Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/qY5YOja1X6hhlYe8hkRvhRbD0wU.roa
File:                     qY5YOja1X6hhlYe8hkRvhRbD0wU.roa (raw, json)
Hash identifier:          cXMsn8PXkBrO4lsVxMeWoFyttmJlTyhiyXdXp2wIX1A=
Subject key identifier:   A9:8E:58:3A:36:B5:5F:A8:61:95:87:BC:86:44:6F:85:16:C3:D3:05
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0193BC0FA7F78CF686FB8EBEF910AF4FC140
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/qY5YOja1X6hhlYe8hkRvhRbD0wU.roa
Signing time:             Thu 12 Dec 2024 18:09:22 +0000
ROA not before:           Thu 12 Dec 2024 18:09:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215828
IP address blocks:        5.83.138.0/24 maxlen: 24
                          77.90.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Dec 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:bc:0f:a7:f7:8c:f6:86:fb:8e:be:f9:10:af:4f:c1:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Dec 12 18:09:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a98e583a36b55fa8619587bc86446f8516c3d305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:75:69:4a:eb:d3:fb:4a:3c:7e:b8:f6:a6:4c:
                    84:a3:4c:42:11:49:06:7a:56:58:82:0e:15:21:ee:
                    90:23:c0:2f:8d:d6:b3:ca:91:d2:b9:0b:0b:21:6f:
                    23:a9:42:1d:13:fc:e8:e8:cb:42:0e:ac:55:d8:54:
                    e8:2e:3b:0d:23:10:e5:92:32:f4:16:d4:c8:33:1e:
                    f8:bf:2e:3b:98:5d:0e:83:41:97:59:86:62:5e:06:
                    c3:d0:b6:6d:8e:d7:40:5e:03:93:df:0b:41:71:6f:
                    75:9c:30:e2:af:c3:ec:6a:32:61:50:21:7f:27:11:
                    d0:a4:21:8b:28:ba:51:6d:fd:12:e1:84:50:1d:66:
                    05:cc:b6:74:01:d7:92:f7:d0:ef:c6:37:53:f1:16:
                    b5:8e:7c:12:36:d7:17:83:d7:8d:66:a7:0b:c2:d9:
                    cb:84:ca:bf:2c:82:39:20:d6:a0:11:d4:6e:69:e3:
                    33:5b:12:e0:90:28:67:bd:61:8e:af:db:83:55:c7:
                    e5:77:79:0c:a7:e0:ce:ea:a5:5a:16:bb:79:41:6c:
                    14:b7:83:da:b1:8c:9e:58:a2:e3:fd:31:a4:c7:65:
                    32:51:d3:ad:97:f9:fa:55:dd:51:16:8a:c6:a2:13:
                    61:a3:3e:84:68:77:90:58:49:8b:19:d3:c9:c5:23:
                    8d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8E:58:3A:36:B5:5F:A8:61:95:87:BC:86:44:6F:85:16:C3:D3:05
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/qY5YOja1X6hhlYe8hkRvhRbD0wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.138.0/24
                  77.90.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:db:e9:7b:6e:af:6c:e5:e0:5f:d7:ae:ea:2b:00:2e:90:da:
         50:13:cc:c1:a9:14:54:5d:de:82:60:80:93:3b:f9:2d:09:ee:
         b1:a3:a4:7e:27:11:15:03:63:d1:60:fa:87:60:06:31:f2:5a:
         28:7d:af:70:1c:a5:89:7d:53:85:a0:0e:e9:ad:ae:d4:25:d7:
         ec:ac:37:a8:0b:f2:f9:06:34:5d:89:b6:f1:1d:0e:cd:d5:e4:
         d5:79:07:04:44:d7:76:3f:12:c5:f1:50:20:59:ee:36:43:76:
         94:19:18:a1:01:49:5c:a9:22:22:60:ec:2a:46:4b:5d:f2:c8:
         f3:74:5a:da:1d:36:a8:d5:1f:ca:e0:26:3b:c7:83:bf:ce:e2:
         d7:53:31:b0:24:72:cb:99:e9:37:2d:71:de:ee:6e:dc:09:eb:
         12:89:d6:87:09:2b:48:e4:13:4f:11:20:22:03:e2:9f:57:4b:
         2a:9c:4d:a5:58:87:50:02:f2:a8:97:d6:26:b9:d4:58:92:89:
         10:0e:5e:c8:26:07:c4:fc:f1:3f:b1:f7:f2:2f:25:3c:df:11:
         3b:20:49:27:b8:23:43:65:a1:bb:f1:4b:04:93:57:5e:72:e2:
         76:00:b1:de:5a:ee:66:7e:5a:ab:81:2c:f9:11:ef:6d:38:25:
         ec:01:99:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZO8D6f3jPaG+46++RCvT8FAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMjEyMTgwOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOThlNTgzYTM2YjU1ZmE4NjE5NTg3YmM4NjQ0NmY4NTE2YzNkMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3VpSuvT+0o8frj2pkyEo0xCEUkG
elZYgg4VIe6QI8AvjdazypHSuQsLIW8jqUIdE/zo6MtCDqxV2FToLjsNIxDlkjL0
FtTIMx74vy47mF0Og0GXWYZiXgbD0LZtjtdAXgOT3wtBcW91nDDir8PsajJhUCF/
JxHQpCGLKLpRbf0S4YRQHWYFzLZ0AdeS99DvxjdT8Ra1jnwSNtcXg9eNZqcLwtnL
hMq/LII5INagEdRuaeMzWxLgkChnvWGOr9uDVcfld3kMp+DO6qVaFrt5QWwUt4Pa
sYyeWKLj/TGkx2UyUdOtl/n6Vd1RForGohNhoz6EaHeQWEmLGdPJxSONkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKmOWDo2tV+oYZWHvIZEb4UWw9MFMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvcVk1WU9qYTFYNmhobFllOGhrUnZoUmJEMHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVOKAwQA
TVoZMA0GCSqGSIb3DQEBCwUAA4IBAQCc2+l7bq9s5eBf167qKwAukNpQE8zBqRRU
Xd6CYICTO/ktCe6xo6R+JxEVA2PRYPqHYAYx8loofa9wHKWJfVOFoA7pra7UJdfs
rDeoC/L5BjRdibbxHQ7N1eTVeQcERNd2PxLF8VAgWe42Q3aUGRihAUlcqSIiYOwq
Rktd8sjzdFraHTao1R/K4CY7x4O/zuLXUzGwJHLLmek3LXHe7m7cCesSidaHCStI
5BNPESAiA+KfV0sqnE2lWIdQAvKol9YmudRYkokQDl7IJgfE/PE/sffyLyU83xE7
IEknuCNDZaG78UsEk1decuJ2ALHeWu5mflqrgSz5Ee9tOCXsAZmt
-----END CERTIFICATE-----