Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/5tz1cuLC3Spal7LSIEjI-Qlcl6U.roa
File:                     5tz1cuLC3Spal7LSIEjI-Qlcl6U.roa (raw, json)
Hash identifier:          XSoR4/ODhnGd0USG7NRxHx6V9kNwJuT3OUfa19EcNCE=
Subject key identifier:   E6:DC:F5:72:E2:C2:DD:2A:5A:97:B2:D2:20:48:C8:F9:09:5C:97:A5
Certificate issuer:       /CN=d2b36ad28e521edab4b4dea349a27772d4b2a7be
Certificate serial:       019421B22EF8A17DEB4F895BA1507AF240BD
Authority key identifier: D2:B3:6A:D2:8E:52:1E:DA:B4:B4:DE:A3:49:A2:77:72:D4:B2:A7:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/5tz1cuLC3Spal7LSIEjI-Qlcl6U.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43487
IP address blocks:        91.240.180.0/22 maxlen: 22
                          91.240.180.0/24 maxlen: 24
                          91.240.181.0/24 maxlen: 24
                          91.240.182.0/24 maxlen: 24
                          91.240.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/0rNq0o5SHtq0tN6jSaJ3ctSyp74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/0rNq0o5SHtq0tN6jSaJ3ctSyp74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2e:f8:a1:7d:eb:4f:89:5b:a1:50:7a:f2:40:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2b36ad28e521edab4b4dea349a27772d4b2a7be
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6dcf572e2c2dd2a5a97b2d22048c8f9095c97a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:54:31:11:15:13:34:b7:af:51:92:33:fa:57:
                    b6:1e:15:05:9f:0d:27:d3:a3:dd:68:3f:68:ad:ad:
                    13:8f:74:03:a6:20:d2:2b:da:c6:dd:eb:17:47:23:
                    9f:6c:5e:c5:d3:6d:6b:35:21:a2:bb:4a:93:fa:bb:
                    1b:cd:97:40:49:81:ba:98:98:69:49:05:71:c6:4d:
                    4e:36:dc:af:a3:2d:95:0a:46:04:70:9b:a4:f2:d4:
                    9e:f5:84:1b:0f:bc:00:d4:ec:b8:98:16:2e:33:11:
                    ee:9f:2e:f1:47:80:21:56:a8:6f:3c:c5:e2:62:49:
                    4e:a2:d3:f0:fd:00:1d:f1:f4:ca:49:8b:f4:a2:bf:
                    14:69:19:29:21:a4:99:5c:09:5f:ce:2c:42:c6:be:
                    70:0a:92:8f:9a:d5:2d:de:1f:2b:f5:1d:a4:1e:4d:
                    67:a3:a0:2b:df:2f:1a:af:c7:56:54:69:90:f0:8d:
                    72:ca:fe:e2:ef:ab:ed:bf:26:c2:58:a2:36:cc:8a:
                    61:c9:5e:26:72:f5:2e:36:e5:c0:1f:e6:60:25:11:
                    49:c2:f9:29:5f:30:a8:7b:2b:9e:8d:b5:7f:61:65:
                    0e:62:68:f2:0e:04:88:2d:32:aa:c5:f1:2e:4a:a6:
                    23:d7:66:c8:24:51:8c:40:80:27:14:6e:9a:60:80:
                    5d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:DC:F5:72:E2:C2:DD:2A:5A:97:B2:D2:20:48:C8:F9:09:5C:97:A5
            X509v3 Authority Key Identifier:
