Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/jw5FsV6KNFQk7ykrSnIuBQMVrL8.roa
File:                     jw5FsV6KNFQk7ykrSnIuBQMVrL8.roa (raw, json)
Hash identifier:          EbHiCMfH5GsxWmNANt/0pMWXEBfQ3ctdwDvY1CFcu4Q=
Subject key identifier:   8F:0E:45:B1:5E:8A:34:54:24:EF:29:2B:4A:72:2E:05:03:15:AC:BF
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C72FB1EF6A4689A786F2C048B5253
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/jw5FsV6KNFQk7ykrSnIuBQMVrL8.roa
Signing time:             Thu 02 Jan 2025 09:50:29 +0000
ROA not before:           Thu 02 Jan 2025 09:50:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38985
IP address blocks:        87.103.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 00:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:72:fb:1e:f6:a4:68:9a:78:6f:2c:04:8b:52:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f0e45b15e8a345424ef292b4a722e050315acbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3a:04:0c:c8:b3:10:c7:b3:a3:48:7a:bc:39:
                    b4:35:13:7e:96:63:33:78:2c:87:2b:09:b5:19:f3:
                    3f:e1:15:7e:b5:16:fe:12:c8:3b:48:42:31:d1:7d:
                    22:44:be:99:d5:f3:c4:0c:74:f6:af:a4:22:32:9d:
                    96:81:e9:e8:18:8d:64:2a:c7:0f:42:0a:42:7c:5e:
                    2d:45:13:e6:84:95:85:cc:16:04:78:bd:f1:44:0b:
                    a7:07:c3:f9:37:ca:be:48:35:f4:52:7b:9a:8d:b7:
                    c4:d4:94:20:37:b5:0b:59:f3:24:0a:92:9d:da:c6:
                    e7:42:4b:ff:d8:a7:43:ef:af:87:3a:85:3b:b2:8b:
                    bc:0d:dc:f1:16:79:0d:bc:64:60:13:ab:82:c5:b6:
                    96:9d:b9:f0:08:a3:48:85:14:67:80:f1:d2:71:3d:
                    15:77:01:c8:80:22:8b:a2:f4:9b:0b:ab:e9:bb:84:
                    91:15:26:f0:53:bc:54:0b:7f:7b:2c:64:11:b1:32:
                    64:2c:09:23:fc:57:82:28:75:f5:7f:5f:1a:44:75:
                    4a:4d:86:00:b9:88:96:2b:87:ad:64:b0:44:2e:7a:
                    a2:d7:81:f3:16:1e:3c:73:a6:35:2f:b3:4a:4d:eb:
                    3f:e4:c8:9d:b0:9b:6e:58:e8:9b:7b:eb:2e:ad:57:
                    4f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:0E:45:B1:5E:8A:34:54:24:EF:29:2B:4A:72:2E:05:03:15:AC:BF
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/jw5FsV6KNFQk7ykrSnIuBQMVrL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.103.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:39:ff:e2:f8:de:9c:5c:d6:13:eb:26:e3:3b:b8:6c:c8:e8:
         51:02:d6:88:3e:2b:42:86:34:bf:c8:17:3e:d6:dd:e2:96:90:
         fb:bd:d7:69:fa:5d:17:6e:81:b6:86:fd:65:ee:63:3f:c9:2b:
         48:a1:ed:3b:2e:90:7d:eb:0f:c2:3d:03:c4:95:ae:cd:4f:65:
         6a:24:0d:e2:3c:56:08:4c:43:1b:cd:37:b6:8c:ae:29:22:e2:
         b0:db:11:27:06:a5:9b:a3:cb:48:8f:9c:71:41:39:a8:b4:43:
         4f:63:19:0c:55:87:e8:43:f8:96:f5:3f:e9:4f:b2:4d:15:a9:
         a2:91:5f:5e:d4:60:f7:b5:9d:d7:4f:25:b2:0a:f4:4a:40:90:
         ee:10:33:08:1e:ec:16:1a:8b:3c:6e:39:ed:fa:19:f1:af:30:
         4a:1b:c2:f9:ab:6a:2b:ef:0d:a7:11:ae:c5:76:56:2a:c8:73:
         b5:5f:3b:e1:1c:e9:32:e8:d4:1b:09:02:15:cd:11:c4:0c:66:
         1f:8d:53:63:11:7b:d2:be:c9:fb:ad:42:a3:06:de:47:14:3f:
         4d:ff:70:70:c5:5c:fb:7d:72:f5:38:be:e1:b1:d1:8f:6f:d4:
         1e:70:d9:9b:8a:47:41:bc:34:c3:cb:b9:43:f7:c8:92:ae:83:
         f4:6a:45:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbHL7HvakaJp4bywEi1JTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjBlNDViMTVlOGEzNDU0MjRlZjI5MmI0YTcyMmUwNTAzMTVhY2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojoEDMizEMezo0h6vDm0NRN+lmMz
eCyHKwm1GfM/4RV+tRb+Esg7SEIx0X0iRL6Z1fPEDHT2r6QiMp2WgenoGI1kKscP
QgpCfF4tRRPmhJWFzBYEeL3xRAunB8P5N8q+SDX0UnuajbfE1JQgN7ULWfMkCpKd
2sbnQkv/2KdD76+HOoU7sou8DdzxFnkNvGRgE6uCxbaWnbnwCKNIhRRngPHScT0V
dwHIgCKLovSbC6vpu4SRFSbwU7xUC397LGQRsTJkLAkj/FeCKHX1f18aRHVKTYYA
uYiWK4etZLBELnqi14HzFh48c6Y1L7NKTes/5MidsJtuWOibe+surVdPlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8ORbFeijRUJO8pK0pyLgUDFay/MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvanc1RnNWNktORlFrN3lrclNuSXVCUU1Wckw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2eoMA0G
CSqGSIb3DQEBCwUAA4IBAQAeOf/i+N6cXNYT6ybjO7hsyOhRAtaIPitChjS/yBc+
1t3ilpD7vddp+l0XboG2hv1l7mM/yStIoe07LpB96w/CPQPEla7NT2VqJA3iPFYI
TEMbzTe2jK4pIuKw2xEnBqWbo8tIj5xxQTmotENPYxkMVYfoQ/iW9T/pT7JNFami
kV9e1GD3tZ3XTyWyCvRKQJDuEDMIHuwWGos8bjnt+hnxrzBKG8L5q2or7w2nEa7F
dlYqyHO1XzvhHOky6NQbCQIVzRHEDGYfjVNjEXvSvsn7rUKjBt5HFD9N/3BwxVz7
fXL1OL7hsdGPb9QecNmbikdBvDTDy7lD98iSroP0akVv
-----END CERTIFICATE-----