Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/d2bbf6-3b69-442e-b490-7e54c32abed8/1/hNRI4S_udptfEHNLzR1cCdL0Fyc.roa
File:                     hNRI4S_udptfEHNLzR1cCdL0Fyc.roa (raw, json)
Hash identifier:          aqWVSi2tbawPqoXxM+/JB/gKcBdcEu9o5eXepRCVXNw=
Subject key identifier:   84:D4:48:E1:2F:EE:76:9B:5F:10:73:4B:CD:1D:5C:09:D2:F4:17:27
Certificate issuer:       /CN=085787e65eb4fcd66e3340b62ade47ca00919dce
Certificate serial:       018E3D8A69F2251407112E1D4E1B5F467B18
Authority key identifier: 08:57:87:E6:5E:B4:FC:D6:6E:33:40:B6:2A:DE:47:CA:00:91:9D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CFeH5l60_NZuM0C2Kt5HygCRnc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/d2bbf6-3b69-442e-b490-7e54c32abed8/1/hNRI4S_udptfEHNLzR1cCdL0Fyc.roa
Signing time:             Thu 14 Mar 2024 15:17:44 +0000
ROA not before:           Thu 14 Mar 2024 15:17:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215602
IP address blocks:        194.164.244.0/24 maxlen: 24
                          2a0c:28c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/d2bbf6-3b69-442e-b490-7e54c32abed8/1/CFeH5l60_NZuM0C2Kt5HygCRnc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/d2bbf6-3b69-442e-b490-7e54c32abed8/1/CFeH5l60_NZuM0C2Kt5HygCRnc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CFeH5l60_NZuM0C2Kt5HygCRnc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:8a:69:f2:25:14:07:11:2e:1d:4e:1b:5f:46:7b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=085787e65eb4fcd66e3340b62ade47ca00919dce
        Validity
            Not Before: Mar 14 15:17:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84d448e12fee769b5f10734bcd1d5c09d2f41727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e0:00:f5:a2:88:50:63:c4:47:3f:d7:53:5f:
                    c2:49:f9:ff:b5:44:95:0c:c4:ed:ae:3a:05:21:b0:
                    3c:27:a3:00:42:f3:9e:ff:2b:34:e8:a2:ef:64:60:
                    47:6e:18:4f:dc:18:e6:33:f6:e6:45:aa:a0:ff:1e:
                    4d:60:4b:42:7e:d8:9c:7c:a7:44:9d:6c:cc:2d:11:
                    39:f1:a7:f1:e7:c4:83:a9:09:14:6e:0b:5b:3a:2a:
                    3d:fa:5d:3e:ff:97:0c:57:67:37:df:a8:fe:e3:9e:
                    20:18:e4:62:0f:77:b3:73:a7:ae:d3:02:49:64:de:
                    c4:81:b5:65:6c:84:d2:0e:16:ab:30:db:51:9e:54:
                    c1:f6:a1:ce:b6:ac:78:59:60:e4:5f:7f:30:41:54:
                    1d:97:fb:31:dc:52:be:1e:19:b9:23:db:cd:8c:96:
                    76:2c:d6:20:0a:20:24:5e:87:a8:b7:cb:25:87:bb:
                    d4:52:74:a3:a1:d2:18:ac:05:5e:79:58:0a:c6:53:
                    9e:b5:28:b1:07:40:f9:8d:bc:96:36:39:a1:0b:4e:
                    63:92:1a:6d:a2:58:3c:7e:f4:b5:d8:18:00:04:83:
                    69:0d:e6:80:64:ea:1f:6c:74:f4:ee:bd:27:11:31:
                    c1:44:c0:6c:34:d6:f7:d7:2a:de:d5:7a:7c:19:54:
                    96:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:D4:48:E1:2F:EE:76:9B:5F:10:73:4B:CD:1D:5C:09:D2:F4:17:27
            X509v3 Authority Key Identifier:
