Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/f7977e-ad30-4cb7-8ed3-29f4cd0ba804/1/h4Ouyy1iSkAjLLqkWDUO2clKMmE.roa
File:                     h4Ouyy1iSkAjLLqkWDUO2clKMmE.roa (raw, json)
Hash identifier:          IzHdDgfI0M/CNSQom4AXq2GCX4sZdY1eEA5lo1KYRZo=
Subject key identifier:   87:83:AE:CB:2D:62:4A:40:23:2C:BA:A4:58:35:0E:D9:C9:4A:32:61
Certificate issuer:       /CN=13cd87027d7d3a3b9f7c4ba4495e49e21ad5a4bb
Certificate serial:       018CC56E31E64EDDD7903746397D120881CD
Authority key identifier: 13:CD:87:02:7D:7D:3A:3B:9F:7C:4B:A4:49:5E:49:E2:1A:D5:A4:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E82HAn19OjuffEukSV5J4hrVpLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/f7977e-ad30-4cb7-8ed3-29f4cd0ba804/1/h4Ouyy1iSkAjLLqkWDUO2clKMmE.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211756
IP address blocks:        185.242.178.0/24 maxlen: 24
                          2a10:98c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/f7977e-ad30-4cb7-8ed3-29f4cd0ba804/1/E82HAn19OjuffEukSV5J4hrVpLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/f7977e-ad30-4cb7-8ed3-29f4cd0ba804/1/E82HAn19OjuffEukSV5J4hrVpLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E82HAn19OjuffEukSV5J4hrVpLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:31:e6:4e:dd:d7:90:37:46:39:7d:12:08:81:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13cd87027d7d3a3b9f7c4ba4495e49e21ad5a4bb
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8783aecb2d624a40232cbaa458350ed9c94a3261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bc:63:aa:aa:73:c4:d7:0a:63:9c:88:6b:d3:
                    e2:d7:ef:10:b7:13:28:b9:7d:ea:2d:8a:a2:7f:2a:
                    a4:f9:68:ff:ad:fd:61:d1:b8:cc:cc:7a:48:89:de:
                    88:66:64:21:17:7e:f6:f5:04:23:64:a0:c2:eb:06:
                    17:54:ae:5f:3d:ed:6c:bf:c3:f5:9e:a8:0a:7a:75:
                    92:51:f8:7b:00:3e:c0:cb:3c:23:46:c2:98:9a:8c:
                    bf:90:d8:2f:c6:2f:c5:e3:f4:fc:70:23:d0:2a:eb:
                    96:90:e1:45:d2:1a:b3:26:76:c5:38:83:76:af:8a:
                    2e:e4:bf:c0:79:9e:ea:07:eb:ce:fa:d2:e9:4e:e3:
                    c8:2c:bc:81:63:f7:c4:3a:fa:60:b1:33:0f:f8:3e:
                    e5:8c:64:26:3e:2c:3c:2c:05:c4:24:14:a4:a8:c7:
                    b7:3e:13:20:d8:4c:5b:3a:83:fe:02:37:1a:2d:c6:
                    dc:ba:19:28:d3:10:c0:55:e2:b0:87:9c:a7:73:7c:
                    07:19:f8:14:da:6e:5e:32:f9:e4:a8:e7:1f:a0:bf:
                    3c:57:d7:88:57:27:0c:59:d9:64:70:ad:57:0c:14:
                    1b:1d:a4:d3:7c:e4:7c:1c:cf:12:55:4f:dd:4f:8c:
                    96:df:8f:3a:55:56:c7:50:3d:b8:a5:90:c1:70:a4:
                    fa:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:83:AE:CB:2D:62:4A:40:23:2C:BA:A4:58:35:0E:D9:C9:4A:32:61
