Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/P4yNArORhRajtqPmpQlRZeYbVZ0.roa
File:                     P4yNArORhRajtqPmpQlRZeYbVZ0.roa (raw, json)
Hash identifier:          ovgY1UfKMguzJWbAh8dinNkUhXWsmPXDNNDIC/A76qQ=
Subject key identifier:   3F:8C:8D:02:B3:91:85:16:A3:B6:A3:E6:A5:09:51:65:E6:1B:55:9D
Certificate issuer:       /CN=c6a707934a762bbdf34fc0148f265ce124577213
Certificate serial:       019420685029EF30E13B0C16B5266D477C7D
Authority key identifier: C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/P4yNArORhRajtqPmpQlRZeYbVZ0.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30860
IP address blocks:        5.252.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:50:29:ef:30:e1:3b:0c:16:b5:26:6d:47:7c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a707934a762bbdf34fc0148f265ce124577213
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f8c8d02b3918516a3b6a3e6a5095165e61b559d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:02:45:8b:a8:90:b0:fa:3c:b2:ed:3c:9b:45:
                    36:9f:47:e7:4b:90:dc:77:0b:73:62:1e:a4:d9:66:
                    3f:c0:2d:40:e4:a6:bf:81:47:4a:c3:53:4d:47:5b:
                    76:6f:6a:65:0f:f3:ab:df:5c:a8:c6:83:7d:db:15:
                    5e:78:95:a9:98:34:ba:f3:3c:d5:ed:9b:4b:01:e1:
                    96:1e:59:56:d9:c3:f3:d3:43:1a:8d:6d:9e:0c:7b:
                    0a:01:a3:ce:c3:b1:4c:6d:f7:cc:f7:97:cd:32:d0:
                    8b:34:14:de:8c:8f:84:cd:bc:01:e0:8a:7b:e6:36:
                    8c:07:07:63:86:b0:9b:13:c0:03:d3:e2:d2:1d:bf:
                    56:9c:68:87:73:6c:a6:55:75:31:e3:01:1c:d7:dc:
                    a4:8d:3b:88:1b:90:01:e1:4c:7d:d7:ac:5c:44:5c:
                    b8:9c:0d:92:50:81:39:d0:79:b2:14:9f:fa:8e:b1:
                    3a:5c:36:12:b0:b6:f1:c2:ac:2f:10:40:22:6e:97:
                    a1:af:9c:97:e8:79:2d:b8:55:f9:7e:ef:32:af:43:
                    6a:e9:d7:0e:ff:d3:46:c4:43:e2:71:48:c5:bf:5e:
                    13:15:3a:c7:06:e4:cf:79:21:9e:8a:b9:33:d5:2f:
                    2c:8f:61:17:9d:d4:6a:73:68:1e:40:cf:67:71:52:
                    25:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8C:8D:02:B3:91:85:16:A3:B6:A3:E6:A5:09:51:65:E6:1B:55:9D
            X509v3 Authority Key Identifier:
                keyid:C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/P4yNArORhRajtqPmpQlRZeYbVZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:5a:0c:f0:80:bc:68:ad:3a:cc:41:88:5c:29:c9:9e:a3:9a:
         ad:2f:d1:31:36:9b:1f:5f:30:c7:d5:59:d5:58:fa:6c:b3:e6:
         53:52:54:4a:8f:11:dd:6d:d6:6b:79:aa:9d:29:54:f0:e1:60:
         f7:7a:14:d1:88:ad:c3:57:a9:24:49:57:0a:d8:ab:ae:6a:ea:
         c3:a3:7f:9c:42:33:47:7d:1f:53:32:45:23:bb:9d:6c:17:e1:
         05:3b:e7:09:7d:8c:ab:37:c0:fe:f4:28:b2:9f:6a:33:72:d8:
         02:f5:bf:db:a8:46:b4:43:b2:78:81:56:a5:f6:f5:37:f6:55:
         1f:68:ee:7b:80:a3:de:c0:0f:c1:bc:3e:d7:df:3d:a0:75:7b:
         1a:d2:8e:37:72:70:c6:f4:f2:73:9c:ff:e9:5f:1f:ea:71:db:
         ed:19:c9:6a:1e:7f:de:36:3f:47:ba:e3:0c:5f:9b:5c:47:d6:
         74:60:26:0a:76:3e:39:eb:02:60:27:6c:25:1f:a6:0f:cf:0e:
         0f:ab:c0:c4:4c:f1:f9:9c:71:13:51:4e:42:96:15:23:58:30:
         5c:4d:f9:ef:f3:56:22:de:ce:cd:ab:66:bd:f2:4a:ad:54:16:
         e7:19:54:57:e3:8d:ff:2b:34:3f:b2:be:f5:c6:b2:65:09:8f:
         18:a5:fa:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFAp7zDhOwwWtSZtR3x9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTcwNzkzNGE3NjJiYmRmMzRmYzAxNDhmMjY1Y2UxMjQ1
NzcyMTMwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhjOGQwMmIzOTE4NTE2YTNiNmEzZTZhNTA5NTE2NWU2MWI1NTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQJFi6iQsPo8su08m0U2n0fnS5Dc
dwtzYh6k2WY/wC1A5Ka/gUdKw1NNR1t2b2plD/Or31yoxoN92xVeeJWpmDS68zzV
7ZtLAeGWHllW2cPz00MajW2eDHsKAaPOw7FMbffM95fNMtCLNBTejI+EzbwB4Ip7
5jaMBwdjhrCbE8AD0+LSHb9WnGiHc2ymVXUx4wEc19ykjTuIG5AB4Ux916xcRFy4
nA2SUIE50HmyFJ/6jrE6XDYSsLbxwqwvEEAibpehr5yX6HktuFX5fu8yr0Nq6dcO
/9NGxEPicUjFv14TFTrHBuTPeSGeirkz1S8sj2EXndRqc2geQM9ncVIlZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+MjQKzkYUWo7aj5qUJUWXmG1WdMB8GA1UdIwQY
MBaAFManB5NKdiu980/AFI8mXOEkV3ITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUt
YjhlYTE4ZWI3NWY0LzEvUDR5TkFyT1JoUmFqdHFQbXBRbFJaZVliVlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUtYjhlYTE4ZWI3NWY0
LzEveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfyaMA0G
CSqGSIb3DQEBCwUAA4IBAQCWWgzwgLxorTrMQYhcKcmeo5qtL9ExNpsfXzDH1VnV
WPpss+ZTUlRKjxHdbdZreaqdKVTw4WD3ehTRiK3DV6kkSVcK2KuuaurDo3+cQjNH
fR9TMkUju51sF+EFO+cJfYyrN8D+9Ciyn2ozctgC9b/bqEa0Q7J4gVal9vU39lUf
aO57gKPewA/BvD7X3z2gdXsa0o43cnDG9PJznP/pXx/qcdvtGclqHn/eNj9HuuMM
X5tcR9Z0YCYKdj456wJgJ2wlH6YPzw4Pq8DETPH5nHETUU5ClhUjWDBcTfnv81Yi
3s7Nq2a98kqtVBbnGVRX443/KzQ/sr71xrJlCY8YpfpM
-----END CERTIFICATE-----