Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ToOFz1nSV3124NnK-ps8wV9y1L0.roa
File:                     ToOFz1nSV3124NnK-ps8wV9y1L0.roa (raw, json)
Hash identifier:          Cgp2dZqYD+TmVSVzUEoo+Gf7O0+lwN1Wiivtxt7nLoI=
Subject key identifier:   4E:83:85:CF:59:D2:57:7D:76:E0:D9:CA:FA:9B:3C:C1:5F:72:D4:BD
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019737289D88DAB18E7F84EF5174CA55E1B5
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ToOFz1nSV3124NnK-ps8wV9y1L0.roa
Signing time:             Tue 03 Jun 2025 18:58:17 +0000
ROA not before:           Tue 03 Jun 2025 18:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209298
IP address blocks:        5.183.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:28:9d:88:da:b1:8e:7f:84:ef:51:74:ca:55:e1:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jun  3 18:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e8385cf59d2577d76e0d9cafa9b3cc15f72d4bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2d:5b:d4:80:55:22:02:e9:c0:0e:19:36:5e:
                    5e:6a:9a:85:e7:86:1d:4d:79:f6:cf:c6:17:61:7c:
                    23:b8:ab:c6:d3:c4:c2:67:98:08:54:17:59:73:9a:
                    7f:53:0c:d7:00:5d:d4:42:8b:fe:86:c4:77:19:9b:
                    d8:65:6b:6a:dd:03:1b:1d:de:9c:6d:b1:d6:e3:4e:
                    a5:ba:2d:f8:80:22:9a:c0:81:a2:fb:3f:b1:98:0c:
                    c1:09:f8:2b:4c:8e:95:27:34:da:20:64:a0:9c:e2:
                    ac:fc:38:f8:4b:38:10:21:2d:9c:6d:0a:fa:49:2a:
                    e3:b7:3d:54:75:00:67:4b:75:ec:1a:6d:a5:90:3d:
                    1c:d6:8c:13:31:7a:9e:f1:71:45:b2:21:3e:0c:bf:
                    25:1a:df:e7:20:09:68:27:46:a6:5b:c8:a0:27:92:
                    b5:bc:11:e1:65:21:d1:68:0c:07:95:11:5b:2e:ad:
                    eb:8b:54:ac:99:38:25:68:22:eb:bc:40:6a:5a:e1:
                    59:0b:b2:0b:d3:b6:b5:cd:8b:d5:37:30:db:17:87:
                    d1:b2:57:66:2e:8c:be:db:ad:6f:f3:34:fb:05:3e:
                    83:33:70:77:0c:53:a6:b8:25:b3:6d:8a:b3:c3:ab:
                    e1:56:77:31:e4:ca:7e:6a:6a:d7:4b:a1:7f:0b:9b:
                    f2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:83:85:CF:59:D2:57:7D:76:E0:D9:CA:FA:9B:3C:C1:5F:72:D4:BD
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ToOFz1nSV3124NnK-ps8wV9y1L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:98:72:cb:16:c9:97:6e:16:74:06:48:15:65:6e:0d:62:56:
         1a:06:fe:c4:81:f1:5a:6f:d5:53:3a:08:c5:c7:62:2f:15:fb:
         9d:4f:20:62:2b:56:d6:fc:b5:4e:86:05:ac:3b:5d:29:bc:6c:
         1f:86:d4:3b:c6:3a:f9:a5:60:86:b6:f0:b5:14:6b:8d:4d:14:
         a6:ac:33:a1:94:22:c8:20:ae:7c:24:4a:1e:3f:4d:06:50:20:
         6d:b3:b0:d5:06:62:17:ca:3e:1b:94:d4:f9:de:e2:7e:7d:54:
         ab:99:bb:68:c1:20:9a:38:e0:86:2d:c1:bf:8c:29:0e:b6:ed:
         a4:9d:c1:20:90:ae:79:8a:27:32:65:19:56:b7:7d:5a:8a:f5:
         7b:18:45:c1:8f:5d:aa:70:ef:2b:06:aa:e4:1d:7b:73:26:ee:
         ba:4b:0d:b1:aa:87:e1:3e:f2:e6:bc:8f:8a:5c:dc:0f:f6:71:
         a4:63:da:86:f4:8c:26:58:18:b1:30:d4:04:9c:b4:4b:37:bd:
         a6:d1:b2:79:3b:d5:2c:ae:e4:02:2b:2c:32:3e:43:fc:4e:7f:
         0f:e4:f0:fa:b3:1c:95:28:31:b9:aa:0d:6d:5b:e5:c8:bb:18:
         95:d9:78:e0:25:c3:0d:04:b9:cc:5f:15:ff:72:93:bd:b1:ed:
         46:9f:d0:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc3KJ2I2rGOf4TvUXTKVeG1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNjAzMTg1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTgzODVjZjU5ZDI1NzdkNzZlMGQ5Y2FmYTliM2NjMTVmNzJkNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC1b1IBVIgLpwA4ZNl5eapqF54Yd
TXn2z8YXYXwjuKvG08TCZ5gIVBdZc5p/UwzXAF3UQov+hsR3GZvYZWtq3QMbHd6c
bbHW406lui34gCKawIGi+z+xmAzBCfgrTI6VJzTaIGSgnOKs/Dj4SzgQIS2cbQr6
SSrjtz1UdQBnS3XsGm2lkD0c1owTMXqe8XFFsiE+DL8lGt/nIAloJ0amW8igJ5K1
vBHhZSHRaAwHlRFbLq3ri1SsmTglaCLrvEBqWuFZC7IL07a1zYvVNzDbF4fRsldm
Loy+261v8zT7BT6DM3B3DFOmuCWzbYqzw6vhVncx5Mp+amrXS6F/C5vyswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6Dhc9Z0ld9duDZyvqbPMFfctS9MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvVG9PRnoxblNWMzEyNE5uSy1wczh3Vjl5MUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbeBMA0G
CSqGSIb3DQEBCwUAA4IBAQCMmHLLFsmXbhZ0BkgVZW4NYlYaBv7EgfFab9VTOgjF
x2IvFfudTyBiK1bW/LVOhgWsO10pvGwfhtQ7xjr5pWCGtvC1FGuNTRSmrDOhlCLI
IK58JEoeP00GUCBts7DVBmIXyj4blNT53uJ+fVSrmbtowSCaOOCGLcG/jCkOtu2k
ncEgkK55iicyZRlWt31aivV7GEXBj12qcO8rBqrkHXtzJu66Sw2xqofhPvLmvI+K
XNwP9nGkY9qG9IwmWBixMNQEnLRLN72m0bJ5O9UsruQCKywyPkP8Tn8P5PD6sxyV
KDG5qg1tW+XIuxiV2XjgJcMNBLnMXxX/cpO9se1Gn9D9
-----END CERTIFICATE-----