Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/W5c6_2upbADmq1K-psylJktpo-8.roa
File:                     W5c6_2upbADmq1K-psylJktpo-8.roa (raw, json)
Hash identifier:          D7dJaOoXdffWdL/3wJFJkqGRbSD4Xs0mdOEO0fMkEro=
Subject key identifier:   5B:97:3A:FF:6B:A9:6C:00:E6:AB:52:BE:A6:CC:A5:26:4B:69:A3:EF
Certificate issuer:       /CN=8a08c28be15516290b9da5135e58f55fbb80ffb4
Certificate serial:       01941F8C7D0429D11DDB3109FB51ACE8A4C8
Authority key identifier: 8A:08:C2:8B:E1:55:16:29:0B:9D:A5:13:5E:58:F5:5F:BB:80:FF:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/W5c6_2upbADmq1K-psylJktpo-8.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25091
IP address blocks:        160.53.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7d:04:29:d1:1d:db:31:09:fb:51:ac:e8:a4:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a08c28be15516290b9da5135e58f55fbb80ffb4
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b973aff6ba96c00e6ab52bea6cca5264b69a3ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cb:68:32:c2:97:cc:9c:c7:47:dd:a6:50:21:
                    9a:7d:bf:21:e8:8e:b2:62:55:d5:bb:5a:bc:cd:39:
                    51:63:40:db:9d:17:ca:4d:56:3a:fb:80:1f:1e:15:
                    51:1d:a0:74:3f:a5:25:ff:6a:4a:d6:75:af:8a:4f:
                    b2:61:29:f8:27:3a:35:fb:1f:15:b6:f2:ec:41:59:
                    07:4f:ec:97:f4:7c:8a:33:c1:77:a4:fd:36:47:e5:
                    a3:06:3b:35:29:0f:31:b6:13:f5:35:a9:35:72:d1:
                    04:b3:d2:9b:02:9d:5c:6f:9d:28:2a:7b:52:de:73:
                    a6:e3:1b:4b:70:4b:62:4e:06:f3:8f:24:91:87:05:
                    de:ca:f8:dd:4f:97:c8:9e:2c:69:2c:02:4e:ae:69:
                    be:fd:ab:a0:ee:b9:71:cf:ed:70:2a:3f:15:dd:b0:
                    d8:8e:a2:bc:be:0c:9c:92:1c:60:d3:13:e5:0e:e8:
                    00:6b:e7:ae:12:f6:44:e5:41:80:3a:6a:6e:a5:e7:
                    bc:ee:65:af:49:cd:75:a7:d7:03:41:f2:2d:a3:98:
                    42:79:35:2e:df:82:77:b2:18:8d:67:a1:8a:29:80:
                    29:9a:ee:a9:c1:46:e6:9b:84:0f:2f:0d:d4:f2:a3:
                    80:05:89:6d:78:ba:d6:c6:97:3c:85:69:36:b8:df:
                    01:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:97:3A:FF:6B:A9:6C:00:E6:AB:52:BE:A6:CC:A5:26:4B:69:A3:EF
            X509v3 Authority Key Identifier:
                keyid:8A:08:C2:8B:E1:55:16:29:0B:9D:A5:13:5E:58:F5:5F:BB:80:FF:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/W5c6_2upbADmq1K-psylJktpo-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.53.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:28:a7:65:64:53:0c:b0:d0:06:16:32:6b:10:7c:ef:02:aa:
