Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/h8wPkuW6v520gSIrq-p3rQZnx5s.roa
File:                     h8wPkuW6v520gSIrq-p3rQZnx5s.roa (raw, json)
Hash identifier:          XPo5aSA4RsAh/kiPpMFtOxfPxaLX5GfrVz7xq+noQho=
Subject key identifier:   87:CC:0F:92:E5:BA:BF:9D:B4:81:22:2B:AB:EA:77:AD:06:67:C7:9B
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D768838AB3EE73F3E010617F9B05E9
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/h8wPkuW6v520gSIrq-p3rQZnx5s.roa
Signing time:             Wed 01 Jan 2025 21:48:27 +0000
ROA not before:           Wed 01 Jan 2025 21:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200615
IP address blocks:        5.1.70.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:68:83:8a:b3:ee:73:f3:e0:10:61:7f:9b:05:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87cc0f92e5babf9db481222babea77ad0667c79b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7e:ee:59:7d:04:a3:64:31:a2:b4:c5:56:66:
                    2b:3f:ea:03:7f:89:95:e8:0c:47:c4:df:1b:75:12:
                    89:f8:da:88:62:b6:0d:e4:cc:39:e7:29:f6:4c:07:
                    5c:ce:ca:3b:cb:11:9d:09:74:be:9b:8c:62:62:c1:
                    c9:4e:25:67:34:20:2a:ec:12:b7:8f:a4:a0:7a:91:
                    e7:e0:16:73:f3:ef:c8:44:52:b2:c1:2c:9f:b2:95:
                    fc:12:c0:17:fb:3e:09:c5:bc:59:a7:f6:78:ab:7c:
                    3e:04:a4:0f:8b:e5:5b:5b:4d:26:13:88:d8:fd:1a:
                    b5:2f:7b:54:c4:f5:89:bd:a2:43:da:e9:ce:d7:f7:
                    a9:b7:a3:d0:e0:d9:b6:96:a5:13:bd:57:5a:61:9c:
                    ba:48:8d:95:08:d6:93:93:39:bf:82:a5:77:91:5e:
                    7b:82:ad:8f:46:a5:7c:6c:f2:3d:a0:e4:d4:ca:6e:
                    07:eb:f7:4e:81:ac:cc:67:e4:91:63:52:71:db:be:
                    2a:b1:95:3f:fb:ef:89:34:7b:4b:6f:0d:ce:70:bf:
                    94:30:85:6d:20:43:70:84:9a:a1:66:30:e5:a1:cd:
                    e7:8f:15:ee:7c:a0:ea:2f:66:b7:a7:bd:12:39:60:
                    86:85:d2:3f:ae:ae:66:07:6a:90:f8:11:81:f4:98:
                    ab:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:CC:0F:92:E5:BA:BF:9D:B4:81:22:2B:AB:EA:77:AD:06:67:C7:9B
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/h8wPkuW6v520gSIrq-p3rQZnx5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:92:b8:0f:f6:d9:0c:d6:90:4f:37:98:0c:f4:76:0f:23:57:
         84:6c:a0:82:ac:9b:cb:ac:1c:b6:94:87:a5:f7:d5:6c:c2:e9:
         b6:ce:b0:45:2f:b9:22:87:fe:7d:52:6e:8a:ab:98:fb:be:d2:
         c7:ba:e5:bd:b0:cf:8d:46:9d:63:a9:4b:b5:10:8a:69:28:e6:
         b4:42:b5:03:3e:87:f6:17:19:97:e6:97:48:a0:96:34:1d:24:
         8b:73:c4:7e:d4:54:a0:b0:83:99:e0:63:92:66:89:9e:0a:92:
         65:81:10:86:55:ed:49:b6:4f:b4:ec:03:3e:bb:79:d2:f0:bf:
         76:d9:ec:8d:87:5a:b8:84:7b:b5:ac:cd:99:0e:1e:25:41:1d:
         a6:3c:55:2e:1b:59:70:4e:1f:10:52:0c:d0:4f:be:f7:82:01:
         7b:14:d7:99:68:b5:5d:77:b6:fe:cf:56:12:e6:7e:8e:49:88:
         df:77:16:c8:fd:a1:ee:18:3e:41:6e:46:af:b3:69:85:a0:a6:
         96:3c:ed:d5:ed:b8:0f:05:05:43:a4:be:d7:31:85:67:40:6a:
         be:eb:00:98:7e:29:73:12:c6:0c:f7:6b:56:fa:d0:31:03:24:
         a4:0c:45:09:44:7d:a5:dd:d6:f4:ef:16:30:ea:a7:96:a2:b8:
         a7:7a:13:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12iDirPuc/PgEGF/mwXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2NjMGY5MmU1YmFiZjlkYjQ4MTIyMmJhYmVhNzdhZDA2NjdjNzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs37uWX0Eo2QxorTFVmYrP+oDf4mV
6AxHxN8bdRKJ+NqIYrYN5Mw55yn2TAdczso7yxGdCXS+m4xiYsHJTiVnNCAq7BK3
j6SgepHn4BZz8+/IRFKywSyfspX8EsAX+z4JxbxZp/Z4q3w+BKQPi+VbW00mE4jY
/Rq1L3tUxPWJvaJD2unO1/ept6PQ4Nm2lqUTvVdaYZy6SI2VCNaTkzm/gqV3kV57
gq2PRqV8bPI9oOTUym4H6/dOgazMZ+SRY1Jx274qsZU/+++JNHtLbw3OcL+UMIVt
IENwhJqhZjDloc3njxXufKDqL2a3p70SOWCGhdI/rq5mB2qQ+BGB9JirjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfMD5Llur+dtIEiK6vqd60GZ8ebMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvaDh3UGt1VzZ2NTIwZ1NJcnEtcDNyUVpueDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQFGMA0G
CSqGSIb3DQEBCwUAA4IBAQB4krgP9tkM1pBPN5gM9HYPI1eEbKCCrJvLrBy2lIel
99Vswum2zrBFL7kih/59Um6Kq5j7vtLHuuW9sM+NRp1jqUu1EIppKOa0QrUDPof2
FxmX5pdIoJY0HSSLc8R+1FSgsIOZ4GOSZomeCpJlgRCGVe1Jtk+07AM+u3nS8L92
2eyNh1q4hHu1rM2ZDh4lQR2mPFUuG1lwTh8QUgzQT773ggF7FNeZaLVdd7b+z1YS
5n6OSYjfdxbI/aHuGD5Bbkavs2mFoKaWPO3V7bgPBQVDpL7XMYVnQGq+6wCYfilz
EsYM92tW+tAxAySkDEUJRH2l3db07xYw6qeWorinehPM
-----END CERTIFICATE-----