Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/1JXcZFx0cVgp_nurSkDz34ejXRw.roa
File:                     1JXcZFx0cVgp_nurSkDz34ejXRw.roa (raw, json)
Hash identifier:          eT3VUKiYG35yZHjK8chZuS2ARmnYiiATHH1jK3UENw4=
Subject key identifier:   D4:95:DC:64:5C:74:71:58:29:FE:7B:AB:4A:40:F3:DF:87:A3:5D:1C
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01941F8C45BE7A2C202322D5BDF6EF14A0F5
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/1JXcZFx0cVgp_nurSkDz34ejXRw.roa
Signing time:             Wed 01 Jan 2025 01:47:54 +0000
ROA not before:           Wed 01 Jan 2025 01:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39364
IP address blocks:        5.202.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:45:be:7a:2c:20:23:22:d5:bd:f6:ef:14:a0:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 01:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d495dc645c74715829fe7bab4a40f3df87a35d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:53:c9:32:2b:13:e3:2c:b7:44:ac:b8:d6:e4:
                    59:7e:df:0e:46:96:88:8c:30:1e:64:83:17:42:ea:
                    26:90:17:1e:8d:87:54:22:6e:66:fb:07:1f:81:51:
                    98:cb:1e:e9:0d:05:be:ce:3d:c1:19:bd:f9:2a:62:
                    aa:3b:66:56:22:db:c7:59:d3:7c:c0:08:0a:4c:5f:
                    2e:3e:f6:23:32:20:bd:04:8d:54:41:cb:d2:00:d6:
                    1d:e6:b4:42:be:12:e7:a7:fc:82:fd:9e:72:df:5e:
                    1c:ea:17:82:e9:df:6d:ae:74:e0:0c:0a:40:60:aa:
                    e0:ae:f7:56:5b:e9:de:3d:71:ec:68:f5:dc:cc:b0:
                    b2:c2:43:de:20:06:26:d1:0e:1c:eb:6a:72:94:9f:
                    bd:b6:fa:49:37:3f:0e:0f:75:12:85:9c:82:e9:23:
                    71:3f:47:3f:3a:b7:58:38:54:7f:3a:ad:89:54:e3:
                    5b:f8:d6:5f:46:ee:49:d2:42:dc:dc:68:6c:94:ce:
                    fc:ea:f2:db:b5:95:84:db:5a:f9:66:30:dd:32:13:
                    98:ae:bd:1f:f7:e8:53:ae:09:bc:6a:74:4d:36:ec:
                    4b:5d:b8:8a:ff:e5:d3:66:0b:f8:b9:4e:54:c7:dd:
                    7c:a3:94:23:8c:c0:1a:2b:0e:a4:d6:5e:89:44:d1:
                    14:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:95:DC:64:5C:74:71:58:29:FE:7B:AB:4A:40:F3:DF:87:A3:5D:1C
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/1JXcZFx0cVgp_nurSkDz34ejXRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:85:e8:5f:de:10:32:ad:f5:cc:6b:c9:36:04:f8:d9:7b:d1:
         66:1c:df:69:0d:89:05:b8:7a:39:00:62:3f:b0:54:15:c2:a5:
         3f:d7:1e:d8:16:ab:02:35:53:0d:99:80:09:1b:49:d8:1c:b0:
         05:fb:98:ef:fb:da:f1:b6:03:07:ae:0f:23:50:f0:8f:9d:a8:
         17:13:93:5a:7c:c8:cf:1e:6d:24:a4:75:e4:6d:e9:20:2d:62:
         ca:d1:68:b0:fb:d3:18:3f:da:68:70:e8:8c:93:02:75:dc:89:
         35:5b:c9:bf:04:02:fb:f9:7f:2f:7b:72:1c:4e:35:65:a2:03:
         64:dd:70:49:89:45:98:b8:2c:a1:6e:6e:a9:ac:ab:3f:ed:bd:
         72:32:64:c0:a2:dc:61:63:be:8d:73:97:3a:c7:a5:68:b4:f5:
         00:38:11:77:71:91:8c:0e:cd:06:27:09:1f:9b:cf:27:ed:82:
         9d:44:58:67:43:c8:c5:94:1d:68:48:c9:a4:6b:fe:48:52:7a:
         cb:26:18:2b:c6:98:ed:32:81:bb:2f:c8:e0:77:98:b1:73:21:
         e2:4f:67:b9:e5:c9:12:06:20:97:41:f7:0b:27:b2:a9:fb:4d:
         47:3b:cb:ba:6e:3b:5a:74:fc:90:5c:a3:cd:a5:7b:3d:43:74:
         65:9c:40:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjEW+eiwgIyLVvfbvFKD1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk1ZGM2NDVjNzQ3MTU4MjlmZTdiYWI0YTQwZjNkZjg3YTM1ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lPJMisT4yy3RKy41uRZft8ORpaI
jDAeZIMXQuomkBcejYdUIm5m+wcfgVGYyx7pDQW+zj3BGb35KmKqO2ZWItvHWdN8
wAgKTF8uPvYjMiC9BI1UQcvSANYd5rRCvhLnp/yC/Z5y314c6heC6d9trnTgDApA
YKrgrvdWW+nePXHsaPXczLCywkPeIAYm0Q4c62pylJ+9tvpJNz8OD3UShZyC6SNx
P0c/OrdYOFR/Oq2JVONb+NZfRu5J0kLc3GhslM786vLbtZWE21r5ZjDdMhOYrr0f
9+hTrgm8anRNNuxLXbiK/+XTZgv4uU5Ux918o5QjjMAaKw6k1l6JRNEU5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSV3GRcdHFYKf57q0pA89+Ho10cMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvMUpYY1pGeDBjVmdwX251clNrRHozNGVqWFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBcosMA0G
CSqGSIb3DQEBCwUAA4IBAQBthehf3hAyrfXMa8k2BPjZe9FmHN9pDYkFuHo5AGI/
sFQVwqU/1x7YFqsCNVMNmYAJG0nYHLAF+5jv+9rxtgMHrg8jUPCPnagXE5NafMjP
Hm0kpHXkbekgLWLK0Wiw+9MYP9pocOiMkwJ13Ik1W8m/BAL7+X8ve3IcTjVlogNk
3XBJiUWYuCyhbm6prKs/7b1yMmTAotxhY76Nc5c6x6VotPUAOBF3cZGMDs0GJwkf
m88n7YKdRFhnQ8jFlB1oSMmka/5IUnrLJhgrxpjtMoG7L8jgd5ixcyHiT2e55ckS
BiCXQfcLJ7Kp+01HO8u6bjtadPyQXKPNpXs9Q3RlnEAU
-----END CERTIFICATE-----