Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/RIDaaDvlCW6kZ_Qmkvg7iHhvkxs.roa
File:                     RIDaaDvlCW6kZ_Qmkvg7iHhvkxs.roa (raw, json)
Hash identifier:          TtEPT7gUdS6PVf0+fJoFxhyGOnl72shQIlFVnXWjJd4=
Subject key identifier:   44:80:DA:68:3B:E5:09:6E:A4:67:F4:26:92:F8:3B:88:78:6F:93:1B
Certificate issuer:       /CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Certificate serial:       01942521927804D1C233C98AB40D35217101
Authority key identifier: 84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/RIDaaDvlCW6kZ_Qmkvg7iHhvkxs.roa
Signing time:             Thu 02 Jan 2025 03:49:04 +0000
ROA not before:           Thu 02 Jan 2025 03:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50627
IP address blocks:        5.42.144.0/21 maxlen: 24
                          178.20.32.0/21 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:92:78:04:d1:c2:33:c9:8a:b4:0d:35:21:71:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
        Validity
            Not Before: Jan  2 03:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4480da683be5096ea467f42692f83b88786f931b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:01:f7:e8:24:e6:b1:e9:a0:3b:98:f1:f8:5c:
                    9d:3e:a5:d2:7f:74:e3:04:0e:cc:ad:64:56:39:31:
                    f4:8a:20:08:cf:dc:02:9e:88:25:4a:ec:0a:65:c8:
                    db:21:7b:cf:01:ca:9b:54:9c:d7:b6:cd:7e:2a:e7:
                    4d:56:ba:0d:1c:e3:fc:54:71:8c:40:b5:67:d2:9d:
                    b2:6c:72:47:8a:fd:01:03:44:cf:9d:34:3e:d0:d0:
                    b9:5a:bb:3d:54:34:76:f5:20:58:14:33:fd:5d:f1:
                    a1:c9:a7:8a:aa:2e:96:f5:31:8f:32:26:57:52:56:
                    f9:da:07:89:71:e1:99:e2:6e:e2:b9:41:b7:9a:07:
                    3d:44:a7:ad:78:7f:c9:56:20:87:c8:87:87:00:42:
                    dd:98:f6:49:b8:91:54:eb:44:3c:41:7c:60:cd:74:
                    a4:44:85:f2:22:9a:5d:da:74:b0:49:88:d1:99:d7:
                    09:48:df:ab:e3:19:7d:86:59:9b:c5:ba:c4:7f:32:
                    16:69:8c:71:cb:64:a5:ba:81:c5:99:ab:3d:bd:08:
                    bc:16:0d:c5:73:07:e2:90:74:5f:5b:f3:ad:fb:15:
                    56:33:0a:af:ae:02:63:e2:d7:4a:b8:a7:6b:96:24:
                    b9:eb:3d:af:c7:1e:a6:18:30:6a:ca:6c:d7:25:71:
                    f3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:80:DA:68:3B:E5:09:6E:A4:67:F4:26:92:F8:3B:88:78:6F:93:1B
            X509v3 Authority Key Identifier:
                keyid:84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/RIDaaDvlCW6kZ_Qmkvg7iHhvkxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.144.0/21
                  178.20.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b3:c2:5b:47:04:d3:1d:e3:a2:89:93:42:bc:3f:12:7b:e2:60:
         04:cc:9a:09:68:85:4c:62:db:2d:2f:f8:c2:d0:7a:8d:85:34:
         7c:38:34:9e:48:74:76:03:b6:e0:09:e0:a0:72:18:0d:3c:14:
         8a:75:df:bf:91:89:8a:3a:24:9d:a5:67:5e:3b:97:9c:2e:c5:
         81:ad:e1:35:82:15:1d:de:42:78:1e:8d:1d:5e:58:ab:e1:4a:
         02:d9:99:0f:53:38:cb:c6:32:27:b5:da:e2:9f:d5:59:b9:52:
         ca:62:84:7c:c7:8b:98:79:d0:fc:91:3c:c4:b8:aa:3a:08:a5:
         f0:7a:df:6a:f6:cb:0c:fd:9b:13:f7:81:58:3a:a3:f4:7a:27:
         5f:d1:68:e1:d3:a7:d6:c4:df:13:54:3e:3c:01:15:02:4d:26:
         ae:a6:bf:ad:b1:d7:2f:4b:1c:87:b2:f5:80:50:04:77:46:58:
         74:2c:4f:8d:b6:65:60:12:0e:1a:32:16:cc:df:39:0c:e4:b2:
         21:35:31:aa:80:14:20:55:02:3f:1e:0c:28:c2:b4:d8:00:44:
         00:32:27:83:d1:5c:86:27:d0:b7:74:94:4e:93:35:ba:bf:54:
         8f:4a:2e:e3:c7:e6:13:f4:9c:78:37:2f:96:02:a7:44:36:99:
         30:a7:79:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIZJ4BNHCM8mKtA01IXEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTRhY2EwMjBmYjJiZGM5M2E0NzI2NmU4N2VjNjdjZGM4
ODU3YzUwHhcNMjUwMTAyMDM0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDgwZGE2ODNiZTUwOTZlYTQ2N2Y0MjY5MmY4M2I4ODc4NmY5MzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAH36CTmsemgO5jx+FydPqXSf3Tj
BA7MrWRWOTH0iiAIz9wCnoglSuwKZcjbIXvPAcqbVJzXts1+KudNVroNHOP8VHGM
QLVn0p2ybHJHiv0BA0TPnTQ+0NC5Wrs9VDR29SBYFDP9XfGhyaeKqi6W9TGPMiZX
Ulb52geJceGZ4m7iuUG3mgc9RKeteH/JViCHyIeHAELdmPZJuJFU60Q8QXxgzXSk
RIXyIppd2nSwSYjRmdcJSN+r4xl9hlmbxbrEfzIWaYxxy2SluoHFmas9vQi8Fg3F
cwfikHRfW/Ot+xVWMwqvrgJj4tdKuKdrliS56z2vxx6mGDBqymzXJXHzUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFESA2mg75QlupGf0JpL4O4h4b5MbMB8GA1UdIwQY
MBaAFISkrKAg+yvck6RyZuh+xnzciFfFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUt
OWVmMzZkMjUxNTE3LzEvUklEYWFEdmxDVzZrWl9RbWt2ZzdpSGh2a3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUtOWVmMzZkMjUxNTE3
LzEvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBSqQAwQD
shQgMA0GCSqGSIb3DQEBCwUAA4IBAQCzwltHBNMd46KJk0K8PxJ74mAEzJoJaIVM
YtstL/jC0HqNhTR8ODSeSHR2A7bgCeCgchgNPBSKdd+/kYmKOiSdpWdeO5ecLsWB
reE1ghUd3kJ4Ho0dXlir4UoC2ZkPUzjLxjIntdrin9VZuVLKYoR8x4uYedD8kTzE
uKo6CKXwet9q9ssM/ZsT94FYOqP0eidf0Wjh06fWxN8TVD48ARUCTSaupr+tsdcv
SxyHsvWAUAR3Rlh0LE+NtmVgEg4aMhbM3zkM5LIhNTGqgBQgVQI/HgwowrTYAEQA
MieD0VyGJ9C3dJROkzW6v1SPSi7jx+YT9Jx4Ny+WAqdENpkwp3m+
-----END CERTIFICATE-----