Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/R3mRHKwy3JP67VvuFVM4yTcpo_E.roa
File:                     R3mRHKwy3JP67VvuFVM4yTcpo_E.roa (raw, json)
Hash identifier:          2ClDjZI/s2ADOp7sfR6YP3vc5C899tzn0f8a9Pmogfg=
Subject key identifier:   47:79:91:1C:AC:32:DC:93:FA:ED:5B:EE:15:53:38:C9:37:29:A3:F1
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       01942143CD9817ED7919BB6EEF5771C162C3
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/R3mRHKwy3JP67VvuFVM4yTcpo_E.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62157
IP address blocks:        5.160.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:cd:98:17:ed:79:19:bb:6e:ef:57:71:c1:62:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4779911cac32dc93faed5bee155338c93729a3f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:85:33:08:12:6c:29:d0:be:15:67:86:e3:63:
                    3c:88:91:36:94:32:25:ed:72:09:c8:d7:a1:44:8a:
                    3c:26:cd:9b:19:a6:95:66:ff:36:e3:ab:e4:36:33:
                    1c:9d:d3:ec:93:59:23:77:d5:d4:5c:dd:37:a2:fd:
                    ba:1d:ef:77:9e:3d:11:3b:0f:19:b9:60:70:27:c1:
                    0a:6a:ed:d3:ed:2c:74:9d:9d:11:be:49:b2:24:2a:
                    c5:a9:d7:5c:24:69:28:38:d6:5a:32:af:cd:b7:6b:
                    c8:d2:5c:bc:6c:c3:03:3c:8e:07:7c:25:dd:26:89:
                    17:49:88:6e:81:8e:4c:dd:32:7d:8e:40:0e:93:59:
                    eb:33:c8:58:ac:3b:ec:b8:b8:2c:d0:00:a9:a4:92:
                    b4:fe:e9:95:7f:c2:f0:5e:6c:96:d9:a9:32:b0:06:
                    8d:7f:44:26:2a:ac:50:54:d6:14:08:57:f0:a9:e4:
                    2b:7e:6e:14:7c:f9:2c:50:34:6b:07:d2:22:dd:d5:
                    b9:dd:48:19:52:71:07:5e:aa:0f:69:fe:c5:3e:f1:
                    73:9c:eb:50:66:14:b5:fb:75:10:ac:e4:2f:c0:87:
                    69:f6:94:06:e9:c4:d3:09:6e:22:b9:e5:f6:95:e7:
                    6f:6a:92:c9:b9:40:af:d4:29:78:fe:84:df:5e:5c:
                    c5:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:79:91:1C:AC:32:DC:93:FA:ED:5B:EE:15:53:38:C9:37:29:A3:F1
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/R3mRHKwy3JP67VvuFVM4yTcpo_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:03:24:05:1b:0c:fa:ed:45:e2:38:ca:c7:d2:48:a4:03:a1:
         90:f3:61:63:82:0f:1e:45:06:2e:ea:87:ee:2a:a2:d2:fd:f8:
         eb:f0:4a:1c:aa:ec:3b:f9:78:73:b9:21:d0:f7:31:b1:0f:41:
         8f:e4:02:ff:21:32:db:75:1a:f4:4e:c6:2d:ee:46:d0:c8:ea:
         66:3f:28:c7:b4:46:e4:eb:ae:17:82:08:b8:67:c8:5f:01:31:
         81:17:2c:ec:a9:bc:f8:df:78:ea:62:c5:0b:13:66:91:64:ca:
         f4:6c:58:bd:35:72:db:da:f2:45:41:4b:53:3d:29:4d:84:e8:
         37:b7:b3:96:48:65:9a:c5:c9:c4:30:86:22:f6:68:70:4f:8f:
         42:86:10:18:97:8b:3f:85:9a:20:41:aa:b4:4a:35:57:1e:bf:
         99:66:e9:7e:74:d0:9f:97:88:6f:9b:7d:34:24:12:d4:a8:7f:
         9c:d3:a3:05:99:57:b2:ee:ee:52:42:36:fc:77:87:eb:f2:d5:
         e9:00:11:1b:85:4c:64:ca:a8:e8:49:b6:24:88:41:c7:d8:a1:
         a0:f4:fe:ba:b6:3f:09:f7:be:44:bf:bb:4d:3b:4f:26:e4:21:
         58:d6:07:d1:dd:db:ba:44:44:f6:37:a9:8a:e4:7c:3e:f6:74:
         58:0f:82:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ82YF+15Gbtu71dxwWLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzc5OTExY2FjMzJkYzkzZmFlZDViZWUxNTUzMzhjOTM3MjlhM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4UzCBJsKdC+FWeG42M8iJE2lDIl
7XIJyNehRIo8Js2bGaaVZv8246vkNjMcndPsk1kjd9XUXN03ov26He93nj0ROw8Z
uWBwJ8EKau3T7Sx0nZ0RvkmyJCrFqddcJGkoONZaMq/Nt2vI0ly8bMMDPI4HfCXd
JokXSYhugY5M3TJ9jkAOk1nrM8hYrDvsuLgs0ACppJK0/umVf8LwXmyW2akysAaN
f0QmKqxQVNYUCFfwqeQrfm4UfPksUDRrB9Ii3dW53UgZUnEHXqoPaf7FPvFznOtQ
ZhS1+3UQrOQvwIdp9pQG6cTTCW4iueX2ledvapLJuUCv1Cl4/oTfXlzFYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd5kRysMtyT+u1b7hVTOMk3KaPxMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvUjNtUkhLd3kzSlA2N1Z2dUZWTTR5VGNwb19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaA3MA0G
CSqGSIb3DQEBCwUAA4IBAQB6AyQFGwz67UXiOMrH0kikA6GQ82Fjgg8eRQYu6ofu
KqLS/fjr8Eocquw7+XhzuSHQ9zGxD0GP5AL/ITLbdRr0TsYt7kbQyOpmPyjHtEbk
664Xggi4Z8hfATGBFyzsqbz433jqYsULE2aRZMr0bFi9NXLb2vJFQUtTPSlNhOg3
t7OWSGWaxcnEMIYi9mhwT49ChhAYl4s/hZogQaq0SjVXHr+ZZul+dNCfl4hvm300
JBLUqH+c06MFmVey7u5SQjb8d4fr8tXpABEbhUxkyqjoSbYkiEHH2KGg9P66tj8J
975Ev7tNO08m5CFY1gfR3du6RET2N6mK5Hw+9nRYD4Ln
-----END CERTIFICATE-----