPOyVUKK8ZQJf+ohcYK1
tTd5dQKR43nQxaFUbPtjejZ5rAOoYz/JfPnaWhePp0gy/GXeoaf2ymd6xm4yMLiE
00iKJCBhpIjc+6/n0Fj2ilE84v9/MZIDsu8L6Rwv0PuWlucqqvgt60XxcEQPkyQ1
w5Va0sxyZjCV7U6H4gZ+OFxG97Que1zxMZsjINN/TkbJFLsjtyZf92f3nkGTqR0L
1hCDy/eY14x2PtZC0QWol67EtyLvOwFAyIvTg8s3Jr28G/ixVmI2FsxJRYu5C761
QcY=
-----END CERTIFICATE-----