Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/HLVYZ-gMof-iKk7KpVkc4YQ8h2s.roa
File:                     HLVYZ-gMof-iKk7KpVkc4YQ8h2s.roa (raw, json)
Hash identifier:          sIWT4vc7MEIThnR5ewH829GoK6733eWQS1IO4054Nz4=
Subject key identifier:   1C:B5:58:67:E8:0C:A1:FF:A2:2A:4E:CA:A5:59:1C:E1:84:3C:87:6B
Certificate issuer:       /CN=41ef4b060a8b79b2893d3309ad50d1cccb2b9e31
Certificate serial:       018CC7954AC4112C19EC04C9E06651A889C6
Authority key identifier: 41:EF:4B:06:0A:8B:79:B2:89:3D:33:09:AD:50:D1:CC:CB:2B:9E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/HLVYZ-gMof-iKk7KpVkc4YQ8h2s.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209216
IP address blocks:        185.223.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4a:c4:11:2c:19:ec:04:c9:e0:66:51:a8:89:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41ef4b060a8b79b2893d3309ad50d1cccb2b9e31
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cb55867e80ca1ffa22a4ecaa5591ce1843c876b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:24:5b:8e:6c:cb:ad:8c:bb:b1:3f:e0:23:6f:
                    73:8a:1c:d4:37:41:0d:68:db:f4:bc:08:7c:a6:90:
                    8d:bf:b4:ea:36:10:5d:16:de:09:bf:55:3d:7c:05:
                    db:f0:80:83:fe:70:14:01:1d:33:0c:bb:56:22:cb:
                    0b:63:d2:86:8c:7b:ba:0c:13:18:d9:05:5a:6b:85:
                    3b:3c:e0:9a:c2:b7:6b:a3:dd:79:72:cf:ff:49:c0:
                    0e:01:26:6a:4a:d2:c8:10:7d:e7:6d:f2:a2:13:50:
                    bb:a8:5f:cc:a4:ee:82:08:1e:5a:10:ed:cb:a7:22:
                    c7:5e:d1:e7:84:d4:b6:bd:46:fd:81:df:39:2f:c3:
                    ba:ab:2c:27:61:db:2f:b2:95:ec:d0:9e:33:bc:11:
                    76:0c:78:c4:e9:72:51:13:d3:65:fa:74:d5:14:9e:
                    e9:b7:3a:d5:f8:e2:56:fe:ba:29:6f:8c:47:50:89:
                    3f:16:50:a5:e8:68:f5:4d:f8:94:e0:72:be:c0:6c:
                    13:d0:86:43:0e:7a:61:8d:ae:97:1b:15:3e:aa:13:
                    af:50:4c:42:ff:1b:df:e6:11:8b:4a:52:48:96:cd:
                    6f:01:bf:db:77:0f:dc:ae:12:0d:21:59:75:1a:8e:
                    83:40:1c:f5:4c:22:a8:f8:7b:f3:82:04:35:f9:0e:
                    bb:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B5:58:67:E8:0C:A1:FF:A2:2A:4E:CA:A5:59:1C:E1:84:3C:87:6B
            X509v3 Authority Key Identifier:
                keyid:41:EF:4B:06:0A:8B:79:B2:89:3D:33:09:AD:50:D1:CC:CB:2B:9E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qe9LBgqLebKJPTMJrVDRzMsrnjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/HLVYZ-gMof-iKk7KpVkc4YQ8h2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/111b81-aa6c-40da-bed1-bf8e5d8265a2/1/Qe9LBgqLebKJPTMJrVDRzMsrnjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:c2:9e:fe:33:2b:93:53:fc:47:5d:4a:d8:80:a7:ff:7f:6c:
         87:87:cf:d6:de:a0:9d:7d:33:da:55:dc:d5:d6:84:41:49:1b:
         1e:1b:3a:f6:a4:50:8d:ac:9e:24:91:f6:4c:7d:0f:d9:a3:5a:
         9d:14:08:0f:92:c8:c9:e8:65:ac:24:c6:6f:ae:f2:d8:67:c7:
         19:95:cf:e7:f0:dc:97:fd:53:af:cb:12:fd:86:bf:16:a9:a1:
         29:47:91:26:94:83:05:a4:9f:ab:22:5a:b3:bf:b1:7d:61:c5:
         78:eb:28:35:cf:49:d9:2a:1a:d3:2c:d5:4d:3d:67:29:fc:2d:
         35:f0:bc:4b:39:bb:7b:da:fa:64:8b:f9:52:56:a7:cd:99:a2:
         44:d5:1e:5e:0d:39:e6:b3:80:a5:1a:8f:50:67:50:d9:a8:92:
         6d:d2:95:58:46:bb:4b:93:f5:b9:ad:5a:3f:4b:9c:24:0f:f0:
         8c:c9:2c:78:67:b5:06:ba:2a:27:8e:12:2b:bc:12:c2:aa:cd:
         c5:b7:41:6b:44:fa:04:f9:1d:16:eb:04:95:9d:ca:ed:04:5d:
         0a:2e:1a:41:f7:b6:3e:bd:c1:99:a8:90:e0:25:f2:3d:80:3c:
         12:26:28:ac:cd:4d:f8:9d:e7:c3:93:d9:c9:b6:03:7c:5b:94:
         c0:b1:46:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlUrEESwZ7ATJ4GZRqInGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZWY0YjA2MGE4Yjc5YjI4OTNkMzMwOWFkNTBkMWNjY2Iy
YjllMzEwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I1NTg2N2U4MGNhMWZmYTIyYTRlY2FhNTU5MWNlMTg0M2M4NzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCRbjmzLrYy7sT/gI29zihzUN0EN
aNv0vAh8ppCNv7TqNhBdFt4Jv1U9fAXb8ICD/nAUAR0zDLtWIssLY9KGjHu6DBMY
2QVaa4U7POCawrdro915cs//ScAOASZqStLIEH3nbfKiE1C7qF/MpO6CCB5aEO3L
pyLHXtHnhNS2vUb9gd85L8O6qywnYdsvspXs0J4zvBF2DHjE6XJRE9Nl+nTVFJ7p
tzrV+OJW/ropb4xHUIk/FlCl6Gj1TfiU4HK+wGwT0IZDDnphja6XGxU+qhOvUExC
/xvf5hGLSlJIls1vAb/bdw/crhINIVl1Go6DQBz1TCKo+HvzggQ1+Q67tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBy1WGfoDKH/oipOyqVZHOGEPIdrMB8GA1UdIwQY
MBaAFEHvSwYKi3myiT0zCa1Q0czLK54xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWU5TEJncUxlYktKUFRNSnJWRFJ6TXNybmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xMTFiODEtYWE2Yy00MGRhLWJlZDEt
YmY4ZTVkODI2NWEyLzEvSExWWVotZ01vZi1pS2s3S3BWa2M0WVE4aDJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xMTFiODEtYWE2Yy00MGRhLWJlZDEtYmY4ZTVkODI2NWEy
LzEvUWU5TEJncUxlYktKUFRNSnJWRFJ6TXNybmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud9sMA0G
CSqGSIb3DQEBCwUAA4IBAQBEwp7+MyuTU/xHXUrYgKf/f2yHh8/W3qCdfTPaVdzV
1oRBSRseGzr2pFCNrJ4kkfZMfQ/Zo1qdFAgPksjJ6GWsJMZvrvLYZ8cZlc/n8NyX
/VOvyxL9hr8WqaEpR5EmlIMFpJ+rIlqzv7F9YcV46yg1z0nZKhrTLNVNPWcp/C01
8LxLObt72vpki/lSVqfNmaJE1R5eDTnms4ClGo9QZ1DZqJJt0pVYRrtLk/W5rVo/
S5wkD/CMySx4Z7UGuionjhIrvBLCqs3Ft0FrRPoE+R0W6wSVncrtBF0KLhpB97Y+
vcGZqJDgJfI9gDwSJiiszU34nefDk9nJtgN8W5TAsUZW
-----END CERTIFICATE-----