                keyid:D2:B3:6A:D2:8E:52:1E:DA:B4:B4:DE:A3:49:A2:77:72:D4:B2:A7:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/5tz1cuLC3Spal7LSIEjI-Qlcl6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/0rNq0o5SHtq0tN6jSaJ3ctSyp74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:3a:4e:ca:ce:f2:2c:a0:97:ce:96:15:78:91:bb:cb:96:72:
         92:a7:93:09:0a:28:ba:1e:20:ca:ed:ee:f8:cd:4a:1c:c8:e1:
         99:6d:25:13:c7:37:46:5f:af:c9:5d:5d:4b:26:2b:c4:d7:83:
         b5:bf:b2:d9:fc:c6:da:7c:40:ab:db:ce:d6:90:e8:0e:37:0e:
         dc:87:93:0c:ab:49:4c:10:e1:b0:17:78:be:d2:63:3a:52:45:
         0c:d4:39:11:19:05:69:db:79:f5:c6:3b:62:93:62:02:b5:54:
         52:a3:5b:8b:c8:2e:3a:7f:64:8a:e3:6c:e0:b5:8d:18:0e:0e:
         89:be:01:21:ca:d8:75:8c:dc:02:da:7c:0b:a2:01:3e:1c:af:
         92:94:ae:43:90:6c:58:48:3b:ea:a8:95:39:6c:13:2d:ca:40:
         40:8f:d9:07:d3:a4:2d:31:55:c9:d9:ad:c9:12:ba:ed:30:a7:
         cc:29:33:d9:01:91:79:18:0c:a6:0e:52:f1:4d:2c:fb:bc:09:
         b0:31:a1:d4:24:5c:9b:18:1b:b8:5a:fd:1a:8a:86:39:34:63:
         9d:ba:2e:ab:04:76:06:b9:fb:61:ad:c4:a7:c9:02:7e:df:ef:
         34:42:f7:58:f6:64:4e:c3:d8:d5:51:d4:92:b6:ad:f9:06:97:
         e1:2c:c9:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsi74oX3rT4lboVB68kC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYjM2YWQyOGU1MjFlZGFiNGI0ZGVhMzQ5YTI3NzcyZDRi
MmE3YmUwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmRjZjU3MmUyYzJkZDJhNWE5N2IyZDIyMDQ4YzhmOTA5NWM5N2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlQxERUTNLevUZIz+le2HhUFnw0n
06PdaD9ora0Tj3QDpiDSK9rG3esXRyOfbF7F021rNSGiu0qT+rsbzZdASYG6mJhp
SQVxxk1ONtyvoy2VCkYEcJuk8tSe9YQbD7wA1Oy4mBYuMxHuny7xR4AhVqhvPMXi
YklOotPw/QAd8fTKSYv0or8UaRkpIaSZXAlfzixCxr5wCpKPmtUt3h8r9R2kHk1n
o6Ar3y8ar8dWVGmQ8I1yyv7i76vtvybCWKI2zIphyV4mcvUuNuXAH+ZgJRFJwvkp
XzCoeyuejbV/YWUOYmjyDgSILTKqxfEuSqYj12bIJFGMQIAnFG6aYIBdNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObc9XLiwt0qWpey0iBIyPkJXJelMB8GA1UdIwQY
MBaAFNKzatKOUh7atLTeo0mid3LUsqe+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHJOcTBvNVNIdHEwdE42alNhSjNjdFN5cDc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8zYTlhMGItZDQyNC00ZWNhLWE5Mzgt
OTJhODc3YmIxOWY3LzEvNXR6MWN1TEMzU3BhbDdMU0lFakktUWxjbDZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8zYTlhMGItZDQyNC00ZWNhLWE5MzgtOTJhODc3YmIxOWY3
LzEvMHJOcTBvNVNIdHEwdE42alNhSjNjdFN5cDc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW/C0MA0G
CSqGSIb3DQEBCwUAA4IBAQCFOk7KzvIsoJfOlhV4kbvLlnKSp5MJCii6HiDK7e74
zUocyOGZbSUTxzdGX6/JXV1LJivE14O1v7LZ/MbafECr287WkOgONw7ch5MMq0lM
EOGwF3i+0mM6UkUM1DkRGQVp23n1xjtik2ICtVRSo1uLyC46f2SK42zgtY0YDg6J
vgEhyth1jNwC2nwLogE+HK+SlK5DkGxYSDvqqJU5bBMtykBAj9kH06QtMVXJ2a3J
ErrtMKfMKTPZAZF5GAymDlLxTSz7vAmwMaHUJFybGBu4Wv0aioY5NGOdui6rBHYG
ufthrcSnyQJ+3+80QvdY9mROw9jVUdSStq35BpfhLMmI
-----END CERTIFICATE-----