         20:93:aa:34:09:33:b7:39:43:a8:cb:e5:24:ea:24:90:c0:32:
         b0:78:ef:8d:4e:38:eb:61:ea:f4:8d:1e:90:2c:99:ae:fb:3a:
         ad:7e:a7:11:31:64:60:b5:2d:42:13:5c:10:2a:b7:bd:8f:37:
         ff:f1:7a:32:6b:d2:da:fd:4a:88:69:a2:f1:e0:f4:08:86:ff:
         d7:60:24:7b:b1:75:b9:5b:de:50:0d:d7:6e:16:fc:86:87:96:
         11:8d:c5:8f:f4:00:96:10:04:83:ac:d7:63:80:d0:c4:0e:32:
         c5:f9:12:f2:59:a1:52:20:2f:05:60:7a:05:4f:6b:d7:6e:2e:
         a7:e7:c5:f2:da:92:93:e6:4e:bf:e8:f4:e2:1a:82:2d:9a:ca:
         b4:14:7a:63:6b:b6:6d:c3:1c:50:99:5b:5e:ce:21:fe:72:90:
         f8:eb:20:b5:13:e7:8f:87:cf:06:7a:a7:02:48:c3:56:14:e4:
         10:35:25:81:af:f5:3c:a3:4e:72:2e:f8:8c:3b:43:e3:2a:c2:
         a3:e0:07:ec:eb:34:e7:62:26:90:a2:95:42:05:dd:c2:5d:26:
         0a:39:d7:8b:f3:eb:92:70:f3:58:cd:41:0c:15:31:d1:cc:a5:
         ab:4d:3a:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjH0EKdEd2zEJ+1Gs6KTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDhjMjhiZTE1NTE2MjkwYjlkYTUxMzVlNThmNTVmYmI4
MGZmYjQwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjk3M2FmZjZiYTk2YzAwZTZhYjUyYmVhNmNjYTUyNjRiNjlhM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8toMsKXzJzHR92mUCGafb8h6I6y
YlXVu1q8zTlRY0DbnRfKTVY6+4AfHhVRHaB0P6Ul/2pK1nWvik+yYSn4Jzo1+x8V
tvLsQVkHT+yX9HyKM8F3pP02R+WjBjs1KQ8xthP1Nak1ctEEs9KbAp1cb50oKntS
3nOm4xtLcEtiTgbzjySRhwXeyvjdT5fInixpLAJOrmm+/aug7rlxz+1wKj8V3bDY
jqK8vgyckhxg0xPlDugAa+euEvZE5UGAOmpupee87mWvSc11p9cDQfIto5hCeTUu
34J3shiNZ6GKKYApmu6pwUbmm4QPLw3U8qOABYlteLrWxpc8hWk2uN8ByQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuXOv9rqWwA5qtSvqbMpSZLaaPvMB8GA1UdIwQY
MBaAFIoIwovhVRYpC52lE15Y9V+7gP+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdqQ2ktRlZGaWtMbmFVVFhsajFYN3VBXzdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82NzJhZjgtMzM0OC00MjEzLWI0N2Mt
MDYxOGM5YThjYWM0LzEvVzVjNl8ydXBiQURtcTFLLXBzeWxKa3Rwby04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82NzJhZjgtMzM0OC00MjEzLWI0N2MtMDYxOGM5YThjYWM0
LzEvaWdqQ2ktRlZGaWtMbmFVVFhsajFYN3VBXzdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoDXyMA0G
CSqGSIb3DQEBCwUAA4IBAQCwKKdlZFMMsNAGFjJrEHzvAqogk6o0CTO3OUOoy+Uk
6iSQwDKweO+NTjjrYer0jR6QLJmu+zqtfqcRMWRgtS1CE1wQKre9jzf/8Xoya9La
/UqIaaLx4PQIhv/XYCR7sXW5W95QDdduFvyGh5YRjcWP9ACWEASDrNdjgNDEDjLF
+RLyWaFSIC8FYHoFT2vXbi6n58Xy2pKT5k6/6PTiGoItmsq0FHpja7ZtwxxQmVte
ziH+cpD46yC1E+ePh88GeqcCSMNWFOQQNSWBr/U8o05yLviMO0PjKsKj4Afs6zTn
YiaQopVCBd3CXSYKOdeL8+uScPNYzUEMFTHRzKWrTTr5
-----END CERTIFICATE-----