Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/hAVC08FxpJFnXfaeJz29NCq7Sug.roa
File:                     hAVC08FxpJFnXfaeJz29NCq7Sug.roa (raw, json)
Hash identifier:          ApHYhoJ0ZC5NYrtBeVMJI/3kAo+MHYIlbbcC8nWTcEw=
Subject key identifier:   84:05:42:D3:C1:71:A4:91:67:5D:F6:9E:27:3D:BD:34:2A:BB:4A:E8
Certificate issuer:       /CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
Certificate serial:       019425FD678D4CF1815015CB9D28DB0B78F4
Authority key identifier: AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/hAVC08FxpJFnXfaeJz29NCq7Sug.roa
Signing time:             Thu 02 Jan 2025 07:49:11 +0000
ROA not before:           Thu 02 Jan 2025 07:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        84.33.14.0/24 maxlen: 24
                          84.33.244.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:67:8d:4c:f1:81:50:15:cb:9d:28:db:0b:78:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
        Validity
            Not Before: Jan  2 07:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=840542d3c171a491675df69e273dbd342abb4ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:54:47:c6:c1:a9:74:f9:82:8c:6d:fc:5e:59:
                    3a:75:82:4e:f0:3f:55:15:9d:b7:c3:0d:75:5c:53:
                    f3:9f:c0:49:21:39:6c:63:bb:fd:95:a3:43:8d:e9:
                    7a:4d:9b:b5:fc:c8:39:2a:e5:14:0a:92:09:e1:08:
                    b3:f5:74:25:b9:5d:06:98:51:31:6f:bd:8f:f2:69:
                    6d:29:33:f7:aa:b4:e7:c6:6a:9b:09:4b:a1:d7:1e:
                    74:94:9c:4a:aa:89:43:c8:10:09:c1:15:88:5b:4c:
                    04:69:72:83:43:17:74:04:f5:e0:2c:9a:cb:9f:38:
                    58:3f:c2:8c:e2:d1:59:c8:03:82:2d:54:a0:98:a5:
                    1e:96:c2:86:b6:13:70:60:29:60:26:21:c1:07:57:
                    2b:f6:53:79:cc:79:b3:33:92:f6:cb:0f:27:85:5b:
                    11:a6:9e:fc:11:1d:01:d5:d9:ca:7c:b8:0d:39:9c:
                    fe:59:f4:57:79:92:10:8c:c7:90:33:74:fd:dd:67:
                    68:a7:d0:41:6d:08:2c:2c:e8:de:1a:b0:c3:a8:55:
                    0e:a4:ff:a2:9d:ba:2e:3a:dc:25:4a:f5:0b:9b:dc:
                    e7:3d:3b:d5:ca:3c:ee:28:47:70:85:f1:98:53:91:
                    fb:d1:ec:f5:9e:b1:da:5e:04:5d:15:85:97:ef:59:
                    13:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:05:42:D3:C1:71:A4:91:67:5D:F6:9E:27:3D:BD:34:2A:BB:4A:E8
            X509v3 Authority Key Identifier:
                keyid:AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/hAVC08FxpJFnXfaeJz29NCq7Sug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.33.14.0/24
