Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/Q155SYsxVZHtklas2BS3w5w70h0.roa
File:                     Q155SYsxVZHtklas2BS3w5w70h0.roa (raw, json)
Hash identifier:          FvNx0toywZuvzc5WA2iEA8TJxxDlZbL0owUYzKxW1No=
Subject key identifier:   43:5E:79:49:8B:31:55:91:ED:92:56:AC:D8:14:B7:C3:9C:3B:D2:1D
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D16FA3B8CD84E0F93C38B8BB7093
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/Q155SYsxVZHtklas2BS3w5w70h0.roa
Signing time:             Wed 01 Jan 2025 11:48:09 +0000
ROA not before:           Wed 01 Jan 2025 11:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60006
IP address blocks:        79.133.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d1:6f:a3:b8:cd:84:e0:f9:3c:38:b8:bb:70:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=435e79498b315591ed9256acd814b7c39c3bd21d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a0:67:34:a4:7d:c0:37:b2:77:10:f4:e3:68:
                    76:bc:bc:a9:4d:5c:62:58:68:90:a5:bb:2b:b3:ab:
                    ff:8c:e8:20:89:c1:e1:db:bc:2b:c5:e6:df:1e:38:
                    f0:bc:0f:89:3b:84:7a:af:0a:05:7e:8f:78:25:e0:
                    30:07:91:b1:f2:25:52:2d:56:2b:43:0f:a1:2b:87:
                    2b:de:50:fb:35:22:28:2b:11:d7:23:65:81:9e:16:
                    f7:93:eb:8d:e1:c4:16:06:c0:cf:24:22:1f:2f:a6:
                    68:75:14:e0:2d:f6:85:3e:77:16:18:e3:3b:4e:fa:
                    52:c1:f5:13:14:6c:78:11:e9:4f:53:7c:8d:a7:e9:
                    e8:1a:70:ca:f1:95:fd:a5:21:50:4e:34:dd:2a:ba:
                    22:e7:96:f7:7c:bc:b6:90:56:96:70:de:f8:36:84:
                    06:3d:d5:de:b8:ba:ec:aa:b7:b9:33:ff:b6:68:0b:
                    b1:36:38:93:2e:83:59:a8:f3:df:b4:38:b4:c0:17:
                    6d:b4:44:43:e6:2c:34:30:09:3c:4f:0d:15:2f:3f:
                    43:84:e1:31:4d:eb:da:85:88:ec:5b:59:62:1e:b7:
                    00:62:eb:cc:4f:04:29:f2:42:a7:71:3b:08:9d:f1:
                    a2:48:d0:db:25:d1:53:f3:0f:05:4c:35:db:d1:9d:
                    01:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:5E:79:49:8B:31:55:91:ED:92:56:AC:D8:14:B7:C3:9C:3B:D2:1D
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/Q155SYsxVZHtklas2BS3w5w70h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:4a:98:4c:bf:b5:13:fe:ad:b7:ee:60:cb:90:e8:8e:a3:2d:
         a9:df:65:4c:90:d9:5a:8e:7b:4f:13:be:d3:d3:71:e8:55:95:
         a9:53:a0:fa:5f:de:74:7c:b9:4e:3b:74:c9:34:61:61:94:06:
         95:c5:eb:dc:22:21:d9:eb:01:59:6d:64:73:c3:22:2c:9c:2d:
         c1:9b:0b:5f:1c:14:f3:7c:16:11:34:33:c9:db:02:4a:2e:cd:
         11:3f:c3:0b:4b:c3:eb:27:c7:22:27:8a:c6:97:c1:59:b9:ad:
         a2:a2:d8:90:39:89:e5:db:7d:25:f7:50:ad:e9:37:35:bc:62:
         db:a4:a5:16:ee:14:53:9e:09:25:b0:40:47:97:da:62:25:3b:
         c7:08:fe:3f:ab:e3:29:2a:c3:0f:f9:96:55:b5:0b:73:c6:f2:
         2d:25:0c:4e:34:fb:42:db:cb:ba:f5:2a:81:c7:7f:b8:92:03:
         64:41:3c:5f:c2:aa:2e:2d:d2:db:70:ce:e6:d0:e8:af:56:cb:
         42:cb:2c:80:68:78:51:f8:57:47:76:d3:20:c7:12:3e:fb:e1:
         ab:ca:8f:0b:af:44:e9:5d:bb:8d:40:1d:7f:91:82:1b:e7:bb:
         66:45:84:a1:ab:25:e5:cb:40:75:af:6a:3e:60:fa:0a:8e:cb:
         56:25:35:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdFvo7jNhOD5PDi4u3CTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzVlNzk0OThiMzE1NTkxZWQ5MjU2YWNkODE0YjdjMzljM2JkMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKBnNKR9wDeydxD042h2vLypTVxi
WGiQpbsrs6v/jOggicHh27wrxebfHjjwvA+JO4R6rwoFfo94JeAwB5Gx8iVSLVYr
Qw+hK4cr3lD7NSIoKxHXI2WBnhb3k+uN4cQWBsDPJCIfL6ZodRTgLfaFPncWGOM7
TvpSwfUTFGx4EelPU3yNp+noGnDK8ZX9pSFQTjTdKroi55b3fLy2kFaWcN74NoQG
PdXeuLrsqre5M/+2aAuxNjiTLoNZqPPftDi0wBdttERD5iw0MAk8Tw0VLz9DhOEx
TevahYjsW1liHrcAYuvMTwQp8kKncTsInfGiSNDbJdFT8w8FTDXb0Z0BCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENeeUmLMVWR7ZJWrNgUt8OcO9IdMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvUTE1NVNZc3hWWkh0a2xhczJCUzN3NXc3MGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4VpMA0G
CSqGSIb3DQEBCwUAA4IBAQCwSphMv7UT/q237mDLkOiOoy2p32VMkNlajntPE77T
03HoVZWpU6D6X950fLlOO3TJNGFhlAaVxevcIiHZ6wFZbWRzwyIsnC3BmwtfHBTz
fBYRNDPJ2wJKLs0RP8MLS8PrJ8ciJ4rGl8FZua2iotiQOYnl230l91Ct6Tc1vGLb
pKUW7hRTngklsEBHl9piJTvHCP4/q+MpKsMP+ZZVtQtzxvItJQxONPtC28u69SqB
x3+4kgNkQTxfwqouLdLbcM7m0OivVstCyyyAaHhR+FdHdtMgxxI+++Gryo8Lr0Tp
XbuNQB1/kYIb57tmRYShqyXly0B1r2o+YPoKjstWJTUQ
-----END CERTIFICATE-----