Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/E-7nk5OKQny9W_bEEmUe46EIcfs.roa
File:                     E-7nk5OKQny9W_bEEmUe46EIcfs.roa (raw, json)
Hash identifier:          cEU0S6nlC1/hdoqfbgIZpy0a5hGCyF6U3fW531GaMKQ=
Subject key identifier:   13:EE:E7:93:93:8A:42:7C:BD:5B:F6:C4:12:65:1E:E3:A1:08:71:FB
Certificate issuer:       /CN=cc40d96242b082efe5b4f2258820b3059396198d
Certificate serial:       0194258F1DC199AA9DC2D46C7383A4749495
Authority key identifier: CC:40:D9:62:42:B0:82:EF:E5:B4:F2:25:88:20:B3:05:93:96:19:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zEDZYkKwgu_ltPIliCCzBZOWGY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/E-7nk5OKQny9W_bEEmUe46EIcfs.roa
Signing time:             Thu 02 Jan 2025 05:48:43 +0000
ROA not before:           Thu 02 Jan 2025 05:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39210
IP address blocks:        185.235.148.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/zEDZYkKwgu_ltPIliCCzBZOWGY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/zEDZYkKwgu_ltPIliCCzBZOWGY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zEDZYkKwgu_ltPIliCCzBZOWGY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:1d:c1:99:aa:9d:c2:d4:6c:73:83:a4:74:94:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc40d96242b082efe5b4f2258820b3059396198d
        Validity
            Not Before: Jan  2 05:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13eee793938a427cbd5bf6c412651ee3a10871fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7d:b4:6a:f5:43:67:91:11:e7:ad:96:58:28:
                    c4:24:66:1f:00:21:c3:ff:06:89:fa:fa:45:b4:27:
                    a8:ec:d9:21:46:98:b5:e2:b1:59:a2:40:68:44:ac:
                    6c:9f:d7:b4:b0:fe:f6:5f:3a:ae:3f:13:53:d7:5d:
                    50:6c:fe:5e:2c:d0:b2:f6:fa:9f:d4:4f:89:35:75:
                    c3:77:a0:7b:2a:7b:47:0d:fd:48:6d:6f:c2:4e:b3:
                    78:bc:dc:03:0b:2a:fc:84:b4:a5:27:bb:33:14:ca:
                    47:c9:0a:da:4b:ed:94:f3:9b:ba:aa:74:56:9b:0d:
                    4b:d2:5f:42:da:30:ca:ea:40:99:24:f1:ee:23:1f:
                    1e:df:21:c5:31:b5:23:a9:87:dc:77:d1:37:b2:c8:
                    d2:a5:e9:e4:19:ad:10:89:f1:f9:36:89:c0:23:a3:
                    d3:d6:96:9d:f4:86:7d:dd:0c:c1:6d:e5:41:e3:8d:
                    e1:b9:64:9d:42:32:36:78:58:e5:5d:93:b9:61:b5:
                    26:ae:de:7d:e5:86:d9:f6:eb:38:7c:6f:55:d5:01:
                    ee:5b:6c:fe:1a:b1:5d:8d:a7:65:ea:39:f1:87:af:
                    ec:4d:b1:47:56:c8:3c:7a:23:6f:66:3f:e5:4a:76:
                    c1:75:a3:25:db:6c:b3:e2:24:5a:b3:d5:7e:6c:03:
                    a5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:EE:E7:93:93:8A:42:7C:BD:5B:F6:C4:12:65:1E:E3:A1:08:71:FB
            X509v3 Authority Key Identifier:
