Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/0HTDBk5MYK2X7vH3zirTqZcpE2s.roa
File:                     0HTDBk5MYK2X7vH3zirTqZcpE2s.roa (raw, json)
Hash identifier:          Sj1nNxaVvmVnP+tRZkLAz31ImmjJvQaxWp+RCkXDwnM=
Subject key identifier:   D0:74:C3:06:4E:4C:60:AD:97:EE:F1:F7:CE:2A:D3:A9:97:29:13:6B
Certificate issuer:       /CN=ca58aeb4129f8e2c9bc42cd19185c8d7f0e6eaf9
Certificate serial:       0194266AE01B2374D239E31ACE065BB6AF15
Authority key identifier: CA:58:AE:B4:12:9F:8E:2C:9B:C4:2C:D1:91:85:C8:D7:F0:E6:EA:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yliutBKfjiybxCzRkYXI1_Dm6vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/0HTDBk5MYK2X7vH3zirTqZcpE2s.roa
Signing time:             Thu 02 Jan 2025 09:48:45 +0000
ROA not before:           Thu 02 Jan 2025 09:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208709
IP address blocks:        194.113.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/yliutBKfjiybxCzRkYXI1_Dm6vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/yliutBKfjiybxCzRkYXI1_Dm6vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yliutBKfjiybxCzRkYXI1_Dm6vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:e0:1b:23:74:d2:39:e3:1a:ce:06:5b:b6:af:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca58aeb4129f8e2c9bc42cd19185c8d7f0e6eaf9
        Validity
            Not Before: Jan  2 09:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d074c3064e4c60ad97eef1f7ce2ad3a99729136b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6d:0e:35:3c:5f:2b:95:88:78:44:08:d3:cf:
                    50:0b:ee:e4:55:52:06:0b:e0:cf:dc:80:aa:50:9d:
                    57:f0:96:95:f1:ed:03:86:71:2f:d9:aa:20:51:05:
                    a6:84:aa:19:dc:14:8d:8c:dd:60:2f:2a:a4:f3:5b:
                    1c:ba:11:f6:9c:00:79:7a:fc:a2:e4:c7:0d:e6:a7:
                    74:94:52:35:71:b9:4e:fa:3b:85:d7:77:2a:e3:bb:
                    02:64:2c:5c:9e:2e:c3:d4:78:64:ee:e5:eb:f3:ab:
                    a4:1e:98:da:16:26:2a:b0:f4:99:cf:25:6e:df:f9:
                    7f:90:f2:5f:97:74:2a:5c:40:4a:69:0d:32:02:87:
                    30:6f:34:bb:fe:3d:bb:ba:38:38:73:b6:bb:5b:aa:
                    87:3f:97:ea:ba:df:68:9d:e8:f7:e9:95:ee:05:f2:
                    f4:cc:64:c1:8a:1f:92:a8:b3:e1:ed:68:02:45:46:
                    00:6a:ab:cf:9e:9f:6e:e5:7b:37:50:a4:d9:94:54:
                    53:83:b7:96:34:13:16:f2:6c:58:e1:c6:d1:37:e1:
                    e8:89:2d:86:a7:88:88:c7:a0:f0:49:db:91:4b:1c:
                    1e:b5:3d:91:e3:e4:4a:5f:4c:e6:a2:4b:9c:97:ee:
                    9d:00:f4:25:5c:e1:c1:ef:f6:71:ca:e0:67:52:fa:
                    cd:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:74:C3:06:4E:4C:60:AD:97:EE:F1:F7:CE:2A:D3:A9:97:29:13:6B
            X509v3 Authority Key Identifier:
