Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/5XHmlHMatoj7HuqzW-xKZFCBoCk.roa
File:                     5XHmlHMatoj7HuqzW-xKZFCBoCk.roa (raw, json)
Hash identifier:          2LwcEFXQBzd4wv+NbYjPLMlRT/J2wftX73OmJ3FhceM=
Subject key identifier:   E5:71:E6:94:73:1A:B6:88:FB:1E:EA:B3:5B:EC:4A:64:50:81:A0:29
Certificate issuer:       /CN=d0f14b8a08cb5f8057d48b03e53f458b8e1feed6
Certificate serial:       019423D7369087191B2BDAFF9C5D2DF05130
Authority key identifier: D0:F1:4B:8A:08:CB:5F:80:57:D4:8B:03:E5:3F:45:8B:8E:1F:EE:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0PFLigjLX4BX1IsD5T9Fi44f7tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/5XHmlHMatoj7HuqzW-xKZFCBoCk.roa
Signing time:             Wed 01 Jan 2025 21:48:14 +0000
ROA not before:           Wed 01 Jan 2025 21:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39067
IP address blocks:        94.232.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/0PFLigjLX4BX1IsD5T9Fi44f7tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/0PFLigjLX4BX1IsD5T9Fi44f7tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0PFLigjLX4BX1IsD5T9Fi44f7tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:36:90:87:19:1b:2b:da:ff:9c:5d:2d:f0:51:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f14b8a08cb5f8057d48b03e53f458b8e1feed6
        Validity
            Not Before: Jan  1 21:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e571e694731ab688fb1eeab35bec4a645081a029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a3:a0:2d:e7:89:cd:49:ae:fe:73:e8:62:11:
                    da:b8:44:c2:c7:54:d9:93:fe:7c:6e:57:eb:01:55:
                    01:4e:1f:bb:96:6c:8b:57:74:fa:3a:6e:cb:cd:f2:
                    3a:d4:2e:a4:dc:88:17:41:2a:69:1e:04:85:6a:d4:
                    32:bc:af:2e:4a:ee:74:73:75:0a:55:60:a7:5b:e6:
                    69:84:e3:e2:dd:40:08:bc:2f:ff:14:0d:00:9a:49:
                    c4:01:ac:b6:2e:d9:fb:44:96:89:25:46:74:fd:32:
                    3a:b2:c9:87:c3:2e:d9:77:c0:39:3f:c4:64:3c:cc:
                    e3:20:d3:25:08:8b:da:19:d6:c0:19:b2:8f:e4:f9:
                    8f:ed:cb:03:e9:04:eb:c9:dc:58:20:64:ed:89:90:
                    7b:82:50:0d:b1:cd:2a:f7:66:d6:fd:09:a6:9c:99:
                    6f:c2:4d:55:77:14:92:4d:34:d7:6b:a5:60:23:de:
                    bb:19:d9:c9:7c:61:95:72:c5:84:91:a7:31:ad:c8:
                    3c:5e:a3:63:21:04:d1:a1:fd:a9:dc:52:96:ac:60:
                    3c:1d:6f:a0:38:28:da:23:1b:55:63:94:8a:9b:56:
                    68:ee:97:f3:f2:cd:d5:eb:fa:09:8e:be:ea:d1:4d:
                    d2:76:b7:19:6f:9f:63:91:7f:90:f4:1a:98:bd:0c:
                    08:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:71:E6:94:73:1A:B6:88:FB:1E:EA:B3:5B:EC:4A:64:50:81:A0:29
            X509v3 Authority Key Identifier:
                keyid:D0:F1:4B:8A:08:CB:5F:80:57:D4:8B:03:E5:3F:45:8B:8E:1F:EE:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0PFLigjLX4BX1IsD5T9Fi44f7tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/5XHmlHMatoj7HuqzW-xKZFCBoCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/21bdbb-856f-41dd-aad9-066ddf32bfcc/1/0PFLigjLX4BX1IsD5T9Fi44f7tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         aa:5b:15:c1:58:ce:08:6b:78:3d:9c:f6:ce:64:d4:42:36:07:
         5b:c8:65:38:ad:ce:1d:94:49:db:23:7b:bb:b3:20:27:ed:ad:
         86:a8:bc:34:1c:89:85:4f:a9:cf:b2:0d:bb:df:ac:17:51:59:
         21:3d:b7:b7:65:e3:ba:69:72:f6:13:a8:e6:1f:1b:0b:6e:65:
         cd:00:f2:39:25:e6:7e:ad:31:8c:2b:a5:89:42:6c:e6:73:c5:
         f9:f7:1a:65:f7:6f:4f:84:64:12:e5:9b:42:e0:55:68:6e:95:
         ae:23:21:5d:45:fa:69:40:6b:6a:73:da:b8:de:c4:19:a7:3b:
         8d:b2:fd:7c:ba:e3:d8:61:65:26:62:4c:f8:5e:c1:72:1b:6a:
         2f:82:1a:f0:97:b4:c7:62:2a:22:1c:1d:96:c4:87:a7:09:08:
         03:0b:90:f7:f4:b6:98:e3:d3:33:db:35:9d:a3:94:17:fc:f5:
         1b:22:95:c3:28:ef:00:89:94:64:d1:c8:cb:a6:fa:7e:90:11:
         28:67:67:39:8a:66:ea:f6:48:ce:da:3b:9b:0d:fd:70:1b:15:
         80:0b:12:37:59:d4:60:ec:a1:0f:00:93:44:32:07:a9:23:a4:
         91:d5:8c:af:a8:9e:1a:53:28:20:df:46:dd:43:66:60:8e:97:
         e2:d6:41:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zaQhxkbK9r/nF0t8FEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjE0YjhhMDhjYjVmODA1N2Q0OGIwM2U1M2Y0NThiOGUx
ZmVlZDYwHhcNMjUwMTAxMjE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTcxZTY5NDczMWFiNjg4ZmIxZWVhYjM1YmVjNGE2NDUwODFhMDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaOgLeeJzUmu/nPoYhHauETCx1TZ
k/58blfrAVUBTh+7lmyLV3T6Om7LzfI61C6k3IgXQSppHgSFatQyvK8uSu50c3UK
VWCnW+ZphOPi3UAIvC//FA0AmknEAay2Ltn7RJaJJUZ0/TI6ssmHwy7Zd8A5P8Rk
PMzjINMlCIvaGdbAGbKP5PmP7csD6QTrydxYIGTtiZB7glANsc0q92bW/QmmnJlv
wk1VdxSSTTTXa6VgI967GdnJfGGVcsWEkacxrcg8XqNjIQTRof2p3FKWrGA8HW+g
OCjaIxtVY5SKm1Zo7pfz8s3V6/oJjr7q0U3SdrcZb59jkX+Q9BqYvQwIwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVx5pRzGraI+x7qs1vsSmRQgaApMB8GA1UdIwQY
MBaAFNDxS4oIy1+AV9SLA+U/RYuOH+7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBGTGlnakxYNEJYMUlzRDVUOUZpNDRmN3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yMWJkYmItODU2Zi00MWRkLWFhZDkt
MDY2ZGRmMzJiZmNjLzEvNVhIbWxITWF0b2o3SHVxelcteEtaRkNCb0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yMWJkYmItODU2Zi00MWRkLWFhZDktMDY2ZGRmMzJiZmNj
LzEvMFBGTGlnakxYNEJYMUlzRDVUOUZpNDRmN3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXujgMA0G
CSqGSIb3DQEBCwUAA4IBAQCqWxXBWM4Ia3g9nPbOZNRCNgdbyGU4rc4dlEnbI3u7
syAn7a2GqLw0HImFT6nPsg2736wXUVkhPbe3ZeO6aXL2E6jmHxsLbmXNAPI5JeZ+
rTGMK6WJQmzmc8X59xpl929PhGQS5ZtC4FVobpWuIyFdRfppQGtqc9q43sQZpzuN
sv18uuPYYWUmYkz4XsFyG2ovghrwl7THYioiHB2WxIenCQgDC5D39LaY49Mz2zWd
o5QX/PUbIpXDKO8AiZRk0cjLpvp+kBEoZ2c5imbq9kjO2jubDf1wGxWACxI3WdRg
7KEPAJNEMgepI6SR1YyvqJ4aUygg30bdQ2Zgjpfi1kGT
-----END CERTIFICATE-----