                  84.33.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:21:1a:08:ec:b7:cd:72:a0:06:54:af:38:62:93:e6:b6:e7:
         b3:f4:06:66:bb:1b:9b:0d:f1:c3:6a:be:f2:2c:2a:db:de:f1:
         87:b6:5e:fc:fc:19:83:99:57:dc:26:31:97:ba:42:e9:54:c9:
         8d:9a:a2:54:30:21:a7:c3:8f:44:bf:8a:18:b1:2b:bd:da:5f:
         9c:aa:32:66:b4:50:ae:87:16:dd:0b:24:37:cd:81:68:4f:50:
         9a:b8:90:ad:1f:bd:eb:46:9c:46:a6:ed:ef:c4:b9:2b:98:01:
         2a:0c:d1:f8:b1:3e:a0:59:17:36:6d:e8:a1:6e:31:c6:62:08:
         c3:b1:b0:eb:46:c3:73:c9:78:3c:e1:c9:67:1a:12:af:67:b7:
         fe:b6:72:44:e1:1b:e8:3d:e1:1d:4b:ce:f4:c6:6a:44:80:63:
         46:b7:a3:82:e8:62:0f:b6:b0:76:03:90:da:6b:a6:53:de:7b:
         af:b2:f2:3c:0b:23:cf:6d:c0:79:7c:fa:fa:2f:23:74:1b:85:
         8e:9b:93:21:79:6a:5f:0c:80:18:20:aa:8c:44:23:f4:62:c3:
         93:fb:1a:5f:43:de:66:31:5b:62:0a:1d:34:dd:b5:36:74:0a:
         2d:4d:9a:02:4d:c0:6f:13:61:6a:57:11:c2:32:e1:5b:2c:2d:
         5c:e9:1e:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/WeNTPGBUBXLnSjbC3j0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZWJjOWJmZWYyYjRkMjNmMTk1MTNiZmQ0ZDYwYmI3OThm
NWE1OWQwHhcNMjUwMTAyMDc0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDA1NDJkM2MxNzFhNDkxNjc1ZGY2OWUyNzNkYmQzNDJhYmI0YWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVRHxsGpdPmCjG38Xlk6dYJO8D9V
FZ23ww11XFPzn8BJITlsY7v9laNDjel6TZu1/Mg5KuUUCpIJ4Qiz9XQluV0GmFEx
b72P8mltKTP3qrTnxmqbCUuh1x50lJxKqolDyBAJwRWIW0wEaXKDQxd0BPXgLJrL
nzhYP8KM4tFZyAOCLVSgmKUelsKGthNwYClgJiHBB1cr9lN5zHmzM5L2yw8nhVsR
pp78ER0B1dnKfLgNOZz+WfRXeZIQjMeQM3T93Wdop9BBbQgsLOjeGrDDqFUOpP+i
nbouOtwlSvULm9znPTvVyjzuKEdwhfGYU5H70ez1nrHaXgRdFYWX71kT3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIQFQtPBcaSRZ132nic9vTQqu0roMB8GA1UdIwQY
MBaAFKrryb/vK00j8ZUTv9TWC7eY9aWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXV2SnYtOHJUU1B4bFJPXzFOWUx0NWoxcFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9mYjEyODktNGQxNC00MGYwLTk2Nzkt
MTFhZmI0OTkyZWVmLzEvaEFWQzA4RnhwSkZuWGZhZUp6MjlOQ3E3U3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9mYjEyODktNGQxNC00MGYwLTk2NzktMTFhZmI0OTkyZWVm
LzEvcXV2SnYtOHJUU1B4bFJPXzFOWUx0NWoxcFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCEOAwQB
VCH0MA0GCSqGSIb3DQEBCwUAA4IBAQC+IRoI7LfNcqAGVK84YpPmtuez9AZmuxub
DfHDar7yLCrb3vGHtl78/BmDmVfcJjGXukLpVMmNmqJUMCGnw49Ev4oYsSu92l+c
qjJmtFCuhxbdCyQ3zYFoT1CauJCtH73rRpxGpu3vxLkrmAEqDNH4sT6gWRc2beih
bjHGYgjDsbDrRsNzyXg84clnGhKvZ7f+tnJE4RvoPeEdS870xmpEgGNGt6OC6GIP
trB2A5Daa6ZT3nuvsvI8CyPPbcB5fPr6LyN0G4WOm5MheWpfDIAYIKqMRCP0YsOT
+xpfQ95mMVtiCh003bU2dAotTZoCTcBvE2FqVxHCMuFbLC1c6R6b
-----END CERTIFICATE-----