Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/0RyrSS5TsuNkSrgX42mZlqnL_6Y.roa
File:                     0RyrSS5TsuNkSrgX42mZlqnL_6Y.roa (raw, json)
Hash identifier:          BRzu0fdIaz6Lovt3QNbsRMaTYaq8KePDTC4YuQ5xp+8=
Subject key identifier:   D1:1C:AB:49:2E:53:B2:E3:64:4A:B8:17:E3:69:99:96:A9:CB:FF:A6
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01941F8C4E018C51C54DFD0BDED8F8EEB9A4
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/0RyrSS5TsuNkSrgX42mZlqnL_6Y.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60138
IP address blocks:        5.202.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4e:01:8c:51:c5:4d:fd:0b:de:d8:f8:ee:b9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d11cab492e53b2e3644ab817e3699996a9cbffa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:08:4d:65:33:d5:ce:ad:04:58:44:96:84:ec:
                    71:b8:c7:8e:4a:2b:df:6a:97:67:e1:a5:71:2b:58:
                    68:58:e7:f7:42:76:25:c7:3e:0f:ad:69:7f:4d:5b:
                    1b:f9:99:4f:0d:4d:d8:a0:4d:06:22:23:24:b5:74:
                    cc:53:d4:cc:3d:7d:8c:2e:c9:ba:0c:31:c2:71:01:
                    28:6d:6f:3a:f3:2e:63:cc:17:30:82:83:d8:3a:77:
                    c4:17:ed:2d:e6:1d:dc:9b:6b:e4:4b:6d:48:09:0e:
                    98:25:97:ce:ab:68:00:19:ee:d5:d7:9b:ea:f6:3e:
                    10:a7:fb:7c:34:08:b7:4e:7b:cf:08:9d:fe:60:66:
                    05:95:53:f1:f7:aa:32:ff:04:d3:6c:25:89:9c:0c:
                    d5:2c:4f:12:ae:13:26:41:b8:38:c5:36:1f:ed:2a:
                    b7:4c:b4:f5:07:c7:75:7d:fd:b9:7c:f2:2b:12:3c:
                    92:a7:c6:ed:3e:eb:86:22:ba:9f:c1:f1:c2:88:bf:
                    ac:80:57:8f:14:b2:25:3a:e2:26:3b:5e:16:df:d8:
                    19:77:e6:81:be:c5:05:a4:03:17:00:46:78:61:36:
                    50:4f:7f:4d:0c:4c:43:82:6a:3b:6b:77:01:06:91:
                    2b:b2:ce:28:fa:23:45:f1:29:b2:83:49:35:c7:a0:
                    fb:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:1C:AB:49:2E:53:B2:E3:64:4A:B8:17:E3:69:99:96:A9:CB:FF:A6
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/0RyrSS5TsuNkSrgX42mZlqnL_6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:eb:ae:87:6f:de:dd:94:77:82:1d:c8:98:18:e3:9b:da:bc:
         36:b8:b9:e0:bc:60:34:94:35:17:8f:00:a1:a8:ce:00:15:52:
         39:32:af:dc:2d:ff:dd:ef:13:0a:09:af:d8:48:25:34:90:d2:
         04:a7:47:e8:84:dd:86:94:73:4b:c5:3e:fa:b1:ab:73:01:55:
         0d:a7:a5:c0:e9:00:a1:56:8d:bf:81:33:32:2b:36:9c:63:eb:
         d3:a6:9e:b0:20:1f:4b:ab:ab:fd:71:ca:94:b2:d9:b9:07:60:
         1e:b7:3e:96:06:af:dc:8f:b2:ba:fe:86:14:61:bd:9f:03:a4:
         08:9e:57:86:be:f5:4c:7a:78:82:09:44:b4:a8:d9:67:6a:fa:
         c9:f9:ac:06:4a:07:15:55:17:c4:17:0e:f4:33:53:2f:2e:73:
         e1:00:7d:7d:82:2e:45:b1:c7:0b:5e:95:5f:d3:f2:a3:c0:f4:
         39:1f:9a:73:96:77:d6:24:a9:f7:62:97:1d:15:f1:7c:f2:16:
         05:c4:bd:10:81:a2:0f:4f:52:26:4c:45:0c:b8:29:ab:4a:3b:
         a3:78:2d:1f:29:f3:38:ef:df:79:82:d6:6a:00:0e:9a:94:df:
         b0:f3:6a:c2:4d:a4:8a:04:81:b2:b6:e6:bc:56:26:ee:a3:d0:
         f9:44:34:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjE4BjFHFTf0L3tj47rmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTFjYWI0OTJlNTNiMmUzNjQ0YWI4MTdlMzY5OTk5NmE5Y2JmZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswhNZTPVzq0EWESWhOxxuMeOSivf
apdn4aVxK1hoWOf3QnYlxz4PrWl/TVsb+ZlPDU3YoE0GIiMktXTMU9TMPX2MLsm6
DDHCcQEobW868y5jzBcwgoPYOnfEF+0t5h3cm2vkS21ICQ6YJZfOq2gAGe7V15vq
9j4Qp/t8NAi3TnvPCJ3+YGYFlVPx96oy/wTTbCWJnAzVLE8SrhMmQbg4xTYf7Sq3
TLT1B8d1ff25fPIrEjySp8btPuuGIrqfwfHCiL+sgFePFLIlOuImO14W39gZd+aB
vsUFpAMXAEZ4YTZQT39NDExDgmo7a3cBBpErss4o+iNF8Smyg0k1x6D7OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEcq0kuU7LjZEq4F+NpmZapy/+mMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvMFJ5clNTNVRzdU5rU3JnWDQybVpscW5MXzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBcpYMA0G
CSqGSIb3DQEBCwUAA4IBAQB0666Hb97dlHeCHciYGOOb2rw2uLngvGA0lDUXjwCh
qM4AFVI5Mq/cLf/d7xMKCa/YSCU0kNIEp0fohN2GlHNLxT76satzAVUNp6XA6QCh
Vo2/gTMyKzacY+vTpp6wIB9Lq6v9ccqUstm5B2Aetz6WBq/cj7K6/oYUYb2fA6QI
nleGvvVMeniCCUS0qNlnavrJ+awGSgcVVRfEFw70M1MvLnPhAH19gi5FsccLXpVf
0/KjwPQ5H5pzlnfWJKn3YpcdFfF88hYFxL0QgaIPT1ImTEUMuCmrSjujeC0fKfM4
7995gtZqAA6alN+w82rCTaSKBIGytua8Vibuo9D5RDS0
-----END CERTIFICATE-----