Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/t_NEg6wAORA2z6iY5tzozpqnVeQ.roa
File:                     t_NEg6wAORA2z6iY5tzozpqnVeQ.roa (raw, json)
Hash identifier:          t2U+jSzM9nfj8HCTrMEEUxEUZzl9OlK4KTd8PiWngec=
Subject key identifier:   B7:F3:44:83:AC:00:39:10:36:CF:A8:98:E6:DC:E8:CE:9A:A7:55:E4
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019428240ECA6C3C66D89AC89F202FD088F5
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/t_NEg6wAORA2z6iY5tzozpqnVeQ.roa
Signing time:             Thu 02 Jan 2025 17:50:39 +0000
ROA not before:           Thu 02 Jan 2025 17:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7488
IP address blocks:        5.102.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:0e:ca:6c:3c:66:d8:9a:c8:9f:20:2f:d0:88:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7f34483ac00391036cfa898e6dce8ce9aa755e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ce:e5:cd:7e:ef:0d:c6:4b:58:c6:b9:97:4e:
                    d3:95:3d:c4:b6:6a:84:af:e7:81:ac:70:1a:71:1a:
                    fc:a1:0c:df:49:a3:ac:56:2f:e1:e3:79:c9:38:1c:
                    41:22:72:d2:12:6c:58:72:4c:8b:5c:e6:0c:54:4c:
                    3e:9f:43:6a:70:d3:88:f4:b0:3a:46:08:af:f2:0a:
                    16:f9:0e:7c:04:1a:a8:e0:6f:fb:4a:a5:08:2d:1f:
                    b9:58:23:3c:cf:f5:ba:e0:76:ab:cb:1e:0b:c4:74:
                    a9:31:a5:69:4d:6f:13:60:d3:41:63:50:e3:f1:76:
                    dd:b6:9f:19:bc:54:b9:22:27:af:18:c9:bf:12:fb:
                    cc:8f:07:2e:3d:2c:7b:76:ac:94:4e:96:65:6b:72:
                    d7:2c:34:89:a2:54:48:6a:6c:7e:7c:5c:0b:ac:67:
                    83:e7:49:26:6f:66:10:74:43:c8:b4:0e:8f:39:39:
                    05:a2:cc:f0:a3:d4:f3:2a:69:d1:94:ef:2e:78:8c:
                    d6:92:a2:c8:96:5e:fd:6d:eb:65:ea:99:e1:93:a4:
                    4e:0d:bf:70:d4:d8:a3:55:89:4d:43:d2:4b:ff:ab:
                    bb:7d:a7:4a:d9:76:01:8b:28:e2:76:df:8a:29:36:
                    b0:20:0c:e3:07:65:19:c1:76:94:5d:de:b4:af:32:
                    98:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F3:44:83:AC:00:39:10:36:CF:A8:98:E6:DC:E8:CE:9A:A7:55:E4
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/t_NEg6wAORA2z6iY5tzozpqnVeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:44:a5:44:f7:bb:b2:e4:12:83:73:b3:df:51:79:7c:8d:6b:
         d4:1f:a8:59:2a:32:ab:83:03:91:ed:4c:21:d0:08:d6:e9:b9:
         40:89:ec:e8:83:41:1f:77:38:01:19:62:32:db:db:ee:57:d2:
         06:56:25:fa:ea:2e:8e:36:25:19:ff:6e:be:bb:f5:47:7f:93:
         37:7e:f2:75:b3:0f:e3:11:27:ae:c7:ee:0c:02:26:7c:55:8e:
         1a:dc:2d:6b:8d:82:1e:66:48:a3:cb:b6:6d:46:ed:7f:6c:19:
         2d:97:34:05:d7:e5:c9:4a:06:bc:26:55:d6:36:0d:1c:f2:b6:
         ba:18:6a:97:29:5f:0e:21:64:74:b4:ac:0c:14:61:ed:4b:46:
         43:fd:a0:08:d3:2d:e0:b8:15:77:3a:f3:c6:ba:6a:67:6d:a0:
         81:1e:b8:cf:b3:79:2b:b4:74:ff:8e:62:d1:15:a2:a9:b3:7a:
         89:67:42:7f:7e:3a:5d:fc:b9:6b:32:9c:82:b0:d6:81:ff:a7:
         41:33:9d:6c:54:da:a2:f2:2a:d4:73:fe:73:fe:fa:2c:17:05:
         b1:f5:81:21:d0:e8:68:55:55:a8:48:87:e6:2f:de:3a:68:41:
         79:9f:25:bd:bc:a7:c2:72:b1:6e:82:50:88:95:aa:87:45:0e:
         34:87:f9:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJA7KbDxm2JrInyAv0Ij1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2YzNDQ4M2FjMDAzOTEwMzZjZmE4OThlNmRjZThjZTlhYTc1NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqM7lzX7vDcZLWMa5l07TlT3EtmqE
r+eBrHAacRr8oQzfSaOsVi/h43nJOBxBInLSEmxYckyLXOYMVEw+n0NqcNOI9LA6
Rgiv8goW+Q58BBqo4G/7SqUILR+5WCM8z/W64Haryx4LxHSpMaVpTW8TYNNBY1Dj
8Xbdtp8ZvFS5IievGMm/EvvMjwcuPSx7dqyUTpZla3LXLDSJolRIamx+fFwLrGeD
50kmb2YQdEPItA6POTkFoszwo9TzKmnRlO8ueIzWkqLIll79betl6pnhk6RODb9w
1NijVYlNQ9JL/6u7fadK2XYBiyjidt+KKTawIAzjB2UZwXaUXd60rzKYTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfzRIOsADkQNs+omObc6M6ap1XkMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvdF9ORWc2d0FPUkEyejZpWTV0em96cHFuVmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZgMA0G
CSqGSIb3DQEBCwUAA4IBAQA/RKVE97uy5BKDc7PfUXl8jWvUH6hZKjKrgwOR7Uwh
0AjW6blAiezog0EfdzgBGWIy29vuV9IGViX66i6ONiUZ/26+u/VHf5M3fvJ1sw/j
ESeux+4MAiZ8VY4a3C1rjYIeZkijy7ZtRu1/bBktlzQF1+XJSga8JlXWNg0c8ra6
GGqXKV8OIWR0tKwMFGHtS0ZD/aAI0y3guBV3OvPGumpnbaCBHrjPs3krtHT/jmLR
FaKps3qJZ0J/fjpd/LlrMpyCsNaB/6dBM51sVNqi8irUc/5z/vosFwWx9YEh0Oho
VVWoSIfmL946aEF5nyW9vKfCcrFuglCIlaqHRQ40h/l8
-----END CERTIFICATE-----