Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/iM-UvYqwtCatigD5QZLBnH_B54E.roa
File:                     iM-UvYqwtCatigD5QZLBnH_B54E.roa (raw, json)
Hash identifier:          vlDTj0hFkeI/uYyGu8UNRKdKYYoy1/C2+TnQDqrT+/0=
Subject key identifier:   88:CF:94:BD:8A:B0:B4:26:AD:8A:00:F9:41:92:C1:9C:7F:C1:E7:81
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B5ACE12620AC2743B8C0450A00C59A
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/iM-UvYqwtCatigD5QZLBnH_B54E.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134351
IP address blocks:        5.188.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ac:e1:26:20:ac:27:43:b8:c0:45:0a:00:c5:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88cf94bd8ab0b426ad8a00f94192c19c7fc1e781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f1:ea:d0:78:29:35:48:ce:cd:0b:dd:f4:63:
                    f3:47:0d:16:53:f3:1e:6e:62:b0:29:1c:11:13:fc:
                    4a:91:c7:1e:ae:a9:97:3d:1e:89:51:94:c8:73:4d:
                    70:59:fc:c6:40:82:07:7d:5f:61:fc:6a:62:b9:86:
                    f5:10:e1:5f:7e:5e:04:bd:a4:22:90:71:41:ab:0a:
                    63:05:80:29:97:f0:36:ed:b3:6a:9a:9d:ad:10:bb:
                    06:2f:24:e3:0b:ed:f4:06:cf:58:d6:71:b7:8c:10:
                    fc:c3:26:f8:62:a3:e5:68:75:96:77:3f:cb:7f:9d:
                    1e:1f:1b:db:89:95:3c:21:28:4f:05:3d:13:2e:2a:
                    d3:6e:8b:a5:29:28:14:a7:bd:f7:fc:e7:9d:12:b8:
                    41:7e:4c:9f:6e:b1:2a:07:b5:1c:b3:4e:cd:34:8b:
                    2e:ee:b5:2e:9f:32:62:09:5a:7b:62:23:c2:b7:1b:
                    d5:ac:9e:45:41:1a:6b:fc:14:7f:dc:c1:42:be:45:
                    c5:16:1b:91:49:25:68:3f:f1:79:93:d0:8f:3e:41:
                    4b:4b:87:19:8d:8a:08:60:3f:9c:ff:9f:2f:b1:70:
                    90:74:76:09:f3:ed:e7:e8:bd:6e:63:fb:03:6c:96:
                    23:b2:e2:bd:56:53:aa:e1:7e:7d:21:06:e4:ee:4c:
                    1a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:CF:94:BD:8A:B0:B4:26:AD:8A:00:F9:41:92:C1:9C:7F:C1:E7:81
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/iM-UvYqwtCatigD5QZLBnH_B54E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:aa:e3:e8:a7:33:d2:30:00:35:d9:52:c3:72:dd:49:b2:be:
         68:04:59:2d:05:75:f0:24:b9:dd:3e:90:f3:0c:9a:0b:9f:67:
         88:18:79:5f:3b:cd:21:3d:75:36:e2:3e:22:37:ce:92:d9:6f:
         16:3b:87:6a:01:a7:a3:14:7b:71:8c:26:d8:dd:e9:3b:11:c6:
         92:fa:39:37:a5:96:d0:f8:f2:04:15:49:9f:73:37:d9:03:b1:
         a4:04:59:c5:2d:c6:22:ea:0e:5d:3c:ab:00:2c:0e:ee:00:e1:
         03:86:be:4c:51:8b:2b:15:fb:ea:20:a6:4c:37:78:90:47:e9:
         81:aa:4a:64:32:b4:fe:e3:a2:1c:1a:d4:cb:91:be:bb:13:04:
         45:95:ea:e8:ff:63:50:75:01:44:41:d9:cf:02:b6:f2:f8:a4:
         26:0e:1f:ee:16:22:63:87:85:0f:3d:39:9b:dc:e4:07:b2:24:
         12:7a:f7:48:4f:8b:80:28:4a:f4:97:d4:22:c2:81:df:dd:95:
         dc:5f:5f:d8:a0:04:c2:a5:0a:00:73:97:80:3d:06:d1:37:e5:
         a4:c4:50:16:0a:91:1c:28:bc:9e:08:f4:26:4e:6d:68:18:59:
         19:f0:b6:90:69:b5:93:44:8f:4b:ba:e4:43:fe:b3:4c:bd:1a:
         61:d1:c6:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntazhJiCsJ0O4wEUKAMWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGNmOTRiZDhhYjBiNDI2YWQ4YTAwZjk0MTkyYzE5YzdmYzFlNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvHq0HgpNUjOzQvd9GPzRw0WU/Me
bmKwKRwRE/xKkccerqmXPR6JUZTIc01wWfzGQIIHfV9h/GpiuYb1EOFffl4EvaQi
kHFBqwpjBYApl/A27bNqmp2tELsGLyTjC+30Bs9Y1nG3jBD8wyb4YqPlaHWWdz/L
f50eHxvbiZU8IShPBT0TLirTboulKSgUp733/OedErhBfkyfbrEqB7Ucs07NNIsu
7rUunzJiCVp7YiPCtxvVrJ5FQRpr/BR/3MFCvkXFFhuRSSVoP/F5k9CPPkFLS4cZ
jYoIYD+c/58vsXCQdHYJ8+3n6L1uY/sDbJYjsuK9VlOq4X59IQbk7kwa5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjPlL2KsLQmrYoA+UGSwZx/weeBMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvaU0tVXZZcXd0Q2F0aWdENVFaTEJuSF9CNTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbzeMA0G
CSqGSIb3DQEBCwUAA4IBAQAKquPopzPSMAA12VLDct1Jsr5oBFktBXXwJLndPpDz
DJoLn2eIGHlfO80hPXU24j4iN86S2W8WO4dqAaejFHtxjCbY3ek7EcaS+jk3pZbQ
+PIEFUmfczfZA7GkBFnFLcYi6g5dPKsALA7uAOEDhr5MUYsrFfvqIKZMN3iQR+mB
qkpkMrT+46IcGtTLkb67EwRFlero/2NQdQFEQdnPArby+KQmDh/uFiJjh4UPPTmb
3OQHsiQSevdIT4uAKEr0l9QiwoHf3ZXcX1/YoATCpQoAc5eAPQbRN+WkxFAWCpEc
KLyeCPQmTm1oGFkZ8LaQabWTRI9LuuRD/rNMvRph0cYN
-----END CERTIFICATE-----