                keyid:CA:58:AE:B4:12:9F:8E:2C:9B:C4:2C:D1:91:85:C8:D7:F0:E6:EA:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yliutBKfjiybxCzRkYXI1_Dm6vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/0HTDBk5MYK2X7vH3zirTqZcpE2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/yliutBKfjiybxCzRkYXI1_Dm6vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:15:4e:f7:b1:a4:09:f4:24:8d:5b:ce:82:c5:5c:98:a4:0e:
         dc:49:d9:94:dc:14:b0:aa:b6:82:cb:c4:e1:68:66:ce:46:ea:
         90:d2:c8:e0:d0:cb:b1:dd:09:6a:97:1a:0c:b4:74:40:11:a9:
         b3:d1:25:28:e4:df:3f:97:18:09:80:da:cc:65:e7:09:60:59:
         13:01:45:87:b2:c3:61:24:1a:83:11:c7:7e:6c:e1:6e:ef:65:
         b8:f0:b6:e0:dc:59:6a:6a:d2:a4:77:e0:7d:04:4e:45:73:76:
         ad:77:72:eb:8b:6e:b9:ea:ab:16:fa:e2:5c:ec:9f:55:b8:36:
         11:30:d0:d1:f2:f8:60:54:7d:0c:2a:a9:f6:a0:f3:1b:fd:95:
         04:a2:95:2c:dd:91:a6:0a:04:26:d0:8a:10:34:a0:97:8a:b6:
         fa:f3:f3:0e:e3:09:5c:4a:21:3e:e5:60:af:7a:ae:3b:cb:9b:
         b1:33:4e:bb:cc:33:3c:62:79:f5:76:8e:b1:87:7c:b2:64:ce:
         ad:7d:dc:f4:56:4b:ea:fb:a1:34:32:d5:c4:e4:5d:93:3a:bc:
         27:69:66:5c:28:fd:6c:6d:ee:f1:87:d2:38:71:3f:89:51:d5:
         2d:bb:7a:4e:2d:a3:b2:74:e2:d4:6b:b9:b5:0a:0a:2f:45:28:
         b4:44:bb:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmauAbI3TSOeMazgZbtq8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNThhZWI0MTI5ZjhlMmM5YmM0MmNkMTkxODVjOGQ3ZjBl
NmVhZjkwHhcNMjUwMTAyMDk0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDc0YzMwNjRlNGM2MGFkOTdlZWYxZjdjZTJhZDNhOTk3MjkxMzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo20ONTxfK5WIeEQI089QC+7kVVIG
C+DP3ICqUJ1X8JaV8e0DhnEv2aogUQWmhKoZ3BSNjN1gLyqk81scuhH2nAB5evyi
5McN5qd0lFI1cblO+juF13cq47sCZCxcni7D1Hhk7uXr86ukHpjaFiYqsPSZzyVu
3/l/kPJfl3QqXEBKaQ0yAocwbzS7/j27ujg4c7a7W6qHP5fqut9onej36ZXuBfL0
zGTBih+SqLPh7WgCRUYAaqvPnp9u5Xs3UKTZlFRTg7eWNBMW8mxY4cbRN+HoiS2G
p4iIx6DwSduRSxwetT2R4+RKX0zmokucl+6dAPQlXOHB7/ZxyuBnUvrNpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNB0wwZOTGCtl+7x984q06mXKRNrMB8GA1UdIwQY
MBaAFMpYrrQSn44sm8Qs0ZGFyNfw5ur5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWxpdXRCS2ZqaXlieEN6UmtZWEkxX0RtNnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84ZjAyMTgtNTQzZC00OTQzLThlM2Mt
YWVmMWIzNGEyODdkLzEvMEhUREJrNU1ZSzJYN3ZIM3ppclRxWmNwRTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84ZjAyMTgtNTQzZC00OTQzLThlM2MtYWVmMWIzNGEyODdk
LzEveWxpdXRCS2ZqaXlieEN6UmtZWEkxX0RtNnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnF0MA0G
CSqGSIb3DQEBCwUAA4IBAQA3FU73saQJ9CSNW86CxVyYpA7cSdmU3BSwqraCy8Th
aGbORuqQ0sjg0Mux3QlqlxoMtHRAEamz0SUo5N8/lxgJgNrMZecJYFkTAUWHssNh
JBqDEcd+bOFu72W48Lbg3FlqatKkd+B9BE5Fc3atd3Lri2656qsW+uJc7J9VuDYR
MNDR8vhgVH0MKqn2oPMb/ZUEopUs3ZGmCgQm0IoQNKCXirb68/MO4wlcSiE+5WCv
eq47y5uxM067zDM8Ynn1do6xh3yyZM6tfdz0Vkvq+6E0MtXE5F2TOrwnaWZcKP1s
be7xh9I4cT+JUdUtu3pOLaOydOLUa7m1CgovRSi0RLtp
-----END CERTIFICATE-----