Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/Btqt9dHmfyCgZm5YxFkx4BjR-Dc.roa
File:                     Btqt9dHmfyCgZm5YxFkx4BjR-Dc.roa (raw, json)
Hash identifier:          O8dRjpLSf+cl4rOTaaTPD9tud0oWl3levwWO3JGp7jw=
Subject key identifier:   06:DA:AD:F5:D1:E6:7F:20:A0:66:6E:58:C4:59:31:E0:18:D1:F8:37
Certificate issuer:       /CN=e466483396afb377e5e379d1615bde0fd4d9ed47
Certificate serial:       01941FFA3DD1F29D74180FE343AE95919B28
Authority key identifier: E4:66:48:33:96:AF:B3:77:E5:E3:79:D1:61:5B:DE:0F:D4:D9:ED:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5GZIM5avs3fl43nRYVveD9TZ7Uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/Btqt9dHmfyCgZm5YxFkx4BjR-Dc.roa
Signing time:             Wed 01 Jan 2025 03:48:01 +0000
ROA not before:           Wed 01 Jan 2025 03:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60268
IP address blocks:        5.44.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/5GZIM5avs3fl43nRYVveD9TZ7Uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/5GZIM5avs3fl43nRYVveD9TZ7Uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5GZIM5avs3fl43nRYVveD9TZ7Uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3d:d1:f2:9d:74:18:0f:e3:43:ae:95:91:9b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e466483396afb377e5e379d1615bde0fd4d9ed47
        Validity
            Not Before: Jan  1 03:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06daadf5d1e67f20a0666e58c45931e018d1f837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:24:43:5c:eb:03:97:11:fe:b9:fc:cb:30:32:
                    4a:6d:7d:ef:88:79:cf:21:da:55:04:51:57:b3:27:
                    36:9b:e8:c2:0b:60:07:e5:cc:97:32:27:16:2f:8c:
                    f6:99:78:7b:27:a6:38:bd:6a:c0:29:fb:34:44:f9:
                    89:44:b6:e0:6b:bf:3c:14:39:06:9c:06:41:e3:fa:
                    9c:6a:c6:40:75:e5:88:d5:ce:7b:ed:c9:b5:10:c2:
                    95:08:d7:f6:2b:05:82:ff:21:c4:40:81:c9:92:3f:
                    53:cb:e8:74:ee:75:24:93:4d:9f:ab:d4:f6:3a:c9:
                    e0:bd:bb:16:d9:c3:94:4f:c6:be:a0:f9:4a:78:ea:
                    58:0d:13:a2:0b:1b:3d:2c:ec:34:81:c7:af:f4:f8:
                    ba:3a:f1:41:26:ae:1b:3c:2e:8c:84:45:ff:64:db:
                    1c:e4:aa:5d:ed:a3:31:fd:e0:6e:0c:82:38:34:ec:
                    a1:f6:7e:9a:74:de:94:63:cc:62:ef:27:93:37:84:
                    e1:75:da:1f:b9:70:7f:f2:e1:9a:bb:e4:af:a3:79:
                    7c:f6:22:89:a1:10:3a:70:a2:a7:c4:f8:11:ec:47:
                    82:bd:9c:9c:b1:bd:1a:ab:cb:46:42:64:28:49:94:
                    43:9c:04:e6:36:cd:d5:c8:58:9a:b4:59:d9:7b:4c:
                    7e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:DA:AD:F5:D1:E6:7F:20:A0:66:6E:58:C4:59:31:E0:18:D1:F8:37
            X509v3 Authority Key Identifier:
