Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a96c9c-b855-4fda-a5f7-75c9b2478e3e/1/5hUwO1deIxtsaDVJppuYNB_xPhA.roa
File:                     5hUwO1deIxtsaDVJppuYNB_xPhA.roa (raw, json)
Hash identifier:          cZ6SshMBGBGCASxx2lUXi7wQmA74gXz633wC/Vk5q0w=
Subject key identifier:   E6:15:30:3B:57:5E:23:1B:6C:68:35:49:A6:9B:98:34:1F:F1:3E:10
Certificate issuer:       /CN=dace28f22c6e7e444bb0a7e52a1533b80dee7818
Certificate serial:       019778744EDC841D407D9E53F41A1F31EAC2
Authority key identifier: DA:CE:28:F2:2C:6E:7E:44:4B:B0:A7:E5:2A:15:33:B8:0D:EE:78:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2s4o8ixufkRLsKflKhUzuA3ueBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a96c9c-b855-4fda-a5f7-75c9b2478e3e/1/5hUwO1deIxtsaDVJppuYNB_xPhA.roa
Signing time:             Mon 16 Jun 2025 11:16:17 +0000
ROA not before:           Mon 16 Jun 2025 11:16:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        94.156.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a96c9c-b855-4fda-a5f7-75c9b2478e3e/1/2s4o8ixufkRLsKflKhUzuA3ueBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a96c9c-b855-4fda-a5f7-75c9b2478e3e/1/2s4o8ixufkRLsKflKhUzuA3ueBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2s4o8ixufkRLsKflKhUzuA3ueBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:74:4e:dc:84:1d:40:7d:9e:53:f4:1a:1f:31:ea:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dace28f22c6e7e444bb0a7e52a1533b80dee7818
        Validity
            Not Before: Jun 16 11:16:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e615303b575e231b6c683549a69b98341ff13e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d2:ca:e9:9a:6c:a3:d2:d9:b0:6d:7a:be:ac:
                    26:29:dc:c3:59:85:7d:d7:c3:44:18:0c:d3:4d:04:
                    ae:7e:f1:dc:db:57:f7:0a:09:16:af:ad:51:42:62:
                    95:f3:1d:37:37:bd:13:af:db:40:22:ea:45:a9:2f:
                    9b:26:4a:65:ff:e3:ed:ee:35:6c:c6:1b:3e:cf:58:
                    87:4f:88:7a:b3:86:da:37:a6:04:15:4b:19:ec:6c:
                    27:cd:28:4a:20:bd:c0:7e:2d:70:42:40:1a:dc:31:
                    00:c9:7a:79:1f:c4:ca:be:72:d9:37:bc:82:a4:e4:
                    4b:73:67:ed:f1:56:48:81:b1:fc:55:0a:aa:e4:66:
                    62:02:01:37:b2:c8:2a:40:4f:76:18:a5:e9:ee:9f:
                    8d:fe:35:15:8a:a0:87:e5:36:c8:e8:fe:23:45:a8:
                    a6:9e:ce:d4:ac:99:46:42:d0:1a:79:a2:b4:c6:95:
                    1b:07:9e:60:af:3d:a6:99:51:8a:19:fb:d5:93:fe:
                    be:53:73:5a:22:a2:f6:35:a9:84:0a:70:a8:be:d4:
                    4d:32:6f:3e:f2:7e:02:fb:13:3e:b9:d1:08:57:43:
                    fb:4a:7b:cd:99:4a:ed:39:6a:34:f9:1f:b9:7e:5d:
                    87:74:de:d7:ef:fd:bb:f4:a9:ce:7f:6f:09:a4:06:
                    38:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:15:30:3B:57:5E:23:1B:6C:68:35:49:A6:9B:98:34:1F:F1:3E:10
            X509v3 Authority Key Identifier:
