Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/ezFO6T3q-j-dYAS0jFI7dD54Dcg.roa
File:                     ezFO6T3q-j-dYAS0jFI7dD54Dcg.roa (raw, json)
Hash identifier:          qE+la9F+Es+rbfvoUcW6imXd/uEQeLY/UyvWD9lvGK8=
Subject key identifier:   7B:31:4E:E9:3D:EA:FA:3F:9D:60:04:B4:8C:52:3B:74:3E:78:0D:C8
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E5612D57913248E98BD24141B472
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/ezFO6T3q-j-dYAS0jFI7dD54Dcg.roa
Signing time:             Mon 01 Jan 2024 10:30:10 +0000
ROA not before:           Mon 01 Jan 2024 10:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202616
IP address blocks:        5.160.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e5:61:2d:57:91:32:48:e9:8b:d2:41:41:b4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b314ee93deafa3f9d6004b48c523b743e780dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6b:eb:f6:ee:41:83:73:b8:9a:a1:e2:80:33:
                    df:3a:4a:de:a5:4f:8f:eb:bc:3d:f2:e2:5d:e8:90:
                    34:11:c8:eb:85:00:ec:6f:0d:56:e2:95:a5:13:f4:
                    4e:67:6f:1a:48:78:7c:cb:23:ee:98:50:b4:fc:8d:
                    08:85:fc:36:9c:ac:12:b3:e6:9e:cf:db:bc:77:74:
                    f3:29:9c:fe:77:99:5a:d0:fc:ba:07:b9:2b:99:4e:
                    99:01:0f:cd:4e:6a:e9:4f:6b:78:e1:ae:a0:79:57:
                    e6:4b:96:7a:a2:42:db:ee:3f:00:62:cf:0c:f4:dd:
                    0f:2c:61:ae:45:67:54:4d:f8:de:07:e9:41:33:d6:
                    3d:e2:a3:cb:10:81:bb:53:a7:93:a7:40:b2:3c:1d:
                    92:50:ce:d2:20:05:44:ca:c0:16:2d:80:c6:1c:03:
                    d3:22:8f:e4:36:0e:71:47:5f:51:cf:9f:63:61:2f:
                    ca:a2:da:41:f6:7c:3a:da:93:dd:82:ac:48:53:09:
                    fa:94:8f:5f:21:e4:4a:b8:17:64:ca:74:53:23:62:
                    99:d2:1c:cb:9c:35:4f:c6:f6:fa:40:04:9a:3f:80:
                    f6:7f:31:91:31:10:5a:84:dd:80:07:64:d5:48:7b:
                    26:19:ff:7d:fc:24:26:44:79:33:86:c3:71:1a:aa:
                    b0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:31:4E:E9:3D:EA:FA:3F:9D:60:04:B4:8C:52:3B:74:3E:78:0D:C8
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/ezFO6T3q-j-dYAS0jFI7dD54Dcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:34:fc:98:e2:e6:d0:0c:c6:e3:5f:3c:c5:49:8e:b4:8b:5e:
         bb:52:f4:93:e4:6b:fd:b2:e5:5f:c4:78:4b:a8:e9:71:e8:02:
         62:2f:c3:7d:37:20:fd:1c:9b:c1:ff:13:7f:fc:f0:45:18:59:
         15:21:f3:f5:5a:c5:c9:41:83:79:af:f7:87:d6:d5:02:bb:c1:
         c3:66:10:96:8b:3f:e2:e1:e0:08:98:c6:20:f2:f5:3f:d0:b3:
         40:7f:1d:e6:03:90:66:6b:f1:89:b0:87:ce:71:77:cd:c2:dd:
         c2:47:e1:fd:3c:da:89:76:e3:8e:8a:7d:b1:d4:c2:0b:01:d1:
         8a:fa:c0:a6:57:ba:1e:55:4c:92:22:da:4c:35:8d:72:d5:3a:
         d9:d9:10:f7:98:db:96:d9:f9:85:2e:e4:54:c4:9b:a8:4b:f7:
         f0:bd:a2:50:81:d8:76:e2:f0:cf:01:21:77:b0:d3:d7:14:e3:
         a1:87:53:63:de:b0:c7:3b:26:00:a6:fd:f0:ce:4f:b4:b0:7b:
         50:fc:45:8e:c0:b1:74:e5:1e:e2:b4:af:74:73:00:e4:e4:2a:
         b1:ca:b7:e7:fe:05:cf:85:f4:7c:a6:61:26:32:73:7b:35:bc:
         5d:16:b3:96:51:8e:72:61:83:cb:d7:ab:ad:01:46:f7:4a:40:
         7b:00:9c:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuVhLVeRMkjpi9JBQbRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjMxNGVlOTNkZWFmYTNmOWQ2MDA0YjQ4YzUyM2I3NDNlNzgwZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWvr9u5Bg3O4mqHigDPfOkrepU+P
67w98uJd6JA0EcjrhQDsbw1W4pWlE/ROZ28aSHh8yyPumFC0/I0Ihfw2nKwSs+ae
z9u8d3TzKZz+d5la0Py6B7krmU6ZAQ/NTmrpT2t44a6geVfmS5Z6okLb7j8AYs8M
9N0PLGGuRWdUTfjeB+lBM9Y94qPLEIG7U6eTp0CyPB2SUM7SIAVEysAWLYDGHAPT
Io/kNg5xR19Rz59jYS/KotpB9nw62pPdgqxIUwn6lI9fIeRKuBdkynRTI2KZ0hzL
nDVPxvb6QASaP4D2fzGRMRBahN2AB2TVSHsmGf99/CQmRHkzhsNxGqqw0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsxTuk96vo/nWAEtIxSO3Q+eA3IMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvZXpGTzZUM3Etai1kWUFTMGpGSTdkRDU0RGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaB9MA0G
CSqGSIb3DQEBCwUAA4IBAQAvNPyY4ubQDMbjXzzFSY60i167UvST5Gv9suVfxHhL
qOlx6AJiL8N9NyD9HJvB/xN//PBFGFkVIfP1WsXJQYN5r/eH1tUCu8HDZhCWiz/i
4eAImMYg8vU/0LNAfx3mA5Bma/GJsIfOcXfNwt3CR+H9PNqJduOOin2x1MILAdGK
+sCmV7oeVUySItpMNY1y1TrZ2RD3mNuW2fmFLuRUxJuoS/fwvaJQgdh24vDPASF3
sNPXFOOhh1Nj3rDHOyYApv3wzk+0sHtQ/EWOwLF05R7itK90cwDk5Cqxyrfn/gXP
hfR8pmEmMnN7NbxdFrOWUY5yYYPL16utAUb3SkB7AJzL
-----END CERTIFICATE-----