Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iaR9kFzk9pmOZpUMKhD3WwBuMY4.roa
File:                     iaR9kFzk9pmOZpUMKhD3WwBuMY4.roa (raw, json)
Hash identifier:          xMMjIquAnXhwyT1NWtNB0bYSVo94otKE11BNI/jeNM4=
Subject key identifier:   89:A4:7D:90:5C:E4:F6:99:8E:66:95:0C:2A:10:F7:5B:00:6E:31:8E
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01956D631F49424DB558F44586E66D3C09B3
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iaR9kFzk9pmOZpUMKhD3WwBuMY4.roa
Signing time:             Thu 06 Mar 2025 21:36:07 +0000
ROA not before:           Thu 06 Mar 2025 21:36:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        5.180.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6d:63:1f:49:42:4d:b5:58:f4:45:86:e6:6d:3c:09:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Mar  6 21:36:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89a47d905ce4f6998e66950c2a10f75b006e318e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:75:d0:ae:80:73:ba:a9:92:37:b9:ad:88:ad:
                    4a:05:0e:0b:dd:e4:89:1e:af:78:96:fe:e3:3f:5f:
                    62:9e:c1:17:df:2a:8e:61:1a:d0:32:cc:ee:99:de:
                    62:7e:b1:cb:9a:4f:a6:98:32:ce:87:30:ab:ab:dd:
                    5d:a2:1c:95:d8:28:ff:04:62:a0:06:be:02:b0:ce:
                    dc:23:22:03:e4:61:71:8e:6c:12:85:c8:ba:91:45:
                    b7:6b:48:c6:3d:37:e1:bb:a5:3c:75:73:91:c3:36:
                    85:34:81:25:6c:1e:ba:43:b1:fc:6b:7e:29:93:ef:
                    ea:90:28:70:a8:5b:73:c2:5b:c7:a9:3b:47:f4:c8:
                    d1:16:14:d7:65:70:35:d9:e9:eb:59:76:6e:c2:8a:
                    e7:73:9e:83:cb:a7:a4:5c:9e:ca:28:1c:ba:54:2d:
                    03:a8:fc:ef:d4:87:f0:1f:1d:48:bb:f9:f5:c9:aa:
                    d7:27:a3:30:3f:c9:29:ff:39:51:bf:7e:20:b8:71:
                    a3:02:b7:db:7f:f4:cb:55:05:d4:16:72:34:6b:e4:
                    5b:21:b2:c1:54:4c:53:07:a5:95:b9:e3:db:b0:3c:
                    03:72:83:db:5b:1a:2e:d7:2d:44:50:fb:0b:e1:84:
                    f0:85:e3:4b:b0:03:4f:af:e9:52:33:72:39:ac:8a:
                    10:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A4:7D:90:5C:E4:F6:99:8E:66:95:0C:2A:10:F7:5B:00:6E:31:8E
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iaR9kFzk9pmOZpUMKhD3WwBuMY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:8e:76:ee:ab:19:97:02:68:4f:b6:aa:d2:d9:5f:95:91:40:
         b4:44:a8:14:96:bf:f4:f2:73:f4:82:63:2b:91:78:d8:6e:72:
         1f:1d:8c:d0:eb:c2:bc:96:b1:db:23:23:43:49:96:18:3f:4c:
         e3:4c:90:76:45:df:f5:10:93:4e:75:de:fd:48:eb:18:ef:7c:
         cb:6d:49:1c:72:57:02:62:d7:45:21:5e:22:ca:23:63:d6:9f:
         fa:37:da:ad:56:01:54:8a:4a:a6:42:90:ad:bb:40:a7:4d:7e:
         8b:65:56:45:b4:09:7c:53:55:c0:31:e0:97:ef:d2:88:63:6b:
         83:ad:89:d1:dd:50:1f:e0:1a:3d:0c:c9:15:07:eb:d0:f6:4d:
         bb:64:76:be:c7:84:1c:fd:d5:0d:22:03:b0:20:a8:66:b6:01:
         a4:68:f4:28:20:28:a2:65:cd:ac:f9:f9:d4:4b:7c:b4:b3:00:
         35:9a:40:a6:62:1f:0e:03:66:b3:3f:42:96:e6:0f:aa:8e:c6:
         02:02:08:e8:6f:0f:b3:00:2d:9c:c8:f8:ad:7a:4b:ca:f8:f0:
         09:b9:74:59:3c:ea:f7:0d:63:9d:a6:1e:98:6a:92:4c:de:16:
         86:6f:6f:0e:88:87:07:2d:e7:c2:bf:46:91:15:58:1c:2c:c9:
         d0:91:33:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVtYx9JQk21WPRFhuZtPAmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMzA2MjEzNjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE0N2Q5MDVjZTRmNjk5OGU2Njk1MGMyYTEwZjc1YjAwNmUzMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HXQroBzuqmSN7mtiK1KBQ4L3eSJ
Hq94lv7jP19insEX3yqOYRrQMszumd5ifrHLmk+mmDLOhzCrq91dohyV2Cj/BGKg
Br4CsM7cIyID5GFxjmwShci6kUW3a0jGPTfhu6U8dXORwzaFNIElbB66Q7H8a34p
k+/qkChwqFtzwlvHqTtH9MjRFhTXZXA12enrWXZuwornc56Dy6ekXJ7KKBy6VC0D
qPzv1IfwHx1Iu/n1yarXJ6MwP8kp/zlRv34guHGjArfbf/TLVQXUFnI0a+RbIbLB
VExTB6WVuePbsDwDcoPbWxou1y1EUPsL4YTwheNLsANPr+lSM3I5rIoQWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImkfZBc5PaZjmaVDCoQ91sAbjGOMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvaWFSOWtGems5cG1PWnBVTUtoRDNXd0J1TVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbTpMA0G
CSqGSIb3DQEBCwUAA4IBAQAPjnbuqxmXAmhPtqrS2V+VkUC0RKgUlr/08nP0gmMr
kXjYbnIfHYzQ68K8lrHbIyNDSZYYP0zjTJB2Rd/1EJNOdd79SOsY73zLbUkcclcC
YtdFIV4iyiNj1p/6N9qtVgFUikqmQpCtu0CnTX6LZVZFtAl8U1XAMeCX79KIY2uD
rYnR3VAf4Bo9DMkVB+vQ9k27ZHa+x4Qc/dUNIgOwIKhmtgGkaPQoICiiZc2s+fnU
S3y0swA1mkCmYh8OA2azP0KW5g+qjsYCAgjobw+zAC2cyPitekvK+PAJuXRZPOr3
DWOdph6YapJM3haGb28OiIcHLefCv0aRFVgcLMnQkTNK
-----END CERTIFICATE-----