Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hj5pFezOYMdUr4jkkIibEcIDc1s.roa
File:                     Hj5pFezOYMdUr4jkkIibEcIDc1s.roa (raw, json)
Hash identifier:          oDXh9jhvq/Qf3YSb5v3Ufqljebjfoo0PA+zcpRllSlA=
Subject key identifier:   1E:3E:69:15:EC:CE:60:C7:54:AF:88:E4:90:88:9B:11:C2:03:73:5B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0196A0ED07C5339130B8D072CC54ECCBCDB5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hj5pFezOYMdUr4jkkIibEcIDc1s.roa
Signing time:             Mon 05 May 2025 14:50:10 +0000
ROA not before:           Mon 05 May 2025 14:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44901
IP address blocks:        93.123.10.0/24 maxlen: 24
                          94.156.104.0/24 maxlen: 24
                          94.156.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:ed:07:c5:33:91:30:b8:d0:72:cc:54:ec:cb:cd:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  5 14:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e3e6915ecce60c754af88e490889b11c203735b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:d9:16:99:81:1b:1b:f2:ab:6d:0a:c6:ea:
                    b7:04:17:4b:f5:d4:a2:a0:b1:e8:27:9e:92:80:13:
                    2e:65:d6:9b:16:3d:56:5f:a7:82:86:55:33:a9:d5:
                    f2:36:f3:b9:f8:88:6d:81:75:8c:58:94:7a:9f:05:
                    6d:8d:d8:aa:6a:26:4b:33:a7:77:bb:2f:7e:86:0b:
                    a3:75:a4:58:0e:c9:04:3e:34:d8:69:f4:ba:03:d9:
                    9a:02:fe:43:3c:80:2a:8a:47:39:c2:c3:30:7f:e8:
                    aa:2c:94:0e:ff:c4:cd:1a:27:f5:1a:21:0c:8e:df:
                    77:e9:db:25:e0:db:14:06:d0:8c:bb:ba:62:53:2f:
                    b6:17:36:e6:b3:f4:29:bf:84:fc:5a:62:23:4c:a9:
                    f7:7f:d9:80:ca:29:d2:69:4c:0a:8d:60:8b:18:1c:
                    5e:da:f6:c7:97:67:d6:78:50:b9:9f:bb:7e:b8:8d:
                    af:37:52:88:26:a8:0a:16:6d:37:fa:d0:36:e8:27:
                    dd:0d:81:a1:87:35:2c:54:86:6b:7a:6f:1f:f4:68:
                    67:44:54:cd:09:12:4b:7d:d3:c8:7d:d0:6c:39:a2:
                    09:6b:0a:12:46:e6:cb:06:12:cd:70:f6:08:12:f1:
                    5c:41:d3:a6:04:3e:bc:bb:cd:44:cd:9b:98:a0:b1:
                    48:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:3E:69:15:EC:CE:60:C7:54:AF:88:E4:90:88:9B:11:C2:03:73:5B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hj5pFezOYMdUr4jkkIibEcIDc1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.10.0/24
                  94.156.104.0/24
                  94.156.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:9c:85:74:0a:98:53:e4:77:fb:34:3e:5c:e3:2b:35:66:c5:
         4a:fe:f2:1d:53:f4:70:a8:01:9a:e8:98:25:ee:36:a3:b7:53:
         ed:02:17:dd:cb:fd:19:23:e4:46:41:3a:2d:c6:e5:2d:d7:6b:
         37:57:c3:81:f8:a7:83:e8:b5:09:fe:8b:b5:d3:76:26:11:8f:
         07:e9:73:c8:49:88:88:6f:68:dd:e9:34:01:42:8c:be:c3:8e:
         05:49:19:77:16:a5:b1:d3:9e:d8:98:0c:98:2d:d5:58:47:58:
         62:09:8f:4f:10:25:53:fa:76:24:d3:72:e6:b2:6d:5a:66:ef:
         3a:46:33:47:5e:a5:a5:98:ff:23:99:cf:ab:d6:24:da:1f:58:
         3f:fc:29:63:63:a5:ef:4d:e3:1c:20:12:6c:ce:ae:95:0e:88:
         8f:d4:9a:61:de:9d:c2:f1:c6:99:50:bb:a1:c7:38:3f:0d:67:
         5d:f1:1f:25:c8:4c:c6:75:e3:bb:09:bd:97:96:cb:3c:96:98:
         f9:9e:7b:fd:65:79:31:81:33:e9:c4:df:25:82:c0:5b:09:9b:
         79:e7:c8:39:dd:f9:00:c3:08:a3:d7:f6:d4:b5:ed:a3:63:fa:
         ee:48:5a:f7:5c:e7:54:d7:b0:c7:d1:3b:8f:43:47:65:67:08:
         93:56:d5:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZag7QfFM5EwuNByzFTsy821MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNTA1MTQ1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTNlNjkxNWVjY2U2MGM3NTRhZjg4ZTQ5MDg4OWIxMWMyMDM3MzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbDZFpmBGxvyq20Kxuq3BBdL9dSi
oLHoJ56SgBMuZdabFj1WX6eChlUzqdXyNvO5+IhtgXWMWJR6nwVtjdiqaiZLM6d3
uy9+hgujdaRYDskEPjTYafS6A9maAv5DPIAqikc5wsMwf+iqLJQO/8TNGif1GiEM
jt936dsl4NsUBtCMu7piUy+2Fzbms/Qpv4T8WmIjTKn3f9mAyinSaUwKjWCLGBxe
2vbHl2fWeFC5n7t+uI2vN1KIJqgKFm03+tA26CfdDYGhhzUsVIZrem8f9GhnRFTN
CRJLfdPIfdBsOaIJawoSRubLBhLNcPYIEvFcQdOmBD68u81EzZuYoLFIuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB4+aRXszmDHVK+I5JCImxHCA3NbMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSGo1cEZlek9ZTWRVcjRqa2tJaWJFY0lEYzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXXsKAwQA
XpxoAwQAXpyuMA0GCSqGSIb3DQEBCwUAA4IBAQBcnIV0CphT5Hf7ND5c4ys1ZsVK
/vIdU/RwqAGa6Jgl7jajt1PtAhfdy/0ZI+RGQTotxuUt12s3V8OB+KeD6LUJ/ou1
03YmEY8H6XPISYiIb2jd6TQBQoy+w44FSRl3FqWx057YmAyYLdVYR1hiCY9PECVT
+nYk03Lmsm1aZu86RjNHXqWlmP8jmc+r1iTaH1g//CljY6XvTeMcIBJszq6VDoiP
1Jph3p3C8caZULuhxzg/DWdd8R8lyEzGdeO7Cb2Xlss8lpj5nnv9ZXkxgTPpxN8l
gsBbCZt558g53fkAwwij1/bUte2jY/ruSFr3XOdU17DH0TuPQ0dlZwiTVtUN
-----END CERTIFICATE-----