Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5khkKd9D2jQ9XIItKFBCGEDVunU.roa
File:                     5khkKd9D2jQ9XIItKFBCGEDVunU.roa (raw, json)
Hash identifier:          cPoYaX7N1qtEkbleFjx3BiBi/7TqErjO9m1K3c+yXf4=
Subject key identifier:   E6:48:64:29:DF:43:DA:34:3D:5C:82:2D:28:50:42:18:40:D5:BA:75
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD31D8A9D7CDDD77F2181678C3FD0F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5khkKd9D2jQ9XIItKFBCGEDVunU.roa
Signing time:             Thu 02 Jan 2025 07:48:57 +0000
ROA not before:           Thu 02 Jan 2025 07:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397032
IP address blocks:        45.43.163.0/24 maxlen: 24
                          216.173.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:53:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:31:d8:a9:d7:cd:dd:77:f2:18:16:78:c3:fd:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6486429df43da343d5c822d2850421840d5ba75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e5:d3:52:00:ab:e6:5a:e1:3b:61:35:91:47:
                    ce:8d:fd:81:50:3a:8a:94:38:88:c6:51:82:e3:c5:
                    de:d1:d7:fb:df:4d:37:28:86:01:55:d4:b1:2b:80:
                    f7:33:8f:e9:b2:3d:1b:e9:6a:6b:41:8a:64:9c:12:
                    66:2c:c4:f7:4c:ed:95:a6:4e:70:22:fe:f9:a9:26:
                    ab:49:e5:eb:5a:86:f2:be:30:96:70:ee:cd:e9:f5:
                    54:e3:9f:81:17:5e:c3:46:0f:88:9e:f9:17:78:44:
                    9f:6b:e8:db:b7:50:a6:6a:c8:21:f6:88:07:04:00:
                    f9:92:1b:ae:59:31:94:c2:04:af:ac:d1:2c:66:d8:
                    00:26:e0:bc:16:5f:b9:91:ff:e4:15:35:97:5f:35:
                    55:08:37:71:18:38:3f:6b:3c:83:87:97:77:d3:cd:
                    eb:bb:92:87:f8:a1:81:13:00:67:65:47:81:3d:ab:
                    d3:21:bf:6b:6f:4c:f9:99:15:89:4f:11:d1:c3:2a:
                    b1:9e:6e:0e:bd:f7:a9:43:e1:b2:91:62:37:f4:b9:
                    67:d1:19:bc:3d:0d:02:56:56:14:73:ed:f5:5b:5c:
                    d5:f1:70:94:01:b6:cb:ad:e2:d6:fb:b2:da:3d:aa:
                    69:1f:e2:0c:9c:e2:73:34:28:34:f5:ea:b9:f5:ba:
                    05:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:48:64:29:DF:43:DA:34:3D:5C:82:2D:28:50:42:18:40:D5:BA:75
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5khkKd9D2jQ9XIItKFBCGEDVunU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.163.0/24
                  216.173.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:da:c2:07:2d:d5:9b:5d:13:0f:bc:19:30:84:41:bf:7b:26:
         4b:32:e6:da:37:77:fa:e9:9e:25:a5:d8:70:39:ae:48:0b:0b:
         d5:cb:f2:34:0f:4c:8e:37:b7:14:15:a5:b3:52:1c:0b:f1:a2:
         8f:08:2b:8c:4d:ce:dc:06:34:50:b6:e9:47:27:f3:e7:62:6e:
         81:0c:44:a3:d0:26:f4:16:b1:88:07:5a:bd:e4:90:fd:2c:f2:
         a1:c9:4c:6a:c6:09:cc:1c:ab:be:7d:7b:8e:4a:00:3b:8d:d4:
         11:c9:20:9e:35:c2:a7:af:93:e0:85:f9:06:cf:84:8f:55:55:
         e7:a7:a7:aa:ee:af:ec:19:96:ff:44:5b:56:46:29:8d:1c:15:
         f7:4a:e4:34:06:4e:03:8b:2b:bf:ad:60:b1:ae:f4:d9:b0:26:
         bb:11:02:59:54:d1:3f:ad:cb:ca:86:88:ae:87:22:d9:35:25:
         cc:c1:60:d5:7a:66:1c:83:d0:84:56:9f:ac:fe:34:2f:c2:17:
         2e:93:e1:a1:db:15:77:19:82:7d:7c:12:50:af:3f:16:22:5b:
         29:cb:b4:df:a4:4f:d9:d3:f6:59:8c:67:5d:c5:7d:37:52:f5:
         7c:79:0c:d4:58:4b:dd:ef:08:6f:ad:09:9e:14:3a:38:73:39:
         30:bd:a4:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/THYqdfN3XfyGBZ4w/0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQ4NjQyOWRmNDNkYTM0M2Q1YzgyMmQyODUwNDIxODQwZDViYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOXTUgCr5lrhO2E1kUfOjf2BUDqK
lDiIxlGC48Xe0df73003KIYBVdSxK4D3M4/psj0b6WprQYpknBJmLMT3TO2Vpk5w
Iv75qSarSeXrWobyvjCWcO7N6fVU45+BF17DRg+InvkXeESfa+jbt1Cmasgh9ogH
BAD5khuuWTGUwgSvrNEsZtgAJuC8Fl+5kf/kFTWXXzVVCDdxGDg/azyDh5d3083r
u5KH+KGBEwBnZUeBPavTIb9rb0z5mRWJTxHRwyqxnm4OvfepQ+GykWI39Lln0Rm8
PQ0CVlYUc+31W1zV8XCUAbbLreLW+7LaPappH+IMnOJzNCg09eq59boFSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOZIZCnfQ9o0PVyCLShQQhhA1bp1MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvNWtoa0tkOUQyalE5WElJdEtGQkNHRURWdW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALSujAwQA
2K1NMA0GCSqGSIb3DQEBCwUAA4IBAQAC2sIHLdWbXRMPvBkwhEG/eyZLMubaN3f6
6Z4lpdhwOa5ICwvVy/I0D0yON7cUFaWzUhwL8aKPCCuMTc7cBjRQtulHJ/PnYm6B
DESj0Cb0FrGIB1q95JD9LPKhyUxqxgnMHKu+fXuOSgA7jdQRySCeNcKnr5PghfkG
z4SPVVXnp6eq7q/sGZb/RFtWRimNHBX3SuQ0Bk4Diyu/rWCxrvTZsCa7EQJZVNE/
rcvKhoiuhyLZNSXMwWDVemYcg9CEVp+s/jQvwhcuk+Gh2xV3GYJ9fBJQrz8WIlsp
y7TfpE/Z0/ZZjGddxX03UvV8eQzUWEvd7whvrQmeFDo4czkwvaSc
-----END CERTIFICATE-----