                keyid:CC:40:D9:62:42:B0:82:EF:E5:B4:F2:25:88:20:B3:05:93:96:19:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zEDZYkKwgu_ltPIliCCzBZOWGY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/E-7nk5OKQny9W_bEEmUe46EIcfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/zEDZYkKwgu_ltPIliCCzBZOWGY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:88:95:4e:db:ac:4b:10:4e:93:7b:2d:60:fe:b9:5d:d0:bf:
         cc:8f:d6:b7:20:37:0c:0e:bc:d3:82:60:af:4a:19:ef:3a:8f:
         1c:64:2a:2b:7e:9d:2c:75:39:bb:3d:4d:df:c4:34:a2:0c:20:
         52:c8:64:f1:98:37:98:ea:1d:55:4c:8c:b4:ab:e6:56:0c:5d:
         51:5c:f6:77:1b:14:aa:04:c3:4e:64:ca:83:01:e0:84:6a:19:
         55:d6:d4:c6:a3:95:8e:77:d6:51:f7:c1:36:cf:ba:31:c8:34:
         6c:55:6b:c2:b0:77:5d:8f:33:e6:9f:f8:84:79:84:1a:cb:a2:
         ef:0b:fa:eb:ea:1f:fb:7f:19:9c:ec:e6:4e:a9:52:e2:65:40:
         3c:8c:a0:57:b6:9b:e8:30:98:26:b4:c9:6a:3e:34:ea:5d:56:
         7e:67:e7:cf:01:8c:f2:1e:11:d8:d1:7b:46:3a:6c:0d:1f:b1:
         04:d6:ec:c9:27:ab:4e:38:6c:e8:94:8a:bb:e0:da:08:85:21:
         ad:86:0f:fe:cb:fb:7a:2f:32:fd:af:7a:a4:a7:9b:2b:c3:3f:
         22:b6:88:d6:8c:af:97:eb:b2:35:9b:9f:81:e1:67:63:41:c7:
         84:8c:01:47:ab:d2:96:65:44:cb:1d:71:c5:16:25:56:50:e2:
         75:66:0c:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljx3BmaqdwtRsc4OkdJSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNDBkOTYyNDJiMDgyZWZlNWI0ZjIyNTg4MjBiMzA1OTM5
NjE5OGQwHhcNMjUwMTAyMDU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2VlZTc5MzkzOGE0MjdjYmQ1YmY2YzQxMjY1MWVlM2ExMDg3MWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX20avVDZ5ER562WWCjEJGYfACHD
/waJ+vpFtCeo7NkhRpi14rFZokBoRKxsn9e0sP72XzquPxNT111QbP5eLNCy9vqf
1E+JNXXDd6B7KntHDf1IbW/CTrN4vNwDCyr8hLSlJ7szFMpHyQraS+2U85u6qnRW
mw1L0l9C2jDK6kCZJPHuIx8e3yHFMbUjqYfcd9E3ssjSpenkGa0QifH5NonAI6PT
1pad9IZ93QzBbeVB443huWSdQjI2eFjlXZO5YbUmrt595YbZ9us4fG9V1QHuW2z+
GrFdjadl6jnxh6/sTbFHVsg8eiNvZj/lSnbBdaMl22yz4iRas9V+bAOlgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPu55OTikJ8vVv2xBJlHuOhCHH7MB8GA1UdIwQY
MBaAFMxA2WJCsILv5bTyJYggswWTlhmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekVEWllrS3dndV9sdFBJbGlDQ3pCWk9XR1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xYWE2OWYtZGI1NS00ZmJhLWJjZTkt
YzFlYmU2MTU0OWNjLzEvRS03bms1T0tRbnk5V19iRUVtVWU0NkVJY2ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xYWE2OWYtZGI1NS00ZmJhLWJjZTktYzFlYmU2MTU0OWNj
LzEvekVEWllrS3dndV9sdFBJbGlDQ3pCWk9XR1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueuUMA0G
CSqGSIb3DQEBCwUAA4IBAQARiJVO26xLEE6Tey1g/rld0L/Mj9a3IDcMDrzTgmCv
ShnvOo8cZCorfp0sdTm7PU3fxDSiDCBSyGTxmDeY6h1VTIy0q+ZWDF1RXPZ3GxSq
BMNOZMqDAeCEahlV1tTGo5WOd9ZR98E2z7oxyDRsVWvCsHddjzPmn/iEeYQay6Lv
C/rr6h/7fxmc7OZOqVLiZUA8jKBXtpvoMJgmtMlqPjTqXVZ+Z+fPAYzyHhHY0XtG
OmwNH7EE1uzJJ6tOOGzolIq74NoIhSGthg/+y/t6LzL9r3qkp5srwz8itojWjK+X
67I1m5+B4WdjQceEjAFHq9KWZUTLHXHFFiVWUOJ1Zgza
-----END CERTIFICATE-----