Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/3502fc-d9f7-4fa8-baf6-77d529be53d7/1/HYQhj9GfS2VL1LGH2hoGRnAq_1g.roa
File:                     HYQhj9GfS2VL1LGH2hoGRnAq_1g.roa (raw, json)
Hash identifier:          vupLnnm29iaNTZjA+glh+6XHc5HkCkw1Lh/FCGeyQn4=
Subject key identifier:   1D:84:21:8F:D1:9F:4B:65:4B:D4:B1:87:DA:1A:06:46:70:2A:FF:58
Certificate issuer:       /CN=b4b0bbd6445578edbc7ba6b5bf7ca9368d2417bf
Certificate serial:       019426D959E681105207A4B6919C8CC76AF5
Authority key identifier: B4:B0:BB:D6:44:55:78:ED:BC:7B:A6:B5:BF:7C:A9:36:8D:24:17:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tLC71kRVeO28e6a1v3ypNo0kF78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/3502fc-d9f7-4fa8-baf6-77d529be53d7/1/HYQhj9GfS2VL1LGH2hoGRnAq_1g.roa
Signing time:             Thu 02 Jan 2025 11:49:25 +0000
ROA not before:           Thu 02 Jan 2025 11:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20546
IP address blocks:        194.113.42.0/24 maxlen: 24
                          2a0f:f640::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/3502fc-d9f7-4fa8-baf6-77d529be53d7/1/tLC71kRVeO28e6a1v3ypNo0kF78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/3502fc-d9f7-4fa8-baf6-77d529be53d7/1/tLC71kRVeO28e6a1v3ypNo0kF78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tLC71kRVeO28e6a1v3ypNo0kF78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:59:e6:81:10:52:07:a4:b6:91:9c:8c:c7:6a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4b0bbd6445578edbc7ba6b5bf7ca9368d2417bf
        Validity
            Not Before: Jan  2 11:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d84218fd19f4b654bd4b187da1a0646702aff58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:35:45:23:ee:5a:bb:a4:fc:e7:0b:4d:31:61:
                    ff:53:1f:27:6b:98:26:f7:27:53:8d:cc:1f:d1:df:
                    65:a7:34:6f:23:f8:dc:e0:24:e8:18:f3:23:cd:c3:
                    e7:78:72:7d:71:d0:9c:60:f0:5b:ad:db:83:e7:ff:
                    06:6d:d6:19:7c:d7:66:ee:7d:04:34:ce:23:18:85:
                    af:e3:72:56:42:55:76:14:29:a2:37:0c:66:e3:1b:
                    fa:ed:db:59:c0:bf:c6:8d:d3:dc:42:1d:66:ad:73:
                    d1:d9:6e:6a:a9:ce:95:ae:aa:27:1f:44:18:50:b6:
                    15:d4:c9:2d:5e:d4:53:3d:d4:95:c7:d7:84:f6:b4:
                    70:70:01:1a:51:f4:f4:2e:86:72:33:73:85:ae:24:
                    35:3c:36:7f:af:3a:7e:2c:d9:34:71:d6:ac:ba:b1:
                    3b:ea:b4:c7:77:5a:40:c9:39:3e:fa:ba:ea:52:e9:
                    d2:45:58:a4:30:09:41:f0:55:20:66:c1:10:b2:d8:
                    df:c2:d4:fa:01:5c:dd:e6:c8:0c:13:eb:e0:2f:96:
                    64:89:c3:66:8c:e3:0b:54:b4:0e:00:da:0f:9e:03:
                    fc:17:f9:d8:6e:c4:c2:dd:48:cc:7c:e4:1f:a8:55:
                    54:77:26:3d:33:ed:af:0d:d8:1b:0b:83:a2:ff:3b:
                    7b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:84:21:8F:D1:9F:4B:65:4B:D4:B1:87:DA:1A:06:46:70:2A:FF:58
            X509v3 Authority Key Identifier:
                keyid:B4:B0:BB:D6:44:55:78:ED:BC:7B:A6:B5:BF:7C:A9:36:8D:24:17:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tLC71kRVeO28e6a1v3ypNo0kF78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/3502fc-d9f7-4fa8-baf6-77d529be53d7/1/HYQhj9GfS2VL1LGH2hoGRnAq_1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/3502fc-d9f7-4fa8-baf6-77d529be53d7/1/tLC71kRVeO28e6a1v3ypNo0kF78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.42.0/24
                IPv6:
                  2a0f:f640::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:55:45:e0:f2:09:92:ee:d7:a7:03:bb:f0:01:b8:8c:3b:27:
         03:9a:ef:a0:61:26:16:bb:9d:81:e5:6a:52:53:4d:70:aa:39:
         d8:8b:ea:9b:39:eb:f1:dc:cf:bc:ea:23:e8:96:1a:9b:a9:70:
         30:a2:a4:09:16:f7:b4:44:f1:41:e5:de:70:5f:df:0e:54:1f:
         13:e6:45:d5:c1:13:01:66:54:2c:57:49:3f:ae:5d:57:c1:3d:
         12:4e:44:30:ca:22:0e:a3:a8:3d:58:f5:9d:40:86:fb:9a:db:
         56:35:f2:0b:e9:8d:e8:40:f9:44:b7:4c:f8:9c:9a:f0:75:a9:
         8f:85:eb:ff:fc:a1:79:15:34:86:54:99:04:d7:9a:00:1e:10:
         9f:94:98:16:69:db:4a:12:14:47:54:67:da:a1:df:1f:20:71:
         7d:27:ed:b8:c7:f0:95:85:b5:24:1b:64:e9:00:ac:5e:e0:29:
         c3:6d:db:aa:74:ea:2c:88:0f:62:60:7c:31:99:26:c1:d7:d8:
         a9:24:9c:a5:1f:84:db:b7:d4:10:85:0d:89:56:3d:45:ff:46:
         8f:7f:16:77:4f:5a:51:dd:7b:ce:7f:65:a8:02:5d:17:84:32:
         9c:c0:dd:bd:02:9d:6b:5b:79:6a:87:a1:b0:23:d9:56:ae:0d:
         82:97:40:f5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2VnmgRBSB6S2kZyMx2r1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YjBiYmQ2NDQ1NTc4ZWRiYzdiYTZiNWJmN2NhOTM2OGQy
NDE3YmYwHhcNMjUwMTAyMTE0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDg0MjE4ZmQxOWY0YjY1NGJkNGIxODdkYTFhMDY0NjcwMmFmZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzVFI+5au6T85wtNMWH/Ux8na5gm
9ydTjcwf0d9lpzRvI/jc4CToGPMjzcPneHJ9cdCcYPBbrduD5/8GbdYZfNdm7n0E
NM4jGIWv43JWQlV2FCmiNwxm4xv67dtZwL/GjdPcQh1mrXPR2W5qqc6VrqonH0QY
ULYV1MktXtRTPdSVx9eE9rRwcAEaUfT0LoZyM3OFriQ1PDZ/rzp+LNk0cdasurE7
6rTHd1pAyTk++rrqUunSRVikMAlB8FUgZsEQstjfwtT6AVzd5sgME+vgL5ZkicNm
jOMLVLQOANoPngP8F/nYbsTC3UjMfOQfqFVUdyY9M+2vDdgbC4Oi/zt7+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB2EIY/Rn0tlS9Sxh9oaBkZwKv9YMB8GA1UdIwQY
MBaAFLSwu9ZEVXjtvHumtb98qTaNJBe/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdExDNzFrUlZlTzI4ZTZhMXYzeXBObzBrRjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8zNTAyZmMtZDlmNy00ZmE4LWJhZjYt
NzdkNTI5YmU1M2Q3LzEvSFlRaGo5R2ZTMlZMMUxHSDJob0dSbkFxXzFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8zNTAyZmMtZDlmNy00ZmE4LWJhZjYtNzdkNTI5YmU1M2Q3
LzEvdExDNzFrUlZlTzI4ZTZhMXYzeXBObzBrRjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwnEqMA8E
AgACMAkDBwAqD/ZAAAAwDQYJKoZIhvcNAQELBQADggEBAA9VReDyCZLu16cDu/AB
uIw7JwOa76BhJha7nYHlalJTTXCqOdiL6ps56/Hcz7zqI+iWGpupcDCipAkW97RE
8UHl3nBf3w5UHxPmRdXBEwFmVCxXST+uXVfBPRJORDDKIg6jqD1Y9Z1Ahvua21Y1
8gvpjehA+US3TPicmvB1qY+F6//8oXkVNIZUmQTXmgAeEJ+UmBZp20oSFEdUZ9qh
3x8gcX0n7bjH8JWFtSQbZOkArF7gKcNt26p06iyID2JgfDGZJsHX2KkknKUfhNu3
1BCFDYlWPUX/Ro9/FndPWlHde85/ZagCXReEMpzA3b0CnWtbeWqHobAj2VauDYKX
QPU=
-----END CERTIFICATE-----