Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ce1643-c08d-40f6-9444-af714ad52f29/1/5TC6JtPaOArue3YcZw58kMkX_gQ.roa
File:                     5TC6JtPaOArue3YcZw58kMkX_gQ.roa (raw, json)
Hash identifier:          8vxNN4NZRh1zE+O+pnXNTkgLjPcYvbg7k5S7vJax1zs=
Subject key identifier:   E5:30:BA:26:D3:DA:38:0A:EE:7B:76:1C:67:0E:7C:90:C9:17:FE:04
Certificate issuer:       /CN=b7a8fea8fca800c1fc49ef2d85c92e323752b0ed
Certificate serial:       0194266BC882983611740AB6351CE6DDA2A5
Authority key identifier: B7:A8:FE:A8:FC:A8:00:C1:FC:49:EF:2D:85:C9:2E:32:37:52:B0:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t6j-qPyoAMH8Se8thckuMjdSsO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ce1643-c08d-40f6-9444-af714ad52f29/1/5TC6JtPaOArue3YcZw58kMkX_gQ.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        193.5.22.0/24 maxlen: 24
                          193.36.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/ce1643-c08d-40f6-9444-af714ad52f29/1/t6j-qPyoAMH8Se8thckuMjdSsO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/ce1643-c08d-40f6-9444-af714ad52f29/1/t6j-qPyoAMH8Se8thckuMjdSsO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t6j-qPyoAMH8Se8thckuMjdSsO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c8:82:98:36:11:74:0a:b6:35:1c:e6:dd:a2:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7a8fea8fca800c1fc49ef2d85c92e323752b0ed
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e530ba26d3da380aee7b761c670e7c90c917fe04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:61:c4:c4:8d:45:0c:48:43:41:a9:70:60:2a:
                    44:50:35:06:9c:a3:2d:57:24:2c:c6:84:51:7b:2e:
                    19:87:d9:ff:eb:c1:1a:34:13:8a:bc:15:00:1b:a0:
                    fc:22:52:ab:a4:ea:8c:2c:ca:ef:e0:72:17:5f:ed:
                    d1:43:dd:bf:8a:c7:df:0f:da:ad:66:6e:ad:f2:29:
                    9b:0a:7f:a1:91:6a:ee:90:1b:90:21:08:74:95:84:
                    23:3b:05:3e:c1:1d:36:9f:60:59:90:26:07:71:a9:
                    18:a2:9d:ca:02:5c:82:5b:93:a1:39:9e:e0:de:61:
                    ae:5a:17:0d:63:4c:dc:2d:72:b2:c7:12:77:f9:39:
                    67:d3:15:d9:7b:98:5f:ec:cf:85:75:37:b2:e9:51:
                    be:e7:99:7b:d2:5c:a8:2e:3c:29:6a:bb:be:da:dd:
                    1e:c4:44:b0:1a:52:6f:25:9b:61:6d:8c:97:85:f4:
                    62:e1:e7:d7:93:65:e8:31:d2:7f:63:b5:64:61:bf:
                    f6:bd:e7:8d:d5:e0:d5:bd:2a:56:f4:b3:48:42:e2:
                    2c:36:0e:54:2e:44:c3:a5:cf:be:ba:a9:b3:b3:63:
                    f9:20:3e:65:3b:63:77:16:82:df:ff:72:56:c7:ad:
                    20:35:1b:5c:0a:c7:15:06:58:63:ba:9d:5c:55:0b:
                    9b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:30:BA:26:D3:DA:38:0A:EE:7B:76:1C:67:0E:7C:90:C9:17:FE:04
            X509v3 Authority Key Identifier:
                keyid:B7:A8:FE:A8:FC:A8:00:C1:FC:49:EF:2D:85:C9:2E:32:37:52:B0:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t6j-qPyoAMH8Se8thckuMjdSsO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ce1643-c08d-40f6-9444-af714ad52f29/1/5TC6JtPaOArue3YcZw58kMkX_gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ce1643-c08d-40f6-9444-af714ad52f29/1/t6j-qPyoAMH8Se8thckuMjdSsO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.22.0/24
                  193.36.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:d5:6d:67:e2:f1:5c:6a:fc:7b:cf:11:29:f6:73:24:1b:ba:
         8f:d8:04:c8:ea:39:04:2e:65:27:a5:fa:fc:3a:42:74:d7:b2:
         f0:90:99:d5:7d:9c:0e:0c:98:5a:fe:b6:92:27:27:8e:12:d9:
         5b:b3:8f:54:ec:2f:48:dc:0b:4d:f2:34:cf:ce:4e:e9:07:a4:
         b4:61:cc:b7:9a:26:0e:3e:fe:3d:bf:f0:b8:5f:3e:13:60:5d:
         7c:91:97:8f:6e:25:fa:dc:cd:c4:0e:20:c2:c6:ce:8c:af:15:
         af:86:ad:34:03:0c:f7:a1:4d:28:af:b4:4d:8d:b6:6e:a9:6d:
         90:35:c8:b5:0d:b1:6a:0b:81:a7:a0:c5:89:5b:e6:6b:e8:56:
         21:fb:de:83:bc:8a:da:99:d7:a3:8d:85:ac:0c:d5:1f:3f:02:
         c3:1f:2e:ff:8f:4b:33:2f:e9:46:c3:9c:1b:01:43:58:56:7e:
         03:af:5b:c8:db:68:98:8c:b3:ad:6f:ad:5e:56:7a:d5:48:76:
         ab:50:de:5a:9d:f8:94:bb:b9:a2:d9:08:09:82:ef:88:29:07:
         2a:a9:9d:31:d5:f5:63:5e:b1:b8:93:ac:12:f9:5e:2f:14:34:
         4a:72:d6:50:c6:17:b5:27:1c:1d:d8:8d:6e:77:58:cf:3e:64:
         95:8a:cd:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma8iCmDYRdAq2NRzm3aKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YThmZWE4ZmNhODAwYzFmYzQ5ZWYyZDg1YzkyZTMyMzc1
MmIwZWQwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTMwYmEyNmQzZGEzODBhZWU3Yjc2MWM2NzBlN2M5MGM5MTdmZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GHExI1FDEhDQalwYCpEUDUGnKMt
VyQsxoRRey4Zh9n/68EaNBOKvBUAG6D8IlKrpOqMLMrv4HIXX+3RQ92/isffD9qt
Zm6t8imbCn+hkWrukBuQIQh0lYQjOwU+wR02n2BZkCYHcakYop3KAlyCW5OhOZ7g
3mGuWhcNY0zcLXKyxxJ3+Tln0xXZe5hf7M+FdTey6VG+55l70lyoLjwparu+2t0e
xESwGlJvJZthbYyXhfRi4efXk2XoMdJ/Y7VkYb/2veeN1eDVvSpW9LNIQuIsNg5U
LkTDpc++uqmzs2P5ID5lO2N3FoLf/3JWx60gNRtcCscVBlhjup1cVQubEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOUwuibT2jgK7nt2HGcOfJDJF/4EMB8GA1UdIwQY
MBaAFLeo/qj8qADB/EnvLYXJLjI3UrDtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDZqLXFQeW9BTUg4U2U4dGhja3VNamRTc08wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9jZTE2NDMtYzA4ZC00MGY2LTk0NDQt
YWY3MTRhZDUyZjI5LzEvNVRDNkp0UGFPQXJ1ZTNZY1p3NThrTWtYX2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9jZTE2NDMtYzA4ZC00MGY2LTk0NDQtYWY3MTRhZDUyZjI5
LzEvdDZqLXFQeW9BTUg4U2U4dGhja3VNamRTc08wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQUWAwQA
wSQgMA0GCSqGSIb3DQEBCwUAA4IBAQAZ1W1n4vFcavx7zxEp9nMkG7qP2ATI6jkE
LmUnpfr8OkJ017LwkJnVfZwODJha/raSJyeOEtlbs49U7C9I3AtN8jTPzk7pB6S0
Ycy3miYOPv49v/C4Xz4TYF18kZePbiX63M3EDiDCxs6MrxWvhq00Awz3oU0or7RN
jbZuqW2QNci1DbFqC4GnoMWJW+Zr6FYh+96DvIramdejjYWsDNUfPwLDHy7/j0sz
L+lGw5wbAUNYVn4Dr1vI22iYjLOtb61eVnrVSHarUN5anfiUu7mi2QgJgu+IKQcq
qZ0x1fVjXrG4k6wS+V4vFDRKctZQxhe1Jxwd2I1ud1jPPmSVis2v
-----END CERTIFICATE-----