Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/08d6bf-ef86-4c74-aa23-d335c2042403/1/hjCgM-ystt0Xy0OhGLt3SQGJKvg.roa
File:                     hjCgM-ystt0Xy0OhGLt3SQGJKvg.roa (raw, json)
Hash identifier:          FatDd7lOPUBvMlYhasNW5rlsyqegCbAlWwJuCxUa240=
Subject key identifier:   86:30:A0:33:EC:AC:B6:DD:17:CB:43:A1:18:BB:77:49:01:89:2A:F8
Certificate issuer:       /CN=cabe6ea6ef33089e5259d249c5b0dfaa13a94d78
Certificate serial:       018CC56DE2575CE3E4257C27DA6F83311397
Authority key identifier: CA:BE:6E:A6:EF:33:08:9E:52:59:D2:49:C5:B0:DF:AA:13:A9:4D:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yr5upu8zCJ5SWdJJxbDfqhOpTXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/08d6bf-ef86-4c74-aa23-d335c2042403/1/hjCgM-ystt0Xy0OhGLt3SQGJKvg.roa
Signing time:             Mon 01 Jan 2024 14:29:22 +0000
ROA not before:           Mon 01 Jan 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205375
IP address blocks:        185.220.85.0/24 maxlen: 24
                          185.220.84.0/24 maxlen: 24
                          185.220.87.0/24 maxlen: 24
                          185.220.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/08d6bf-ef86-4c74-aa23-d335c2042403/1/yr5upu8zCJ5SWdJJxbDfqhOpTXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/08d6bf-ef86-4c74-aa23-d335c2042403/1/yr5upu8zCJ5SWdJJxbDfqhOpTXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yr5upu8zCJ5SWdJJxbDfqhOpTXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e2:57:5c:e3:e4:25:7c:27:da:6f:83:31:13:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cabe6ea6ef33089e5259d249c5b0dfaa13a94d78
        Validity
            Not Before: Jan  1 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8630a033ecacb6dd17cb43a118bb774901892af8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:cb:86:3b:0a:39:35:04:1c:e1:3d:a7:c5:c3:
                    6e:3d:f0:59:ef:b9:a6:63:1c:02:71:26:10:e6:20:
                    9b:0c:30:92:75:ea:1f:5b:22:82:37:3c:52:ab:6f:
                    04:b0:1f:f9:7e:1c:5d:f4:1e:ce:1f:77:b9:c7:a2:
                    1c:b5:dc:87:ca:c6:f2:74:7f:45:06:0b:4a:e9:53:
                    6b:f9:ef:bc:e7:a5:09:cd:d2:c8:7e:1b:cb:3c:b3:
                    fb:96:13:71:57:e3:55:2c:c4:60:8e:0b:07:2d:3d:
                    59:2a:c3:b4:c1:9c:94:7f:6c:b5:8a:c1:c1:4f:11:
                    dc:a8:6c:ab:dc:1a:c5:8f:d7:81:f7:93:27:4f:00:
                    96:68:f2:f1:c0:ff:4c:20:38:6a:60:d2:36:19:ad:
                    a1:58:74:c0:0c:9c:2b:62:75:87:aa:e8:29:e1:16:
                    e1:29:aa:8d:56:5e:43:5c:0f:a4:82:d6:16:30:45:
                    e5:fb:9b:bd:41:df:99:b1:8e:21:73:c9:93:a4:5c:
                    86:39:07:89:9f:a7:ed:68:db:75:68:0f:29:a1:15:
                    5c:0b:4b:9f:f1:b5:43:ad:80:9c:7e:f8:39:bf:fa:
                    e1:2b:69:c4:ec:63:61:7a:66:ff:fb:12:b8:38:61:
                    6e:d9:8d:4b:ca:33:d6:5b:80:41:88:d6:4f:ec:03:
                    7b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:30:A0:33:EC:AC:B6:DD:17:CB:43:A1:18:BB:77:49:01:89:2A:F8
