Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/b5EdK_5sCsY7tSDUYhZJ0ddCFFg.roa
File:                     b5EdK_5sCsY7tSDUYhZJ0ddCFFg.roa (raw, json)
Hash identifier:          nlSoactVLtJZl8nk8jHJSuAqRa2mUqc/fYnJBlSsNVE=
Subject key identifier:   6F:91:1D:2B:FE:6C:0A:C6:3B:B5:20:D4:62:16:49:D1:D7:42:14:58
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BDDD2C268200818F67E97AB58A799
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/b5EdK_5sCsY7tSDUYhZJ0ddCFFg.roa
Signing time:             Thu 02 Jan 2025 09:49:50 +0000
ROA not before:           Thu 02 Jan 2025 09:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56872
IP address blocks:        178.16.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:dd:d2:c2:68:20:08:18:f6:7e:97:ab:58:a7:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f911d2bfe6c0ac63bb520d4621649d1d7421458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7d:6b:4c:37:72:f8:20:64:b8:d7:bd:52:ad:
                    03:05:23:e4:55:c7:69:81:d8:3a:4f:03:7a:e1:6d:
                    71:90:a6:79:1a:86:1f:bc:47:9a:3f:46:ec:64:e2:
                    9d:c4:05:c3:ae:80:ba:1d:ac:fa:ba:70:00:7e:96:
                    8a:db:ba:cc:5a:5a:fc:19:cd:1a:a1:67:e4:b1:16:
                    79:8f:01:09:c4:cd:a8:e7:c5:8b:8f:a2:24:e3:ef:
                    5d:57:63:5d:8f:96:e8:b6:39:a1:3c:12:1e:66:78:
                    88:bf:66:92:ad:19:e5:99:d8:bf:83:75:fe:3f:94:
                    a6:f9:96:7d:4e:c4:21:c8:b1:02:e9:d0:4b:f0:f2:
                    c0:3e:3e:11:a6:45:73:aa:6a:08:31:f5:6f:bd:35:
                    33:1f:16:1e:b9:2c:a8:8e:68:2f:ed:97:de:4d:ae:
                    82:c1:72:48:96:4e:18:b7:02:8e:d1:39:ed:b6:d0:
                    7b:e0:fe:cf:00:86:87:a5:c9:06:88:81:62:2e:8d:
                    15:87:57:6f:2e:c6:8e:99:5c:18:64:2a:f9:da:a8:
                    5f:7f:dd:ef:e5:3b:2b:b9:6a:41:8e:fe:1e:9c:d1:
                    69:f1:94:02:51:8e:50:54:89:db:6a:da:9d:23:ce:
                    62:10:8f:8f:62:59:02:17:af:e5:b8:9f:74:12:89:
                    b1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:91:1D:2B:FE:6C:0A:C6:3B:B5:20:D4:62:16:49:D1:D7:42:14:58
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/b5EdK_5sCsY7tSDUYhZJ0ddCFFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:78:84:0c:82:92:fc:ac:7d:99:e9:25:af:98:4c:f2:3c:92:
         0e:5c:f0:2f:eb:e5:94:ff:82:e4:5d:cf:f9:2b:2f:9a:5d:b2:
         31:b1:2e:df:3d:e0:e1:57:d3:22:2b:db:34:8a:5d:26:40:91:
         5a:07:85:e4:91:f2:56:58:45:44:24:68:56:3e:64:d1:d3:d7:
         0e:2b:5d:00:d4:7f:58:57:cb:6a:80:e5:6a:ff:fd:c9:5b:4a:
         87:a4:c7:b6:db:0f:25:79:48:26:6b:86:79:1e:ec:25:99:c5:
         80:04:c9:ec:93:59:5f:8e:28:74:17:0f:6e:b6:62:2f:59:b5:
         be:d7:ee:15:f2:78:17:94:24:49:b7:46:f2:35:cf:c4:11:3d:
         95:3d:a5:30:58:87:00:90:58:09:34:88:77:70:82:c9:0d:91:
         52:4e:1b:55:a1:c9:65:c8:6d:ed:fa:bc:25:d5:27:83:df:b6:
         ca:7f:a8:30:28:d3:95:ad:83:fc:a0:4c:81:0e:e3:ca:17:d1:
         e2:d1:86:e0:e0:55:5e:e7:71:d5:ee:b8:d6:8f:be:76:e5:7a:
         77:a7:e8:09:5d:8a:91:e9:17:cb:ad:18:13:39:c2:6d:97:82:
         12:9f:63:3c:df:ec:54:65:03:d8:d5:81:4d:70:c7:15:c7:4a:
         2a:6e:2d:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma93SwmggCBj2fperWKeZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjkxMWQyYmZlNmMwYWM2M2JiNTIwZDQ2MjE2NDlkMWQ3NDIxNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt31rTDdy+CBkuNe9Uq0DBSPkVcdp
gdg6TwN64W1xkKZ5GoYfvEeaP0bsZOKdxAXDroC6Haz6unAAfpaK27rMWlr8Gc0a
oWfksRZ5jwEJxM2o58WLj6Ik4+9dV2Ndj5botjmhPBIeZniIv2aSrRnlmdi/g3X+
P5Sm+ZZ9TsQhyLEC6dBL8PLAPj4RpkVzqmoIMfVvvTUzHxYeuSyojmgv7ZfeTa6C
wXJIlk4YtwKO0TntttB74P7PAIaHpckGiIFiLo0Vh1dvLsaOmVwYZCr52qhff93v
5TsruWpBjv4enNFp8ZQCUY5QVInbatqdI85iEI+PYlkCF6/luJ90EomxZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+RHSv+bArGO7Ug1GIWSdHXQhRYMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvYjVFZEtfNXNDc1k3dFNEVVloWkowZGRDRkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshB9MA0G
CSqGSIb3DQEBCwUAA4IBAQCSeIQMgpL8rH2Z6SWvmEzyPJIOXPAv6+WU/4LkXc/5
Ky+aXbIxsS7fPeDhV9MiK9s0il0mQJFaB4XkkfJWWEVEJGhWPmTR09cOK10A1H9Y
V8tqgOVq//3JW0qHpMe22w8leUgma4Z5HuwlmcWABMnsk1lfjih0Fw9utmIvWbW+
1+4V8ngXlCRJt0byNc/EET2VPaUwWIcAkFgJNIh3cILJDZFSThtVocllyG3t+rwl
1SeD37bKf6gwKNOVrYP8oEyBDuPKF9Hi0Ybg4FVe53HV7rjWj7525Xp3p+gJXYqR
6RfLrRgTOcJtl4ISn2M83+xUZQPY1YFNcMcVx0oqbi2k
-----END CERTIFICATE-----