Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/HVtOeHhQ6hy5Y8lsxzZvPEjPA5Q.roa
File:                     HVtOeHhQ6hy5Y8lsxzZvPEjPA5Q.roa (raw, json)
Hash identifier:          Fr/t+9JROACSTc3KrITNeFWmHKpI/MWM7ngz07udiJM=
Subject key identifier:   1D:5B:4E:78:78:50:EA:1C:B9:63:C9:6C:C7:36:6F:3C:48:CF:03:94
Certificate issuer:       /CN=5a0ad4655aed07c47416e7a945604794eba897ac
Certificate serial:       01919D114EF24F72950E9625AD59972FC7C1
Authority key identifier: 5A:0A:D4:65:5A:ED:07:C4:74:16:E7:A9:45:60:47:94:EB:A8:97:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WgrUZVrtB8R0FuepRWBHlOuol6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/HVtOeHhQ6hy5Y8lsxzZvPEjPA5Q.roa
Signing time:             Thu 29 Aug 2024 07:37:22 +0000
ROA not before:           Thu 29 Aug 2024 07:37:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.244.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/WgrUZVrtB8R0FuepRWBHlOuol6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/WgrUZVrtB8R0FuepRWBHlOuol6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WgrUZVrtB8R0FuepRWBHlOuol6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9d:11:4e:f2:4f:72:95:0e:96:25:ad:59:97:2f:c7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a0ad4655aed07c47416e7a945604794eba897ac
        Validity
            Not Before: Aug 29 07:37:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d5b4e787850ea1cb963c96cc7366f3c48cf0394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:37:90:9e:a8:a8:c7:24:d1:20:1f:88:03:4e:
                    a7:b1:85:a7:bd:9c:32:43:0b:95:90:81:8a:82:a2:
                    60:a3:a5:6e:3c:7f:20:c0:a3:86:9d:35:30:cb:c2:
                    bf:8a:d0:3d:82:7d:41:42:4e:af:43:c2:05:c8:8e:
                    1b:f8:7a:e1:a7:64:83:6a:98:db:44:5a:9f:df:33:
                    d3:6a:9c:29:6e:69:3f:77:55:9d:3b:30:72:c6:a7:
                    2e:fa:78:ae:68:a5:53:99:84:1e:e6:f1:1e:d2:b2:
                    4b:6d:9e:6a:66:5c:67:b2:3c:f2:f3:bc:0a:8c:05:
                    15:57:61:00:a2:30:99:57:e5:32:44:f9:21:c2:3b:
                    d3:ed:88:43:bb:b2:da:27:58:c0:f8:d2:1f:10:a5:
                    b9:75:89:e5:5c:44:fd:89:36:01:9e:e1:79:7d:f5:
                    27:53:6c:33:1e:c5:bf:e5:27:d9:44:2d:ac:ff:e6:
                    27:95:9c:63:14:7a:d1:1b:c2:1f:45:97:bb:44:90:
                    77:cf:69:c9:ad:3f:a1:af:0d:21:3f:be:25:11:95:
                    9a:e2:ac:94:5c:e7:a3:3a:5e:52:7d:f3:a1:6c:ad:
                    8a:cf:70:8d:09:6c:04:fc:57:45:48:33:e1:9b:31:
                    81:55:d1:a5:38:30:97:80:92:60:2b:b8:d7:f4:82:
                    7e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:5B:4E:78:78:50:EA:1C:B9:63:C9:6C:C7:36:6F:3C:48:CF:03:94
            X509v3 Authority Key Identifier:
                keyid:5A:0A:D4:65:5A:ED:07:C4:74:16:E7:A9:45:60:47:94:EB:A8:97:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WgrUZVrtB8R0FuepRWBHlOuol6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/HVtOeHhQ6hy5Y8lsxzZvPEjPA5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/WgrUZVrtB8R0FuepRWBHlOuol6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:3c:75:06:f2:2e:79:e4:4f:1f:ac:c3:5b:97:cb:af:2a:96:
         ce:b1:f4:3f:47:5d:e3:03:f7:d1:11:7b:cf:51:c8:2f:14:92:
         9d:90:9b:23:04:24:5f:46:85:72:bd:b9:e4:64:eb:be:90:82:
         12:4d:af:7f:21:c2:5a:48:ba:d3:05:a0:e7:ed:c7:e3:ad:e3:
         98:4f:22:1e:63:cd:1f:82:3e:bb:22:52:fa:21:e1:0a:84:1a:
         d5:b3:a9:79:ef:68:b4:f5:e6:16:7d:45:a3:f8:29:11:62:71:
         c7:04:a1:46:41:10:42:f6:ff:36:f4:a2:84:5d:f2:60:e1:ec:
         16:1e:ca:e3:17:9e:79:5a:2b:9f:43:0d:d6:b6:8a:19:42:d7:
         90:1e:a5:90:af:e1:c4:ef:f8:d8:5e:32:22:be:35:aa:dd:e6:
         3a:b3:22:1c:ef:d8:dd:78:51:6f:aa:d7:27:8d:9f:99:04:ed:
         ed:5e:02:17:f0:50:e7:43:f8:fb:b1:be:de:18:e9:cc:08:1d:
         e2:0b:34:cf:44:6f:f8:b9:b2:e2:2e:a0:fa:e8:7f:59:82:20:
         32:15:4b:df:58:5b:ca:d5:e1:fb:03:d4:0d:52:c5:07:b8:64:
         60:12:12:c0:e0:9c:3c:89:09:99:e5:26:08:b0:80:11:cd:c9:
         f9:6d:ca:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGdEU7yT3KVDpYlrVmXL8fBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMGFkNDY1NWFlZDA3YzQ3NDE2ZTdhOTQ1NjA0Nzk0ZWJh
ODk3YWMwHhcNMjQwODI5MDczNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDViNGU3ODc4NTBlYTFjYjk2M2M5NmNjNzM2NmYzYzQ4Y2YwMzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozeQnqioxyTRIB+IA06nsYWnvZwy
QwuVkIGKgqJgo6VuPH8gwKOGnTUwy8K/itA9gn1BQk6vQ8IFyI4b+Hrhp2SDapjb
RFqf3zPTapwpbmk/d1WdOzByxqcu+niuaKVTmYQe5vEe0rJLbZ5qZlxnsjzy87wK
jAUVV2EAojCZV+UyRPkhwjvT7YhDu7LaJ1jA+NIfEKW5dYnlXET9iTYBnuF5ffUn
U2wzHsW/5SfZRC2s/+YnlZxjFHrRG8IfRZe7RJB3z2nJrT+hrw0hP74lEZWa4qyU
XOejOl5SffOhbK2Kz3CNCWwE/FdFSDPhmzGBVdGlODCXgJJgK7jX9IJ+KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1bTnh4UOocuWPJbMc2bzxIzwOUMB8GA1UdIwQY
MBaAFFoK1GVa7QfEdBbnqUVgR5TrqJesMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2dyVVpWcnRCOFIwRnVlcFJXQkhsT3VvbDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy80MWI3MmEtMGZjMC00YTBmLWFjYmYt
ZWZjMzFlMDhlN2NkLzEvSFZ0T2VIaFE2aHk1WThsc3h6WnZQRWpQQTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy80MWI3MmEtMGZjMC00YTBmLWFjYmYtZWZjMzFlMDhlN2Nk
LzEvV2dyVVpWcnRCOFIwRnVlcFJXQkhsT3VvbDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufTiMA0G
CSqGSIb3DQEBCwUAA4IBAQBQPHUG8i555E8frMNbl8uvKpbOsfQ/R13jA/fREXvP
UcgvFJKdkJsjBCRfRoVyvbnkZOu+kIISTa9/IcJaSLrTBaDn7cfjreOYTyIeY80f
gj67IlL6IeEKhBrVs6l572i09eYWfUWj+CkRYnHHBKFGQRBC9v829KKEXfJg4ewW
HsrjF555WiufQw3WtooZQteQHqWQr+HE7/jYXjIivjWq3eY6syIc79jdeFFvqtcn
jZ+ZBO3tXgIX8FDnQ/j7sb7eGOnMCB3iCzTPRG/4ubLiLqD66H9ZgiAyFUvfWFvK
1eH7A9QNUsUHuGRgEhLA4Jw8iQmZ5SYIsIARzcn5bcqF
-----END CERTIFICATE-----