Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/xa0pQq-tzXZJ9qWqDGQiLSuJe2Q.roa
File:                     xa0pQq-tzXZJ9qWqDGQiLSuJe2Q.roa (raw, json)
Hash identifier:          HXMP1GMDjDTbIw4GEhYV4aHqEPGVTAftKR+Yt5JJrQE=
Subject key identifier:   C5:AD:29:42:AF:AD:CD:76:49:F6:A5:AA:0C:64:22:2D:2B:89:7B:64
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       01942068326183299BE51A63386E16EB6341
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/xa0pQq-tzXZJ9qWqDGQiLSuJe2Q.roa
Signing time:             Wed 01 Jan 2025 05:48:07 +0000
ROA not before:           Wed 01 Jan 2025 05:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197520
IP address blocks:        193.151.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:32:61:83:29:9b:e5:1a:63:38:6e:16:eb:63:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 05:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5ad2942afadcd7649f6a5aa0c64222d2b897b64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7d:17:08:2b:92:72:a9:d3:9b:fe:e8:54:6e:
                    4a:4d:70:0a:44:69:c6:70:e5:70:b5:c1:a7:e0:12:
                    5e:cf:60:67:cd:eb:d8:0b:f7:f7:49:61:83:48:16:
                    d4:d5:c9:2c:3e:d5:48:7c:bd:dc:5e:09:29:83:68:
                    86:80:21:2b:76:c3:87:e9:18:4e:01:13:44:e9:c4:
                    43:4a:d4:c0:a4:06:c4:f4:65:36:87:fd:0c:cc:37:
                    a7:23:f9:05:f4:c7:64:bc:64:9c:89:f0:62:33:f3:
                    e3:3c:e7:f8:2e:26:c4:7d:2a:97:32:d4:f0:3d:ad:
                    dd:c2:db:1f:d5:cd:a2:0c:96:85:87:90:4c:5e:de:
                    23:02:a1:c7:53:29:14:cc:2b:f3:94:7a:2f:f3:78:
                    40:bd:a1:9e:12:86:f3:3a:c8:7b:ac:7e:2d:cb:67:
                    a9:40:75:b1:43:7e:62:83:38:57:82:4c:ff:63:43:
                    b3:43:b2:58:fb:6e:2e:92:5e:d2:e7:9e:03:87:79:
                    13:12:0b:d6:2c:74:7a:41:34:45:58:80:34:ab:87:
                    e7:40:81:b0:a2:94:89:df:3f:f8:a9:69:98:07:36:
                    c6:69:d8:3c:83:ea:c1:8b:7a:69:f6:ce:d7:16:5e:
                    02:6a:40:30:48:15:41:4e:90:ec:ff:28:f2:59:51:
                    01:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:AD:29:42:AF:AD:CD:76:49:F6:A5:AA:0C:64:22:2D:2B:89:7B:64
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/xa0pQq-tzXZJ9qWqDGQiLSuJe2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:d1:04:b7:8b:30:6b:19:22:33:1b:32:d8:75:20:34:66:c5:
         57:41:be:24:99:9c:7d:cf:1c:05:5a:02:1e:2c:79:e0:32:be:
         e1:23:12:d9:90:5d:5e:95:d2:8d:41:8c:ba:48:9f:09:96:ec:
         4e:d1:7b:9d:04:86:55:c4:c3:34:1c:2c:7a:fb:7d:94:59:e3:
         68:48:8f:0e:6b:48:fd:1d:47:16:8f:42:dd:0e:db:0e:54:c5:
         ff:7e:36:74:81:0e:bc:78:7e:ba:0a:ae:09:67:42:bc:db:8a:
         97:2e:75:5f:a5:6d:62:eb:83:f7:b9:0b:5f:9c:4f:d3:c2:5f:
         29:6e:51:f9:4d:2c:f9:02:c5:74:6d:96:53:e9:fc:09:4e:7a:
         b7:69:65:c9:45:15:51:34:f3:a0:52:eb:01:07:d5:b8:8b:72:
         9d:49:51:60:fa:d4:f1:62:4c:ce:63:f1:06:ad:93:07:16:23:
         32:6d:b8:80:6d:b5:ea:df:b9:f6:40:1b:34:ee:bf:a8:98:22:
         d3:83:d7:b0:1c:ca:97:b2:80:04:83:12:c5:72:90:81:f6:95:
         5a:ff:24:0c:96:d2:a8:d6:b3:f8:24:8c:55:03:13:1b:0f:32:
         0c:1f:0a:d1:f0:9c:cc:ff:cb:22:4b:cb:39:db:1e:6d:d2:36:
         c1:2b:f8:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDJhgymb5RpjOG4W62NBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwMTAxMDU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFkMjk0MmFmYWRjZDc2NDlmNmE1YWEwYzY0MjIyZDJiODk3YjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzH0XCCuScqnTm/7oVG5KTXAKRGnG
cOVwtcGn4BJez2BnzevYC/f3SWGDSBbU1cksPtVIfL3cXgkpg2iGgCErdsOH6RhO
ARNE6cRDStTApAbE9GU2h/0MzDenI/kF9MdkvGScifBiM/PjPOf4LibEfSqXMtTw
Pa3dwtsf1c2iDJaFh5BMXt4jAqHHUykUzCvzlHov83hAvaGeEobzOsh7rH4ty2ep
QHWxQ35igzhXgkz/Y0OzQ7JY+24ukl7S554Dh3kTEgvWLHR6QTRFWIA0q4fnQIGw
opSJ3z/4qWmYBzbGadg8g+rBi3pp9s7XFl4CakAwSBVBTpDs/yjyWVEBQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWtKUKvrc12SfalqgxkIi0riXtkMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEveGEwcFFxLXR6WFpKOXFXcURHUWlMU3VKZTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZekMA0G
CSqGSIb3DQEBCwUAA4IBAQAY0QS3izBrGSIzGzLYdSA0ZsVXQb4kmZx9zxwFWgIe
LHngMr7hIxLZkF1eldKNQYy6SJ8JluxO0XudBIZVxMM0HCx6+32UWeNoSI8Oa0j9
HUcWj0LdDtsOVMX/fjZ0gQ68eH66Cq4JZ0K824qXLnVfpW1i64P3uQtfnE/Twl8p
blH5TSz5AsV0bZZT6fwJTnq3aWXJRRVRNPOgUusBB9W4i3KdSVFg+tTxYkzOY/EG
rZMHFiMybbiAbbXq37n2QBs07r+omCLTg9ewHMqXsoAEgxLFcpCB9pVa/yQMltKo
1rP4JIxVAxMbDzIMHwrR8JzM/8siS8s52x5t0jbBK/j2
-----END CERTIFICATE-----