Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/5MK1ewnt7LozxEmddZiWa3omfKc.roa
File:                     5MK1ewnt7LozxEmddZiWa3omfKc.roa (raw, json)
Hash identifier:          7+tCKj1f1iwSFAN/o1/yY8fVwb73KSasEYzwGjDKXO0=
Subject key identifier:   E4:C2:B5:7B:09:ED:EC:BA:33:C4:49:9D:75:98:96:6B:7A:26:7C:A7
Certificate issuer:       /CN=1c4c26273da2821fce26075aa0a6e2301ec84927
Certificate serial:       019424B3E54AE5D8B2AB2C42CC1915E3A1A4
Authority key identifier: 1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/5MK1ewnt7LozxEmddZiWa3omfKc.roa
Signing time:             Thu 02 Jan 2025 01:49:16 +0000
ROA not before:           Thu 02 Jan 2025 01:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1213
IP address blocks:        143.239.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 04:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e5:4a:e5:d8:b2:ab:2c:42:cc:19:15:e3:a1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4c26273da2821fce26075aa0a6e2301ec84927
        Validity
            Not Before: Jan  2 01:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4c2b57b09edecba33c4499d7598966b7a267ca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f1:f9:12:b0:31:a0:cd:5e:59:e4:57:5f:5d:
                    b8:d2:2d:41:39:c6:aa:c5:01:5a:be:0e:03:dc:b5:
                    8c:af:6d:96:dc:e4:be:72:f8:80:54:1d:b0:61:7e:
                    80:42:7d:85:89:1e:c0:52:7a:f4:e4:e6:cc:ea:ee:
                    d2:b3:7a:4f:c7:1f:c6:6b:d3:fa:06:4c:fc:c6:e7:
                    08:cb:4b:5a:3d:fb:9d:3d:88:a8:6d:94:61:38:db:
                    42:b3:18:e8:28:11:b7:d7:0e:3b:35:4e:6a:08:7b:
                    54:a5:91:34:03:1f:c9:3f:81:1e:e6:f9:e3:32:d5:
                    9b:2f:68:c4:01:92:b0:8a:84:a5:ca:c7:5a:0b:9e:
                    d0:1c:d1:0c:a4:5d:16:31:f7:87:d4:6a:ce:8e:2f:
                    76:e5:cc:86:b5:66:7e:3f:ca:89:7c:a1:f8:90:8b:
                    6f:61:4c:4c:19:7e:57:0e:f4:0f:b8:85:1f:cf:70:
                    be:32:03:af:ec:65:d9:c7:09:59:02:2c:02:03:48:
                    54:1a:97:14:1a:79:71:1c:59:a2:db:55:91:13:32:
                    f5:9a:0f:90:58:91:eb:f2:fa:86:2a:fd:9f:1d:ac:
                    5b:c9:3a:a4:a0:d1:56:9b:1b:d7:c6:8c:58:82:9b:
                    ab:40:b5:0d:9a:ef:fe:62:c8:13:6e:00:ab:e2:71:
                    14:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:C2:B5:7B:09:ED:EC:BA:33:C4:49:9D:75:98:96:6B:7A:26:7C:A7
            X509v3 Authority Key Identifier:
                keyid:1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/5MK1ewnt7LozxEmddZiWa3omfKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         11:5e:19:da:a0:c9:b4:5f:60:e4:a1:92:5c:37:7b:33:39:42:
         82:b8:0a:a9:84:c1:90:c2:de:3b:1b:9d:3b:05:5c:95:9b:24:
         75:94:5f:ca:4f:c7:ef:cf:11:ce:a8:51:f9:e9:f2:b9:d2:15:
         3a:a2:b5:a0:d6:97:d9:ad:c4:7a:aa:cc:eb:2d:38:2d:de:e9:
         31:4f:fe:de:27:e7:d9:a4:23:d7:a3:7f:14:6d:bb:2b:2c:de:
         1d:e8:64:c5:52:9b:57:01:4b:c4:47:69:a2:f2:c6:f7:70:67:
         23:20:08:78:cf:79:2c:0a:96:c5:6c:98:e3:1b:61:de:dc:57:
         8a:bb:ce:08:41:95:a8:ba:25:f0:3c:59:2c:61:64:99:87:c1:
         8d:2b:d5:bb:3c:70:f1:d5:15:22:05:82:7d:98:19:73:a8:bc:
         25:34:9e:79:21:dc:f0:4c:af:0c:02:a0:0f:a0:75:48:8c:e0:
         78:24:c7:a2:6d:a6:56:b4:64:ab:48:80:87:d5:71:1d:23:5f:
         bb:a4:bb:78:65:81:da:fb:68:f8:44:5e:f4:c6:f1:87:63:b0:
         26:78:04:72:8a:15:97:41:67:f7:07:26:42:9e:a0:ea:89:d2:
         d3:90:54:03:9a:4b:dc:ba:c2:b8:37:bf:d2:fb:ec:85:b4:a2:
         c9:19:62:30
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks+VK5diyqyxCzBkV46GkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGMyNjI3M2RhMjgyMWZjZTI2MDc1YWEwYTZlMjMwMWVj
ODQ5MjcwHhcNMjUwMTAyMDE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGMyYjU3YjA5ZWRlY2JhMzNjNDQ5OWQ3NTk4OTY2YjdhMjY3Y2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/H5ErAxoM1eWeRXX1240i1BOcaq
xQFavg4D3LWMr22W3OS+cviAVB2wYX6AQn2FiR7AUnr05ObM6u7Ss3pPxx/Ga9P6
Bkz8xucIy0taPfudPYiobZRhONtCsxjoKBG31w47NU5qCHtUpZE0Ax/JP4Ee5vnj
MtWbL2jEAZKwioSlysdaC57QHNEMpF0WMfeH1GrOji925cyGtWZ+P8qJfKH4kItv
YUxMGX5XDvQPuIUfz3C+MgOv7GXZxwlZAiwCA0hUGpcUGnlxHFmi21WREzL1mg+Q
WJHr8vqGKv2fHaxbyTqkoNFWmxvXxoxYgpurQLUNmu/+YsgTbgCr4nEUTwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFOTCtXsJ7ey6M8RJnXWYlmt6JnynMB8GA1UdIwQY
MBaAFBxMJic9ooIfziYHWqCm4jAeyEknMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQt
ZDM1YjQzMGFmMjZkLzEvNU1LMWV3bnQ3TG96eEVtZGRaaVdhM29tZktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQtZDM1YjQzMGFmMjZk
LzEvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAj+8wDQYJ
KoZIhvcNAQELBQADggEBABFeGdqgybRfYOShklw3ezM5QoK4CqmEwZDC3jsbnTsF
XJWbJHWUX8pPx+/PEc6oUfnp8rnSFTqitaDWl9mtxHqqzOstOC3e6TFP/t4n59mk
I9ejfxRtuyss3h3oZMVSm1cBS8RHaaLyxvdwZyMgCHjPeSwKlsVsmOMbYd7cV4q7
zghBlai6JfA8WSxhZJmHwY0r1bs8cPHVFSIFgn2YGXOovCU0nnkh3PBMrwwCoA+g
dUiM4Hgkx6Jtpla0ZKtIgIfVcR0jX7uku3hlgdr7aPhEXvTG8YdjsCZ4BHKKFZdB
Z/cHJkKeoOqJ0tOQVAOaS9y6wrg3v9L77IW0oskZYjA=
-----END CERTIFICATE-----