                keyid:DA:CE:28:F2:2C:6E:7E:44:4B:B0:A7:E5:2A:15:33:B8:0D:EE:78:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2s4o8ixufkRLsKflKhUzuA3ueBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a96c9c-b855-4fda-a5f7-75c9b2478e3e/1/5hUwO1deIxtsaDVJppuYNB_xPhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a96c9c-b855-4fda-a5f7-75c9b2478e3e/1/2s4o8ixufkRLsKflKhUzuA3ueBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3a:10:83:16:cd:12:95:a7:bf:60:6b:56:a9:b5:9e:8a:78:
         42:01:5b:67:20:01:d2:1b:e8:cf:c9:3a:7c:95:47:57:8d:02:
         f0:d0:53:aa:e7:99:60:02:d7:3c:73:e4:c7:8e:27:48:28:30:
         6e:c1:17:98:ff:a5:81:b9:61:3f:76:6b:42:0e:2f:ce:e8:32:
         23:9a:0c:b5:1a:8b:c0:1c:a3:3f:39:1c:23:54:1f:01:75:ad:
         93:33:2a:75:d6:fc:df:b4:b1:73:ca:03:1a:e0:73:70:d0:1e:
         17:5d:d5:82:7a:69:01:04:0c:ab:0b:95:13:c2:df:59:cc:ac:
         a6:dd:a1:8b:40:df:e1:7f:97:5c:f4:91:2a:6d:0d:d9:da:e6:
         7f:9d:7f:7a:ac:29:27:65:19:c3:da:aa:fc:f6:83:d8:47:fc:
         a7:46:de:b5:4e:ae:61:4b:f1:de:48:82:03:76:bc:45:89:e0:
         f9:5a:ea:33:cb:17:be:17:53:55:b5:f4:2b:b0:4b:e2:4a:7e:
         fd:b9:ec:a4:47:79:3b:b6:be:ce:f2:11:0f:db:08:0d:1d:ec:
         2e:b3:8b:b2:ea:2c:71:b9:f3:77:d7:39:35:47:cb:3a:bd:36:
         f1:5e:11:59:ae:7b:23:9e:66:21:f7:73:fb:8a:68:b7:47:35:
         64:7c:3e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd4dE7chB1AfZ5T9BofMerCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhY2UyOGYyMmM2ZTdlNDQ0YmIwYTdlNTJhMTUzM2I4MGRl
ZTc4MTgwHhcNMjUwNjE2MTExNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE1MzAzYjU3NWUyMzFiNmM2ODM1NDlhNjliOTgzNDFmZjEzZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNLK6Zpso9LZsG16vqwmKdzDWYV9
18NEGAzTTQSufvHc21f3CgkWr61RQmKV8x03N70Tr9tAIupFqS+bJkpl/+Pt7jVs
xhs+z1iHT4h6s4baN6YEFUsZ7GwnzShKIL3Afi1wQkAa3DEAyXp5H8TKvnLZN7yC
pORLc2ft8VZIgbH8VQqq5GZiAgE3ssgqQE92GKXp7p+N/jUViqCH5TbI6P4jRaim
ns7UrJlGQtAaeaK0xpUbB55grz2mmVGKGfvVk/6+U3NaIqL2NamECnCovtRNMm8+
8n4C+xM+udEIV0P7SnvNmUrtOWo0+R+5fl2HdN7X7/279KnOf28JpAY4RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYVMDtXXiMbbGg1SaabmDQf8T4QMB8GA1UdIwQY
MBaAFNrOKPIsbn5ES7Cn5SoVM7gN7ngYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnM0bzhpeHVma1JMc0tmbEtoVXp1QTN1ZUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hOTZjOWMtYjg1NS00ZmRhLWE1Zjct
NzVjOWIyNDc4ZTNlLzEvNWhVd08xZGVJeHRzYURWSnBwdVlOQl94UGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hOTZjOWMtYjg1NS00ZmRhLWE1ZjctNzVjOWIyNDc4ZTNl
LzEvMnM0bzhpeHVma1JMc0tmbEtoVXp1QTN1ZUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpywMA0G
CSqGSIb3DQEBCwUAA4IBAQABOhCDFs0Slae/YGtWqbWeinhCAVtnIAHSG+jPyTp8
lUdXjQLw0FOq55lgAtc8c+THjidIKDBuwReY/6WBuWE/dmtCDi/O6DIjmgy1GovA
HKM/ORwjVB8Bda2TMyp11vzftLFzygMa4HNw0B4XXdWCemkBBAyrC5UTwt9ZzKym
3aGLQN/hf5dc9JEqbQ3Z2uZ/nX96rCknZRnD2qr89oPYR/ynRt61Tq5hS/HeSIID
drxFieD5Wuozyxe+F1NVtfQrsEviSn79ueykR3k7tr7O8hEP2wgNHewus4uy6ixx
ufN31zk1R8s6vTbxXhFZrnsjnmYh93P7imi3RzVkfD6t
-----END CERTIFICATE-----