Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/P7g82oQa9maLUZf-zyJXFEwQ_Tk.roa
File:                     P7g82oQa9maLUZf-zyJXFEwQ_Tk.roa (raw, json)
Hash identifier:          R1Jxxc/Qby3IEt4xnho0adyCsC1rCUaoaz24WlyrPXE=
Subject key identifier:   3F:B8:3C:DA:84:1A:F6:66:8B:51:97:FE:CF:22:57:14:4C:10:FD:39
Certificate issuer:       /CN=5c61ab4a6df9bb95cfde8af076668a595b341de1
Certificate serial:       019424B26103BC262309BB46D67C6CD153E0
Authority key identifier: 5C:61:AB:4A:6D:F9:BB:95:CF:DE:8A:F0:76:66:8A:59:5B:34:1D:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGGrSm35u5XP3orwdmaKWVs0HeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/P7g82oQa9maLUZf-zyJXFEwQ_Tk.roa
Signing time:             Thu 02 Jan 2025 01:47:37 +0000
ROA not before:           Thu 02 Jan 2025 01:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        160.85.0.0/16 maxlen: 16
                          193.5.54.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/XGGrSm35u5XP3orwdmaKWVs0HeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/XGGrSm35u5XP3orwdmaKWVs0HeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGGrSm35u5XP3orwdmaKWVs0HeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:61:03:bc:26:23:09:bb:46:d6:7c:6c:d1:53:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c61ab4a6df9bb95cfde8af076668a595b341de1
        Validity
            Not Before: Jan  2 01:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fb83cda841af6668b5197fecf2257144c10fd39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:17:8e:c1:fd:2b:d4:52:b7:81:8e:eb:13:13:
                    1f:d3:c1:4e:3b:ce:05:40:66:71:00:13:b4:80:a8:
                    6c:77:96:53:07:a0:bc:c3:19:c0:87:e7:3f:0a:dc:
                    20:86:12:1d:16:e5:e3:50:94:2f:c2:a1:fe:39:5f:
                    50:6e:5e:22:a2:31:50:f2:81:28:a4:82:8b:54:6c:
                    b8:16:28:21:dc:82:4c:38:94:db:97:26:7c:63:c6:
                    91:ae:8c:79:49:d6:5a:81:ac:44:e4:a8:b4:f7:b6:
                    4e:2c:d6:65:5a:cb:8a:9a:d0:b1:e6:18:4c:d6:b9:
                    cb:ff:4c:b3:94:b2:11:fa:a5:8f:5f:14:f5:78:ff:
                    b9:88:20:33:13:54:ba:72:76:53:f2:b1:8a:ca:f0:
                    fb:77:66:63:8f:ee:a3:eb:e6:df:de:9b:cc:3d:29:
                    5d:87:ff:40:d0:5a:34:00:c5:47:41:5d:4f:f9:88:
                    7a:c4:1d:26:d1:16:a6:27:5e:66:f9:5b:35:96:b9:
                    3b:34:b6:47:13:33:66:87:87:ca:08:1a:9a:6e:28:
                    34:a1:49:41:b2:21:a6:d4:a5:e9:b2:e2:cc:e8:80:
                    a0:71:18:9b:d3:0c:61:0d:87:20:45:78:e4:7e:d7:
                    36:2c:26:66:29:b2:61:80:7b:59:76:55:19:4c:28:
                    36:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B8:3C:DA:84:1A:F6:66:8B:51:97:FE:CF:22:57:14:4C:10:FD:39
            X509v3 Authority Key Identifier:
                keyid:5C:61:AB:4A:6D:F9:BB:95:CF:DE:8A:F0:76:66:8A:59:5B:34:1D:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGGrSm35u5XP3orwdmaKWVs0HeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/P7g82oQa9maLUZf-zyJXFEwQ_Tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/XGGrSm35u5XP3orwdmaKWVs0HeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.85.0.0/16
                  193.5.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:19:23:66:fe:b6:22:7d:21:cf:49:6d:9e:16:dc:4b:7e:63:
         ca:3f:f4:38:61:fa:db:a4:ea:4a:e4:dd:fb:57:3c:d1:84:4a:
         c5:d8:f4:76:4b:92:c6:ac:5e:61:12:58:57:6f:de:42:f8:35:
         c2:72:ae:7d:0d:58:e0:2d:e6:a8:87:0f:f0:8a:25:95:25:8d:
         11:51:34:24:09:9f:dc:cf:a8:e8:87:7f:1c:66:af:95:d5:da:
         03:9f:b0:31:19:74:a7:1e:37:7b:b0:e3:6f:4a:01:28:00:55:
         37:9f:e2:69:97:d8:8d:05:58:45:01:94:31:c8:b0:24:a9:50:
         ac:8f:52:19:d0:7c:ee:07:95:62:fc:d8:0d:33:d9:6f:f0:9a:
         86:ac:26:70:69:63:87:65:eb:12:09:54:02:85:73:8f:ad:ee:
         51:ff:59:3e:3b:4b:1d:5b:98:2e:64:f6:69:07:99:92:f9:d9:
         3b:98:6f:aa:30:98:0c:19:9d:58:66:48:ec:8e:7b:70:4c:a0:
         9d:25:02:32:1b:80:ee:cb:b1:f5:ed:68:e7:08:e8:58:dd:19:
         6e:45:1b:61:ab:fd:58:39:69:db:f5:bf:c7:28:c4:49:d6:b6:
         7a:02:e0:c2:30:25:5c:4f:a1:61:4e:a8:0c:20:d8:9c:0b:56:
         bd:cd:cb:49
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQksmEDvCYjCbtG1nxs0VPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjFhYjRhNmRmOWJiOTVjZmRlOGFmMDc2NjY4YTU5NWIz
NDFkZTEwHhcNMjUwMTAyMDE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI4M2NkYTg0MWFmNjY2OGI1MTk3ZmVjZjIyNTcxNDRjMTBmZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xeOwf0r1FK3gY7rExMf08FOO84F
QGZxABO0gKhsd5ZTB6C8wxnAh+c/CtwghhIdFuXjUJQvwqH+OV9Qbl4iojFQ8oEo
pIKLVGy4Figh3IJMOJTblyZ8Y8aRrox5SdZagaxE5Ki097ZOLNZlWsuKmtCx5hhM
1rnL/0yzlLIR+qWPXxT1eP+5iCAzE1S6cnZT8rGKyvD7d2Zjj+6j6+bf3pvMPSld
h/9A0Fo0AMVHQV1P+Yh6xB0m0RamJ15m+Vs1lrk7NLZHEzNmh4fKCBqabig0oUlB
siGm1KXpsuLM6ICgcRib0wxhDYcgRXjkftc2LCZmKbJhgHtZdlUZTCg26QIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFD+4PNqEGvZmi1GX/s8iVxRMEP05MB8GA1UdIwQY
MBaAFFxhq0pt+buVz96K8HZmillbNB3hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdHclNtMzV1NVhQM29yd2RtYUtXVnMwSGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mZDVhOTgtMjcyZi00MDc4LTk0OGQt
NmZhODY4OTIxZGZiLzEvUDdnODJvUWE5bWFMVVpmLXp5SlhGRXdRX1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mZDVhOTgtMjcyZi00MDc4LTk0OGQtNmZhODY4OTIxZGZi
LzEvWEdHclNtMzV1NVhQM29yd2RtYUtXVnMwSGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAoFUDBAHB
BTYwDQYJKoZIhvcNAQELBQADggEBACkZI2b+tiJ9Ic9JbZ4W3Et+Y8o/9Dhh+tuk
6krk3ftXPNGESsXY9HZLksasXmESWFdv3kL4NcJyrn0NWOAt5qiHD/CKJZUljRFR
NCQJn9zPqOiHfxxmr5XV2gOfsDEZdKceN3uw429KASgAVTef4mmX2I0FWEUBlDHI
sCSpUKyPUhnQfO4HlWL82A0z2W/wmoasJnBpY4dl6xIJVAKFc4+t7lH/WT47Sx1b
mC5k9mkHmZL52TuYb6owmAwZnVhmSOyOe3BMoJ0lAjIbgO7LsfXtaOcI6FjdGW5F
G2Gr/Vg5adv1v8coxEnWtnoC4MIwJVxPoWFOqAwg2JwLVr3Ny0k=
-----END CERTIFICATE-----