Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/LjPTtXACZzIXUrAHmmcGaTSoJX0.roa
File:                     LjPTtXACZzIXUrAHmmcGaTSoJX0.roa (raw, json)
Hash identifier:          hU58ToAOVO8bZ1ShSsstYoflDj5E/scFC015sKbb9KM=
Subject key identifier:   2E:33:D3:B5:70:02:67:32:17:52:B0:07:9A:67:06:69:34:A8:25:7D
Certificate issuer:       /CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
Certificate serial:       019425FD4D5591BD4945664E6002E64EB8EB
Authority key identifier: BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/LjPTtXACZzIXUrAHmmcGaTSoJX0.roa
Signing time:             Thu 02 Jan 2025 07:49:04 +0000
ROA not before:           Thu 02 Jan 2025 07:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        5.144.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:4d:55:91:bd:49:45:66:4e:60:02:e6:4e:b8:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
        Validity
            Not Before: Jan  2 07:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e33d3b5700267321752b0079a67066934a8257d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e4:ff:03:ae:97:0e:d1:8a:7c:79:d3:0c:b1:
                    b0:59:c5:c9:e6:cd:43:2b:a3:0a:ae:f7:91:fd:3b:
                    5d:b0:71:ef:53:7b:ac:08:75:37:a8:6f:00:a7:a7:
                    8e:d4:b0:d1:8c:95:f6:32:88:f4:2a:1f:83:89:d8:
                    30:e5:69:13:09:1b:6c:64:f6:a7:9b:e3:4a:07:23:
                    22:ba:84:2e:76:b1:5d:80:fb:96:f2:87:14:b0:e9:
                    b8:ce:0b:c2:9e:85:9d:63:4c:9d:7d:cf:0b:35:1d:
                    ca:21:b3:78:fe:d0:62:89:0c:34:a6:08:a2:e7:85:
                    36:74:a9:d1:34:cb:b8:43:1c:27:8f:03:10:73:78:
                    06:be:00:8b:20:43:ec:fe:10:a6:50:30:c5:6a:47:
                    46:9a:64:8c:fb:14:68:f5:82:72:94:a9:4d:1f:1a:
                    07:00:9d:b6:4a:6a:11:ae:16:e7:d6:e7:67:ff:2c:
                    3e:dc:d8:f4:f4:b5:f0:96:e0:02:22:e5:69:14:61:
                    85:8d:66:56:fc:19:f6:9e:db:fd:1b:a2:81:21:2b:
                    6f:74:a6:18:c1:26:fb:85:a9:8e:6c:bc:27:f5:d5:
                    eb:44:30:20:26:43:a1:7c:69:13:8e:2e:eb:4d:d0:
                    77:85:a3:46:06:9c:87:0f:7b:85:77:b8:01:f9:38:
                    80:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:33:D3:B5:70:02:67:32:17:52:B0:07:9A:67:06:69:34:A8:25:7D
            X509v3 Authority Key Identifier:
                keyid:BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/LjPTtXACZzIXUrAHmmcGaTSoJX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f9:13:3c:97:34:7c:21:56:5d:ee:3f:22:be:1f:4d:67:39:
         b6:81:4e:85:b8:44:a0:a7:ff:24:44:8e:57:30:15:e3:ef:35:
         f8:c2:ee:31:92:44:6b:44:57:97:04:f8:f1:0b:09:0b:e5:cf:
         3f:02:e6:5c:68:fd:51:08:19:ef:7e:a4:f7:14:29:b4:35:18:
         9d:27:cd:68:c6:43:6f:72:ef:4f:0d:45:3c:4f:ca:54:c2:51:
         22:3e:3f:8f:ba:56:4d:b4:e5:88:2d:55:be:6a:bd:82:8e:bd:
         d8:4e:93:02:de:4a:ef:73:25:3e:cc:f0:9d:6e:14:14:c5:fb:
         af:1d:b2:6a:c6:56:ce:37:29:5c:50:76:0a:56:6b:1f:42:ef:
         0a:35:fc:5d:63:a7:a7:0d:d3:90:20:11:b5:87:e3:c1:fc:6c:
         9d:7a:1d:ea:c7:09:76:1d:df:c6:ce:7f:04:09:7e:b1:ee:c7:
         e9:6a:c7:ea:ed:36:70:a8:6e:16:e7:13:36:72:75:24:8d:f5:
         a4:f5:00:2d:48:9d:98:92:52:f2:de:38:f4:b5:30:2a:d7:ff:
         e4:e7:c0:33:41:77:d2:0a:b8:ad:8d:f4:52:c3:d6:d2:1b:a6:
         5e:ff:ab:ac:22:99:fb:2f:8d:6d:1e:da:b3:e5:53:6f:95:74:
         67:5c:d9:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/U1Vkb1JRWZOYALmTrjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMGQ0ZTg1OTM3YjdhMGYyNzEwNTRkMjg2MTRmMjkzNGQ0
ZWE1MDAwHhcNMjUwMTAyMDc0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTMzZDNiNTcwMDI2NzMyMTc1MmIwMDc5YTY3MDY2OTM0YTgyNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOT/A66XDtGKfHnTDLGwWcXJ5s1D
K6MKrveR/TtdsHHvU3usCHU3qG8Ap6eO1LDRjJX2Moj0Kh+Didgw5WkTCRtsZPan
m+NKByMiuoQudrFdgPuW8ocUsOm4zgvCnoWdY0ydfc8LNR3KIbN4/tBiiQw0pgii
54U2dKnRNMu4QxwnjwMQc3gGvgCLIEPs/hCmUDDFakdGmmSM+xRo9YJylKlNHxoH
AJ22SmoRrhbn1udn/yw+3Nj09LXwluACIuVpFGGFjWZW/Bn2ntv9G6KBIStvdKYY
wSb7hamObLwn9dXrRDAgJkOhfGkTji7rTdB3haNGBpyHD3uFd7gB+TiAMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4z07VwAmcyF1KwB5pnBmk0qCV9MB8GA1UdIwQY
MBaAFLsNToWTe3oPJxBU0oYU8pNNTqUAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYt
OGU5Yjk4YTk5Y2RiLzEvTGpQVHRYQUNaeklYVXJBSG1tY0dhVFNvSlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYtOGU5Yjk4YTk5Y2Ri
LzEvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZCaMA0G
CSqGSIb3DQEBCwUAA4IBAQA3+RM8lzR8IVZd7j8ivh9NZzm2gU6FuESgp/8kRI5X
MBXj7zX4wu4xkkRrRFeXBPjxCwkL5c8/AuZcaP1RCBnvfqT3FCm0NRidJ81oxkNv
cu9PDUU8T8pUwlEiPj+PulZNtOWILVW+ar2Cjr3YTpMC3krvcyU+zPCdbhQUxfuv
HbJqxlbONylcUHYKVmsfQu8KNfxdY6enDdOQIBG1h+PB/Gydeh3qxwl2Hd/Gzn8E
CX6x7sfpasfq7TZwqG4W5xM2cnUkjfWk9QAtSJ2YklLy3jj0tTAq1//k58AzQXfS
CritjfRSw9bSG6Ze/6usIpn7L41tHtqz5VNvlXRnXNmh
-----END CERTIFICATE-----