Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hbe_ocqvBKTHQ-cr_Z79oFtrJ4Y.roa
File:                     Hbe_ocqvBKTHQ-cr_Z79oFtrJ4Y.roa (raw, json)
Hash identifier:          Exg/RtZfPGo2NkVeAph9xa6TwXJcLl0JSx6LaZjm1bY=
Subject key identifier:   1D:B7:BF:A1:CA:AF:04:A4:C7:43:E7:2B:FD:9E:FD:A0:5B:6B:27:86
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019251F5147227E6435C784FAC69887DBC75
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hbe_ocqvBKTHQ-cr_Z79oFtrJ4Y.roa
Signing time:             Thu 03 Oct 2024 10:37:48 +0000
ROA not before:           Thu 03 Oct 2024 10:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        81.181.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:f5:14:72:27:e6:43:5c:78:4f:ac:69:88:7d:bc:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct  3 10:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1db7bfa1caaf04a4c743e72bfd9efda05b6b2786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a5:c6:b0:af:73:d0:18:a8:11:d6:38:a2:44:
                    24:7d:81:5d:01:c1:b6:0c:78:1f:eb:48:9d:b0:50:
                    9c:95:fa:a0:6b:be:8e:5d:c7:74:27:0b:0b:93:d8:
                    1f:9d:ad:7e:66:89:20:b3:8e:0b:48:a9:0b:26:54:
                    63:55:a5:b3:50:b0:09:8d:26:c5:6c:cf:c2:a2:30:
                    d3:b6:ef:ca:bd:df:a2:62:35:00:06:9a:e1:44:91:
                    c9:6f:0f:65:f5:2d:90:ed:a2:16:97:cd:74:ec:98:
                    3b:17:63:e1:e3:62:cd:c5:b6:a2:df:86:f6:03:ed:
                    83:05:43:a0:be:fd:d2:4b:36:f9:9c:cf:66:0a:08:
                    64:36:7a:1d:c4:50:fb:c1:f6:fe:6d:8b:a1:83:66:
                    92:e7:af:49:b0:cf:4c:16:0b:8e:7a:f2:28:7e:b3:
                    b1:b2:c2:d9:6f:b8:29:89:d8:46:0b:85:60:52:fb:
                    6c:c2:3e:18:b9:43:18:cf:d6:98:80:8e:23:4a:4d:
                    21:6f:27:f7:eb:7a:29:33:bc:86:a5:b3:cc:88:d6:
                    bc:ac:16:8d:53:e4:82:a2:29:21:98:f8:d3:f4:db:
                    46:62:84:da:5e:d3:97:88:b4:e7:29:6e:09:b7:0b:
                    91:22:60:15:78:b6:8f:49:79:82:b5:31:4b:c6:69:
                    c5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B7:BF:A1:CA:AF:04:A4:C7:43:E7:2B:FD:9E:FD:A0:5B:6B:27:86
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hbe_ocqvBKTHQ-cr_Z79oFtrJ4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:f0:6a:53:af:fa:c4:e2:0f:18:eb:fa:fc:23:01:6b:6d:09:
         3e:84:86:e1:d7:49:da:eb:ce:c0:87:b3:f1:52:de:de:a8:73:
         e1:9f:a2:2a:cb:f2:e3:96:7c:30:c4:68:f7:62:6c:a7:10:db:
         d4:01:38:df:15:a2:9b:9f:fb:c2:3c:23:85:60:e9:48:df:92:
         c2:fd:db:c3:ff:f0:50:18:68:98:b9:8c:38:23:a2:c7:ed:d0:
         84:8a:ce:f6:4d:86:d0:90:d9:f5:8a:27:f9:e7:52:ec:42:09:
         79:99:97:62:3e:59:75:2c:0c:18:95:a3:f0:fa:fe:ba:c4:35:
         9a:7e:e4:19:a3:bd:d8:fe:5e:f2:14:39:8b:96:56:a8:d8:fb:
         34:7a:ed:40:b0:32:c7:09:bf:4b:d9:9a:a9:33:b9:0b:2e:fc:
         b1:d3:2e:6a:ba:33:41:7a:02:15:d9:23:32:cd:ea:5d:6d:f0:
         f1:26:01:1d:78:ad:b0:8d:a5:b5:23:94:83:23:ea:73:30:47:
         27:bf:49:e9:77:f8:fd:07:b1:b1:d7:33:81:45:67:ad:d2:34:
         1e:3c:55:73:f1:e0:4c:ab:24:9b:1b:46:94:10:fb:b3:fa:ae:
         e2:61:e3:d0:ce:0f:63:4b:1a:c7:3c:c9:d2:c3:3f:ee:f1:9b:
         4d:87:da:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJR9RRyJ+ZDXHhPrGmIfbx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQxMDAzMTAzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI3YmZhMWNhYWYwNGE0Yzc0M2U3MmJmZDllZmRhMDViNmIyNzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6XGsK9z0BioEdY4okQkfYFdAcG2
DHgf60idsFCclfqga76OXcd0JwsLk9gfna1+Zokgs44LSKkLJlRjVaWzULAJjSbF
bM/CojDTtu/Kvd+iYjUABprhRJHJbw9l9S2Q7aIWl8107Jg7F2Ph42LNxbai34b2
A+2DBUOgvv3SSzb5nM9mCghkNnodxFD7wfb+bYuhg2aS569JsM9MFguOevIofrOx
ssLZb7gpidhGC4VgUvtswj4YuUMYz9aYgI4jSk0hbyf363opM7yGpbPMiNa8rBaN
U+SCoikhmPjT9NtGYoTaXtOXiLTnKW4JtwuRImAVeLaPSXmCtTFLxmnFAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB23v6HKrwSkx0PnK/2e/aBbayeGMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvSGJlX29jcXZCS1RIUS1jcl9aNzlvRnRySjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbX0MA0G
CSqGSIb3DQEBCwUAA4IBAQAh8GpTr/rE4g8Y6/r8IwFrbQk+hIbh10na687Ah7Px
Ut7eqHPhn6Iqy/LjlnwwxGj3YmynENvUATjfFaKbn/vCPCOFYOlI35LC/dvD//BQ
GGiYuYw4I6LH7dCEis72TYbQkNn1iif551LsQgl5mZdiPll1LAwYlaPw+v66xDWa
fuQZo73Y/l7yFDmLllao2Ps0eu1AsDLHCb9L2ZqpM7kLLvyx0y5qujNBegIV2SMy
zepdbfDxJgEdeK2wjaW1I5SDI+pzMEcnv0npd/j9B7Gx1zOBRWet0jQePFVz8eBM
qySbG0aUEPuz+q7iYePQzg9jSxrHPMnSwz/u8ZtNh9ru
-----END CERTIFICATE-----