Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/ya1Qvlz0z2yIW3rWpmZNZE0Mahw.roa
File:                     ya1Qvlz0z2yIW3rWpmZNZE0Mahw.roa (raw, json)
Hash identifier:          pUh8tSNEyZT8qdNgsK70xOXvpKS7aoBqKqdEgq1Za3o=
Subject key identifier:   C9:AD:50:BE:5C:F4:CF:6C:88:5B:7A:D6:A6:66:4D:64:4D:0C:6A:1C
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       01941F8C430E5FF3F36EC8C38CC85219D4EA
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/ya1Qvlz0z2yIW3rWpmZNZE0Mahw.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399641
IP address blocks:        45.151.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:43:0e:5f:f3:f3:6e:c8:c3:8c:c8:52:19:d4:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9ad50be5cf4cf6c885b7ad6a6664d644d0c6a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e0:f6:7c:c9:ce:14:08:4d:1c:e9:78:ea:77:
                    db:2f:53:24:79:b3:54:a1:97:04:aa:d3:1b:a4:72:
                    89:87:9d:df:35:33:6d:18:c6:f0:f1:4b:a3:27:39:
                    8c:77:ce:c7:9a:3b:c9:79:4f:3b:56:6c:7a:a8:f9:
                    cd:52:fe:1d:bf:c4:e0:46:08:e9:0d:07:59:3d:93:
                    68:bf:6d:41:d8:4f:57:08:ff:52:3d:8e:1b:93:31:
                    ff:75:19:85:b6:c9:c1:6c:6a:89:5c:dc:6a:d3:a4:
                    f9:29:17:0f:04:de:51:fb:ab:65:5d:3a:74:dc:c7:
                    8a:7a:d9:0d:c9:e7:25:48:73:86:88:c6:38:ac:33:
                    34:06:a1:1d:73:07:5e:cb:5d:5c:39:48:1c:3c:1c:
                    6a:6e:9c:e3:42:ca:a2:ef:91:e2:9f:8b:8c:b3:48:
                    95:9e:84:76:2b:84:d4:57:0d:e9:41:38:5c:59:82:
                    79:1f:f0:27:52:3d:a7:c4:a6:d5:36:6f:53:7b:aa:
                    9f:c9:a1:25:96:41:cc:fd:28:85:4d:b6:a6:92:7f:
                    7e:67:33:a0:45:6d:32:7a:55:6d:a6:f9:75:e8:a5:
                    83:ea:ae:92:7a:0a:6d:3b:1d:a3:aa:eb:c5:b5:aa:
                    be:09:19:73:16:27:89:48:cb:9f:aa:7b:b0:32:b4:
                    16:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:AD:50:BE:5C:F4:CF:6C:88:5B:7A:D6:A6:66:4D:64:4D:0C:6A:1C
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/ya1Qvlz0z2yIW3rWpmZNZE0Mahw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:23:ba:66:66:b7:64:9f:bb:c4:3c:10:0f:61:00:66:52:ff:
         da:1f:e3:b8:82:2d:d1:54:12:21:2c:3e:02:4f:9d:44:1b:78:
         27:ec:1d:26:8a:4b:3c:98:15:63:8b:57:04:13:63:52:c6:77:
         d4:0a:ea:cd:fa:e8:d8:7f:5d:08:d6:ec:f2:48:e6:df:7c:82:
         9c:36:8e:69:0a:b1:9b:09:63:12:76:a4:d7:f4:62:93:0e:9f:
         02:09:e5:ac:13:47:e3:c6:f6:77:09:74:e6:cc:85:73:a2:f8:
         25:ff:73:8a:0e:fa:70:ad:64:34:f8:12:89:51:3c:48:69:cc:
         e4:a3:3e:ce:d1:50:f0:27:90:15:1c:81:0c:a3:5b:6e:a4:ce:
         c2:74:58:83:b7:f4:54:c8:45:56:04:45:b7:21:60:e4:94:ef:
         98:2b:06:72:3f:1a:7f:bb:ee:92:8d:4d:5e:70:07:6b:bd:9a:
         86:36:ae:e9:ab:7d:0d:8b:96:96:0e:15:5b:34:d1:9b:61:76:
         b8:7b:0b:51:25:b6:46:60:04:aa:9a:c5:99:61:8f:b4:e0:a1:
         cb:55:a8:12:40:0c:77:dc:9b:5d:c8:dc:37:1b:f0:b4:c3:03:
         fc:83:2a:a9:64:1e:ac:3f:ee:a6:47:4c:f0:85:35:40:ba:ca:
         33:b6:2f:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjEMOX/PzbsjDjMhSGdTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWFkNTBiZTVjZjRjZjZjODg1YjdhZDZhNjY2NGQ2NDRkMGM2YTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeD2fMnOFAhNHOl46nfbL1MkebNU
oZcEqtMbpHKJh53fNTNtGMbw8UujJzmMd87HmjvJeU87Vmx6qPnNUv4dv8TgRgjp
DQdZPZNov21B2E9XCP9SPY4bkzH/dRmFtsnBbGqJXNxq06T5KRcPBN5R+6tlXTp0
3MeKetkNyeclSHOGiMY4rDM0BqEdcwdey11cOUgcPBxqbpzjQsqi75Hin4uMs0iV
noR2K4TUVw3pQThcWYJ5H/AnUj2nxKbVNm9Te6qfyaEllkHM/SiFTbamkn9+ZzOg
RW0yelVtpvl16KWD6q6SegptOx2jquvFtaq+CRlzFieJSMufqnuwMrQW8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmtUL5c9M9siFt61qZmTWRNDGocMB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEveWExUXZsejB6MnlJVzNyV3BtWk5aRTBNYWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdHMA0G
CSqGSIb3DQEBCwUAA4IBAQB7I7pmZrdkn7vEPBAPYQBmUv/aH+O4gi3RVBIhLD4C
T51EG3gn7B0miks8mBVji1cEE2NSxnfUCurN+ujYf10I1uzySObffIKcNo5pCrGb
CWMSdqTX9GKTDp8CCeWsE0fjxvZ3CXTmzIVzovgl/3OKDvpwrWQ0+BKJUTxIaczk
oz7O0VDwJ5AVHIEMo1tupM7CdFiDt/RUyEVWBEW3IWDklO+YKwZyPxp/u+6SjU1e
cAdrvZqGNq7pq30Ni5aWDhVbNNGbYXa4ewtRJbZGYASqmsWZYY+04KHLVagSQAx3
3JtdyNw3G/C0wwP8gyqpZB6sP+6mR0zwhTVAusozti8s
-----END CERTIFICATE-----