Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/ZLet3I03U6hRcyapEpzPoHwycps.roa
File:                     ZLet3I03U6hRcyapEpzPoHwycps.roa (raw, json)
Hash identifier:          WhDcbQRJ6dR/lR4DV51kn13pwaZEPrYSw3yJU2J+wcc=
Subject key identifier:   64:B7:AD:DC:8D:37:53:A8:51:73:26:A9:12:9C:CF:A0:7C:32:72:9B
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CB2A040920E561AA03A15D3B584DF
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/ZLet3I03U6hRcyapEpzPoHwycps.roa
Signing time:             Wed 01 Jan 2025 01:48:22 +0000
ROA not before:           Wed 01 Jan 2025 01:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198411
IP address blocks:        5.226.16.0/20 maxlen: 24
                          45.157.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:b2:a0:40:92:0e:56:1a:a0:3a:15:d3:b5:84:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64b7addc8d3753a8517326a9129ccfa07c32729b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d9:81:d1:45:a8:c2:5c:b0:05:92:c7:52:a3:
                    65:43:71:97:1f:4d:40:44:88:74:61:0f:c5:fe:62:
                    52:a2:9f:b4:49:33:62:f0:d3:52:be:d7:07:3d:cf:
                    09:31:53:bc:cf:ee:6d:95:5e:b6:ac:f2:5d:2f:6d:
                    96:3f:35:4b:2f:e6:9c:d2:8b:97:13:7a:e0:f1:b1:
                    fe:7f:02:03:c6:03:4f:59:e6:cd:78:ea:c2:88:4a:
                    67:78:b3:8e:d6:89:4b:34:00:85:c3:01:bc:bf:b9:
                    c9:8d:59:29:e1:cb:25:3b:50:c0:bd:33:f5:0b:c6:
                    6f:44:7f:37:b3:3d:c9:d1:bd:d6:ad:bc:81:83:89:
                    c0:cd:24:26:83:f1:07:74:96:6a:2a:16:1f:e4:8b:
                    c4:6d:f3:c4:ed:d4:b9:3f:eb:47:c3:6a:83:0a:26:
                    e0:da:5e:7d:ef:a7:fb:2b:f1:06:17:1a:af:08:34:
                    d0:d1:93:dd:f7:30:1f:8b:c0:69:4c:fe:65:06:32:
                    d3:9e:34:a2:f8:52:43:d2:eb:a1:24:05:56:e4:d8:
                    2d:7b:dc:41:d0:04:b3:23:08:cc:26:4f:9a:9c:2a:
                    21:7b:7b:e9:59:c4:7c:6e:e7:3b:94:81:1d:98:a1:
                    86:5f:83:6e:ec:f9:9a:b8:8e:6d:d3:b6:57:62:a0:
                    fe:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B7:AD:DC:8D:37:53:A8:51:73:26:A9:12:9C:CF:A0:7C:32:72:9B
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/ZLet3I03U6hRcyapEpzPoHwycps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.16.0/20
                  45.157.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:1e:1d:a6:d2:ac:5f:9e:70:20:cf:a3:ae:d2:ee:f3:a6:33:
         df:42:76:1a:90:e9:b5:3e:29:d2:2f:a4:fd:6f:28:ce:96:cd:
         f3:87:e3:68:67:d4:91:38:18:67:6f:9b:38:40:3d:c5:c5:e3:
         0b:0c:41:ad:57:94:63:fb:27:60:84:2d:6a:c8:f7:66:bb:d8:
         27:2d:a3:ad:a2:34:6b:f6:2a:d0:34:de:f8:3b:b2:c7:de:05:
         dc:e4:71:82:b5:ca:0a:b3:a6:de:ff:a8:6d:49:d7:38:eb:0d:
         78:e3:a3:2b:be:df:9f:28:1e:04:d8:3a:a3:0a:f6:a4:ed:2d:
         e5:4a:9b:94:2d:c7:a0:58:9f:9f:26:a4:70:1b:1a:58:b6:e5:
         a7:f6:74:73:fc:4a:06:de:63:96:b5:c3:6c:f6:81:e8:84:71:
         52:73:70:c0:df:7f:83:68:d3:1a:eb:35:29:dd:e5:23:57:e6:
         67:68:8b:b4:91:03:b4:ef:bc:78:b3:87:7a:7c:21:72:dc:08:
         63:2b:99:0c:6f:e7:50:3b:8e:98:52:7b:9c:77:7f:a3:5e:dc:
         01:d0:ba:e7:cd:3a:52:bc:a2:b0:7b:e2:4e:65:e2:ba:2c:31:
         01:24:96:a3:e3:c7:b4:1e:26:8d:4f:f7:45:57:13:cf:a1:3d:
         73:75:06:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjLKgQJIOVhqgOhXTtYTfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGI3YWRkYzhkMzc1M2E4NTE3MzI2YTkxMjljY2ZhMDdjMzI3MjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNmB0UWowlywBZLHUqNlQ3GXH01A
RIh0YQ/F/mJSop+0STNi8NNSvtcHPc8JMVO8z+5tlV62rPJdL22WPzVLL+ac0ouX
E3rg8bH+fwIDxgNPWebNeOrCiEpneLOO1olLNACFwwG8v7nJjVkp4cslO1DAvTP1
C8ZvRH83sz3J0b3WrbyBg4nAzSQmg/EHdJZqKhYf5IvEbfPE7dS5P+tHw2qDCibg
2l5976f7K/EGFxqvCDTQ0ZPd9zAfi8BpTP5lBjLTnjSi+FJD0uuhJAVW5Ngte9xB
0ASzIwjMJk+anCohe3vpWcR8buc7lIEdmKGGX4Nu7PmauI5t07ZXYqD+OwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGS3rdyNN1OoUXMmqRKcz6B8MnKbMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvWkxldDNJMDNVNmhSY3lhcEVwelBvSHd5Y3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEBeIQAwQC
LZ04MA0GCSqGSIb3DQEBCwUAA4IBAQASHh2m0qxfnnAgz6Ou0u7zpjPfQnYakOm1
PinSL6T9byjOls3zh+NoZ9SROBhnb5s4QD3FxeMLDEGtV5Rj+ydghC1qyPdmu9gn
LaOtojRr9irQNN74O7LH3gXc5HGCtcoKs6be/6htSdc46w1446Mrvt+fKB4E2Dqj
Cvak7S3lSpuULcegWJ+fJqRwGxpYtuWn9nRz/EoG3mOWtcNs9oHohHFSc3DA33+D
aNMa6zUp3eUjV+ZnaIu0kQO077x4s4d6fCFy3AhjK5kMb+dQO46YUnucd3+jXtwB
0LrnzTpSvKKwe+JOZeK6LDEBJJaj48e0HiaNT/dFVxPPoT1zdQbq
-----END CERTIFICATE-----