Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/HOQaozgHqyl7GjdOmYwJNgxkNvk.roa
File:                     HOQaozgHqyl7GjdOmYwJNgxkNvk.roa (raw, json)
Hash identifier:          PI4rJK1t31rRGgg84yxq7H32pDXq4vLAXeRJDFTb2uo=
Subject key identifier:   1C:E4:1A:A3:38:07:AB:29:7B:1A:37:4E:99:8C:09:36:0C:64:36:F9
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       0194214469E50C13F8F5F91A3B1CF72A85C5
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/HOQaozgHqyl7GjdOmYwJNgxkNvk.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203855
IP address blocks:        195.141.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:69:e5:0c:13:f8:f5:f9:1a:3b:1c:f7:2a:85:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ce41aa33807ab297b1a374e998c09360c6436f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e0:b1:dd:86:56:32:de:ef:be:64:2b:da:2c:
                    36:9d:b9:f4:67:14:d5:19:4c:b2:8b:27:91:30:0e:
                    e8:bb:3a:04:94:b8:eb:06:01:59:6c:bf:4f:02:a9:
                    d7:f7:b1:1c:77:d7:29:7c:70:7a:a7:0d:4b:a5:a0:
                    8f:b2:35:fd:13:ac:07:0b:01:d8:d8:c8:46:66:c9:
                    cf:9c:f4:e1:ba:be:df:fa:30:3c:52:0c:da:15:5c:
                    7a:20:02:21:a9:1e:e3:5c:70:68:19:e7:9a:e1:d0:
                    61:56:8e:85:36:a0:04:e6:fb:bf:3c:c3:d1:3b:ab:
                    7b:26:26:9a:88:f0:5d:4d:c8:a7:e5:1d:12:b5:39:
                    80:a5:7f:1c:8a:64:85:79:07:e1:e6:93:c6:94:10:
                    92:90:af:cb:81:00:13:4b:39:36:b0:25:ad:72:a4:
                    79:67:36:86:3b:20:4d:e7:bb:ae:b7:f7:bd:89:ae:
                    f8:ce:43:87:44:52:e9:31:ed:97:1a:2e:5c:90:79:
                    34:a8:06:86:67:7a:f8:88:da:e4:76:45:ac:da:e4:
                    66:ae:53:ac:c1:d3:d4:fc:ad:be:e7:fe:8b:5b:81:
                    72:4e:21:2a:e5:8c:5a:ea:db:12:92:3e:8e:84:d1:
                    10:e9:c4:0a:73:50:83:c9:13:a3:93:a7:3b:08:6e:
                    76:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:E4:1A:A3:38:07:AB:29:7B:1A:37:4E:99:8C:09:36:0C:64:36:F9
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/HOQaozgHqyl7GjdOmYwJNgxkNvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.141.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:b5:d2:27:85:e5:6b:a5:0f:e0:c2:fd:c1:65:27:e0:99:0a:
         14:e3:a0:6f:be:d6:c7:89:74:bc:20:8e:8b:b6:bc:0c:a4:11:
         d3:83:d6:3f:88:a9:84:eb:2a:bd:00:53:b3:33:21:bb:af:81:
         c9:74:a3:f1:61:cc:b5:ec:cc:57:eb:c4:97:5c:3d:b2:91:dc:
         a9:66:1b:b1:c8:4b:bf:fb:8d:c4:d5:60:68:82:df:03:4f:cf:
         0c:30:b1:39:58:3a:e7:2d:bb:d9:81:e2:d7:1f:59:87:0b:f0:
         27:f3:3a:db:f5:d4:e9:14:be:a9:38:8c:e9:24:3d:16:b7:cc:
         fc:75:01:3a:28:e9:43:3c:93:b1:18:b6:2b:22:87:17:64:3d:
         a0:f7:84:f2:45:46:6c:12:49:80:7b:94:59:58:2e:1d:b0:a7:
         66:ee:09:9e:bd:32:ca:12:ca:ce:15:1d:1b:84:3c:cf:1b:bf:
         15:18:76:1d:48:f2:fd:e9:cc:40:76:31:57:8b:23:eb:5e:48:
         5f:01:7b:4f:9b:29:74:48:8f:b9:80:8a:0c:67:b6:aa:28:99:
         eb:6a:fc:3a:6b:3c:99:28:44:83:73:49:6a:36:d6:99:c1:fa:
         f5:2a:a2:24:44:90:e5:a2:14:08:b5:f4:11:3f:69:aa:a2:14:
         4a:1a:6d:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGnlDBP49fkaOxz3KoXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNWRiYzAwNDMzZTI5ZjJhZGViMDM4ZmVhMmZiZDcwNDhm
YjYzMmYwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2U0MWFhMzM4MDdhYjI5N2IxYTM3NGU5OThjMDkzNjBjNjQzNmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OCx3YZWMt7vvmQr2iw2nbn0ZxTV
GUyyiyeRMA7ouzoElLjrBgFZbL9PAqnX97Ecd9cpfHB6pw1LpaCPsjX9E6wHCwHY
2MhGZsnPnPThur7f+jA8UgzaFVx6IAIhqR7jXHBoGeea4dBhVo6FNqAE5vu/PMPR
O6t7JiaaiPBdTcin5R0StTmApX8cimSFeQfh5pPGlBCSkK/LgQATSzk2sCWtcqR5
ZzaGOyBN57uut/e9ia74zkOHRFLpMe2XGi5ckHk0qAaGZ3r4iNrkdkWs2uRmrlOs
wdPU/K2+5/6LW4FyTiEq5Yxa6tsSkj6OhNEQ6cQKc1CDyROjk6c7CG52qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzkGqM4B6spexo3TpmMCTYMZDb5MB8GA1UdIwQY
MBaAFBFdvABDPinyresDj+ovvXBI+2MvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTkt
MjI5YjRhZTc0MmRlLzEvSE9RYW96Z0hxeWw3R2pkT21Zd0pOZ3hrTnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTktMjI5YjRhZTc0MmRl
LzEvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw42HMA0G
CSqGSIb3DQEBCwUAA4IBAQBJtdInheVrpQ/gwv3BZSfgmQoU46BvvtbHiXS8II6L
trwMpBHTg9Y/iKmE6yq9AFOzMyG7r4HJdKPxYcy17MxX68SXXD2ykdypZhuxyEu/
+43E1WBogt8DT88MMLE5WDrnLbvZgeLXH1mHC/An8zrb9dTpFL6pOIzpJD0Wt8z8
dQE6KOlDPJOxGLYrIocXZD2g94TyRUZsEkmAe5RZWC4dsKdm7gmevTLKEsrOFR0b
hDzPG78VGHYdSPL96cxAdjFXiyPrXkhfAXtPmyl0SI+5gIoMZ7aqKJnravw6azyZ
KESDc0lqNtaZwfr1KqIkRJDlohQItfQRP2mqohRKGm3m
-----END CERTIFICATE-----