Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/pRlbtt-JLlul2edzBMgTaavdi0Y.roa
File:                     pRlbtt-JLlul2edzBMgTaavdi0Y.roa (raw, json)
Hash identifier:          LnYe45if4HRk5/CT88NCiDUZfNSJbAYzcCf5wQ2YyqM=
Subject key identifier:   A5:19:5B:B6:DF:89:2E:5B:A5:D9:E7:73:04:C8:13:69:AB:DD:8B:46
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       0192B8F686CBCC2342ACF727AA93600BDE6C
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/pRlbtt-JLlul2edzBMgTaavdi0Y.roa
Signing time:             Wed 23 Oct 2024 10:40:17 +0000
ROA not before:           Wed 23 Oct 2024 10:40:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4766
IP address blocks:        110.172.189.0/24 maxlen: 24
                          114.69.244.0/24 maxlen: 24
                          114.69.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:f6:86:cb:cc:23:42:ac:f7:27:aa:93:60:0b:de:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Oct 23 10:40:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5195bb6df892e5ba5d9e77304c81369abdd8b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e4:eb:a8:4a:21:11:a8:11:a4:79:38:ec:04:
                    37:2b:55:a6:12:bd:22:92:48:7e:09:20:aa:be:65:
                    40:9a:3c:cb:88:ee:e6:39:a8:f7:37:34:20:f9:f6:
                    9d:67:d6:34:23:41:45:ed:c0:50:ca:e8:3e:73:1e:
                    f9:3b:9d:f2:58:5a:7b:c5:ad:f0:89:1f:14:9a:b2:
                    8a:7e:f6:b5:2b:d6:8a:47:3f:fa:bc:7f:aa:aa:b7:
                    f7:80:81:5f:e7:df:98:64:92:b3:fc:8e:c3:a5:8c:
                    be:24:6b:ff:fc:73:ad:e6:6d:81:52:86:ba:11:49:
                    39:e5:ac:2f:80:26:69:a4:5d:bc:58:fe:91:79:2c:
                    33:73:cf:9e:ab:a5:7a:66:a8:6b:93:97:29:d0:4f:
                    4a:9d:ac:68:71:fa:0b:20:7a:fb:9f:1f:86:e2:3e:
                    53:5a:19:13:68:f4:51:30:7f:f4:4d:62:52:ef:3f:
                    16:9d:ea:1f:82:05:61:01:4d:2b:67:73:92:b6:67:
                    6b:0e:0b:3f:e9:5a:62:88:da:25:46:14:b2:95:c2:
                    59:11:33:a7:7e:8d:40:29:f5:42:e6:34:f2:c6:d8:
                    87:b9:a1:9e:bc:73:bc:64:65:d5:5f:4e:9e:f6:6b:
                    c0:95:19:83:b1:eb:a1:aa:6c:c9:59:cc:fe:a2:09:
                    46:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:19:5B:B6:DF:89:2E:5B:A5:D9:E7:73:04:C8:13:69:AB:DD:8B:46
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/pRlbtt-JLlul2edzBMgTaavdi0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.172.189.0/24
                  114.69.244.0/24
                  114.69.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:57:05:1a:87:e7:d8:6e:6b:5d:6a:1e:21:bd:7f:12:1f:65:
         54:81:a3:73:16:0e:eb:37:62:91:84:d8:93:fb:6a:3a:45:31:
         69:cc:7e:d9:34:7a:51:0a:b8:86:46:71:ec:12:c5:8f:b9:7b:
         f8:84:bd:e2:fa:59:05:d3:63:54:58:e7:a8:1d:64:30:cf:14:
         8d:4e:2f:29:f2:a5:be:19:6d:cf:63:04:3a:2e:28:f2:b5:68:
         c3:19:b5:ce:7b:6c:9c:e9:c9:5a:05:a4:24:2d:ab:71:a1:b4:
         0a:53:34:16:ec:a0:df:90:4a:55:6b:2a:cf:91:c1:e4:a7:3d:
         f8:cb:cc:53:55:62:79:a3:f8:d8:8b:28:8e:68:16:00:b8:36:
         f2:98:46:d3:f0:8d:e4:9a:36:77:24:8d:22:c6:7a:b4:7a:b0:
         9d:52:23:b4:1e:fd:7e:47:9f:21:57:28:27:7d:d0:9b:a6:a9:
         75:f7:6a:29:15:f7:38:0a:ed:79:3d:5b:8b:be:d1:ca:34:e4:
         b9:8b:d3:db:4b:7f:93:18:bf:4e:df:79:b8:83:33:7e:69:d1:
         e2:26:e3:83:39:99:27:8c:6b:36:d6:09:e2:a3:8c:1f:14:a2:
         ac:a7:e5:c3:73:e7:cc:92:a0:a3:14:80:2d:e7:64:0f:59:09:
         f9:62:ec:c5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZK49obLzCNCrPcnqpNgC95sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMDIzMTA0MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTE5NWJiNmRmODkyZTViYTVkOWU3NzMwNGM4MTM2OWFiZGQ4YjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5eTrqEohEagRpHk47AQ3K1WmEr0i
kkh+CSCqvmVAmjzLiO7mOaj3NzQg+fadZ9Y0I0FF7cBQyug+cx75O53yWFp7xa3w
iR8UmrKKfva1K9aKRz/6vH+qqrf3gIFf59+YZJKz/I7DpYy+JGv//HOt5m2BUoa6
EUk55awvgCZppF28WP6ReSwzc8+eq6V6Zqhrk5cp0E9KnaxocfoLIHr7nx+G4j5T
WhkTaPRRMH/0TWJS7z8WneofggVhAU0rZ3OStmdrDgs/6VpiiNolRhSylcJZETOn
fo1AKfVC5jTyxtiHuaGevHO8ZGXVX06e9mvAlRmDseuhqmzJWcz+oglGGQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKUZW7bfiS5bpdnncwTIE2mr3YtGMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvcFJsYnR0LUpMbHVsMmVkekJNZ1RhYXZkaTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbqy9AwQA
ckX0AwQAckX3MA0GCSqGSIb3DQEBCwUAA4IBAQCCVwUah+fYbmtdah4hvX8SH2VU
gaNzFg7rN2KRhNiT+2o6RTFpzH7ZNHpRCriGRnHsEsWPuXv4hL3i+lkF02NUWOeo
HWQwzxSNTi8p8qW+GW3PYwQ6LijytWjDGbXOe2yc6claBaQkLatxobQKUzQW7KDf
kEpVayrPkcHkpz34y8xTVWJ5o/jYiyiOaBYAuDbymEbT8I3kmjZ3JI0ixnq0erCd
UiO0Hv1+R58hVygnfdCbpql192opFfc4Cu15PVuLvtHKNOS5i9PbS3+TGL9O33m4
gzN+adHiJuODOZknjGs21gnio4wfFKKsp+XDc+fMkqCjFIAt52QPWQn5YuzF
-----END CERTIFICATE-----