Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/68Kh1jaV6--ikFcsmSmZWxqK5XU.roa
File:                     68Kh1jaV6--ikFcsmSmZWxqK5XU.roa (raw, json)
Hash identifier:          zoDOcfUMLNAllgM7qcyrBP+kCmnB9gvVsAFE4oT6VDE=
Subject key identifier:   EB:C2:A1:D6:36:95:EB:EF:A2:90:57:2C:99:29:99:5B:1A:8A:E5:75
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01969B410138E4FEC2B8C0F53186AEAE2E89
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/68Kh1jaV6--ikFcsmSmZWxqK5XU.roa
Signing time:             Sun 04 May 2025 12:24:10 +0000
ROA not before:           Sun 04 May 2025 12:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60602
IP address blocks:        5.101.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9b:41:01:38:e4:fe:c2:b8:c0:f5:31:86:ae:ae:2e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: May  4 12:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebc2a1d63695ebefa290572c9929995b1a8ae575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:02:54:1a:ed:75:18:d1:4c:83:92:a8:e5:cb:
                    48:36:87:a6:a9:a7:ae:ad:15:f8:0a:8a:bb:14:61:
                    75:16:58:b4:05:72:ad:5b:8a:e5:1a:6e:71:55:aa:
                    87:c3:30:7c:2f:69:35:88:b1:76:65:c2:54:5e:ea:
                    6b:9c:1f:64:c9:70:a2:71:47:29:3b:06:0f:9f:01:
                    87:a9:de:f0:cb:7f:6f:a9:a0:eb:cf:e6:32:94:81:
                    f1:65:27:16:b0:0a:da:b1:ce:1b:84:39:2e:66:e2:
                    37:e7:d0:fb:77:4c:bf:3d:43:f1:04:b0:d7:03:18:
                    d8:f3:ef:80:d6:e0:bf:7b:3e:f5:e8:c7:60:90:1c:
                    13:8b:98:2d:89:49:ef:8f:b3:f6:a1:a1:9f:7c:dc:
                    1b:4e:18:f5:df:d2:3f:49:d3:f8:b5:e5:0a:58:70:
                    0f:5e:e0:3b:26:52:43:14:f5:87:b7:f6:77:55:09:
                    19:ae:8b:f5:c5:77:46:dd:89:b8:c2:b3:ed:d2:a2:
                    b7:db:37:73:5d:a0:b4:2f:f0:78:af:83:52:0e:f4:
                    52:76:9d:ef:43:36:79:f5:d9:f1:cf:39:2f:01:71:
                    c5:48:4d:aa:8e:08:e7:e7:66:d6:7b:35:b2:b2:d9:
                    0f:59:4a:c6:ab:74:4e:15:61:6d:9e:80:61:cb:a9:
                    44:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C2:A1:D6:36:95:EB:EF:A2:90:57:2C:99:29:99:5B:1A:8A:E5:75
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/68Kh1jaV6--ikFcsmSmZWxqK5XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:b6:e7:ea:45:60:c3:6e:df:90:6d:ed:be:67:81:2d:29:69:
         3e:0f:86:64:ce:bf:84:fd:cf:be:68:b0:87:57:65:6b:3f:6d:
         a4:32:72:35:1a:e1:81:f4:2f:c4:07:fe:34:4b:24:26:8e:22:
         38:80:a2:98:77:ce:25:76:cd:cc:31:b3:b7:73:18:3f:fc:25:
         99:23:d9:f4:26:5d:d6:0e:30:93:5f:25:ad:e4:bf:62:31:47:
         55:29:9c:9b:55:b9:b1:f9:1d:d1:59:c2:55:7a:94:98:cc:4d:
         c3:35:f8:d5:a3:8d:84:3d:14:7d:8e:09:e1:3c:ab:77:4c:50:
         bc:12:3b:a8:7f:4c:3b:dc:f5:5a:28:40:be:3f:e2:5f:52:b2:
         4b:6e:4e:2c:7d:7a:99:b7:be:73:58:3f:4b:fb:1c:12:6e:14:
         48:bc:ad:56:57:68:af:36:0e:b0:78:88:10:42:a5:11:18:94:
         8a:8a:d6:74:d5:d5:e7:a3:04:c0:b7:5c:9c:96:b0:98:0f:7d:
         71:b8:ab:16:56:c1:54:42:41:b4:ef:04:97:6b:4b:b6:4e:64:
         8b:0d:7a:50:ef:9e:0e:7e:07:68:ba:78:e0:fe:71:1e:f5:4a:
         4a:ec:8a:4d:2c:37:34:78:89:3d:6c:c4:dc:97:9a:c9:b6:8e:
         26:3a:32:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZabQQE45P7CuMD1MYauri6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNTA0MTIyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMyYTFkNjM2OTVlYmVmYTI5MDU3MmM5OTI5OTk1YjFhOGFlNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wJUGu11GNFMg5Ko5ctINoemqaeu
rRX4Coq7FGF1Fli0BXKtW4rlGm5xVaqHwzB8L2k1iLF2ZcJUXuprnB9kyXCicUcp
OwYPnwGHqd7wy39vqaDrz+YylIHxZScWsArasc4bhDkuZuI359D7d0y/PUPxBLDX
AxjY8++A1uC/ez716MdgkBwTi5gtiUnvj7P2oaGffNwbThj139I/SdP4teUKWHAP
XuA7JlJDFPWHt/Z3VQkZrov1xXdG3Ym4wrPt0qK32zdzXaC0L/B4r4NSDvRSdp3v
QzZ59dnxzzkvAXHFSE2qjgjn52bWezWystkPWUrGq3ROFWFtnoBhy6lExQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvCodY2levvopBXLJkpmVsaiuV1MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNjhLaDFqYVY2LS1pa0Zjc21TbVpXeHFLNVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWVQMA0G
CSqGSIb3DQEBCwUAA4IBAQCftufqRWDDbt+Qbe2+Z4EtKWk+D4Zkzr+E/c++aLCH
V2VrP22kMnI1GuGB9C/EB/40SyQmjiI4gKKYd84lds3MMbO3cxg//CWZI9n0Jl3W
DjCTXyWt5L9iMUdVKZybVbmx+R3RWcJVepSYzE3DNfjVo42EPRR9jgnhPKt3TFC8
Ejuof0w73PVaKEC+P+JfUrJLbk4sfXqZt75zWD9L+xwSbhRIvK1WV2ivNg6weIgQ
QqURGJSKitZ01dXnowTAt1yclrCYD31xuKsWVsFUQkG07wSXa0u2TmSLDXpQ754O
fgdounjg/nEe9UpK7IpNLDc0eIk9bMTcl5rJto4mOjIJ
-----END CERTIFICATE-----