Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/s1oFGEPvL8IMjYASLXkMEl3bONc.roa
File:                     s1oFGEPvL8IMjYASLXkMEl3bONc.roa (raw, json)
Hash identifier:          ID8ZOvyObfK0KrvTgF7I419RUO3QA/UAdGzXegtjwU0=
Subject key identifier:   B3:5A:05:18:43:EF:2F:C2:0C:8D:80:12:2D:79:0C:12:5D:DB:38:D7
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       019425216CE05AF4171935FBF562F5F88934
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/s1oFGEPvL8IMjYASLXkMEl3bONc.roa
Signing time:             Thu 02 Jan 2025 03:48:55 +0000
ROA not before:           Thu 02 Jan 2025 03:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        5.226.179.0/24 maxlen: 24
                          5.226.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6c:e0:5a:f4:17:19:35:fb:f5:62:f5:f8:89:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jan  2 03:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b35a051843ef2fc20c8d80122d790c125ddb38d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:eb:4a:85:40:dd:3d:cd:73:66:74:6d:4e:
                    0c:a7:90:59:e6:5a:96:7a:c5:5c:a8:5e:03:c4:54:
                    05:49:26:82:e4:36:47:68:df:bf:e4:be:e2:9e:29:
                    19:74:84:c8:1b:cc:7b:bc:6f:76:a7:8a:a7:8f:2c:
                    d1:0d:93:84:d9:74:b2:2b:82:d9:06:67:e6:32:fb:
                    8a:51:0a:36:a6:18:ee:77:6e:b3:8a:52:5d:84:c8:
                    03:08:52:20:12:c1:d0:f7:f7:6a:20:e9:ba:1b:3c:
                    44:76:f0:04:dd:f2:91:ba:77:32:4d:1f:56:54:9a:
                    67:f3:63:ce:91:02:b9:5e:74:23:d8:99:40:09:59:
                    7a:cc:21:9a:78:48:a9:a0:24:e0:5d:83:33:a0:22:
                    96:3b:76:02:24:a0:d8:7c:d9:44:eb:a5:bd:06:21:
                    78:d5:6c:55:b9:e6:f0:59:9f:90:60:1a:ba:b6:6a:
                    32:ab:bd:73:67:ae:39:a7:1e:4b:ee:1e:34:06:65:
                    99:1b:66:25:98:29:c9:e0:d6:74:7f:ad:f9:ae:9d:
                    29:6c:cd:35:19:39:94:f4:7f:7e:68:5d:b7:bf:f9:
                    d4:a2:c4:ba:62:2f:c9:f6:69:c7:3d:bc:57:94:ca:
                    4b:24:de:73:df:01:1f:ce:fc:a3:2e:6b:d3:28:8a:
                    77:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5A:05:18:43:EF:2F:C2:0C:8D:80:12:2D:79:0C:12:5D:DB:38:D7
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/s1oFGEPvL8IMjYASLXkMEl3bONc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.179.0/24
                  5.226.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:2b:e5:1a:6d:c0:38:61:e1:4d:5b:fa:f7:60:0b:e7:46:83:
         6e:c5:b6:26:46:75:e3:5c:78:38:80:03:be:a9:b8:01:61:90:
         74:cd:ef:92:4b:88:73:61:68:96:1d:92:a7:1e:37:5c:38:cf:
         c5:ba:30:01:4d:4c:0f:15:ba:38:a6:5f:47:b9:25:6d:3c:be:
         8b:f5:57:43:65:23:ba:5b:b3:8f:10:ab:c8:2b:9f:e3:e0:43:
         dd:1b:83:37:82:c6:31:f7:0e:d9:ce:61:9e:a4:1d:e9:17:41:
         bf:e4:e2:0d:19:a4:45:ab:6c:bd:40:ad:33:bf:57:08:b8:1e:
         b9:36:5d:f1:1c:68:a3:fc:6c:d9:13:c0:85:f1:a8:b1:a5:f4:
         e1:7f:ac:c9:74:17:12:3b:6d:b0:f6:19:50:1b:a4:18:e0:ee:
         3f:1f:61:75:8d:38:d5:e9:99:f0:6e:d2:d8:7a:70:24:bd:2c:
         af:1c:70:10:0a:3f:47:14:ca:5c:57:19:b9:a3:74:8d:d0:5f:
         db:c2:e9:55:76:00:79:13:0a:3a:96:d0:35:52:9a:f5:f5:27:
         c6:85:74:27:03:16:75:59:ea:5b:e0:3c:f1:d2:47:11:fc:bf:
         f0:82:76:0a:2a:e5:ce:55:97:46:98:32:ef:97:4f:3c:20:85:
         38:ff:e9:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIWzgWvQXGTX79WL1+Ik0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjUwMTAyMDM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVhMDUxODQzZWYyZmMyMGM4ZDgwMTIyZDc5MGMxMjVkZGIzOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCnrSoVA3T3Nc2Z0bU4Mp5BZ5lqW
esVcqF4DxFQFSSaC5DZHaN+/5L7inikZdITIG8x7vG92p4qnjyzRDZOE2XSyK4LZ
BmfmMvuKUQo2phjud26zilJdhMgDCFIgEsHQ9/dqIOm6GzxEdvAE3fKRuncyTR9W
VJpn82POkQK5XnQj2JlACVl6zCGaeEipoCTgXYMzoCKWO3YCJKDYfNlE66W9BiF4
1WxVuebwWZ+QYBq6tmoyq71zZ645px5L7h40BmWZG2YlmCnJ4NZ0f635rp0pbM01
GTmU9H9+aF23v/nUosS6Yi/J9mnHPbxXlMpLJN5z3wEfzvyjLmvTKIp35QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLNaBRhD7y/CDI2AEi15DBJd2zjXMB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvczFvRkdFUHZMOElNallBU0xYa01FbDNiT05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABeKzAwQA
BeK1MA0GCSqGSIb3DQEBCwUAA4IBAQA5K+UabcA4YeFNW/r3YAvnRoNuxbYmRnXj
XHg4gAO+qbgBYZB0ze+SS4hzYWiWHZKnHjdcOM/FujABTUwPFbo4pl9HuSVtPL6L
9VdDZSO6W7OPEKvIK5/j4EPdG4M3gsYx9w7ZzmGepB3pF0G/5OINGaRFq2y9QK0z
v1cIuB65Nl3xHGij/GzZE8CF8aixpfThf6zJdBcSO22w9hlQG6QY4O4/H2F1jTjV
6ZnwbtLYenAkvSyvHHAQCj9HFMpcVxm5o3SN0F/bwulVdgB5Ewo6ltA1Upr19SfG
hXQnAxZ1Wepb4Dzx0kcR/L/wgnYKKuXOVZdGmDLvl088IIU4/+kZ
-----END CERTIFICATE-----