Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/gk0o9JIYrdgKiCEVnFxYDFCmm6g.roa
File:                     gk0o9JIYrdgKiCEVnFxYDFCmm6g.roa (raw, json)
Hash identifier:          U5lgDtUaYRY5Jq/t8D2zh/ImkX7ABdChH50k3iWkRSA=
Subject key identifier:   82:4D:28:F4:92:18:AD:D8:0A:88:21:15:9C:5C:58:0C:50:A6:9B:A8
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       019421B22E0DAC1E40F545C20672F6F7F8BE
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/gk0o9JIYrdgKiCEVnFxYDFCmm6g.roa
Signing time:             Wed 01 Jan 2025 11:48:32 +0000
ROA not before:           Wed 01 Jan 2025 11:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60578
IP address blocks:        185.7.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2e:0d:ac:1e:40:f5:45:c2:06:72:f6:f7:f8:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 11:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=824d28f49218add80a8821159c5c580c50a69ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:26:36:f2:01:93:76:6f:fc:2e:e9:a1:46:89:
                    9f:2a:48:3b:7e:3f:18:5b:96:66:30:f3:1d:e0:f0:
                    b3:dc:f5:8d:0a:38:cc:b7:39:77:64:00:67:8d:4d:
                    5b:dc:47:34:1c:af:73:3e:1e:07:47:ea:b8:5f:29:
                    48:87:87:4c:54:d7:0f:a7:0c:c5:c8:93:c0:1f:f3:
                    e6:f2:6b:1f:ce:f6:b8:c2:14:a0:5f:e8:80:e6:c1:
                    42:3b:b6:de:af:a1:a5:90:c3:b8:1c:4c:1f:86:60:
                    70:97:05:0d:38:6c:5a:ca:9c:80:a5:88:1d:c7:58:
                    f4:20:ca:4e:c3:18:b9:73:23:c8:c2:79:90:17:9e:
                    78:b6:47:10:c4:ea:38:de:3d:c2:79:16:d6:76:a7:
                    70:c7:52:22:2e:bd:14:31:13:e8:6c:62:f3:50:16:
                    d9:d6:a5:c5:8b:20:bb:bd:77:ca:6e:cc:84:14:81:
                    a6:69:4e:25:c3:8b:0c:2c:92:11:48:4b:97:95:9a:
                    3c:ae:e9:c8:8b:7e:b9:db:c8:01:34:f8:5b:23:02:
                    87:cb:8f:bc:75:55:a8:b0:eb:e7:e6:aa:01:5a:41:
                    a3:01:82:20:06:b4:27:3e:54:bd:2a:8e:36:6b:84:
                    25:3a:27:67:51:a8:ef:65:57:1b:b3:60:a5:bd:c4:
                    a1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:4D:28:F4:92:18:AD:D8:0A:88:21:15:9C:5C:58:0C:50:A6:9B:A8
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/gk0o9JIYrdgKiCEVnFxYDFCmm6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:03:37:02:38:4b:15:52:3a:db:db:74:40:e3:fa:a6:a0:ea:
         88:c0:56:a1:99:29:d9:71:40:11:e8:da:f5:2c:fa:85:ff:d7:
         e3:56:7e:19:96:55:4b:f2:eb:0e:36:a0:96:3f:bc:99:bb:6c:
         2b:64:1c:03:7e:73:60:8c:ef:d7:b0:52:36:d9:15:44:d7:22:
         e9:d3:6f:b5:c4:65:6a:e5:46:9a:3f:9b:04:e9:10:12:50:c7:
         e9:e0:14:55:d7:6a:02:48:8b:92:84:a0:df:d2:2d:b4:89:6a:
         02:89:31:f3:8e:9e:d1:fb:dd:58:25:cc:37:cf:51:f8:9b:18:
         4f:e6:3a:41:cb:c8:3c:53:c8:88:4d:2b:cb:2f:82:38:42:19:
         80:14:70:ac:71:77:35:b2:0b:64:24:d0:60:8c:e2:8a:06:4d:
         b6:98:96:1e:f9:38:f7:2d:d4:cd:b4:29:7b:cd:0b:83:9e:53:
         fa:cd:eb:a4:76:2f:47:a8:1c:c2:fc:45:95:0c:a2:82:ce:a7:
         5b:1d:52:d7:6a:6b:9c:e7:6c:1a:dd:5e:8c:0d:1e:d9:6a:d5:
         cf:66:b9:1c:f2:76:78:9a:68:92:4d:d1:50:43:cd:f4:1a:96:
         39:18:ef:84:c9:41:21:95:9b:9d:fb:8f:bb:55:aa:53:c4:08:
         9f:66:a4:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsi4NrB5A9UXCBnL29/i+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjUwMTAxMTE0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjRkMjhmNDkyMThhZGQ4MGE4ODIxMTU5YzVjNTgwYzUwYTY5YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziY28gGTdm/8LumhRomfKkg7fj8Y
W5ZmMPMd4PCz3PWNCjjMtzl3ZABnjU1b3Ec0HK9zPh4HR+q4XylIh4dMVNcPpwzF
yJPAH/Pm8msfzva4whSgX+iA5sFCO7ber6GlkMO4HEwfhmBwlwUNOGxaypyApYgd
x1j0IMpOwxi5cyPIwnmQF554tkcQxOo43j3CeRbWdqdwx1IiLr0UMRPobGLzUBbZ
1qXFiyC7vXfKbsyEFIGmaU4lw4sMLJIRSEuXlZo8runIi36528gBNPhbIwKHy4+8
dVWosOvn5qoBWkGjAYIgBrQnPlS9Ko42a4QlOidnUajvZVcbs2ClvcShSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJNKPSSGK3YCoghFZxcWAxQppuoMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvZ2swbzlKSVlyZGdLaUNFVm5GeFlERkNtbTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQfYMA0G
CSqGSIb3DQEBCwUAA4IBAQBYAzcCOEsVUjrb23RA4/qmoOqIwFahmSnZcUAR6Nr1
LPqF/9fjVn4ZllVL8usONqCWP7yZu2wrZBwDfnNgjO/XsFI22RVE1yLp02+1xGVq
5UaaP5sE6RASUMfp4BRV12oCSIuShKDf0i20iWoCiTHzjp7R+91YJcw3z1H4mxhP
5jpBy8g8U8iITSvLL4I4QhmAFHCscXc1sgtkJNBgjOKKBk22mJYe+Tj3LdTNtCl7
zQuDnlP6zeukdi9HqBzC/EWVDKKCzqdbHVLXamuc52wa3V6MDR7ZatXPZrkc8nZ4
mmiSTdFQQ830GpY5GO+EyUEhlZud+4+7VapTxAifZqR5
-----END CERTIFICATE-----