Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/HzA_vRsn1vE7KgLj47f3egxravo.roa
File:                     HzA_vRsn1vE7KgLj47f3egxravo.roa (raw, json)
Hash identifier:          972/b1/gnboboadf1jz2LwRfwoRMwjTKmmpTvmf2d5w=
Subject key identifier:   1F:30:3F:BD:1B:27:D6:F1:3B:2A:02:E3:E3:B7:F7:7A:0C:6B:6A:FA
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EEC1D98225F25197C03AD2371D1E74A59
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/HzA_vRsn1vE7KgLj47f3egxravo.roa
Signing time:             Wed 17 Apr 2024 12:52:26 +0000
ROA not before:           Wed 17 Apr 2024 12:52:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201211
IP address blocks:        95.130.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:1d:98:22:5f:25:19:7c:03:ad:23:71:d1:e7:4a:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 17 12:52:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f303fbd1b27d6f13b2a02e3e3b7f77a0c6b6afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:aa:01:a3:7e:9d:f8:9b:69:a0:d3:94:fd:e8:
                    01:2d:e3:c0:07:8d:c3:a4:d5:9c:9d:cd:22:d5:6f:
                    98:53:bf:43:1a:f4:61:88:0f:1c:78:7c:f7:cc:94:
                    39:d7:04:67:01:47:be:f7:ea:98:39:cd:f8:36:e5:
                    39:ac:c7:10:73:24:e5:47:85:dc:75:f9:87:da:ca:
                    b5:8c:71:33:10:dd:f5:01:56:cf:57:50:64:bf:ae:
                    97:13:81:78:8a:31:ac:7d:70:6b:f9:ef:33:a9:cc:
                    64:a5:39:1d:e1:7f:38:4f:e2:a8:37:1f:89:be:bd:
                    69:b0:8f:26:f2:68:b5:b8:57:dd:9d:83:ec:31:ed:
                    0b:d8:68:01:d2:54:da:ec:7b:cc:52:71:f1:d8:3e:
                    02:4e:14:8b:a3:8c:6b:03:c4:7f:9b:22:a3:a7:ee:
                    bc:b6:c4:37:ac:ae:9b:00:01:48:eb:bb:47:11:93:
                    72:37:07:66:d0:ce:c7:4b:95:00:89:dd:5c:16:93:
                    30:f2:a2:e1:0b:2d:dc:6c:6d:9f:96:02:34:c5:d0:
                    6b:d9:af:df:67:0b:1e:da:15:e5:8f:2c:a3:1f:d0:
                    ce:8d:2a:b0:e6:78:00:83:be:fa:af:7d:6e:cd:f7:
                    29:4f:a7:fe:25:c7:4c:df:fd:ad:53:c4:12:39:f7:
                    07:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:30:3F:BD:1B:27:D6:F1:3B:2A:02:E3:E3:B7:F7:7A:0C:6B:6A:FA
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/HzA_vRsn1vE7KgLj47f3egxravo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:28:bc:56:e8:a6:ac:e1:35:52:b0:15:0b:0e:75:88:22:e4:
         2f:65:5d:c1:42:20:2f:25:8c:81:18:c4:6d:00:73:b0:91:ef:
         34:8b:be:78:ab:3d:28:5d:0d:5a:72:05:4a:ef:25:a9:f3:e1:
         84:d4:83:02:c5:81:9e:a4:e9:f6:92:6c:49:be:7e:da:b5:94:
         4a:2d:3f:08:21:8e:94:9f:6c:82:2a:2d:00:f1:00:95:45:65:
         b6:53:95:b0:ac:57:43:39:71:d3:74:a0:3b:37:94:ee:ae:95:
         dd:eb:d0:f7:d6:50:a5:a0:e5:a6:f1:01:b8:d0:89:fd:59:ea:
         04:27:74:24:d7:6d:83:35:3e:bc:39:5e:11:7f:ee:ad:a0:b2:
         ff:c0:7a:4d:f6:0e:6d:19:01:4c:f3:c6:58:da:82:a4:90:93:
         a2:f9:4e:4e:bc:22:bc:16:fb:d3:12:ba:d1:a5:66:41:b9:a9:
         27:fa:6a:7d:52:6a:23:ad:93:09:bd:d2:59:2d:36:89:82:d4:
         d9:13:1b:56:ed:8c:40:34:2a:8f:bb:2e:70:f9:44:5f:98:8f:
         1c:86:e9:c7:63:48:b1:16:b5:0e:02:0d:d3:51:d6:c3:5a:bf:
         4c:1d:4d:66:34:02:9f:a3:3b:87:af:4a:88:58:fb:a0:fa:ff:
         58:d9:97:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7sHZgiXyUZfAOtI3HR50pZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDE3MTI1MjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjMwM2ZiZDFiMjdkNmYxM2IyYTAyZTNlM2I3Zjc3YTBjNmI2YWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKoBo36d+JtpoNOU/egBLePAB43D
pNWcnc0i1W+YU79DGvRhiA8ceHz3zJQ51wRnAUe+9+qYOc34NuU5rMcQcyTlR4Xc
dfmH2sq1jHEzEN31AVbPV1Bkv66XE4F4ijGsfXBr+e8zqcxkpTkd4X84T+KoNx+J
vr1psI8m8mi1uFfdnYPsMe0L2GgB0lTa7HvMUnHx2D4CThSLo4xrA8R/myKjp+68
tsQ3rK6bAAFI67tHEZNyNwdm0M7HS5UAid1cFpMw8qLhCy3cbG2flgI0xdBr2a/f
Zwse2hXljyyjH9DOjSqw5ngAg776r31uzfcpT6f+JcdM3/2tU8QSOfcHGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8wP70bJ9bxOyoC4+O393oMa2r6MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvSHpBX3ZSc24xdkU3S2dMajQ3ZjNlZ3hyYXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4LgMA0G
CSqGSIb3DQEBCwUAA4IBAQCMKLxW6Kas4TVSsBULDnWIIuQvZV3BQiAvJYyBGMRt
AHOwke80i754qz0oXQ1acgVK7yWp8+GE1IMCxYGepOn2kmxJvn7atZRKLT8IIY6U
n2yCKi0A8QCVRWW2U5WwrFdDOXHTdKA7N5TurpXd69D31lCloOWm8QG40In9WeoE
J3Qk122DNT68OV4Rf+6toLL/wHpN9g5tGQFM88ZY2oKkkJOi+U5OvCK8FvvTErrR
pWZBuakn+mp9UmojrZMJvdJZLTaJgtTZExtW7YxANCqPuy5w+URfmI8chunHY0ix
FrUOAg3TUdbDWr9MHU1mNAKfozuHr0qIWPug+v9Y2ZfV
-----END CERTIFICATE-----