Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/V4v-VxZ-7OAHRrY5C50VFKZqDnc.roa
File:                     V4v-VxZ-7OAHRrY5C50VFKZqDnc.roa (raw, json)
Hash identifier:          6nRk9oygeeOeb7rjfRo1H5M200eI6zr7Rlb7ujC3GZM=
Subject key identifier:   57:8B:FE:57:16:7E:EC:E0:07:46:B6:39:0B:9D:15:14:A6:6A:0E:77
Certificate issuer:       /CN=34dd4026d290f3201d28ef684d3c5ac13c96ec6d
Certificate serial:       0195C84F71DD0E21DA64DD8322658946C074
Authority key identifier: 34:DD:40:26:D2:90:F3:20:1D:28:EF:68:4D:3C:5A:C1:3C:96:EC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/V4v-VxZ-7OAHRrY5C50VFKZqDnc.roa
Signing time:             Mon 24 Mar 2025 13:20:04 +0000
ROA not before:           Mon 24 Mar 2025 13:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60115
IP address blocks:        5.102.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 18:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:4f:71:dd:0e:21:da:64:dd:83:22:65:89:46:c0:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34dd4026d290f3201d28ef684d3c5ac13c96ec6d
        Validity
            Not Before: Mar 24 13:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=578bfe57167eece00746b6390b9d1514a66a0e77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bc:e4:7e:ac:79:2c:53:c5:df:06:83:3b:67:
                    23:a5:ae:d9:bf:7c:7d:05:4e:e7:a6:c4:56:70:01:
                    55:23:39:1e:6d:e5:c4:57:13:be:0a:0d:82:78:84:
                    04:6f:7e:f2:33:22:ec:28:25:5b:ec:be:47:5a:bc:
                    66:38:67:a1:37:26:36:9a:2b:f1:4f:e4:ec:34:5d:
                    f2:a2:70:b9:41:c9:0c:86:ec:fd:71:f4:87:bc:f7:
                    4b:17:f1:4a:3c:03:bf:cc:cd:f8:cb:d0:d3:2f:33:
                    f4:7d:a4:d5:41:29:77:11:4d:e3:7d:91:3e:88:3b:
                    46:2d:2d:83:6b:0d:82:be:67:89:e2:c6:ec:80:36:
                    6b:de:af:c5:7b:78:f1:b8:43:73:df:88:7a:29:39:
                    f7:f3:e1:4f:ec:d8:ae:08:85:ba:4e:b3:8a:c7:55:
                    51:62:f9:60:80:f2:d4:11:2f:1f:c3:6f:5d:83:8a:
                    43:51:ec:0e:30:f9:6a:35:c2:ad:27:1d:93:47:48:
                    a6:04:df:8c:fe:4a:96:96:47:67:2c:92:2b:5d:e0:
                    52:77:dd:ce:31:a5:60:86:1f:3a:f6:ea:00:00:62:
                    28:8f:c8:d7:53:70:e9:78:ee:f1:24:05:05:2d:b8:
                    85:3f:5f:6a:55:3c:aa:e6:ae:4b:da:c3:94:a6:07:
                    84:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:8B:FE:57:16:7E:EC:E0:07:46:B6:39:0B:9D:15:14:A6:6A:0E:77
            X509v3 Authority Key Identifier:
                keyid:34:DD:40:26:D2:90:F3:20:1D:28:EF:68:4D:3C:5A:C1:3C:96:EC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/V4v-VxZ-7OAHRrY5C50VFKZqDnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:91:3e:8a:f8:8c:16:14:d7:47:9c:68:49:08:92:6e:3c:8e:
         a5:11:ce:52:bc:a9:a9:99:7b:49:df:03:c2:9b:65:58:9e:f3:
         eb:89:1a:1e:c0:75:77:65:23:cc:ce:69:1d:ae:88:5d:e8:c5:
         f5:c3:03:48:2a:57:7d:d5:a5:87:b0:6e:2d:c1:eb:04:9a:5d:
         d7:4b:38:0c:16:bc:3a:55:bd:d3:a9:55:f4:12:dd:1b:dc:70:
         eb:13:b0:5b:50:ed:7b:ee:5a:e0:24:9b:26:a8:56:c7:7e:d6:
         d8:16:ab:13:1a:b3:2c:6a:04:7a:e1:63:c7:ad:dd:57:89:ce:
         bd:03:48:af:b2:40:0c:f7:1b:55:f2:20:f1:1e:75:5d:f4:95:
         e8:bb:05:35:ff:49:02:85:e2:74:e0:cc:30:0c:1f:c8:ad:15:
         62:b3:e1:97:c9:46:0b:a0:93:0e:9f:8e:1f:1e:d2:0d:cf:9c:
         eb:b0:f6:a1:05:86:72:ec:f1:d9:69:7d:c8:a2:b3:84:2b:71:
         fb:f3:69:9c:77:62:90:a9:9b:c1:2c:92:38:33:98:a2:87:4c:
         fe:0e:b2:fc:5b:aa:15:d1:8f:05:b7:7e:2c:59:87:13:21:20:
         7b:59:59:b3:d1:cf:68:c7:d7:0c:24:1a:50:ba:9b:f9:ba:30:
         86:8d:a8:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXIT3HdDiHaZN2DImWJRsB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZGQ0MDI2ZDI5MGYzMjAxZDI4ZWY2ODRkM2M1YWMxM2M5
NmVjNmQwHhcNMjUwMzI0MTMyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzhiZmU1NzE2N2VlY2UwMDc0NmI2MzkwYjlkMTUxNGE2NmEwZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7zkfqx5LFPF3waDO2cjpa7Zv3x9
BU7npsRWcAFVIzkebeXEVxO+Cg2CeIQEb37yMyLsKCVb7L5HWrxmOGehNyY2mivx
T+TsNF3yonC5QckMhuz9cfSHvPdLF/FKPAO/zM34y9DTLzP0faTVQSl3EU3jfZE+
iDtGLS2Daw2CvmeJ4sbsgDZr3q/Fe3jxuENz34h6KTn38+FP7NiuCIW6TrOKx1VR
YvlggPLUES8fw29dg4pDUewOMPlqNcKtJx2TR0imBN+M/kqWlkdnLJIrXeBSd93O
MaVghh869uoAAGIoj8jXU3DpeO7xJAUFLbiFP19qVTyq5q5L2sOUpgeEdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFeL/lcWfuzgB0a2OQudFRSmag53MB8GA1UdIwQY
MBaAFDTdQCbSkPMgHSjvaE08WsE8luxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk4xQUp0S1E4eUFkS085b1RUeGF3VHlXN0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83MmE0MDUtMTU5OC00MDMzLThlMmIt
ODc4NTA3ZWQ0NmY3LzEvVjR2LVZ4Wi03T0FIUnJZNUM1MFZGS1pxRG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83MmE0MDUtMTU5OC00MDMzLThlMmItODc4NTA3ZWQ0NmY3
LzEvTk4xQUp0S1E4eUFkS085b1RUeGF3VHlXN0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWYgMA0G
CSqGSIb3DQEBCwUAA4IBAQAukT6K+IwWFNdHnGhJCJJuPI6lEc5SvKmpmXtJ3wPC
m2VYnvPriRoewHV3ZSPMzmkdrohd6MX1wwNIKld91aWHsG4twesEml3XSzgMFrw6
Vb3TqVX0Et0b3HDrE7BbUO177lrgJJsmqFbHftbYFqsTGrMsagR64WPHrd1Xic69
A0ivskAM9xtV8iDxHnVd9JXouwU1/0kCheJ04MwwDB/IrRVis+GXyUYLoJMOn44f
HtINz5zrsPahBYZy7PHZaX3IorOEK3H782mcd2KQqZvBLJI4M5iih0z+DrL8W6oV
0Y8Ft34sWYcTISB7WVmz0c9ox9cMJBpQupv5ujCGjahq
-----END CERTIFICATE-----