Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/hbgrQTZDQkOJI9hkv0CyHXCVqxk.roa
File:                     hbgrQTZDQkOJI9hkv0CyHXCVqxk.roa (raw, json)
Hash identifier:          y37+3pkFd5GnCXy7OrfptlRkrvV8gDJfEvei5wIQjlc=
Subject key identifier:   85:B8:2B:41:36:43:42:43:89:23:D8:64:BF:40:B2:1D:70:95:AB:19
Certificate issuer:       /CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
Certificate serial:       018CCA2A618F43D19F1E0221709ED83EE45E
Authority key identifier: C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/hbgrQTZDQkOJI9hkv0CyHXCVqxk.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2259
IP address blocks:        134.158.144.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:61:8f:43:d1:9f:1e:02:21:70:9e:d8:3e:e4:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85b82b41364342438923d864bf40b21d7095ab19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:72:09:8c:56:64:2c:97:93:eb:4e:29:02:ec:
                    b4:8f:a3:5c:30:e0:28:71:92:e9:cf:c0:52:c9:55:
                    7c:c4:bc:36:9b:57:41:28:af:c4:e9:96:59:69:90:
                    0b:a1:6c:3b:b4:73:39:c1:55:90:64:25:6e:15:ff:
                    03:04:a7:b2:0c:c6:ba:75:ad:3c:fe:1a:46:a5:20:
                    bf:b7:d1:d0:68:1c:02:da:86:c9:ae:57:ff:42:0c:
                    e2:52:68:fb:47:52:a4:c9:21:00:76:e1:9c:d4:66:
                    4c:6e:a4:f5:3d:77:e9:ed:ae:4a:29:ce:5c:a9:d3:
                    0f:2a:31:b8:d5:54:67:30:2a:d7:b1:25:4c:d1:e8:
                    cf:f9:df:78:28:a5:85:f5:77:07:d1:a2:77:db:75:
                    e7:06:2c:03:0b:4f:4b:16:bd:3e:02:79:cb:c0:b3:
                    b4:ca:c9:7f:f3:10:f3:3a:e3:96:ea:c6:73:2d:f8:
                    64:37:e2:11:31:dc:fb:c3:9e:5b:42:9f:1e:51:85:
                    dd:14:38:5c:83:e9:c8:0f:ef:39:fa:06:fe:17:86:
                    52:8e:ea:38:a9:28:c9:14:85:de:71:28:b0:98:4a:
                    08:dc:e9:50:53:7d:80:a1:4e:3e:a9:92:14:6a:29:
                    e7:59:f6:86:f4:93:44:f4:88:5b:f3:aa:81:9f:fd:
                    72:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B8:2B:41:36:43:42:43:89:23:D8:64:BF:40:B2:1D:70:95:AB:19
            X509v3 Authority Key Identifier:
                keyid:C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/hbgrQTZDQkOJI9hkv0CyHXCVqxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.158.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b9:53:ab:03:c0:72:3d:a2:e5:28:c8:54:63:f2:b7:17:75:2b:
         0a:6b:e2:90:1a:fb:42:d9:d8:53:fe:33:fc:00:ce:83:b0:c1:
         ac:ba:df:8f:9c:9a:81:20:ba:29:83:9f:65:04:b1:45:5a:03:
         f8:44:6d:12:65:2e:a2:2e:72:e4:8f:85:64:dc:1a:6a:2a:2d:
         ee:99:ba:d3:56:29:8b:d9:c8:0d:e9:0b:3a:ca:c3:0f:43:29:
         ff:af:b6:d3:d4:f4:7f:0a:0b:2b:f5:76:97:ea:6f:b9:a4:49:
         97:1b:a0:8f:3c:72:97:6a:8d:91:72:6f:1d:70:5e:de:78:aa:
         ff:59:6f:df:a8:fc:10:24:d9:b5:27:10:14:0e:49:5c:e0:78:
         d8:be:36:8d:24:10:01:1a:8a:f3:9b:40:f4:b2:39:5f:01:34:
         07:35:29:85:e6:cc:e1:5f:34:92:44:54:39:88:c9:47:38:89:
         1d:bb:7e:a8:87:80:50:44:32:9b:58:cb:0b:bc:cf:5d:f8:4b:
         7b:c8:5c:9c:c0:23:73:fe:bb:a4:44:f3:5b:e5:1b:80:a7:b4:
         53:b7:0c:ae:c8:6e:83:50:14:f1:9b:00:99:fc:2a:f4:f3:dd:
         82:d6:b5:92:59:97:ab:90:2f:21:8e:b1:8c:1f:8c:26:c1:28:
         74:9b:e9:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmGPQ9GfHgIhcJ7YPuReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YTdjM2Y0YjE0NjkzNTEyMjAyNTk1YThhNGY5NWIwZDZi
N2ExMDEwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI4MmI0MTM2NDM0MjQzODkyM2Q4NjRiZjQwYjIxZDcwOTVhYjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinIJjFZkLJeT604pAuy0j6NcMOAo
cZLpz8BSyVV8xLw2m1dBKK/E6ZZZaZALoWw7tHM5wVWQZCVuFf8DBKeyDMa6da08
/hpGpSC/t9HQaBwC2obJrlf/QgziUmj7R1KkySEAduGc1GZMbqT1PXfp7a5KKc5c
qdMPKjG41VRnMCrXsSVM0ejP+d94KKWF9XcH0aJ323XnBiwDC09LFr0+AnnLwLO0
ysl/8xDzOuOW6sZzLfhkN+IRMdz7w55bQp8eUYXdFDhcg+nID+85+gb+F4ZSjuo4
qSjJFIXecSiwmEoI3OlQU32AoU4+qZIUainnWfaG9JNE9Ihb86qBn/1yvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW4K0E2Q0JDiSPYZL9Ash1wlasZMB8GA1UdIwQY
MBaAFMWnw/SxRpNRIgJZWopPlbDWt6EBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgt
ZDEyZjFlMjQ1NmJhLzEvaGJnclFUWkRRa09KSTloa3YwQ3lIWENWcXhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgtZDEyZjFlMjQ1NmJh
LzEveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDhp6QMA0G
CSqGSIb3DQEBCwUAA4IBAQC5U6sDwHI9ouUoyFRj8rcXdSsKa+KQGvtC2dhT/jP8
AM6DsMGsut+PnJqBILopg59lBLFFWgP4RG0SZS6iLnLkj4Vk3BpqKi3umbrTVimL
2cgN6Qs6ysMPQyn/r7bT1PR/Cgsr9XaX6m+5pEmXG6CPPHKXao2Rcm8dcF7eeKr/
WW/fqPwQJNm1JxAUDklc4HjYvjaNJBABGorzm0D0sjlfATQHNSmF5szhXzSSRFQ5
iMlHOIkdu36oh4BQRDKbWMsLvM9d+Et7yFycwCNz/rukRPNb5RuAp7RTtwyuyG6D
UBTxmwCZ/Cr0892C1rWSWZerkC8hjrGMH4wmwSh0m+ma
-----END CERTIFICATE-----