Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/5XMYoEM__63W79FSrJxqp5j0UJE.roa
File:                     5XMYoEM__63W79FSrJxqp5j0UJE.roa (raw, json)
Hash identifier:          6AxR53Ak3LvDCXifdXwDPZPN/iyJdk5U29qoVvF/ZYU=
Subject key identifier:   E5:73:18:A0:43:3F:FF:AD:D6:EF:D1:52:AC:9C:6A:A7:98:F4:50:91
Certificate issuer:       /CN=fc55e0533efaa5624f538b92ed1a973feff89751
Certificate serial:       01954C579005DDDFE962BD420986E5094E18
Authority key identifier: FC:55:E0:53:3E:FA:A5:62:4F:53:8B:92:ED:1A:97:3F:EF:F8:97:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_FXgUz76pWJPU4uS7RqXP-_4l1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/5XMYoEM__63W79FSrJxqp5j0UJE.roa
Signing time:             Fri 28 Feb 2025 11:36:01 +0000
ROA not before:           Fri 28 Feb 2025 11:36:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8311
IP address blocks:        80.255.117.0/24 maxlen: 24
                          80.255.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/_FXgUz76pWJPU4uS7RqXP-_4l1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/_FXgUz76pWJPU4uS7RqXP-_4l1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_FXgUz76pWJPU4uS7RqXP-_4l1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4c:57:90:05:dd:df:e9:62:bd:42:09:86:e5:09:4e:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc55e0533efaa5624f538b92ed1a973feff89751
        Validity
            Not Before: Feb 28 11:36:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e57318a0433fffadd6efd152ac9c6aa798f45091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:15:3a:0b:3b:d0:a4:1b:ba:f4:55:03:78:a9:
                    6b:75:6c:f8:a2:8f:92:a7:b4:bd:50:cf:3b:0c:2b:
                    9d:7b:86:53:e1:0e:76:d7:31:6d:25:2f:8a:ae:97:
                    03:d4:25:73:b0:80:25:28:54:67:9a:83:1f:90:dc:
                    cf:ba:22:b8:69:2f:e3:07:c1:44:0e:12:16:9d:51:
                    3b:da:4b:4f:c9:a6:6d:72:b6:b4:a3:d0:ab:a8:d8:
                    ce:42:76:f4:33:51:25:9c:b0:4f:fc:19:85:74:26:
                    e0:4f:0d:37:e4:c2:d7:0d:36:ba:f3:e7:b6:67:85:
                    97:63:ce:50:99:0d:3d:db:d8:9c:cd:db:8c:92:e7:
                    0d:39:1a:a9:75:60:f0:0a:d2:99:3a:c4:8c:0d:29:
                    71:3a:74:c7:f4:e1:fa:00:4b:4a:5e:a0:6a:c3:dc:
                    e0:e1:e1:1c:43:32:f2:99:56:97:c5:55:95:c5:2f:
                    3a:fc:01:94:61:81:0d:01:29:ff:fb:28:52:76:c7:
                    f4:f2:0b:39:83:84:49:5e:5f:88:c3:16:bc:23:98:
                    3c:44:79:fc:b5:31:10:99:6a:8c:61:1a:31:c0:c2:
                    a0:c7:9e:5c:1e:26:5b:5a:5e:bc:a1:b3:de:8a:51:
                    0f:76:4b:c0:62:1d:a7:f2:a0:dc:a7:33:01:ad:65:
                    5a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:73:18:A0:43:3F:FF:AD:D6:EF:D1:52:AC:9C:6A:A7:98:F4:50:91
            X509v3 Authority Key Identifier:
                keyid:FC:55:E0:53:3E:FA:A5:62:4F:53:8B:92:ED:1A:97:3F:EF:F8:97:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_FXgUz76pWJPU4uS7RqXP-_4l1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/5XMYoEM__63W79FSrJxqp5j0UJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/_FXgUz76pWJPU4uS7RqXP-_4l1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.255.117.0-80.255.118.255

    Signature Algorithm: sha256WithRSAEncryption
         92:1f:a6:a8:d8:e2:71:4d:ee:b7:30:84:e2:84:a0:2e:b4:4f:
         1f:71:da:83:f2:bb:46:6f:fe:b8:6b:af:96:1c:47:5a:2c:eb:
         e4:f2:fa:6b:7c:44:44:bd:7a:25:46:9d:6b:f5:82:9b:75:3a:
         73:28:10:5d:9f:71:4e:6b:00:8a:1c:00:f0:58:fc:2a:e5:30:
         77:09:cd:aa:5e:f9:31:6a:22:b6:f7:bb:0a:11:1f:d1:ac:f8:
         b2:c3:02:a6:4f:15:a2:25:64:75:4d:2b:e7:67:29:01:5d:70:
         b2:13:f6:1b:27:bf:9e:f6:02:c0:d8:f7:de:f9:d1:d7:4f:4d:
         04:49:35:aa:91:2e:2e:b3:2f:37:82:00:c2:8b:90:f3:67:e7:
         3f:ea:06:8c:a7:31:c3:a8:84:6e:77:fb:81:2a:2a:96:61:d5:
         90:af:12:a0:cb:99:e8:48:96:dc:5a:3b:7d:fd:a3:e7:8f:d1:
         45:56:90:6f:07:ba:19:c2:0d:28:2f:f4:25:35:db:5d:17:30:
         e9:d1:02:3f:83:e8:0b:c5:1c:52:f9:f3:ec:81:55:94:8f:c2:
         c8:f0:34:b7:87:d4:31:a3:63:43:98:35:c8:8e:81:b5:a1:2a:
         1d:25:9d:df:3e:c1:65:eb:26:10:c4:cc:f4:ba:60:7a:8a:c0:
         c9:c6:46:6c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZVMV5AF3d/pYr1CCYblCU4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNTVlMDUzM2VmYWE1NjI0ZjUzOGI5MmVkMWE5NzNmZWZm
ODk3NTEwHhcNMjUwMjI4MTEzNjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTczMThhMDQzM2ZmZmFkZDZlZmQxNTJhYzljNmFhNzk4ZjQ1MDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRU6CzvQpBu69FUDeKlrdWz4oo+S
p7S9UM87DCude4ZT4Q521zFtJS+KrpcD1CVzsIAlKFRnmoMfkNzPuiK4aS/jB8FE
DhIWnVE72ktPyaZtcra0o9CrqNjOQnb0M1ElnLBP/BmFdCbgTw035MLXDTa68+e2
Z4WXY85QmQ0929iczduMkucNORqpdWDwCtKZOsSMDSlxOnTH9OH6AEtKXqBqw9zg
4eEcQzLymVaXxVWVxS86/AGUYYENASn/+yhSdsf08gs5g4RJXl+Iwxa8I5g8RHn8
tTEQmWqMYRoxwMKgx55cHiZbWl68obPeilEPdkvAYh2n8qDcpzMBrWVaFQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOVzGKBDP/+t1u/RUqycaqeY9FCRMB8GA1UdIwQY
MBaAFPxV4FM++qViT1OLku0alz/v+JdRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ZYZ1V6NzZwV0pQVTR1UzdScVhQLV80bDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC81ZTc1M2QtYzMzZC00N2EzLThlODIt
YTUyODYyYjQ0NTYzLzEvNVhNWW9FTV9fNjNXNzlGU3JKeHFwNWowVUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC81ZTc1M2QtYzMzZC00N2EzLThlODItYTUyODYyYjQ0NTYz
LzEvX0ZYZ1V6NzZwV0pQVTR1UzdScVhQLV80bDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABQ/3UD
BABQ/3YwDQYJKoZIhvcNAQELBQADggEBAJIfpqjY4nFN7rcwhOKEoC60Tx9x2oPy
u0Zv/rhrr5YcR1os6+Ty+mt8RES9eiVGnWv1gpt1OnMoEF2fcU5rAIocAPBY/Crl
MHcJzape+TFqIrb3uwoRH9Gs+LLDAqZPFaIlZHVNK+dnKQFdcLIT9hsnv572AsDY
99750ddPTQRJNaqRLi6zLzeCAMKLkPNn5z/qBoynMcOohG53+4EqKpZh1ZCvEqDL
mehIltxaO339o+eP0UVWkG8HuhnCDSgv9CU1210XMOnRAj+D6AvFHFL58+yBVZSP
wsjwNLeH1DGjY0OYNciOgbWhKh0lnd8+wWXrJhDEzPS6YHqKwMnGRmw=
-----END CERTIFICATE-----