Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/1-FLwx-Jy20x9TsKTgVra0VDGLCI.roa
File:                     1-FLwx-Jy20x9TsKTgVra0VDGLCI.roa (raw, json)
Hash identifier:          wYExt0oEgJsljCXxJYDrQQFL3A/9soRSgwhaFbNC2m0=
Subject key identifier:   F8:52:F0:C7:E2:72:DB:4C:7D:4E:C2:93:81:5A:DA:D1:50:C6:2C:22
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       01942143C1E7B5D5EF342667682507A35048
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/1-FLwx-Jy20x9TsKTgVra0VDGLCI.roa
Signing time:             Wed 01 Jan 2025 09:47:56 +0000
ROA not before:           Wed 01 Jan 2025 09:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16018
IP address blocks:        5.160.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c1:e7:b5:d5:ef:34:26:67:68:25:07:a3:50:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 09:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f852f0c7e272db4c7d4ec293815adad150c62c22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:19:42:35:5b:df:0e:cf:34:31:87:08:f8:c1:
                    d9:9a:14:6d:ee:e8:22:9c:8a:48:be:49:9d:35:62:
                    85:a2:5b:52:02:57:e7:db:ec:8c:9a:3f:8e:71:8b:
                    7c:c3:e1:b3:43:67:d1:a9:8b:98:04:47:5c:99:54:
                    bb:e8:27:fe:d8:5f:ed:fb:52:72:b2:b6:60:67:c4:
                    fd:45:79:b4:58:57:18:51:4c:11:28:ee:a4:2b:fe:
                    3d:27:18:fa:24:73:cc:10:b4:27:64:07:b3:e6:85:
                    df:10:55:5d:a5:6f:76:ae:c9:a8:23:4c:f9:9d:2e:
                    2b:f8:92:31:17:9b:47:07:04:56:82:3d:30:f4:1a:
                    f6:e4:5c:d0:3f:7f:96:52:c8:c4:2e:e8:12:5a:d5:
                    f9:38:c1:fd:8c:4b:f4:44:98:1c:dd:64:4a:d6:fe:
                    5f:2e:c2:2e:d8:6e:33:ae:7c:a0:40:c9:26:90:82:
                    98:4f:04:24:36:bc:73:10:5f:97:c0:63:14:98:1b:
                    73:ee:8d:90:e2:ff:4b:c9:23:ed:4f:a9:ec:cb:76:
                    6c:a8:41:03:db:8f:ba:d4:9b:78:ee:5d:3d:8e:1f:
                    7b:04:34:8b:c4:89:ef:1c:36:3d:75:5e:b9:b8:a0:
                    48:9b:b3:f3:37:ba:4a:3f:bc:de:52:7f:4f:3a:a0:
                    95:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:52:F0:C7:E2:72:DB:4C:7D:4E:C2:93:81:5A:DA:D1:50:C6:2C:22
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/1-FLwx-Jy20x9TsKTgVra0VDGLCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:a8:0c:dc:6c:08:eb:e8:9d:cf:aa:75:37:12:65:37:7c:18:
         cd:0e:8c:ea:48:0b:be:8d:08:3d:84:28:8b:8f:e6:41:d6:18:
         92:97:9f:81:3a:ee:f2:73:85:e4:93:0b:32:bb:e4:6a:24:40:
         67:bd:a0:9e:60:41:60:dc:3a:9f:dc:a6:5b:d8:09:90:4e:26:
         11:41:13:6a:5a:00:4d:6e:8e:36:9f:2d:4b:34:0b:da:cc:cf:
         90:96:32:d7:71:70:99:63:dc:e7:84:27:10:e2:8a:1a:e5:f5:
         ef:64:81:8c:e6:dc:c2:ba:38:65:09:fe:aa:36:1c:0e:a7:95:
         cf:b6:7e:f6:e1:f2:58:50:ee:d8:09:67:0d:b3:c6:69:45:bf:
         07:35:89:b9:d9:48:80:88:df:86:5a:c3:74:72:ee:b1:3b:c9:
         9e:55:eb:ee:55:32:bf:fd:88:f2:4f:6e:ac:3e:9f:ab:32:69:
         3c:be:60:c3:67:7a:a4:a2:3f:f3:40:a3:41:99:ae:28:80:bf:
         db:9f:32:03:de:8e:8e:c0:cc:84:de:c5:b7:39:86:8a:da:52:
         8b:b8:9c:62:3b:1b:18:b3:a3:c6:93:38:19:97:ef:ac:36:d5:
         78:08:90:f4:ec:7b:9f:4e:c5:29:d8:f6:65:7e:d3:46:8e:60:
         4a:8a:be:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhQ8HntdXvNCZnaCUHo1BIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODUyZjBjN2UyNzJkYjRjN2Q0ZWMyOTM4MTVhZGFkMTUwYzYyYzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BlCNVvfDs80MYcI+MHZmhRt7ugi
nIpIvkmdNWKFoltSAlfn2+yMmj+OcYt8w+GzQ2fRqYuYBEdcmVS76Cf+2F/t+1Jy
srZgZ8T9RXm0WFcYUUwRKO6kK/49Jxj6JHPMELQnZAez5oXfEFVdpW92rsmoI0z5
nS4r+JIxF5tHBwRWgj0w9Br25FzQP3+WUsjELugSWtX5OMH9jEv0RJgc3WRK1v5f
LsIu2G4zrnygQMkmkIKYTwQkNrxzEF+XwGMUmBtz7o2Q4v9LySPtT6nsy3ZsqEED
24+61Jt47l09jh97BDSLxInvHDY9dV65uKBIm7PzN7pKP7zeUn9POqCVPQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhS8MficttMfU7Ck4Fa2tFQxiwiMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvMS1GTHd4LUp5MjB4OVRzS1RnVnJhMFZER0xDSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmEvODY2ZTVlLTgzMWUtNGNiMS1iZDUxLWI0NTQwYzc0Yzk0
Yi8xL0lqYzFjY2tDU2I4cXFVam5pLTBUNElVb3VINC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAWg0jAN
BgkqhkiG9w0BAQsFAAOCAQEAYKgM3GwI6+idz6p1NxJlN3wYzQ6M6kgLvo0IPYQo
i4/mQdYYkpefgTru8nOF5JMLMrvkaiRAZ72gnmBBYNw6n9ymW9gJkE4mEUETaloA
TW6ONp8tSzQL2szPkJYy13FwmWPc54QnEOKKGuX172SBjObcwro4ZQn+qjYcDqeV
z7Z+9uHyWFDu2AlnDbPGaUW/BzWJudlIgIjfhlrDdHLusTvJnlXr7lUyv/2I8k9u
rD6fqzJpPL5gw2d6pKI/80CjQZmuKIC/258yA96OjsDMhN7FtzmGitpSi7icYjsb
GLOjxpM4GZfvrDbVeAiQ9Ox7n07FKdj2ZX7TRo5gSoq+hw==
-----END CERTIFICATE-----