Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BEw66KwGaDpNGuctYyTzRaeDMKY.roa
File:                     BEw66KwGaDpNGuctYyTzRaeDMKY.roa (raw, json)
Hash identifier:          2Cvt+YK8270i/MHi20fdRW23pfUye/fJdXAY9zC78Hc=
Subject key identifier:   04:4C:3A:E8:AC:06:68:3A:4D:1A:E7:2D:63:24:F3:45:A7:83:30:A6
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01969CE7F925D677D2EFD58EA3057C1AD269
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BEw66KwGaDpNGuctYyTzRaeDMKY.roa
Signing time:             Sun 04 May 2025 20:06:10 +0000
ROA not before:           Sun 04 May 2025 20:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56971
IP address blocks:        5.144.179.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9c:e7:f9:25:d6:77:d2:ef:d5:8e:a3:05:7c:1a:d2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May  4 20:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=044c3ae8ac06683a4d1ae72d6324f345a78330a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cd:7f:76:88:92:cb:3d:d7:4e:7b:65:66:f0:
                    df:0c:15:8a:e7:9f:4e:9b:a6:c7:e0:4e:3c:2e:62:
                    44:80:25:44:05:69:0c:24:04:91:5b:1f:41:84:1d:
                    86:f2:72:2b:2f:6b:14:5d:8b:e8:2f:56:45:64:60:
                    fa:c0:d4:51:20:c2:0b:70:c4:4a:5b:3e:17:de:43:
                    3f:53:4f:66:f4:6e:e1:b2:a6:4d:e2:c9:a4:9a:53:
                    e3:a5:60:61:f7:7c:7f:bc:00:e8:25:79:d2:90:69:
                    a0:7e:5c:50:ab:35:ef:a9:f5:cc:d9:f7:41:be:aa:
                    8c:e8:3e:af:82:7c:c0:92:e2:94:13:13:dc:6a:cc:
                    39:f9:71:54:35:af:a0:2f:ae:b4:18:7f:72:19:8c:
                    ad:af:38:02:44:fc:1f:69:e7:0c:2d:fb:64:6e:10:
                    a8:23:a0:18:12:84:7d:75:fd:54:9f:1f:16:af:c7:
                    05:fa:d1:22:aa:74:29:b3:d9:38:84:eb:84:61:7c:
                    84:8c:fc:c6:03:35:b7:7f:04:23:2a:6f:ad:db:53:
                    94:09:bb:9d:9c:c1:d0:58:cf:71:5e:32:72:93:50:
                    47:c5:72:19:48:49:eb:48:b4:b8:7b:41:bf:f5:f7:
                    4d:03:8f:26:b0:e8:ba:6f:b5:b3:96:a8:8a:af:b5:
                    15:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:4C:3A:E8:AC:06:68:3A:4D:1A:E7:2D:63:24:F3:45:A7:83:30:A6
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BEw66KwGaDpNGuctYyTzRaeDMKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.179.0/24
                  5.178.96.0/24
                  45.12.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e4:f7:92:aa:01:93:b9:00:f0:89:a2:6d:05:e1:c4:17:e4:41:
         e4:18:e1:09:6c:87:22:9b:52:2f:09:83:75:44:30:bd:69:a6:
         43:0d:81:8f:c3:35:0f:f1:0c:7e:cd:2f:cb:70:47:66:b0:08:
         a0:12:a3:38:24:1f:8b:55:0e:0a:85:9f:7a:05:ef:88:c8:f0:
         dc:24:1b:79:ae:47:85:11:a9:35:b5:bc:88:4d:c1:9c:69:58:
         06:3a:b9:22:99:28:ce:f6:b6:7d:04:c0:f5:07:99:cc:ab:df:
         64:c3:99:d1:5e:c8:c6:3d:64:48:4f:de:5d:fc:eb:03:b1:f4:
         80:16:d6:0e:4c:1d:ac:0a:8e:54:ef:dc:cc:e3:d8:74:12:df:
         59:d0:d7:ff:b4:bb:dd:24:fe:69:fb:ab:0a:01:d2:16:0a:c9:
         66:5e:4d:46:3d:ee:f2:42:ac:3f:3a:8d:13:83:59:cb:dd:e0:
         17:ba:76:55:00:56:2d:38:c2:14:e7:0c:80:f7:28:93:75:b9:
         1d:a3:28:58:46:b8:57:c9:b1:d8:8e:ac:44:ee:0a:ae:8f:89:
         3e:0e:74:17:81:35:d5:29:c5:42:55:f9:8e:ee:98:b3:af:e5:
         f9:24:74:25:36:dc:69:e6:7a:e0:73:8d:c8:b0:9e:21:f7:8a:
         63:a6:5d:3d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZac5/kl1nfS79WOowV8GtJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwNTA0MjAwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDRjM2FlOGFjMDY2ODNhNGQxYWU3MmQ2MzI0ZjM0NWE3ODMzMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc1/doiSyz3XTntlZvDfDBWK559O
m6bH4E48LmJEgCVEBWkMJASRWx9BhB2G8nIrL2sUXYvoL1ZFZGD6wNRRIMILcMRK
Wz4X3kM/U09m9G7hsqZN4smkmlPjpWBh93x/vADoJXnSkGmgflxQqzXvqfXM2fdB
vqqM6D6vgnzAkuKUExPcasw5+XFUNa+gL660GH9yGYytrzgCRPwfaecMLftkbhCo
I6AYEoR9df1Unx8Wr8cF+tEiqnQps9k4hOuEYXyEjPzGAzW3fwQjKm+t21OUCbud
nMHQWM9xXjJyk1BHxXIZSEnrSLS4e0G/9fdNA48msOi6b7WzlqiKr7UVQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFARMOuisBmg6TRrnLWMk80WngzCmMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvQkV3NjZLd0dhRHBOR3VjdFl5VHpSYWVETUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZCzAwQA
BbJgAwQALQzbMA0GCSqGSIb3DQEBCwUAA4IBAQDk95KqAZO5APCJom0F4cQX5EHk
GOEJbIcim1IvCYN1RDC9aaZDDYGPwzUP8Qx+zS/LcEdmsAigEqM4JB+LVQ4KhZ96
Be+IyPDcJBt5rkeFEak1tbyITcGcaVgGOrkimSjO9rZ9BMD1B5nMq99kw5nRXsjG
PWRIT95d/OsDsfSAFtYOTB2sCo5U79zM49h0Et9Z0Nf/tLvdJP5p+6sKAdIWCslm
Xk1GPe7yQqw/Oo0Tg1nL3eAXunZVAFYtOMIU5wyA9yiTdbkdoyhYRrhXybHYjqxE
7gquj4k+DnQXgTXVKcVCVfmO7pizr+X5JHQlNtxp5nrgc43IsJ4h94pjpl09
-----END CERTIFICATE-----