Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/HIm7oYP8YPOloxcgLaqP6tpTEks.roa
File:                     HIm7oYP8YPOloxcgLaqP6tpTEks.roa (raw, json)
Hash identifier:          5A3qC9d5oHG7pqa3O+tPhHkDghwFvklxSdRKouVGQng=
Subject key identifier:   1C:89:BB:A1:83:FC:60:F3:A5:A3:17:20:2D:AA:8F:EA:DA:53:12:4B
Certificate issuer:       /CN=bb8321c05d501edb499190c0c4a3089d246c5b76
Certificate serial:       018CC3B66D8CB5D9ED947A6ACB5F9BE0EFD7
Authority key identifier: BB:83:21:C0:5D:50:1E:DB:49:91:90:C0:C4:A3:08:9D:24:6C:5B:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MhwF1QHttJkZDAxKMInSRsW3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/HIm7oYP8YPOloxcgLaqP6tpTEks.roa
Signing time:             Mon 01 Jan 2024 06:29:21 +0000
ROA not before:           Mon 01 Jan 2024 06:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211500
IP address blocks:        85.208.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/u4MhwF1QHttJkZDAxKMInSRsW3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/u4MhwF1QHttJkZDAxKMInSRsW3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4MhwF1QHttJkZDAxKMInSRsW3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:6d:8c:b5:d9:ed:94:7a:6a:cb:5f:9b:e0:ef:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8321c05d501edb499190c0c4a3089d246c5b76
        Validity
            Not Before: Jan  1 06:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c89bba183fc60f3a5a317202daa8feada53124b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fe:d4:33:e2:de:74:36:6f:e2:49:60:de:79:
                    b7:d0:40:35:71:86:0c:1d:49:fc:8b:23:81:4b:f4:
                    85:8b:49:89:b0:f2:23:35:5b:1d:2d:8d:a4:2f:fe:
                    e6:e3:76:c2:7d:17:ab:46:be:16:d9:3c:0a:48:20:
                    6b:18:a2:a2:f5:ea:58:4b:d1:bf:2d:e7:02:f2:e7:
                    40:3d:30:a2:f3:5e:ba:c0:3f:f1:ce:ee:13:98:25:
                    a0:03:17:ab:58:64:82:84:54:83:33:66:69:ba:d5:
                    53:59:39:f1:99:83:10:ec:3e:31:f9:20:37:85:29:
                    ee:36:d1:cf:6e:28:ea:d6:f2:b3:45:bf:28:f6:76:
                    a0:cd:5c:d6:22:ea:fd:5d:d3:1c:5f:38:9e:36:ff:
                    e1:6f:ee:0a:d8:3d:7b:92:24:f1:4a:6c:89:ed:78:
                    d2:9f:af:d5:02:36:40:9d:72:70:2a:28:8a:ff:56:
                    8c:9e:39:44:a9:a5:9e:6d:90:4a:38:20:e2:65:84:
                    b6:d2:0a:92:1b:bb:bd:11:a8:ba:52:da:f8:7d:b5:
                    34:69:c7:8d:d1:83:f7:ce:b3:24:d9:89:f0:01:3c:
                    df:fd:b7:7a:13:79:71:d9:b6:97:c4:e2:6a:f5:6b:
                    e9:ea:1a:00:c6:4b:d0:97:7c:5e:7e:85:13:a9:87:
                    c1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:89:BB:A1:83:FC:60:F3:A5:A3:17:20:2D:AA:8F:EA:DA:53:12:4B
            X509v3 Authority Key Identifier:
