Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f89c9e-3e9a-41ba-9b45-35614e9178fc/1/hXt76Sfdnwx6clSrHFXgGXMUsSY.roa
File:                     hXt76Sfdnwx6clSrHFXgGXMUsSY.roa (raw, json)
Hash identifier:          EuknB0L7k+VL8xzyfdEcAZjMhGK/Ob95udrFMkz2MLo=
Subject key identifier:   85:7B:7B:E9:27:DD:9F:0C:7A:72:54:AB:1C:55:E0:19:73:14:B1:26
Certificate issuer:       /CN=34f59ea2fa47a9d6311b1c8cc5a86a5b9a0e47a7
Certificate serial:       018CC42546B8DCCB5D000FD1595A007F0B5A
Authority key identifier: 34:F5:9E:A2:FA:47:A9:D6:31:1B:1C:8C:C5:A8:6A:5B:9A:0E:47:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPWeovpHqdYxGxyMxahqW5oOR6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f89c9e-3e9a-41ba-9b45-35614e9178fc/1/hXt76Sfdnwx6clSrHFXgGXMUsSY.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25089
IP address blocks:        194.107.142.0/24 maxlen: 24
                          194.107.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f89c9e-3e9a-41ba-9b45-35614e9178fc/1/NPWeovpHqdYxGxyMxahqW5oOR6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f89c9e-3e9a-41ba-9b45-35614e9178fc/1/NPWeovpHqdYxGxyMxahqW5oOR6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPWeovpHqdYxGxyMxahqW5oOR6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:46:b8:dc:cb:5d:00:0f:d1:59:5a:00:7f:0b:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f59ea2fa47a9d6311b1c8cc5a86a5b9a0e47a7
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=857b7be927dd9f0c7a7254ab1c55e0197314b126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:eb:3e:4f:d1:b8:e4:4e:71:eb:69:7e:21:2e:
                    2b:0b:cb:d8:8b:64:3f:32:92:11:25:94:60:e1:7a:
                    6d:2b:06:18:f9:bb:5f:ff:32:4d:ac:a3:a1:e3:13:
                    aa:c8:eb:4b:9b:c7:f0:7e:95:24:a6:e1:14:1b:13:
                    4a:b7:4f:7a:18:71:60:f8:a3:e4:10:17:18:fb:75:
                    5d:c4:76:02:c9:ae:a2:16:3f:a3:45:1a:97:c2:ec:
                    49:6f:09:fd:3a:d7:74:72:72:a5:d8:51:c7:00:c1:
                    52:dc:32:a2:46:a5:21:b2:c2:de:a1:59:00:fc:00:
                    d8:ed:83:34:be:a3:02:bc:ad:9d:50:9c:54:62:b2:
                    09:e0:db:de:6c:3a:ac:ed:c7:e8:ec:94:ff:b6:07:
                    81:28:4a:84:c6:a1:66:d7:52:cc:16:4a:e4:d5:ee:
                    1d:99:ad:dd:45:e0:57:1f:55:24:93:6c:81:83:55:
                    43:86:44:10:0c:68:65:2d:a8:28:f8:43:32:97:bb:
                    21:7f:ca:41:21:97:31:f5:ea:19:e2:98:13:f4:cf:
                    bc:22:fc:fb:06:a7:0c:ff:3a:0c:25:95:a5:d6:1e:
                    45:89:d2:ca:32:39:5d:55:6b:9c:43:7c:14:ea:7f:
                    1b:4c:67:b1:52:68:89:75:05:11:be:06:49:62:53:
                    53:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:7B:7B:E9:27:DD:9F:0C:7A:72:54:AB:1C:55:E0:19:73:14:B1:26
            X509v3 Authority Key Identifier:
                keyid:34:F5:9E:A2:FA:47:A9:D6:31:1B:1C:8C:C5:A8:6A:5B:9A:0E:47:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPWeovpHqdYxGxyMxahqW5oOR6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f89c9e-3e9a-41ba-9b45-35614e9178fc/1/hXt76Sfdnwx6clSrHFXgGXMUsSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f89c9e-3e9a-41ba-9b45-35614e9178fc/1/NPWeovpHqdYxGxyMxahqW5oOR6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:e9:66:b1:65:c1:61:77:60:94:ce:f7:3d:89:16:d8:5d:5e:
         c6:cc:6e:1d:af:71:5b:e3:d6:1a:ac:1e:0a:ad:30:39:a3:2b:
         77:14:cc:d6:60:72:00:86:c7:f5:14:28:78:3f:ed:2e:28:c2:
         d0:73:3c:0b:a9:24:91:0b:bb:20:97:ec:21:9c:3f:d0:aa:8d:
         97:8f:79:51:f1:a8:45:64:f1:fc:c6:05:3e:21:f8:33:d3:2c:
         44:4c:34:eb:dd:2f:10:43:d1:b1:d7:f7:2d:71:43:61:de:db:
         a1:e4:9c:0c:fa:04:50:dd:ca:72:24:23:89:58:79:44:cb:60:
         a5:3c:fa:97:af:fa:57:29:6b:cb:04:9b:e5:f6:86:42:1f:27:
         c6:44:a7:bc:8c:36:3e:ed:2e:05:17:a3:45:0d:f2:0d:43:16:
         ea:07:a1:4e:b4:be:e5:22:e8:ab:f2:2e:ed:8a:1e:66:1c:9c:
         7b:84:c8:13:f2:42:d1:01:cf:bc:9e:52:d6:79:fe:07:64:8e:
         5f:cd:2b:0e:08:78:36:ec:5c:d6:62:1f:2a:63:20:9a:c8:0c:
         74:1f:38:b2:ad:72:e8:74:77:c8:94:1a:4f:dc:1e:27:dd:c5:
         ca:aa:ea:84:68:5e:30:aa:94:63:e9:0c:3a:88:56:fd:6d:84:
         30:ad:cc:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUa43MtdAA/RWVoAfwtaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjU5ZWEyZmE0N2E5ZDYzMTFiMWM4Y2M1YTg2YTViOWEw
ZTQ3YTcwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTdiN2JlOTI3ZGQ5ZjBjN2E3MjU0YWIxYzU1ZTAxOTczMTRiMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOs+T9G45E5x62l+IS4rC8vYi2Q/
MpIRJZRg4XptKwYY+btf/zJNrKOh4xOqyOtLm8fwfpUkpuEUGxNKt096GHFg+KPk
EBcY+3VdxHYCya6iFj+jRRqXwuxJbwn9Otd0cnKl2FHHAMFS3DKiRqUhssLeoVkA
/ADY7YM0vqMCvK2dUJxUYrIJ4NvebDqs7cfo7JT/tgeBKEqExqFm11LMFkrk1e4d
ma3dReBXH1Ukk2yBg1VDhkQQDGhlLago+EMyl7shf8pBIZcx9eoZ4pgT9M+8Ivz7
BqcM/zoMJZWl1h5FidLKMjldVWucQ3wU6n8bTGexUmiJdQURvgZJYlNTPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIV7e+kn3Z8MenJUqxxV4BlzFLEmMB8GA1UdIwQY
MBaAFDT1nqL6R6nWMRscjMWoaluaDkenMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBXZW92cEhxZFl4R3h5TXhhaHFXNW9PUjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mODljOWUtM2U5YS00MWJhLTliNDUt
MzU2MTRlOTE3OGZjLzEvaFh0NzZTZmRud3g2Y2xTckhGWGdHWE1Vc1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mODljOWUtM2U5YS00MWJhLTliNDUtMzU2MTRlOTE3OGZj
LzEvTlBXZW92cEhxZFl4R3h5TXhhaHFXNW9PUjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmuOMA0G
CSqGSIb3DQEBCwUAA4IBAQA06WaxZcFhd2CUzvc9iRbYXV7GzG4dr3Fb49YarB4K
rTA5oyt3FMzWYHIAhsf1FCh4P+0uKMLQczwLqSSRC7sgl+whnD/Qqo2Xj3lR8ahF
ZPH8xgU+Ifgz0yxETDTr3S8QQ9Gx1/ctcUNh3tuh5JwM+gRQ3cpyJCOJWHlEy2Cl
PPqXr/pXKWvLBJvl9oZCHyfGRKe8jDY+7S4FF6NFDfINQxbqB6FOtL7lIuir8i7t
ih5mHJx7hMgT8kLRAc+8nlLWef4HZI5fzSsOCHg27FzWYh8qYyCayAx0HziyrXLo
dHfIlBpP3B4n3cXKquqEaF4wqpRj6Qw6iFb9bYQwrcxH
-----END CERTIFICATE-----