                keyid:08:57:87:E6:5E:B4:FC:D6:6E:33:40:B6:2A:DE:47:CA:00:91:9D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CFeH5l60_NZuM0C2Kt5HygCRnc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d2bbf6-3b69-442e-b490-7e54c32abed8/1/hNRI4S_udptfEHNLzR1cCdL0Fyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d2bbf6-3b69-442e-b490-7e54c32abed8/1/CFeH5l60_NZuM0C2Kt5HygCRnc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.244.0/24
                IPv6:
                  2a0c:28c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:47:78:76:89:3a:54:60:cc:25:02:78:48:39:67:96:3d:c8:
         f8:6a:6c:0c:11:d5:28:43:57:f7:06:7b:2c:68:f0:7a:35:b9:
         9a:02:c0:cf:23:66:96:2a:72:6d:e9:29:90:c1:e3:de:0a:f0:
         eb:3d:85:4e:9f:bd:6a:02:80:92:79:4c:4a:2d:72:c1:cf:d0:
         93:ac:83:a7:ca:a2:c2:06:7d:4b:2c:db:75:aa:49:11:90:bf:
         77:17:9f:a3:43:1b:5a:c2:a1:24:3f:4c:fe:62:4d:fe:cd:eb:
         bf:62:0c:10:51:46:96:f6:c4:f8:af:5d:28:e9:f9:5f:b6:84:
         3a:4a:ec:9b:95:0f:a4:d9:28:ef:ce:c3:ee:07:6c:17:90:c0:
         a6:be:0e:24:4e:7e:7f:bb:73:ce:71:5a:81:37:9e:32:e0:07:
         72:e1:0b:f8:df:0b:c8:a5:f3:ff:4a:e6:e5:eb:ab:1f:b3:59:
         62:13:c6:7f:f8:40:a6:b1:03:dc:07:8b:76:56:61:83:c4:22:
         64:64:19:e4:8a:da:7f:13:29:fc:a8:f5:80:31:ac:28:ca:cc:
         1b:55:f9:0c:01:ce:56:0c:59:81:24:b7:04:93:37:5f:3c:47:
         c8:1b:c3:9e:63:70:16:88:21:ce:b2:af:5c:e6:aa:ac:ae:5b:
         6e:b8:a9:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY49imnyJRQHES4dThtfRnsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NTc4N2U2NWViNGZjZDY2ZTMzNDBiNjJhZGU0N2NhMDA5
MTlkY2UwHhcNMjQwMzE0MTUxNzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGQ0NDhlMTJmZWU3NjliNWYxMDczNGJjZDFkNWMwOWQyZjQxNzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+AA9aKIUGPERz/XU1/CSfn/tUSV
DMTtrjoFIbA8J6MAQvOe/ys06KLvZGBHbhhP3BjmM/bmRaqg/x5NYEtCfticfKdE
nWzMLRE58afx58SDqQkUbgtbOio9+l0+/5cMV2c336j+454gGORiD3ezc6eu0wJJ
ZN7EgbVlbITSDharMNtRnlTB9qHOtqx4WWDkX38wQVQdl/sx3FK+Hhm5I9vNjJZ2
LNYgCiAkXoeot8slh7vUUnSjodIYrAVeeVgKxlOetSixB0D5jbyWNjmhC05jkhpt
olg8fvS12BgABINpDeaAZOofbHT07r0nETHBRMBsNNb31yre1Xp8GVSW2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFITUSOEv7nabXxBzS80dXAnS9BcnMB8GA1UdIwQY
MBaAFAhXh+ZetPzWbjNAtireR8oAkZ3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0ZlSDVsNjBfTlp1TTBDMkt0NUh5Z0NSbmM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9kMmJiZjYtM2I2OS00NDJlLWI0OTAt
N2U1NGMzMmFiZWQ4LzEvaE5SSTRTX3VkcHRmRUhOTHpSMWNDZEwwRnljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9kMmJiZjYtM2I2OS00NDJlLWI0OTAtN2U1NGMzMmFiZWQ4
LzEvQ0ZlSDVsNjBfTlp1TTBDMkt0NUh5Z0NSbmM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwqT0MA0E
AgACMAcDBQMqDCjAMA0GCSqGSIb3DQEBCwUAA4IBAQBnR3h2iTpUYMwlAnhIOWeW
Pcj4amwMEdUoQ1f3BnssaPB6NbmaAsDPI2aWKnJt6SmQwePeCvDrPYVOn71qAoCS
eUxKLXLBz9CTrIOnyqLCBn1LLNt1qkkRkL93F5+jQxtawqEkP0z+Yk3+zeu/YgwQ
UUaW9sT4r10o6flftoQ6SuyblQ+k2SjvzsPuB2wXkMCmvg4kTn5/u3POcVqBN54y
4Ady4Qv43wvIpfP/Subl66sfs1liE8Z/+ECmsQPcB4t2VmGDxCJkZBnkitp/Eyn8
qPWAMawoyswbVfkMAc5WDFmBJLcEkzdfPEfIG8OeY3AWiCHOsq9c5qqsrltuuKn3
-----END CERTIFICATE-----