Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/i6uCG0Q2AD4SRLu8l3KF_dDGZzk.roa
File:                     i6uCG0Q2AD4SRLu8l3KF_dDGZzk.roa (raw, json)
Hash identifier:          jFpYwIwpWfR9hcM4AjV3+9gVDn6oo25N3yT8niBuGDs=
Subject key identifier:   8B:AB:82:1B:44:36:00:3E:12:44:BB:BC:97:72:85:FD:D0:C6:67:39
Certificate issuer:       /CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
Certificate serial:       0194228E170B410F565FED3047CB0F9707EB
Authority key identifier: 5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/i6uCG0Q2AD4SRLu8l3KF_dDGZzk.roa
Signing time:             Wed 01 Jan 2025 15:48:44 +0000
ROA not before:           Wed 01 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216475
IP address blocks:        5.253.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:17:0b:41:0f:56:5f:ed:30:47:cb:0f:97:07:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bab821b4436003e1244bbbc977285fdd0c66739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:44:c6:54:d2:33:0f:9d:10:56:42:a9:60:c4:
                    03:d4:2b:42:9d:3d:f5:45:00:f8:06:4f:13:f5:45:
                    ef:93:76:57:db:01:88:50:94:52:37:ff:b0:f4:6c:
                    76:41:f7:3f:3a:ae:b4:cf:35:ca:a4:8c:4b:e2:4c:
                    35:3b:09:bf:80:74:1d:98:10:4d:cd:15:17:e0:01:
                    ae:97:4b:56:42:75:ae:42:0a:a9:19:be:94:9a:4f:
                    a3:20:5b:00:30:6a:d1:9f:96:70:74:89:83:7c:ce:
                    08:b1:a2:24:ff:b3:1b:6b:d9:98:02:78:bc:a1:0f:
                    a3:09:9a:91:ef:e2:64:f3:80:54:43:d8:21:26:30:
                    7c:ea:b2:0b:3a:81:18:b6:b3:dc:4c:2b:86:12:59:
                    aa:55:78:bc:62:fa:ab:c1:48:29:7b:ab:aa:12:d4:
                    df:03:0f:19:07:c4:91:42:cb:b0:0f:9e:62:3f:97:
                    74:a4:a6:29:63:92:80:b8:fe:08:3e:93:ba:f4:49:
                    24:ec:71:bf:9f:7f:1c:9d:4a:7a:a5:17:80:a9:e0:
                    37:79:5e:b8:0c:f0:8f:13:16:3b:c5:40:0d:a8:9f:
                    6d:9d:e7:51:10:f3:ed:79:6f:cb:47:07:e4:a7:bd:
                    a9:cb:11:77:06:c7:52:64:21:51:73:8d:c6:73:84:
                    6e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AB:82:1B:44:36:00:3E:12:44:BB:BC:97:72:85:FD:D0:C6:67:39
            X509v3 Authority Key Identifier:
                keyid:5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/i6uCG0Q2AD4SRLu8l3KF_dDGZzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b9:44:a9:af:58:b1:1f:0d:ec:8f:bf:29:36:98:ca:bc:a0:
         39:41:d8:dd:0b:ef:fc:ef:ed:b6:ac:0d:fa:a4:ac:b9:6d:b7:
         e6:6e:90:d5:b8:cc:ff:31:f0:dc:15:2c:44:d6:b8:08:3a:31:
         c7:01:18:4d:77:cb:67:82:97:5b:89:b9:db:f9:ff:d3:b6:04:
         56:24:d3:42:aa:e9:47:5e:49:6e:e9:36:89:41:0b:e5:7a:3f:
         34:a2:51:55:19:80:50:18:9b:38:44:3a:65:fb:3f:fe:7a:7d:
         75:7d:09:50:e2:c3:80:5d:46:67:e2:f1:3f:2d:d2:f7:22:9a:
         3d:2b:36:95:61:21:f5:21:e1:47:66:94:90:ee:8a:2a:fe:a5:
         2d:9d:79:2b:a0:8f:9c:1d:9b:c5:03:8e:6f:53:25:b6:c1:32:
         1a:28:9c:b0:17:a2:04:7c:d3:55:dd:b8:c7:8f:4e:99:68:c3:
         e7:4e:43:13:23:2d:37:00:89:b0:37:b5:40:33:4e:51:f0:a4:
         84:6d:e7:83:0b:98:b2:bb:89:3e:60:03:64:c1:e1:e7:74:a2:
         ff:59:f3:83:e6:a8:a6:eb:3c:d3:4d:b3:bb:61:c5:0d:a3:42:
         48:10:df:09:0e:12:57:64:3c:38:2a:37:32:84:a7:b7:52:ee:
         68:eb:a7:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhcLQQ9WX+0wR8sPlwfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODZjNDdkYTZkOTA3OTM0N2I2MGYwNGVkNWM1NTU3ZmU5
ODNlYjgwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFiODIxYjQ0MzYwMDNlMTI0NGJiYmM5NzcyODVmZGQwYzY2NzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ETGVNIzD50QVkKpYMQD1CtCnT31
RQD4Bk8T9UXvk3ZX2wGIUJRSN/+w9Gx2Qfc/Oq60zzXKpIxL4kw1Owm/gHQdmBBN
zRUX4AGul0tWQnWuQgqpGb6Umk+jIFsAMGrRn5ZwdImDfM4IsaIk/7Mba9mYAni8
oQ+jCZqR7+Jk84BUQ9ghJjB86rILOoEYtrPcTCuGElmqVXi8YvqrwUgpe6uqEtTf
Aw8ZB8SRQsuwD55iP5d0pKYpY5KAuP4IPpO69Ekk7HG/n38cnUp6pReAqeA3eV64
DPCPExY7xUANqJ9tnedREPPteW/LRwfkp72pyxF3BsdSZCFRc43Gc4RuywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIurghtENgA+EkS7vJdyhf3Qxmc5MB8GA1UdIwQY
MBaAFF2GxH2m2QeTR7YPBO1cVVf+mD64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYt
ZmM2MzI4NDFiYTNlLzEvaTZ1Q0cwUTJBRDRTUkx1OGwzS0ZfZERHWnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYtZmM2MzI4NDFiYTNl
LzEvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf29MA0G
CSqGSIb3DQEBCwUAA4IBAQCFuUSpr1ixHw3sj78pNpjKvKA5QdjdC+/87+22rA36
pKy5bbfmbpDVuMz/MfDcFSxE1rgIOjHHARhNd8tngpdbibnb+f/TtgRWJNNCqulH
Xklu6TaJQQvlej80olFVGYBQGJs4RDpl+z/+en11fQlQ4sOAXUZn4vE/LdL3Ipo9
KzaVYSH1IeFHZpSQ7ooq/qUtnXkroI+cHZvFA45vUyW2wTIaKJywF6IEfNNV3bjH
j06ZaMPnTkMTIy03AImwN7VAM05R8KSEbeeDC5iyu4k+YANkweHndKL/WfOD5qim
6zzTTbO7YcUNo0JIEN8JDhJXZDw4KjcyhKe3Uu5o66cU
-----END CERTIFICATE-----