Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/l5fucFsRI8YqdsxQQ1gM3icDFgY.roa
File:                     l5fucFsRI8YqdsxQQ1gM3icDFgY.roa (raw, json)
Hash identifier:          F8cwyE/KovnNrO6uesrwG6iPrTntm+Jn5JO1juTZFLQ=
Subject key identifier:   97:97:EE:70:5B:11:23:C6:2A:76:CC:50:43:58:0C:DE:27:03:16:06
Certificate issuer:       /CN=a0df7f5b6618bda23c83bed11b442041f1fb456d
Certificate serial:       01942444AD15F9D13796BFCFB1FCF332E96D
Authority key identifier: A0:DF:7F:5B:66:18:BD:A2:3C:83:BE:D1:1B:44:20:41:F1:FB:45:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/l5fucFsRI8YqdsxQQ1gM3icDFgY.roa
Signing time:             Wed 01 Jan 2025 23:47:48 +0000
ROA not before:           Wed 01 Jan 2025 23:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147293
IP address blocks:        146.19.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ad:15:f9:d1:37:96:bf:cf:b1:fc:f3:32:e9:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0df7f5b6618bda23c83bed11b442041f1fb456d
        Validity
            Not Before: Jan  1 23:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9797ee705b1123c62a76cc5043580cde27031606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3e:0d:62:57:fa:b0:89:4e:1c:59:20:82:0b:
                    5a:c5:0e:c7:69:9f:fa:a5:83:4d:7e:7e:6b:d7:3b:
                    73:dc:93:88:97:74:6f:d6:f1:1c:d5:1e:18:e0:b8:
                    94:62:2f:24:6f:7c:c8:3c:e1:6a:d4:39:52:69:8f:
                    61:68:38:2c:1b:a7:51:2b:b0:3b:6e:54:13:f9:9a:
                    70:ac:b0:39:3f:9c:bb:a3:4b:54:d6:8c:88:77:45:
                    d5:f6:94:2f:c0:b1:98:94:40:79:75:2c:cf:5a:2f:
                    83:0a:0e:c6:aa:3e:c1:62:23:96:36:d1:83:d7:f6:
                    21:2c:20:ff:29:45:4d:f9:ac:5e:be:fb:b2:65:29:
                    52:bc:a5:80:db:73:7b:d3:ed:2e:18:d1:a8:a1:79:
                    26:3d:fe:45:12:6d:d2:3e:1c:77:7b:1d:f0:df:34:
                    60:03:5f:52:63:c5:a7:d8:79:29:e0:e3:97:b2:d5:
                    f3:5a:35:43:c0:50:e7:40:96:ca:28:f8:34:49:a0:
                    31:76:53:b9:dc:07:bb:1b:20:9a:98:b8:4d:90:3f:
                    88:13:9a:ae:87:8b:00:f4:5c:fc:fc:22:0e:4b:a6:
                    f9:fd:0d:20:17:f9:cc:36:d0:b0:5d:f8:e8:6c:74:
                    b7:42:0b:15:41:93:b5:39:ac:0c:95:a7:b4:37:4f:
                    b6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:97:EE:70:5B:11:23:C6:2A:76:CC:50:43:58:0C:DE:27:03:16:06
            X509v3 Authority Key Identifier:
                keyid:A0:DF:7F:5B:66:18:BD:A2:3C:83:BE:D1:1B:44:20:41:F1:FB:45:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/l5fucFsRI8YqdsxQQ1gM3icDFgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:cb:e0:51:1d:c0:7c:d4:f2:e4:f3:3c:f6:29:d7:e8:0e:06:
         78:d0:6f:8e:f9:98:70:e4:3b:f5:dd:da:0a:f5:19:20:2d:07:
         b3:65:7b:95:56:7e:5e:e6:41:93:a8:02:bf:60:ef:7c:9e:e0:
         7f:3e:c5:be:5e:56:cb:c6:17:bf:a6:9b:bb:bc:83:e9:ca:dc:
         50:bd:30:ba:4c:13:cc:06:2e:f9:e5:c2:54:6e:1a:0b:89:b4:
         84:d4:b7:76:15:e9:84:2d:03:ad:45:91:a9:84:e8:b8:75:63:
         b3:19:44:d1:3c:be:25:93:8c:d1:41:e9:c9:45:78:69:a5:96:
         cc:0e:10:df:d2:9f:25:24:76:42:b5:26:46:00:c0:e2:ff:e2:
         f4:16:df:f1:cd:19:d3:31:e8:31:17:6b:04:cd:77:34:67:f4:
         bb:ee:6d:af:bf:7a:64:86:bb:d4:a1:4f:86:fe:b8:5e:41:e2:
         dd:b3:01:3c:32:7c:7b:45:81:23:74:68:f7:4a:bd:d0:27:3c:
         ac:78:93:29:be:c4:a6:03:bd:a3:b4:a5:5b:19:3f:56:cd:52:
         74:42:d3:2e:b9:da:90:20:73:35:22:cf:c9:dc:d6:9a:9d:e8:
         7b:57:b8:39:dc:b5:dc:c8:b3:a5:9f:d9:6b:be:3c:6f:53:ba:
         c0:d7:4f:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRK0V+dE3lr/PsfzzMultMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZGY3ZjViNjYxOGJkYTIzYzgzYmVkMTFiNDQyMDQxZjFm
YjQ1NmQwHhcNMjUwMTAxMjM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzk3ZWU3MDViMTEyM2M2MmE3NmNjNTA0MzU4MGNkZTI3MDMxNjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1T4NYlf6sIlOHFkgggtaxQ7HaZ/6
pYNNfn5r1ztz3JOIl3Rv1vEc1R4Y4LiUYi8kb3zIPOFq1DlSaY9haDgsG6dRK7A7
blQT+ZpwrLA5P5y7o0tU1oyId0XV9pQvwLGYlEB5dSzPWi+DCg7Gqj7BYiOWNtGD
1/YhLCD/KUVN+axevvuyZSlSvKWA23N70+0uGNGooXkmPf5FEm3SPhx3ex3w3zRg
A19SY8Wn2Hkp4OOXstXzWjVDwFDnQJbKKPg0SaAxdlO53Ae7GyCamLhNkD+IE5qu
h4sA9Fz8/CIOS6b5/Q0gF/nMNtCwXfjobHS3QgsVQZO1OawMlae0N0+2fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeX7nBbESPGKnbMUENYDN4nAxYGMB8GA1UdIwQY
MBaAFKDff1tmGL2iPIO+0RtEIEHx+0VtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb045X1cyWVl2YUk4Zzc3UkcwUWdRZkg3UlcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hNTcyOGItYTM2ZC00ZmJhLTkzYWEt
NWY0YmM5MDBjMDNkLzEvbDVmdWNGc1JJOFlxZHN4UVExZ00zaWNERmdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hNTcyOGItYTM2ZC00ZmJhLTkzYWEtNWY0YmM5MDBjMDNk
LzEvb045X1cyWVl2YUk4Zzc3UkcwUWdRZkg3UlcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOuMA0G
CSqGSIb3DQEBCwUAA4IBAQBxy+BRHcB81PLk8zz2KdfoDgZ40G+O+Zhw5Dv13doK
9RkgLQezZXuVVn5e5kGTqAK/YO98nuB/PsW+XlbLxhe/ppu7vIPpytxQvTC6TBPM
Bi755cJUbhoLibSE1Ld2FemELQOtRZGphOi4dWOzGUTRPL4lk4zRQenJRXhppZbM
DhDf0p8lJHZCtSZGAMDi/+L0Ft/xzRnTMegxF2sEzXc0Z/S77m2vv3pkhrvUoU+G
/rheQeLdswE8Mnx7RYEjdGj3Sr3QJzyseJMpvsSmA72jtKVbGT9WzVJ0QtMuudqQ
IHM1Is/J3Naaneh7V7g53LXcyLOln9lrvjxvU7rA109T
-----END CERTIFICATE-----