Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/eeMUvhikn7BcQGcUG3J_KumqmI0.roa
File:                     eeMUvhikn7BcQGcUG3J_KumqmI0.roa (raw, json)
Hash identifier:          rMyPtHGXVd59N7ATnOyDSnVnrrZL6fZtXGf2fhRBUW8=
Subject key identifier:   79:E3:14:BE:18:A4:9F:B0:5C:40:67:14:1B:72:7F:2A:E9:AA:98:8D
Certificate issuer:       /CN=899241a00348315c02c0e2a9150b863087d1c857
Certificate serial:       019428267EDD410D2B8702BAE5F74D8566C7
Authority key identifier: 89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/eeMUvhikn7BcQGcUG3J_KumqmI0.roa
Signing time:             Thu 02 Jan 2025 17:53:18 +0000
ROA not before:           Thu 02 Jan 2025 17:53:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59705
IP address blocks:        5.45.16.0/23 maxlen: 23
                          5.45.18.0/24 maxlen: 24
                          2a01:6c8:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:7e:dd:41:0d:2b:87:02:ba:e5:f7:4d:85:66:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=899241a00348315c02c0e2a9150b863087d1c857
        Validity
            Not Before: Jan  2 17:53:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79e314be18a49fb05c4067141b727f2ae9aa988d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:40:40:48:e8:e3:bb:58:82:0e:19:f8:c8:ad:
                    26:55:40:12:f5:ff:f5:59:0d:04:46:71:a3:8b:50:
                    d5:9c:c6:97:5c:74:5e:36:f9:97:bd:53:3d:54:14:
                    4a:7b:a9:e9:c5:b6:11:90:40:9f:1d:27:6d:fd:ae:
                    e0:91:0c:03:51:1f:b9:44:be:2c:2f:7d:5c:c2:86:
                    61:6e:47:61:42:a7:b6:2f:0f:e1:3f:80:bb:86:89:
                    11:c5:b1:19:55:72:32:fc:55:ed:1d:c8:ea:9d:4a:
                    61:77:1f:d8:0d:59:dc:10:ce:73:39:fc:0c:5f:32:
                    23:d5:a4:04:d7:0e:e6:ba:a0:45:30:ed:e3:5f:ae:
                    c1:ad:45:f6:40:5d:06:a9:b7:8c:25:ee:cc:4f:14:
                    66:36:dd:fc:97:a0:bc:96:f4:46:eb:ac:17:92:15:
                    9d:76:a9:a0:8c:37:98:29:4c:4f:f2:d2:42:d1:2f:
                    8e:e7:5c:40:09:24:3b:56:9b:6d:47:14:b4:03:65:
                    95:c2:46:5d:e4:81:21:5e:89:9d:ca:01:a2:cc:8a:
                    e9:7c:a0:01:c9:a0:d0:f8:f0:09:25:98:b8:4a:61:
                    b4:88:b5:2d:53:d7:a7:2c:2f:aa:cd:38:12:e3:f4:
                    67:4d:50:6b:52:5d:26:b0:d5:fb:63:2d:fd:92:a1:
                    85:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:E3:14:BE:18:A4:9F:B0:5C:40:67:14:1B:72:7F:2A:E9:AA:98:8D
            X509v3 Authority Key Identifier:
                keyid:89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/eeMUvhikn7BcQGcUG3J_KumqmI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.16.0-5.45.18.255
                IPv6:
                  2a01:6c8:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:e7:d8:42:32:02:f8:c4:d3:4a:0a:0d:21:0b:c8:c5:c5:a4:
         c8:e4:37:32:80:24:f5:c6:8f:f5:4e:8e:6e:94:23:02:b0:6f:
         58:da:b1:73:a1:cd:f3:54:5b:0b:ec:f0:44:0c:1f:ca:3a:bc:
         bc:c5:71:75:80:18:71:32:d4:d2:f7:ae:db:ad:23:48:62:b1:
         67:3b:47:b7:db:8c:69:f4:06:17:07:4f:7e:5c:66:ba:06:43:
         18:17:d5:57:99:72:6c:93:b7:8d:31:a7:5c:36:04:15:c8:ff:
         00:2c:3e:3e:9b:93:7f:f8:c0:a5:3b:5b:18:03:b1:38:41:eb:
         17:73:06:d4:92:fc:b2:d9:1d:4f:98:3c:12:9e:bf:ef:32:bc:
         e8:ee:3a:a4:25:b6:19:b6:15:cf:ac:9f:b4:a1:04:78:9b:24:
         a7:03:b8:20:1e:ac:3e:ce:01:06:fe:13:83:76:26:81:f3:06:
         35:da:ab:84:0e:35:59:f9:9f:7e:18:44:5b:df:d8:5a:e6:df:
         50:f1:99:d1:c6:40:ea:c7:eb:d7:3b:f3:56:99:eb:85:6c:70:
         27:c1:fd:d1:a0:21:46:45:86:02:e4:dd:d3:71:96:18:0a:cf:
         57:82:42:a4:55:33:25:6e:c3:1a:67:3a:05:74:6c:6a:75:c5:
         46:b1:22:1b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQoJn7dQQ0rhwK65fdNhWbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5OTI0MWEwMDM0ODMxNWMwMmMwZTJhOTE1MGI4NjMwODdk
MWM4NTcwHhcNMjUwMTAyMTc1MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWUzMTRiZTE4YTQ5ZmIwNWM0MDY3MTQxYjcyN2YyYWU5YWE5ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0BASOjju1iCDhn4yK0mVUAS9f/1
WQ0ERnGji1DVnMaXXHReNvmXvVM9VBRKe6npxbYRkECfHSdt/a7gkQwDUR+5RL4s
L31cwoZhbkdhQqe2Lw/hP4C7hokRxbEZVXIy/FXtHcjqnUphdx/YDVncEM5zOfwM
XzIj1aQE1w7muqBFMO3jX67BrUX2QF0GqbeMJe7MTxRmNt38l6C8lvRG66wXkhWd
dqmgjDeYKUxP8tJC0S+O51xACSQ7VpttRxS0A2WVwkZd5IEhXomdygGizIrpfKAB
yaDQ+PAJJZi4SmG0iLUtU9enLC+qzTgS4/RnTVBrUl0msNX7Yy39kqGFbwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFHnjFL4YpJ+wXEBnFBtyfyrpqpiNMB8GA1UdIwQY
MBaAFImSQaADSDFcAsDiqRULhjCH0chXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzIt
OTllNzgwYmYzYjk4LzEvZWVNVXZoaWtuN0JjUUdjVUczSl9LdW1xbUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzItOTllNzgwYmYzYjk4
LzEvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAQFLRAD
BAAFLRIwDgQCAAIwCAMGBCoBBsggMA0GCSqGSIb3DQEBCwUAA4IBAQAg59hCMgL4
xNNKCg0hC8jFxaTI5DcygCT1xo/1To5ulCMCsG9Y2rFzoc3zVFsL7PBEDB/KOry8
xXF1gBhxMtTS967brSNIYrFnO0e324xp9AYXB09+XGa6BkMYF9VXmXJsk7eNMadc
NgQVyP8ALD4+m5N/+MClO1sYA7E4QesXcwbUkvyy2R1PmDwSnr/vMrzo7jqkJbYZ
thXPrJ+0oQR4mySnA7ggHqw+zgEG/hODdiaB8wY12quEDjVZ+Z9+GERb39ha5t9Q
8ZnRxkDqx+vXO/NWmeuFbHAnwf3RoCFGRYYC5N3TcZYYCs9XgkKkVTMlbsMaZzoF
dGxqdcVGsSIb
-----END CERTIFICATE-----