Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ExntZfd8HKZJX9NxtffDdUcjDs4.roa
File:                     ExntZfd8HKZJX9NxtffDdUcjDs4.roa (raw, json)
Hash identifier:          we5TYett/Q2v253FNWM1V1eXU4uCcrPLyP/h5rNmYaQ=
Subject key identifier:   13:19:ED:65:F7:7C:1C:A6:49:5F:D3:71:B5:F7:C3:75:47:23:0E:CE
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019715DE88E97AC4D138C39B71F88BD6CEDA
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ExntZfd8HKZJX9NxtffDdUcjDs4.roa
Signing time:             Wed 28 May 2025 07:49:54 +0000
ROA not before:           Wed 28 May 2025 07:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12027
IP address blocks:        5.56.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:de:88:e9:7a:c4:d1:38:c3:9b:71:f8:8b:d6:ce:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 28 07:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1319ed65f77c1ca6495fd371b5f7c37547230ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f4:36:82:39:18:f9:ac:d8:63:2c:52:87:ae:
                    f9:1e:db:7a:96:3d:29:c3:a0:fa:13:c5:3d:ac:4e:
                    be:b5:a5:74:d0:2a:6b:0c:1c:19:1d:fc:c1:d7:a5:
                    89:84:db:1a:9b:b1:0f:24:ca:ef:4e:98:3d:6c:1d:
                    87:67:63:a9:c2:fa:85:3d:08:69:64:1e:4c:f7:3d:
                    4d:b3:69:e9:3a:88:5c:16:b0:9e:74:90:5d:75:39:
                    a5:1f:1f:95:df:59:f1:ef:f6:af:4e:f5:7e:ee:84:
                    1a:d1:b5:7c:7b:3e:5c:d7:5a:8e:1b:d7:1c:19:7d:
                    9a:81:9d:39:a3:39:e7:f4:55:7f:d2:a5:32:0d:37:
                    a1:08:04:d9:32:2c:0f:f2:4e:2b:bf:fa:be:f8:56:
                    17:3c:87:87:26:0e:cf:36:bc:03:3b:6e:a7:c4:57:
                    87:48:b0:ab:ac:ba:bf:65:19:ce:d0:48:0c:ed:3a:
                    d4:63:6c:0b:4e:c3:9a:53:b9:66:90:39:0c:96:c1:
                    ab:62:0a:27:e6:f3:89:e7:0f:a9:a7:da:df:45:03:
                    c9:d5:ac:8a:c1:81:81:c9:9f:1c:18:49:cb:2b:b6:
                    38:17:4c:b6:2e:90:70:65:4a:4a:b7:04:56:6b:ab:
                    74:cb:16:3c:ff:41:d7:2a:12:9b:31:a5:99:2e:d1:
                    ce:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:19:ED:65:F7:7C:1C:A6:49:5F:D3:71:B5:F7:C3:75:47:23:0E:CE
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ExntZfd8HKZJX9NxtffDdUcjDs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a4:fe:ef:a4:f0:4b:04:3e:6a:7f:72:6f:ba:b2:b3:69:67:
         b5:aa:f9:71:c8:e6:95:bd:b6:b8:87:f0:a3:74:b2:ce:7c:dc:
         17:0f:f6:b2:0b:cc:84:d8:d3:99:b6:80:a2:68:47:13:95:5e:
         81:08:76:3d:30:9c:0c:a8:2b:a2:72:31:ec:44:07:c5:1a:03:
         62:0b:ce:b0:de:4b:47:2b:96:27:ee:19:89:35:93:8c:a5:df:
         57:ff:6c:d4:53:ef:86:1d:04:a4:2c:f0:43:0b:79:4b:3e:30:
         a4:c2:c5:06:4f:9c:11:18:a5:6c:13:39:e4:6f:44:0e:09:5a:
         76:f3:0a:80:05:a0:2f:ec:55:8e:32:df:99:81:2f:70:a1:0c:
         01:7b:43:52:e7:38:8e:73:b7:99:11:fc:60:cc:ba:73:47:25:
         1e:2b:20:42:a8:7d:27:75:5d:e0:9c:84:88:bf:81:71:a8:22:
         bf:ec:09:c1:24:65:80:01:51:10:76:47:ad:c6:19:ab:52:ec:
         26:10:df:4c:ec:51:69:5e:91:0c:27:25:f2:07:90:fc:1e:b9:
         f0:8f:94:e6:38:13:07:92:fd:db:4c:f1:6a:94:c3:b5:c0:f0:
         08:92:70:b1:93:80:ad:b5:11:f6:a3:0f:cc:0f:27:83:6b:de:
         3c:0b:16:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcV3ojpesTROMObcfiL1s7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNTI4MDc0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzE5ZWQ2NWY3N2MxY2E2NDk1ZmQzNzFiNWY3YzM3NTQ3MjMwZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/Q2gjkY+azYYyxSh675Htt6lj0p
w6D6E8U9rE6+taV00CprDBwZHfzB16WJhNsam7EPJMrvTpg9bB2HZ2OpwvqFPQhp
ZB5M9z1Ns2npOohcFrCedJBddTmlHx+V31nx7/avTvV+7oQa0bV8ez5c11qOG9cc
GX2agZ05oznn9FV/0qUyDTehCATZMiwP8k4rv/q++FYXPIeHJg7PNrwDO26nxFeH
SLCrrLq/ZRnO0EgM7TrUY2wLTsOaU7lmkDkMlsGrYgon5vOJ5w+pp9rfRQPJ1ayK
wYGByZ8cGEnLK7Y4F0y2LpBwZUpKtwRWa6t0yxY8/0HXKhKbMaWZLtHOiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMZ7WX3fBymSV/TcbX3w3VHIw7OMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvRXhudFpmZDhIS1pKWDlOeHRmZkRkVWNqRHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgdMA0G
CSqGSIb3DQEBCwUAA4IBAQBFpP7vpPBLBD5qf3JvurKzaWe1qvlxyOaVvba4h/Cj
dLLOfNwXD/ayC8yE2NOZtoCiaEcTlV6BCHY9MJwMqCuicjHsRAfFGgNiC86w3ktH
K5Yn7hmJNZOMpd9X/2zUU++GHQSkLPBDC3lLPjCkwsUGT5wRGKVsEznkb0QOCVp2
8wqABaAv7FWOMt+ZgS9woQwBe0NS5ziOc7eZEfxgzLpzRyUeKyBCqH0ndV3gnISI
v4FxqCK/7AnBJGWAAVEQdketxhmrUuwmEN9M7FFpXpEMJyXyB5D8Hrnwj5TmOBMH
kv3bTPFqlMO1wPAIknCxk4CttRH2ow/MDyeDa948CxZG
-----END CERTIFICATE-----