Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/hHz0t8URtIwc9lvmCm9qFgIMZxQ.roa
File:                     hHz0t8URtIwc9lvmCm9qFgIMZxQ.roa (raw, json)
Hash identifier:          snUKZI6Y/f7u0IWzFpeOdUy9ANqe1Gr5dymzpj4q48s=
Subject key identifier:   84:7C:F4:B7:C5:11:B4:8C:1C:F6:5B:E6:0A:6F:6A:16:02:0C:67:14
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B940408DAA03170DF1DB650735A655
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/hHz0t8URtIwc9lvmCm9qFgIMZxQ.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203331
IP address blocks:        82.144.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:40:40:8d:aa:03:17:0d:f1:db:65:07:35:a6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=847cf4b7c511b48c1cf65be60a6f6a16020c6714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fe:73:13:31:55:4c:7c:1c:50:d6:91:24:d7:
                    fc:c1:69:65:0c:26:b9:9c:c6:20:ed:b3:7c:3d:3c:
                    8e:b7:93:4b:23:5e:75:37:4b:c7:48:c5:83:2c:4b:
                    9f:3f:b5:25:f8:a5:13:39:c8:c9:66:ab:b0:02:e9:
                    4c:68:38:9a:f4:3c:16:e2:7e:82:b2:a3:69:cd:28:
                    81:90:3f:8e:42:d6:82:05:b3:6e:4c:0f:73:ec:7f:
                    33:66:6f:3a:6b:7b:ae:26:a4:74:5d:90:97:cc:56:
                    91:b2:70:a1:0b:e1:f4:4a:d8:95:14:b4:02:87:b3:
                    55:a0:53:12:62:3d:df:93:6e:d0:fc:71:b7:bc:d1:
                    33:48:62:cc:f8:c6:aa:c8:6b:4b:b8:dc:d9:e2:d8:
                    f2:20:99:b6:44:63:a0:30:94:4f:f4:71:88:17:a3:
                    56:31:bb:3e:68:c8:15:7b:21:74:f5:33:f3:67:3b:
                    59:79:90:11:c7:58:6b:0e:34:40:a9:14:4a:82:32:
                    e2:2b:95:61:3b:84:8b:52:9c:55:bb:b9:3c:0f:c1:
                    a1:08:e4:6a:03:9a:e5:4f:f4:64:4c:bc:39:a2:6d:
                    95:71:71:c7:05:d9:a3:cc:84:a2:4c:5d:c3:3b:8d:
                    80:07:d6:d9:25:87:ad:73:56:88:63:37:80:a2:36:
                    fb:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:7C:F4:B7:C5:11:B4:8C:1C:F6:5B:E6:0A:6F:6A:16:02:0C:67:14
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/hHz0t8URtIwc9lvmCm9qFgIMZxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:64:c9:54:3e:e5:5f:75:8c:86:a7:9f:53:9b:e9:23:1e:aa:
         37:ae:e6:fe:7e:de:59:d8:d9:38:56:a2:7a:3d:8d:fa:b5:4b:
         72:0f:28:0c:87:ea:7c:04:45:02:26:b5:5a:2c:75:47:e4:2f:
         04:27:bf:78:5c:f4:10:7a:02:7a:3c:a4:74:7d:41:15:50:91:
         a7:81:31:ff:73:ee:9e:ca:ca:0d:82:35:b9:f4:16:88:71:0d:
         d9:13:1a:5e:3c:9e:e7:d4:a4:f0:73:ba:fa:5c:37:4a:c1:f1:
         ee:ee:fb:f8:10:35:46:57:3e:18:59:9f:1a:1a:08:81:cb:b7:
         71:6a:ab:24:58:56:fc:9a:3d:a8:6b:1c:06:d1:66:53:ba:60:
         7a:d8:c3:4e:af:e2:1a:fe:4c:f2:a9:10:a0:9c:57:8a:27:42:
         0a:20:31:3b:5d:ea:08:72:db:20:f8:a0:8d:a1:cb:0f:a1:ed:
         99:46:71:b4:0c:3a:f1:dd:1a:d8:df:28:3d:8f:0b:43:ba:48:
         e7:4b:9b:c5:e7:db:2e:d9:78:e3:0e:c5:52:2c:95:49:cd:02:
         37:71:b3:f3:0b:d4:36:83:16:23:6e:46:68:96:50:f7:79:9e:
         98:14:46:bf:90:5c:c4:4f:d9:0e:93:93:a7:f6:c2:d0:30:88:
         c6:bf:32:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUBAjaoDFw3x22UHNaZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDdjZjRiN2M1MTFiNDhjMWNmNjViZTYwYTZmNmExNjAyMGM2NzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhv5zEzFVTHwcUNaRJNf8wWllDCa5
nMYg7bN8PTyOt5NLI151N0vHSMWDLEufP7Ul+KUTOcjJZquwAulMaDia9DwW4n6C
sqNpzSiBkD+OQtaCBbNuTA9z7H8zZm86a3uuJqR0XZCXzFaRsnChC+H0StiVFLQC
h7NVoFMSYj3fk27Q/HG3vNEzSGLM+MaqyGtLuNzZ4tjyIJm2RGOgMJRP9HGIF6NW
Mbs+aMgVeyF09TPzZztZeZARx1hrDjRAqRRKgjLiK5VhO4SLUpxVu7k8D8GhCORq
A5rlT/RkTLw5om2VcXHHBdmjzISiTF3DO42AB9bZJYetc1aIYzeAojb71QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIR89LfFEbSMHPZb5gpvahYCDGcUMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvaEh6MHQ4VVJ0SXdjOWx2bUNtOXFGZ0lNWnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpC6MA0G
CSqGSIb3DQEBCwUAA4IBAQBkZMlUPuVfdYyGp59Tm+kjHqo3rub+ft5Z2Nk4VqJ6
PY36tUtyDygMh+p8BEUCJrVaLHVH5C8EJ794XPQQegJ6PKR0fUEVUJGngTH/c+6e
ysoNgjW59BaIcQ3ZExpePJ7n1KTwc7r6XDdKwfHu7vv4EDVGVz4YWZ8aGgiBy7dx
aqskWFb8mj2oaxwG0WZTumB62MNOr+Ia/kzyqRCgnFeKJ0IKIDE7XeoIctsg+KCN
ocsPoe2ZRnG0DDrx3RrY3yg9jwtDukjnS5vF59su2XjjDsVSLJVJzQI3cbPzC9Q2
gxYjbkZollD3eZ6YFEa/kFzET9kOk5On9sLQMIjGvzKe
-----END CERTIFICATE-----