Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hlUx_j7tywvDQ966dd09R7Vl1zw.roa
File:                     hlUx_j7tywvDQ966dd09R7Vl1zw.roa (raw, json)
Hash identifier:          BWnxn8ftd46N+t01zpnXRugTyT4B1B6H3eQmPIbjsEU=
Subject key identifier:   86:55:31:FE:3E:ED:CB:0B:C3:43:DE:BA:75:DD:3D:47:B5:65:D7:3C
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01966D0A9028A3CA847C52E3543BBAD242A1
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hlUx_j7tywvDQ966dd09R7Vl1zw.roa
Signing time:             Fri 25 Apr 2025 13:02:10 +0000
ROA not before:           Fri 25 Apr 2025 13:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        5.231.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6d:0a:90:28:a3:ca:84:7c:52:e3:54:3b:ba:d2:42:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 25 13:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=865531fe3eedcb0bc343deba75dd3d47b565d73c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:52:20:ad:e1:69:53:f9:bb:21:d6:48:d8:ae:
                    74:48:ee:93:ca:a3:c3:d4:f8:e2:04:1d:bb:30:ac:
                    d8:a3:5f:d8:11:54:c2:4c:62:93:ee:f4:e0:b8:c2:
                    5a:36:28:c6:e8:a6:80:34:c5:85:6b:dd:e4:11:86:
                    0a:a3:22:da:10:f5:7e:c3:75:28:6c:09:e4:67:07:
                    13:40:f7:41:5e:43:c4:2b:ab:c1:58:f8:b8:bb:e1:
                    9f:37:4f:ee:21:97:af:38:d9:06:18:b4:70:85:cc:
                    ef:fb:5a:96:d6:56:1b:71:cd:22:7f:a2:65:46:70:
                    e8:bf:9a:d9:c5:33:62:7a:d6:e9:1c:bf:e2:a7:5d:
                    bf:8d:7e:7e:1f:67:b6:e8:27:f4:f9:d9:b4:25:9a:
                    fd:01:5f:20:5c:78:27:88:e4:0f:ea:32:ed:44:22:
                    c6:cb:29:fd:67:f7:b0:75:1e:d9:3a:91:2a:35:1b:
                    2a:cc:50:87:5e:f6:aa:85:95:24:9b:94:2e:9b:c9:
                    4d:34:6b:1e:66:a1:ac:a5:2a:b7:e2:9b:4f:fd:f0:
                    48:78:6f:ff:73:6b:2f:98:5a:6c:9c:29:a4:41:4c:
                    67:77:88:46:22:1a:2c:e6:15:35:96:fd:f5:46:4c:
                    cd:af:91:02:a9:79:76:cc:85:72:72:ab:e0:ad:61:
                    69:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:55:31:FE:3E:ED:CB:0B:C3:43:DE:BA:75:DD:3D:47:B5:65:D7:3C
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/hlUx_j7tywvDQ966dd09R7Vl1zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:0f:67:b8:7f:92:6b:1a:4a:3f:f7:14:22:ca:fd:3d:19:e2:
         dc:16:6d:9c:7f:24:c3:c7:e1:c8:49:5e:72:1d:e1:37:90:f3:
         36:9b:c1:49:80:d8:43:18:fc:dd:51:fa:71:3a:0c:f7:04:db:
         1f:84:04:30:79:8b:35:b3:58:5c:fd:42:e6:63:37:96:70:ad:
         f0:22:92:b4:ae:64:27:5a:e0:b9:de:94:f2:4d:9d:e1:36:06:
         9b:eb:9a:23:78:41:c2:ed:1b:c1:10:56:72:3c:91:09:f5:76:
         25:2b:2d:70:a0:9d:e1:76:98:f1:3d:2c:41:4d:4f:32:2c:20:
         b7:f7:67:36:70:2a:e7:16:b0:23:14:a4:8a:d1:52:68:73:6d:
         f0:f5:05:1e:ab:5e:87:fb:f0:a4:a9:2d:f6:34:4f:77:98:4f:
         30:2e:de:ee:62:8e:9b:61:fa:82:22:fa:e6:3e:fb:4d:37:30:
         a3:1d:9c:84:66:e6:49:96:53:78:2b:4f:72:c1:a6:ed:fd:14:
         df:a5:d4:f3:c3:76:d2:50:29:30:5b:eb:92:b5:38:3c:47:a0:
         55:7f:36:f8:c5:bb:1b:de:06:31:44:6a:e7:75:15:aa:88:57:
         83:c4:b5:8a:40:59:13:59:56:d2:1a:29:7d:f8:08:22:75:a6:
         a9:66:40:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZtCpAoo8qEfFLjVDu60kKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDI1MTMwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjU1MzFmZTNlZWRjYjBiYzM0M2RlYmE3NWRkM2Q0N2I1NjVkNzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FIgreFpU/m7IdZI2K50SO6TyqPD
1PjiBB27MKzYo1/YEVTCTGKT7vTguMJaNijG6KaANMWFa93kEYYKoyLaEPV+w3Uo
bAnkZwcTQPdBXkPEK6vBWPi4u+GfN0/uIZevONkGGLRwhczv+1qW1lYbcc0if6Jl
RnDov5rZxTNietbpHL/ip12/jX5+H2e26Cf0+dm0JZr9AV8gXHgniOQP6jLtRCLG
yyn9Z/ewdR7ZOpEqNRsqzFCHXvaqhZUkm5Qum8lNNGseZqGspSq34ptP/fBIeG//
c2svmFpsnCmkQUxnd4hGIhos5hU1lv31RkzNr5ECqXl2zIVycqvgrWFpzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZVMf4+7csLw0PeunXdPUe1Zdc8MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaGxVeF9qN3R5d3ZEUTk2NmRkMDlSN1ZsMXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABedwMA0G
CSqGSIb3DQEBCwUAA4IBAQC3D2e4f5JrGko/9xQiyv09GeLcFm2cfyTDx+HISV5y
HeE3kPM2m8FJgNhDGPzdUfpxOgz3BNsfhAQweYs1s1hc/ULmYzeWcK3wIpK0rmQn
WuC53pTyTZ3hNgab65ojeEHC7RvBEFZyPJEJ9XYlKy1woJ3hdpjxPSxBTU8yLCC3
92c2cCrnFrAjFKSK0VJoc23w9QUeq16H+/CkqS32NE93mE8wLt7uYo6bYfqCIvrm
PvtNNzCjHZyEZuZJllN4K09ywabt/RTfpdTzw3bSUCkwW+uStTg8R6BVfzb4xbsb
3gYxRGrndRWqiFeDxLWKQFkTWVbSGil9+AgidaapZkCi
-----END CERTIFICATE-----