                keyid:BB:83:21:C0:5D:50:1E:DB:49:91:90:C0:C4:A3:08:9D:24:6C:5B:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MhwF1QHttJkZDAxKMInSRsW3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/HIm7oYP8YPOloxcgLaqP6tpTEks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/u4MhwF1QHttJkZDAxKMInSRsW3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:49:d2:d4:d7:51:cd:72:f4:a0:1d:08:f2:b5:c9:32:46:d4:
         12:3a:99:ea:52:be:17:41:fb:fe:80:66:7e:d9:c5:24:dc:62:
         b8:ff:ba:4c:c1:e0:ac:31:65:ea:79:54:3f:a5:2e:a8:3c:93:
         9d:d6:81:e9:a6:12:14:79:ac:47:7b:99:fc:40:6e:b1:91:33:
         1e:5d:1b:f1:a1:4b:03:60:01:91:92:b6:f8:c6:32:6e:e9:38:
         7f:e8:9d:ec:9a:72:d3:2b:77:d8:5a:c0:14:f2:70:42:5a:63:
         cf:f5:33:69:43:7f:f1:ca:1f:8b:bb:78:e4:87:b5:92:37:6a:
         6e:76:3b:cc:ea:64:9c:aa:7a:15:a9:00:44:a0:0a:5b:85:9e:
         03:f4:de:9e:d1:f2:c9:e9:21:ae:b8:2c:09:fa:37:44:5f:35:
         5c:99:b3:3d:b0:fc:bc:dd:b8:02:ef:43:e4:f5:f1:ce:a1:9a:
         c9:6e:60:32:93:68:35:6f:d8:3c:a7:99:e5:96:99:2f:34:c3:
         e0:8b:f0:23:49:7a:21:dc:65:c7:59:09:b6:4f:5a:ad:ed:73:
         2c:d5:41:f3:e6:d9:83:d6:47:00:95:6d:de:7d:c1:d5:17:de:
         60:be:a9:47:f6:c6:6b:40:df:c2:3a:c4:70:51:99:f8:e6:6c:
         b0:6d:bb:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtm2MtdntlHpqy1+b4O/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMyMWMwNWQ1MDFlZGI0OTkxOTBjMGM0YTMwODlkMjQ2
YzViNzYwHhcNMjQwMTAxMDYyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg5YmJhMTgzZmM2MGYzYTVhMzE3MjAyZGFhOGZlYWRhNTMxMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/7UM+LedDZv4klg3nm30EA1cYYM
HUn8iyOBS/SFi0mJsPIjNVsdLY2kL/7m43bCfRerRr4W2TwKSCBrGKKi9epYS9G/
LecC8udAPTCi8166wD/xzu4TmCWgAxerWGSChFSDM2ZputVTWTnxmYMQ7D4x+SA3
hSnuNtHPbijq1vKzRb8o9nagzVzWIur9XdMcXzieNv/hb+4K2D17kiTxSmyJ7XjS
n6/VAjZAnXJwKiiK/1aMnjlEqaWebZBKOCDiZYS20gqSG7u9Eai6Utr4fbU0aceN
0YP3zrMk2YnwATzf/bd6E3lx2baXxOJq9Wvp6hoAxkvQl3xefoUTqYfBUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByJu6GD/GDzpaMXIC2qj+raUxJLMB8GA1UdIwQY
MBaAFLuDIcBdUB7bSZGQwMSjCJ0kbFt2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNaHdGMVFIdHRKa1pEQXhLTUluU1JzVzNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9jZDI5ODMtMjE4Yy00NTdkLTgxMWIt
NWQ0MmUxZmE0NWI5LzEvSEltN29ZUDhZUE9sb3hjZ0xhcVA2dHBURWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9jZDI5ODMtMjE4Yy00NTdkLTgxMWItNWQ0MmUxZmE0NWI5
LzEvdTRNaHdGMVFIdHRKa1pEQXhLTUluU1JzVzNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVdAKMA0G
CSqGSIb3DQEBCwUAA4IBAQCKSdLU11HNcvSgHQjytckyRtQSOpnqUr4XQfv+gGZ+
2cUk3GK4/7pMweCsMWXqeVQ/pS6oPJOd1oHpphIUeaxHe5n8QG6xkTMeXRvxoUsD
YAGRkrb4xjJu6Th/6J3smnLTK3fYWsAU8nBCWmPP9TNpQ3/xyh+Lu3jkh7WSN2pu
djvM6mScqnoVqQBEoApbhZ4D9N6e0fLJ6SGuuCwJ+jdEXzVcmbM9sPy83bgC70Pk
9fHOoZrJbmAyk2g1b9g8p5nllpkvNMPgi/AjSXoh3GXHWQm2T1qt7XMs1UHz5tmD
1kcAlW3efcHVF95gvqlH9sZrQN/COsRwUZn45mywbbvY
-----END CERTIFICATE-----