            X509v3 Authority Key Identifier:
                keyid:CA:BE:6E:A6:EF:33:08:9E:52:59:D2:49:C5:B0:DF:AA:13:A9:4D:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yr5upu8zCJ5SWdJJxbDfqhOpTXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/08d6bf-ef86-4c74-aa23-d335c2042403/1/hjCgM-ystt0Xy0OhGLt3SQGJKvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/08d6bf-ef86-4c74-aa23-d335c2042403/1/yr5upu8zCJ5SWdJJxbDfqhOpTXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:d2:51:04:6a:4f:44:cf:25:57:80:0a:54:68:8b:70:26:cb:
         ba:2b:46:e9:09:97:39:5c:2f:9b:e7:81:f0:1e:df:ea:d2:1d:
         25:bd:6a:a1:c4:06:cd:80:68:e3:a7:1c:34:c2:47:83:af:8c:
         97:84:41:96:aa:01:08:3d:1e:8c:55:06:7d:66:ee:90:87:b8:
         94:19:24:f4:44:a9:a4:74:ea:dc:c0:5c:83:d7:4f:86:de:ec:
         08:9b:7b:30:73:7d:9b:e5:6a:94:72:9e:07:d6:b5:a2:1d:c3:
         27:de:78:dc:ce:8e:30:23:75:34:cd:0d:c9:25:7d:9e:b0:ad:
         01:a8:c8:20:71:c1:46:06:75:76:c1:45:9b:c6:e3:0d:39:f7:
         f0:05:f8:ba:96:07:03:1c:98:7f:f9:f1:60:91:f3:c5:a2:3c:
         8a:df:8c:4d:fa:e2:6c:e2:87:ce:60:e3:f6:ad:57:cb:0f:28:
         e7:93:47:69:cf:b0:e2:f9:c2:b7:70:19:56:8d:c8:01:b2:a8:
         f6:63:99:16:7a:d7:b7:89:12:65:48:9a:29:75:c6:29:75:ca:
         8e:66:25:aa:57:d7:83:c7:17:be:ea:c1:5a:40:8f:0b:18:79:
         f3:26:a6:06:45:27:1e:db:f3:47:47:b8:21:50:fe:8a:56:b1:
         97:00:00:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeJXXOPkJXwn2m+DMROXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYmU2ZWE2ZWYzMzA4OWU1MjU5ZDI0OWM1YjBkZmFhMTNh
OTRkNzgwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjMwYTAzM2VjYWNiNmRkMTdjYjQzYTExOGJiNzc0OTAxODkyYWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsuGOwo5NQQc4T2nxcNuPfBZ77mm
YxwCcSYQ5iCbDDCSdeofWyKCNzxSq28EsB/5fhxd9B7OH3e5x6IctdyHysbydH9F
BgtK6VNr+e+856UJzdLIfhvLPLP7lhNxV+NVLMRgjgsHLT1ZKsO0wZyUf2y1isHB
TxHcqGyr3BrFj9eB95MnTwCWaPLxwP9MIDhqYNI2Ga2hWHTADJwrYnWHqugp4Rbh
KaqNVl5DXA+kgtYWMEXl+5u9Qd+ZsY4hc8mTpFyGOQeJn6ftaNt1aA8poRVcC0uf
8bVDrYCcfvg5v/rhK2nE7GNhemb/+xK4OGFu2Y1LyjPWW4BBiNZP7AN7MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYwoDPsrLbdF8tDoRi7d0kBiSr4MB8GA1UdIwQY
MBaAFMq+bqbvMwieUlnSScWw36oTqU14MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXI1dXB1OHpDSjVTV2RKSnhiRGZxaE9wVFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8wOGQ2YmYtZWY4Ni00Yzc0LWFhMjMt
ZDMzNWMyMDQyNDAzLzEvaGpDZ00teXN0dDBYeTBPaEdMdDNTUUdKS3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8wOGQ2YmYtZWY4Ni00Yzc0LWFhMjMtZDMzNWMyMDQyNDAz
LzEveXI1dXB1OHpDSjVTV2RKSnhiRGZxaE9wVFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudxUMA0G
CSqGSIb3DQEBCwUAA4IBAQBA0lEEak9EzyVXgApUaItwJsu6K0bpCZc5XC+b54Hw
Ht/q0h0lvWqhxAbNgGjjpxw0wkeDr4yXhEGWqgEIPR6MVQZ9Zu6Qh7iUGST0RKmk
dOrcwFyD10+G3uwIm3swc32b5WqUcp4H1rWiHcMn3njczo4wI3U0zQ3JJX2esK0B
qMggccFGBnV2wUWbxuMNOffwBfi6lgcDHJh/+fFgkfPFojyK34xN+uJs4ofOYOP2
rVfLDyjnk0dpz7Di+cK3cBlWjcgBsqj2Y5kWete3iRJlSJopdcYpdcqOZiWqV9eD
xxe+6sFaQI8LGHnzJqYGRSce2/NHR7ghUP6KVrGXAAAQ
-----END CERTIFICATE-----