Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/5ePvcq9zuyiP8F0_1MZ5SKg1RU4.roa
File:                     5ePvcq9zuyiP8F0_1MZ5SKg1RU4.roa (raw, json)
Hash identifier:          x2xCVfg3u5h3OuMzgVAwJ2hD3aJVygyj1psk9B6lRgM=
Subject key identifier:   E5:E3:EF:72:AF:73:BB:28:8F:F0:5D:3F:D4:C6:79:48:A8:35:45:4E
Certificate issuer:       /CN=38482b1320b980f46d6e404fe7d58bdb11d50fd3
Certificate serial:       01942823142A8AD1471972DF3E3043D5C339
Authority key identifier: 38:48:2B:13:20:B9:80:F4:6D:6E:40:4F:E7:D5:8B:DB:11:D5:0F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OEgrEyC5gPRtbkBP59WL2xHVD9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/5ePvcq9zuyiP8F0_1MZ5SKg1RU4.roa
Signing time:             Thu 02 Jan 2025 17:49:34 +0000
ROA not before:           Thu 02 Jan 2025 17:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59780
IP address blocks:        185.71.120.0/22 maxlen: 24
                          185.177.84.0/22 maxlen: 24
                          2a05:3240::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/OEgrEyC5gPRtbkBP59WL2xHVD9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/OEgrEyC5gPRtbkBP59WL2xHVD9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OEgrEyC5gPRtbkBP59WL2xHVD9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:14:2a:8a:d1:47:19:72:df:3e:30:43:d5:c3:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38482b1320b980f46d6e404fe7d58bdb11d50fd3
        Validity
            Not Before: Jan  2 17:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5e3ef72af73bb288ff05d3fd4c67948a835454e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6e:fa:25:bd:66:e3:01:17:a4:9d:e4:09:c9:
                    e8:e1:0d:64:3b:f3:1c:c7:24:3e:f7:71:c6:7f:51:
                    25:a9:3d:d8:b6:42:17:5e:41:83:f2:4c:0c:4c:91:
                    1b:dd:12:2e:b6:cc:34:02:35:2f:d4:fd:11:14:1d:
                    54:a5:c7:64:61:c1:ea:26:97:50:69:b0:2b:db:bd:
                    41:bb:ee:85:54:5a:7d:8e:4e:88:49:86:2b:65:fe:
                    98:a3:81:e6:27:19:50:05:14:22:7d:2d:af:d5:78:
                    08:4c:6b:c5:71:5f:7f:99:dc:5e:31:15:fd:15:e4:
                    88:e7:9b:3a:32:2b:af:e3:4e:e1:6c:e3:89:d7:e9:
                    f6:c2:1a:15:97:f3:ba:ce:56:9b:d1:a8:11:42:10:
                    a7:0f:03:47:92:07:62:51:d2:1d:4b:cd:6a:01:a4:
                    c3:1b:1d:2f:2a:f9:c6:5a:fa:94:ad:1b:cf:b5:e9:
                    4f:a5:2e:c9:86:51:1c:c4:fd:5d:a2:79:be:19:f5:
                    6a:73:9f:6c:93:2f:54:03:cd:1a:ca:56:6c:4b:16:
                    44:9f:e7:c6:e7:35:37:dc:9c:97:ea:4b:89:2d:7a:
                    51:d7:5c:5d:62:5d:36:f0:d1:8f:04:31:c8:92:51:
                    b3:69:87:83:6c:74:a2:68:66:70:76:27:2e:d1:fc:
                    6a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E3:EF:72:AF:73:BB:28:8F:F0:5D:3F:D4:C6:79:48:A8:35:45:4E
            X509v3 Authority Key Identifier:
