Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/o5PX18oyMa6qVJCJKVS00mHQnqQ.roa
File:                     o5PX18oyMa6qVJCJKVS00mHQnqQ.roa (raw, json)
Hash identifier:          /ctS4mvyxqWrxzGSYOkCadxtEZhp9YKWaqfprngBNaY=
Subject key identifier:   A3:93:D7:D7:CA:32:31:AE:AA:54:90:89:29:54:B4:D2:61:D0:9E:A4
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       01942143CBC96512FE683E72579C65ADA3BD
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/o5PX18oyMa6qVJCJKVS00mHQnqQ.roa
Signing time:             Wed 01 Jan 2025 09:47:58 +0000
ROA not before:           Wed 01 Jan 2025 09:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61176
IP address blocks:        5.160.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:cb:c9:65:12:fe:68:3e:72:57:9c:65:ad:a3:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 09:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a393d7d7ca3231aeaa5490892954b4d261d09ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7f:3d:ed:53:83:7d:ed:c9:22:16:f3:f0:d8:
                    63:87:b9:66:c7:6f:fb:55:6f:6e:28:82:cb:3f:ad:
                    66:52:39:16:fd:8a:2e:db:74:fa:95:ba:65:44:53:
                    55:89:01:35:41:c3:a3:40:3b:16:48:7f:4c:50:1b:
                    64:c3:5e:65:62:6c:4f:80:b0:08:b8:e1:ea:bc:7c:
                    31:58:23:50:6c:0c:7c:d8:8e:0c:88:7b:df:39:55:
                    05:1c:e0:52:c3:9f:b8:f9:7b:e4:d4:0b:69:5a:2a:
                    cc:6c:e5:87:7a:1d:5b:66:c5:41:e8:f3:b1:8a:c8:
                    68:36:ed:3c:54:21:82:0b:75:45:a3:b5:ec:de:20:
                    c7:f7:bc:64:0e:5c:16:8b:ec:2a:11:34:e6:2d:93:
                    46:d4:94:ec:1d:a3:51:32:26:37:06:da:c1:a3:d3:
                    0d:2a:4a:c7:73:a5:d4:7d:0a:53:c1:77:72:3f:3d:
                    6f:cf:0d:c2:f9:60:5e:30:64:23:1c:00:04:e4:ca:
                    fd:8a:90:fd:3a:99:80:4a:b5:b1:d7:85:15:5a:45:
                    27:7e:f4:8c:9d:4c:39:13:b1:27:1a:12:af:db:05:
                    1e:62:a7:5c:e7:e4:b2:32:d9:67:5d:cf:b3:6d:de:
                    4b:58:1d:74:74:4b:0a:8b:e7:b2:83:53:26:60:f7:
                    67:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:93:D7:D7:CA:32:31:AE:AA:54:90:89:29:54:B4:D2:61:D0:9E:A4
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/o5PX18oyMa6qVJCJKVS00mHQnqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:4d:28:4e:49:b9:8a:d8:93:bf:42:ba:d2:10:f6:e0:cd:b3:
         e7:ce:da:5b:a3:22:05:8f:72:b0:6b:92:06:00:fd:91:ea:8f:
         02:db:b7:f2:86:69:0d:bb:1d:92:a8:59:c8:21:8f:a0:5b:60:
         52:96:0e:54:6c:c8:0b:76:69:a1:0e:b3:99:50:b7:b6:d5:6b:
         b6:62:3f:71:07:ba:ad:f6:d7:0f:c6:19:d7:37:b2:05:a9:51:
         96:b8:d0:28:17:49:34:9b:fc:b1:8f:3e:97:c7:f2:05:17:51:
         13:8a:88:cd:df:2c:69:d9:87:e9:9e:ea:88:a8:c3:1c:d9:60:
         65:82:8c:8f:83:01:d6:c1:0c:f8:a5:41:6f:91:30:99:f7:32:
         bf:0f:3b:a3:a2:83:01:49:91:2a:11:d9:95:c8:dd:8f:cc:ed:
         14:92:c1:ec:0a:eb:aa:8f:36:ec:27:95:21:99:d3:b3:d2:d0:
         de:86:ca:22:5a:b9:e2:53:ae:29:82:ad:f9:d7:2c:22:8c:fa:
         6d:66:75:c7:44:9b:4d:73:7f:8b:08:31:57:b1:74:81:e3:66:
         c6:84:23:20:0c:86:0d:35:65:97:27:5d:c8:76:27:ee:de:7c:
         9f:6a:5e:40:9d:49:03:87:88:fa:e4:6a:35:4e:ee:dc:0f:77:
         ea:4e:31:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8vJZRL+aD5yV5xlraO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUwMTAxMDk0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzkzZDdkN2NhMzIzMWFlYWE1NDkwODkyOTU0YjRkMjYxZDA5ZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkX897VODfe3JIhbz8Nhjh7lmx2/7
VW9uKILLP61mUjkW/You23T6lbplRFNViQE1QcOjQDsWSH9MUBtkw15lYmxPgLAI
uOHqvHwxWCNQbAx82I4MiHvfOVUFHOBSw5+4+Xvk1AtpWirMbOWHeh1bZsVB6POx
ishoNu08VCGCC3VFo7Xs3iDH97xkDlwWi+wqETTmLZNG1JTsHaNRMiY3BtrBo9MN
KkrHc6XUfQpTwXdyPz1vzw3C+WBeMGQjHAAE5Mr9ipD9OpmASrWx14UVWkUnfvSM
nUw5E7EnGhKv2wUeYqdc5+SyMtlnXc+zbd5LWB10dEsKi+eyg1MmYPdnqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOT19fKMjGuqlSQiSlUtNJh0J6kMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvbzVQWDE4b3lNYTZxVkpDSktWUzAwbUhRbnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaAPMA0G
CSqGSIb3DQEBCwUAA4IBAQBVTShOSbmK2JO/QrrSEPbgzbPnztpboyIFj3Kwa5IG
AP2R6o8C27fyhmkNux2SqFnIIY+gW2BSlg5UbMgLdmmhDrOZULe21Wu2Yj9xB7qt
9tcPxhnXN7IFqVGWuNAoF0k0m/yxjz6Xx/IFF1ETiojN3yxp2YfpnuqIqMMc2WBl
goyPgwHWwQz4pUFvkTCZ9zK/DzujooMBSZEqEdmVyN2PzO0UksHsCuuqjzbsJ5Uh
mdOz0tDehsoiWrniU64pgq351ywijPptZnXHRJtNc3+LCDFXsXSB42bGhCMgDIYN
NWWXJ13Idifu3nyfal5AnUkDh4j65Go1Tu7cD3fqTjGa
-----END CERTIFICATE-----