Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/maXcZQ7N2y2_afrzV1oMNjT4O7g.roa
File:                     maXcZQ7N2y2_afrzV1oMNjT4O7g.roa (raw, json)
Hash identifier:          D+pc8oR4WM9Y/chv55U8MqOsuEcIXejdvRWZ+f3Pszg=
Subject key identifier:   99:A5:DC:65:0E:CD:DB:2D:BF:69:FA:F3:57:5A:0C:36:34:F8:3B:B8
Certificate issuer:       /CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
Certificate serial:       0194266A409896176D8C4C5C60D575676D92
Authority key identifier: 43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/maXcZQ7N2y2_afrzV1oMNjT4O7g.roa
Signing time:             Thu 02 Jan 2025 09:48:05 +0000
ROA not before:           Thu 02 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210687
IP address blocks:        5.183.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:40:98:96:17:6d:8c:4c:5c:60:d5:75:67:6d:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
        Validity
            Not Before: Jan  2 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99a5dc650ecddb2dbf69faf3575a0c3634f83bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:48:bd:fc:4a:ac:81:a0:15:b3:05:48:b3:c6:
                    6a:c5:bd:29:cd:4d:0e:87:a8:fb:a5:2d:82:de:1a:
                    bc:34:16:88:a8:fc:d8:1d:1a:1e:c2:01:de:a5:5d:
                    b2:00:19:27:c3:ca:0d:ec:ce:d8:59:0c:bd:08:d8:
                    d4:de:03:b3:ec:be:11:18:34:42:08:4c:6f:01:1c:
                    83:1b:9e:27:c0:f7:ae:0a:c6:5a:8e:48:7d:ba:7a:
                    bd:de:43:09:83:f7:c2:e1:d3:9e:0b:13:08:fa:99:
                    83:d1:83:c0:d4:80:7a:7f:8b:4e:23:ca:c7:2c:28:
                    2f:fb:f2:42:14:35:89:d3:4b:f5:b5:c0:2c:ab:22:
                    6a:31:76:12:77:7a:b6:4a:18:e9:8b:ce:3f:16:08:
                    29:ca:05:db:b1:46:d7:3d:aa:22:fe:46:a9:07:5a:
                    a5:76:bc:13:79:0f:c6:2b:77:a4:3d:46:b1:1a:c5:
                    82:23:68:e3:8b:f8:20:c1:3c:16:3d:92:2c:de:f3:
                    f5:fe:ff:fa:31:ee:9e:d8:57:93:a1:95:0f:99:e4:
                    11:a7:a3:83:a5:e2:66:c4:46:6b:d9:30:a1:2d:2c:
                    39:34:80:df:45:8f:54:53:52:cf:84:3b:5a:14:c6:
                    54:04:fb:eb:4a:9a:3d:f0:d7:b7:20:85:3e:8a:1e:
                    52:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A5:DC:65:0E:CD:DB:2D:BF:69:FA:F3:57:5A:0C:36:34:F8:3B:B8
            X509v3 Authority Key Identifier:
                keyid:43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/maXcZQ7N2y2_afrzV1oMNjT4O7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:ce:95:68:d9:5b:50:a1:ba:fc:bc:59:8f:bf:13:f2:ea:26:
         25:16:d4:ce:65:c5:38:76:49:45:05:5a:af:e4:d9:09:64:d0:
         d7:78:5b:2d:2d:d8:97:2b:66:e9:f9:75:6c:46:ab:0f:27:a7:
         61:c3:dd:9d:8f:e5:76:16:6d:b5:b7:18:a3:77:59:e0:53:f3:
         83:c8:8e:12:3c:83:f7:1b:e0:26:c6:bb:4c:37:cc:4c:c1:ec:
         58:cd:bb:df:58:71:ed:d2:31:61:47:e2:1d:26:2d:12:e3:68:
         f3:cc:af:47:0f:f8:6d:77:ec:35:01:07:8f:4d:da:2d:4e:7b:
         e1:72:75:70:07:0b:f0:0b:e2:f4:22:7a:43:02:40:e6:b2:9a:
         27:fb:50:01:64:f9:57:ba:09:3c:8e:15:1d:39:42:a4:2e:75:
         28:7a:8f:6a:d6:1f:d0:c2:7f:5e:d7:9d:f2:32:dd:1f:08:27:
         2f:6f:e5:0a:32:81:f3:d9:4c:e4:f1:ce:71:6c:a0:9d:64:2c:
         ef:6b:06:4d:38:c6:21:24:4f:9f:b4:49:7c:55:54:89:81:50:
         8d:d2:8d:f7:0b:94:82:4e:c1:eb:3d:ec:b9:57:88:e4:57:ff:
         49:19:7a:28:e7:91:2b:85:a6:ab:e4:74:83:10:88:03:7d:41:
         01:00:5f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmakCYlhdtjExcYNV1Z22SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzODRmNmZhNmRlY2NlZDU1NzhhODVhNTFlMGJkNjU3MDFl
YTM0ZWMwHhcNMjUwMTAyMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWE1ZGM2NTBlY2RkYjJkYmY2OWZhZjM1NzVhMGMzNjM0ZjgzYmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0i9/EqsgaAVswVIs8Zqxb0pzU0O
h6j7pS2C3hq8NBaIqPzYHRoewgHepV2yABknw8oN7M7YWQy9CNjU3gOz7L4RGDRC
CExvARyDG54nwPeuCsZajkh9unq93kMJg/fC4dOeCxMI+pmD0YPA1IB6f4tOI8rH
LCgv+/JCFDWJ00v1tcAsqyJqMXYSd3q2Shjpi84/FggpygXbsUbXPaoi/kapB1ql
drwTeQ/GK3ekPUaxGsWCI2jji/ggwTwWPZIs3vP1/v/6Me6e2FeToZUPmeQRp6OD
peJmxEZr2TChLSw5NIDfRY9UU1LPhDtaFMZUBPvrSpo98Ne3IIU+ih5SLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJml3GUOzdstv2n681daDDY0+Du4MB8GA1UdIwQY
MBaAFEOE9vpt7M7VV4qFpR4L1lcB6jTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMt
MWIxM2JkNDU2NmE1LzEvbWFYY1pRN04yeTJfYWZyelYxb01OalQ0TzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMtMWIxM2JkNDU2NmE1
LzEvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbdtMA0G
CSqGSIb3DQEBCwUAA4IBAQBfzpVo2VtQobr8vFmPvxPy6iYlFtTOZcU4dklFBVqv
5NkJZNDXeFstLdiXK2bp+XVsRqsPJ6dhw92dj+V2Fm21txijd1ngU/ODyI4SPIP3
G+AmxrtMN8xMwexYzbvfWHHt0jFhR+IdJi0S42jzzK9HD/htd+w1AQePTdotTnvh
cnVwBwvwC+L0InpDAkDmspon+1ABZPlXugk8jhUdOUKkLnUoeo9q1h/Qwn9e153y
Mt0fCCcvb+UKMoHz2Uzk8c5xbKCdZCzvawZNOMYhJE+ftEl8VVSJgVCN0o33C5SC
TsHrPey5V4jkV/9JGXoo55Erhaar5HSDEIgDfUEBAF/w
-----END CERTIFICATE-----