Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/gl5jVkYAoBFN7cdrLnkDFxT9xzs.roa
File:                     gl5jVkYAoBFN7cdrLnkDFxT9xzs.roa (raw, json)
Hash identifier:          DKhlihYjJGtiikGfA1O1zHxswQCNAc4gtqIYH1Qddqc=
Subject key identifier:   82:5E:63:56:46:00:A0:11:4D:ED:C7:6B:2E:79:03:17:14:FD:C7:3B
Certificate issuer:       /CN=8af7847737e74942b2be74b93fd02d900d309b20
Certificate serial:       0194236A28A97CE7A4AA7327B5831688A00F
Authority key identifier: 8A:F7:84:77:37:E7:49:42:B2:BE:74:B9:3F:D0:2D:90:0D:30:9B:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iveEdzfnSUKyvnS5P9AtkA0wmyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/gl5jVkYAoBFN7cdrLnkDFxT9xzs.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        139.17.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/iveEdzfnSUKyvnS5P9AtkA0wmyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/iveEdzfnSUKyvnS5P9AtkA0wmyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iveEdzfnSUKyvnS5P9AtkA0wmyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:28:a9:7c:e7:a4:aa:73:27:b5:83:16:88:a0:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8af7847737e74942b2be74b93fd02d900d309b20
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=825e63564600a0114dedc76b2e79031714fdc73b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2d:55:b0:39:15:c7:76:40:07:6e:52:49:d1:
                    24:8a:bc:2b:01:b8:99:3f:76:c2:34:06:ad:50:38:
                    89:99:02:23:dd:ef:7d:49:c0:3a:f8:0f:7f:e8:d3:
                    1b:f0:15:1c:ed:9e:d9:6e:98:d8:9a:a5:fe:12:1b:
                    1d:9d:d7:1d:d0:c9:ad:5d:2d:15:65:e8:9d:d4:e4:
                    a0:c6:ed:29:8e:ea:f1:28:7e:2e:17:c5:2c:d0:2d:
                    ab:a1:3f:0e:fc:fa:10:38:a2:b3:f5:57:9f:0d:22:
                    84:d0:3f:f2:4b:64:e0:b8:0d:73:f6:06:4a:cb:b1:
                    59:f6:2f:7c:c0:b8:e3:ab:45:da:bd:f1:06:11:2e:
                    7e:b8:4b:cb:8a:01:51:4b:25:d7:85:d1:0a:ce:3d:
                    de:fa:0c:3e:41:45:fd:bb:b6:ce:cf:b0:05:9e:51:
                    72:31:9d:24:b5:ce:df:50:42:bc:37:2b:4c:c0:77:
                    a7:e9:17:c8:ea:ad:f3:7d:cf:44:83:88:0a:d5:69:
                    53:40:d7:83:f0:b0:57:a0:46:61:79:99:49:39:af:
                    32:32:28:03:5d:c3:87:ca:4c:34:42:de:14:47:67:
                    aa:06:90:03:50:8c:a9:65:33:9c:53:da:d1:cd:ce:
                    a8:4b:85:87:9e:b6:7b:32:e3:e3:7e:d5:f1:96:c4:
                    b8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:5E:63:56:46:00:A0:11:4D:ED:C7:6B:2E:79:03:17:14:FD:C7:3B
            X509v3 Authority Key Identifier:
                keyid:8A:F7:84:77:37:E7:49:42:B2:BE:74:B9:3F:D0:2D:90:0D:30:9B:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iveEdzfnSUKyvnS5P9AtkA0wmyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/gl5jVkYAoBFN7cdrLnkDFxT9xzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/iveEdzfnSUKyvnS5P9AtkA0wmyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b1:cc:80:d6:4a:d8:69:24:bc:57:ce:90:19:0f:f3:c8:48:b1:
         59:67:a9:09:c2:56:6e:46:6d:28:86:c6:ed:53:fc:ae:cb:b1:
         2f:e5:74:44:07:75:75:8e:ae:e6:94:37:37:49:e5:c9:bf:0a:
         cd:e0:4f:17:62:40:85:f5:1b:33:b9:94:a6:61:9d:90:77:ec:
         72:b9:74:20:16:4a:5c:b6:d5:e0:90:d2:c3:58:1e:5c:d5:69:
         fd:f9:af:fe:d3:1e:d8:cd:a4:0e:f5:0f:2b:c0:63:0a:0c:67:
         78:af:e5:70:5a:2d:a3:90:47:d8:98:15:40:d4:b6:64:69:97:
         87:16:cb:3f:2e:74:a7:67:e7:2a:3f:50:b0:d4:8b:9e:e7:17:
         83:ed:98:66:ee:6b:83:2d:11:c5:c3:e0:77:f6:73:2f:48:ce:
         66:bd:00:b4:d7:05:c2:c8:3c:99:66:dc:39:c9:df:48:af:ab:
         75:53:b2:e2:bf:c0:97:87:9f:63:bc:02:fc:26:d5:b4:c3:ec:
         21:7b:a4:af:b9:08:06:40:69:c9:28:92:ce:04:b5:61:08:69:
         98:6e:99:4a:4e:d7:90:a6:80:1e:96:31:90:17:dc:52:8a:4b:
         1f:89:63:1e:81:09:98:8b:ad:dd:2a:c5:0a:be:71:79:aa:e6:
         08:ee:7b:89
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjaiipfOekqnMntYMWiKAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZjc4NDc3MzdlNzQ5NDJiMmJlNzRiOTNmZDAyZDkwMGQz
MDliMjAwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjVlNjM1NjQ2MDBhMDExNGRlZGM3NmIyZTc5MDMxNzE0ZmRjNzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS1VsDkVx3ZAB25SSdEkirwrAbiZ
P3bCNAatUDiJmQIj3e99ScA6+A9/6NMb8BUc7Z7ZbpjYmqX+Ehsdndcd0MmtXS0V
Zeid1OSgxu0pjurxKH4uF8Us0C2roT8O/PoQOKKz9VefDSKE0D/yS2TguA1z9gZK
y7FZ9i98wLjjq0XavfEGES5+uEvLigFRSyXXhdEKzj3e+gw+QUX9u7bOz7AFnlFy
MZ0ktc7fUEK8NytMwHen6RfI6q3zfc9Eg4gK1WlTQNeD8LBXoEZheZlJOa8yMigD
XcOHykw0Qt4UR2eqBpADUIypZTOcU9rRzc6oS4WHnrZ7MuPjftXxlsS4wQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIJeY1ZGAKARTe3Hay55AxcU/cc7MB8GA1UdIwQY
MBaAFIr3hHc350lCsr50uT/QLZANMJsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZlRWR6Zm5TVUt5dm5TNVA5QXRrQTB3bXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81MjM4NGItZTdhNC00MjY5LWEwY2Mt
N2VmYzI4MDhkMTI1LzEvZ2w1alZrWUFvQkZON2Nkckxua0RGeFQ5eHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81MjM4NGItZTdhNC00MjY5LWEwY2MtN2VmYzI4MDhkMTI1
LzEvaXZlRWR6Zm5TVUt5dm5TNVA5QXRrQTB3bXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAixEwDQYJ
KoZIhvcNAQELBQADggEBALHMgNZK2GkkvFfOkBkP88hIsVlnqQnCVm5GbSiGxu1T
/K7LsS/ldEQHdXWOruaUNzdJ5cm/Cs3gTxdiQIX1GzO5lKZhnZB37HK5dCAWSly2
1eCQ0sNYHlzVaf35r/7THtjNpA71DyvAYwoMZ3iv5XBaLaOQR9iYFUDUtmRpl4cW
yz8udKdn5yo/ULDUi57nF4PtmGbua4MtEcXD4Hf2cy9Izma9ALTXBcLIPJlm3DnJ
30ivq3VTsuK/wJeHn2O8Avwm1bTD7CF7pK+5CAZAackoks4EtWEIaZhumUpO15Cm
gB6WMZAX3FKKSx+JYx6BCZiLrd0qxQq+cXmq5gjue4k=
-----END CERTIFICATE-----