                keyid:38:48:2B:13:20:B9:80:F4:6D:6E:40:4F:E7:D5:8B:DB:11:D5:0F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEgrEyC5gPRtbkBP59WL2xHVD9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/5ePvcq9zuyiP8F0_1MZ5SKg1RU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/OEgrEyC5gPRtbkBP59WL2xHVD9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.120.0/22
                  185.177.84.0/22
                IPv6:
                  2a05:3240::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:0f:be:2f:41:c8:fc:6c:7e:fc:d4:24:12:6f:c4:86:23:78:
         5f:b8:6d:b7:75:7b:83:e3:9e:f4:78:d7:87:ca:90:91:f1:7e:
         0d:7e:a2:ef:dc:b7:11:1d:e1:b9:3e:31:68:d7:ab:45:b6:c2:
         56:c9:d6:8e:f6:96:37:83:05:cd:e4:69:87:9d:8d:66:7f:e1:
         96:ef:2e:4c:a9:39:6d:1f:8a:fc:7c:e0:7c:04:fd:11:7a:a5:
         ca:e1:7e:c6:b0:4d:4a:82:c9:93:4b:fd:c5:8e:e2:46:e5:4c:
         ce:ae:ef:05:1e:7f:9c:f0:1d:73:c0:4e:71:9a:0b:08:5d:27:
         bc:17:48:fb:5a:99:cf:db:6b:4b:be:2e:c0:96:66:66:3a:7a:
         31:dc:79:d5:ab:0b:97:74:e6:19:06:5a:be:1f:b2:e8:d0:6b:
         50:c4:c4:8b:01:e0:24:66:b5:38:31:5d:9b:59:56:5e:6a:65:
         b2:aa:e0:72:48:67:59:10:a6:01:ec:56:3e:78:a5:fb:e3:d8:
         66:b3:49:d3:9b:83:2b:21:43:e8:0c:fc:80:6b:92:ed:f2:e0:
         97:4b:ae:dd:8b:5f:b1:02:4f:78:7e:0c:ec:87:f3:2d:37:6c:
         48:23:8c:fb:5b:d5:d0:5c:4d:c9:fb:62:49:c0:b4:27:69:28:
         35:bd:47:57
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoIxQqitFHGXLfPjBD1cM5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDgyYjEzMjBiOTgwZjQ2ZDZlNDA0ZmU3ZDU4YmRiMTFk
NTBmZDMwHhcNMjUwMTAyMTc0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWUzZWY3MmFmNzNiYjI4OGZmMDVkM2ZkNGM2Nzk0OGE4MzU0NTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw276Jb1m4wEXpJ3kCcno4Q1kO/Mc
xyQ+93HGf1ElqT3YtkIXXkGD8kwMTJEb3RIutsw0AjUv1P0RFB1UpcdkYcHqJpdQ
abAr271Bu+6FVFp9jk6ISYYrZf6Yo4HmJxlQBRQifS2v1XgITGvFcV9/mdxeMRX9
FeSI55s6Miuv407hbOOJ1+n2whoVl/O6zlab0agRQhCnDwNHkgdiUdIdS81qAaTD
Gx0vKvnGWvqUrRvPtelPpS7JhlEcxP1donm+GfVqc59sky9UA80aylZsSxZEn+fG
5zU33JyX6kuJLXpR11xdYl028NGPBDHIklGzaYeDbHSiaGZwdicu0fxq8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOXj73Kvc7soj/BdP9TGeUioNUVOMB8GA1UdIwQY
MBaAFDhIKxMguYD0bW5AT+fVi9sR1Q/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VnckV5QzVnUFJ0YmtCUDU5V0wyeEhWRDlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMzI0NTQtM2VmOS00NDEyLTg1NzAt
NWNmNDNkMzU5MDhlLzEvNWVQdmNxOXp1eWlQOEYwXzFNWjVTS2cxUlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMzI0NTQtM2VmOS00NDEyLTg1NzAtNWNmNDNkMzU5MDhl
LzEvT0VnckV5QzVnUFJ0YmtCUDU5V0wyeEhWRDlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUd4AwQC
ubFUMA0EAgACMAcDBQMqBTJAMA0GCSqGSIb3DQEBCwUAA4IBAQBYD74vQcj8bH78
1CQSb8SGI3hfuG23dXuD4570eNeHypCR8X4NfqLv3LcRHeG5PjFo16tFtsJWydaO
9pY3gwXN5GmHnY1mf+GW7y5MqTltH4r8fOB8BP0ReqXK4X7GsE1KgsmTS/3FjuJG
5UzOru8FHn+c8B1zwE5xmgsIXSe8F0j7WpnP22tLvi7AlmZmOnox3HnVqwuXdOYZ
Blq+H7Lo0GtQxMSLAeAkZrU4MV2bWVZeamWyquBySGdZEKYB7FY+eKX749hms0nT
m4MrIUPoDPyAa5Lt8uCXS67di1+xAk94fgzsh/MtN2xII4z7W9XQXE3J+2JJwLQn
aSg1vUdX
-----END CERTIFICATE-----