                keyid:E4:66:48:33:96:AF:B3:77:E5:E3:79:D1:61:5B:DE:0F:D4:D9:ED:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5GZIM5avs3fl43nRYVveD9TZ7Uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/Btqt9dHmfyCgZm5YxFkx4BjR-Dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/5GZIM5avs3fl43nRYVveD9TZ7Uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:5f:70:79:b4:69:11:d4:0d:57:e5:96:73:af:ad:25:36:d2:
         af:4d:ce:66:98:5a:77:96:a1:c6:f0:d8:1a:a3:82:1a:29:90:
         71:30:0f:25:0b:25:2d:08:bd:a2:e2:75:48:7b:9b:6e:7e:49:
         08:60:7b:ac:dd:1d:8b:c8:22:67:f1:72:4d:76:12:9c:8b:d4:
         52:4a:c3:9b:80:c3:15:9f:ab:05:a3:f2:60:82:ba:1c:58:2b:
         24:46:c8:06:59:59:fb:b0:3a:b1:3b:9d:4d:0f:0a:4e:0d:46:
         e6:72:bf:0d:2d:84:04:da:58:3d:87:66:ad:df:47:77:a0:b4:
         eb:89:8c:87:39:59:a6:1d:4f:4a:df:24:53:61:78:cb:59:b3:
         9d:ba:75:34:2a:b5:f9:28:3c:22:23:19:09:d0:8c:3e:43:c6:
         d1:43:84:36:ed:ac:9b:e4:3a:2e:a8:4d:d8:5c:c4:e2:7d:04:
         70:3e:01:f2:c6:26:e4:83:27:fd:71:61:b6:c3:d8:25:86:f3:
         e9:ad:c3:83:97:c1:05:21:f8:2c:33:e6:f2:7c:98:76:cb:aa:
         f6:4e:1e:32:7e:14:12:06:50:a4:64:3f:ca:a5:43:81:33:4c:
         40:82:c1:1b:10:76:4e:f0:e7:63:dc:87:33:d1:bd:c3:ce:b9:
         23:e0:af:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+j3R8p10GA/jQ66VkZsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NjY0ODMzOTZhZmIzNzdlNWUzNzlkMTYxNWJkZTBmZDRk
OWVkNDcwHhcNMjUwMTAxMDM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmRhYWRmNWQxZTY3ZjIwYTA2NjZlNThjNDU5MzFlMDE4ZDFmODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CRDXOsDlxH+ufzLMDJKbX3viHnP
IdpVBFFXsyc2m+jCC2AH5cyXMicWL4z2mXh7J6Y4vWrAKfs0RPmJRLbga788FDkG
nAZB4/qcasZAdeWI1c577cm1EMKVCNf2KwWC/yHEQIHJkj9Ty+h07nUkk02fq9T2
OsngvbsW2cOUT8a+oPlKeOpYDROiCxs9LOw0gcev9Pi6OvFBJq4bPC6MhEX/ZNsc
5Kpd7aMx/eBuDII4NOyh9n6adN6UY8xi7yeTN4ThddofuXB/8uGau+Svo3l89iKJ
oRA6cKKnxPgR7EeCvZycsb0aq8tGQmQoSZRDnATmNs3VyFiatFnZe0x+3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbarfXR5n8goGZuWMRZMeAY0fg3MB8GA1UdIwQY
MBaAFORmSDOWr7N35eN50WFb3g/U2e1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUdaSU01YXZzM2ZsNDNuUllWdmVEOVRaN1VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xOGI1YmItOGU0MS00ZTg4LWJkYmUt
MzQxYzYzNjE0MjgwLzEvQnRxdDlkSG1meUNnWm01WXhGa3g0QmpSLURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xOGI1YmItOGU0MS00ZTg4LWJkYmUtMzQxYzYzNjE0Mjgw
LzEvNUdaSU01YXZzM2ZsNDNuUllWdmVEOVRaN1VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSz+MA0G
CSqGSIb3DQEBCwUAA4IBAQCtX3B5tGkR1A1X5ZZzr60lNtKvTc5mmFp3lqHG8Nga
o4IaKZBxMA8lCyUtCL2i4nVIe5tufkkIYHus3R2LyCJn8XJNdhKci9RSSsObgMMV
n6sFo/JggrocWCskRsgGWVn7sDqxO51NDwpODUbmcr8NLYQE2lg9h2at30d3oLTr
iYyHOVmmHU9K3yRTYXjLWbOdunU0KrX5KDwiIxkJ0Iw+Q8bRQ4Q27ayb5DouqE3Y
XMTifQRwPgHyxibkgyf9cWG2w9glhvPprcODl8EFIfgsM+byfJh2y6r2Th4yfhQS
BlCkZD/KpUOBM0xAgsEbEHZO8Odj3Icz0b3Dzrkj4K90
-----END CERTIFICATE-----