            X509v3 Authority Key Identifier:
                keyid:13:CD:87:02:7D:7D:3A:3B:9F:7C:4B:A4:49:5E:49:E2:1A:D5:A4:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E82HAn19OjuffEukSV5J4hrVpLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/f7977e-ad30-4cb7-8ed3-29f4cd0ba804/1/h4Ouyy1iSkAjLLqkWDUO2clKMmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/f7977e-ad30-4cb7-8ed3-29f4cd0ba804/1/E82HAn19OjuffEukSV5J4hrVpLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.178.0/24
                IPv6:
                  2a10:98c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:16:e0:44:0e:9d:ff:19:c2:f1:7b:94:2f:40:fc:4b:42:1d:
         7c:a2:f9:c6:b7:1c:04:4f:d2:5e:1b:c3:ee:48:f8:c2:9c:2c:
         f7:ac:0d:d9:ac:ad:0f:ef:bd:4e:d0:26:e4:6e:22:76:36:ce:
         3a:b4:aa:ea:4b:62:e1:50:4d:79:d4:ab:8d:b5:8b:ec:f7:8a:
         64:d5:6d:ef:80:67:90:44:90:f6:de:6f:1c:e2:af:76:d1:ea:
         1a:d9:16:7b:12:76:bb:fa:48:bd:7a:99:1c:b5:c0:ca:e0:e1:
         2b:ac:81:d8:59:a4:85:dd:fb:8e:d0:16:2b:66:de:7d:1d:56:
         5b:35:51:1d:28:1a:6c:5d:e9:e8:4a:3b:f5:08:5a:e2:6d:44:
         a1:8f:1a:e2:75:48:fa:bd:5a:0f:5b:6d:a1:ec:96:dd:28:e3:
         0a:0b:33:6a:e6:92:92:67:d8:1b:43:f3:8f:9a:ac:83:cf:86:
         1d:4f:3c:da:fc:a3:77:05:e7:21:62:de:db:bc:73:92:6d:be:
         3d:5b:2b:c0:80:cb:dc:a5:f1:06:44:08:bf:68:7b:8f:16:22:
         13:8a:94:61:93:5e:2a:d2:39:8b:a5:4e:06:de:b9:e2:78:03:
         81:78:f5:2b:ef:de:56:aa:21:10:fb:34:c7:d1:65:87:4b:ae:
         76:40:c3:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbjHmTt3XkDdGOX0SCIHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzY2Q4NzAyN2Q3ZDNhM2I5ZjdjNGJhNDQ5NWU0OWUyMWFk
NWE0YmIwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzgzYWVjYjJkNjI0YTQwMjMyY2JhYTQ1ODM1MGVkOWM5NGEzMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLxjqqpzxNcKY5yIa9Pi1+8QtxMo
uX3qLYqifyqk+Wj/rf1h0bjMzHpIid6IZmQhF3729QQjZKDC6wYXVK5fPe1sv8P1
nqgKenWSUfh7AD7AyzwjRsKYmoy/kNgvxi/F4/T8cCPQKuuWkOFF0hqzJnbFOIN2
r4ou5L/AeZ7qB+vO+tLpTuPILLyBY/fEOvpgsTMP+D7ljGQmPiw8LAXEJBSkqMe3
PhMg2ExbOoP+AjcaLcbcuhko0xDAVeKwh5ync3wHGfgU2m5eMvnkqOcfoL88V9eI
VycMWdlkcK1XDBQbHaTTfOR8HM8SVU/dT4yW3486VVbHUD24pZDBcKT6gwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIeDrsstYkpAIyy6pFg1DtnJSjJhMB8GA1UdIwQY
MBaAFBPNhwJ9fTo7n3xLpEleSeIa1aS7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTgySEFuMTlPanVmZkV1a1NWNUo0aHJWcExzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9mNzk3N2UtYWQzMC00Y2I3LThlZDMt
MjlmNGNkMGJhODA0LzEvaDRPdXl5MWlTa0FqTExxa1dEVU8yY2xLTW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9mNzk3N2UtYWQzMC00Y2I3LThlZDMtMjlmNGNkMGJhODA0
LzEvRTgySEFuMTlPanVmZkV1a1NWNUo0aHJWcExzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufKyMA0E
AgACMAcDBQMqEJjAMA0GCSqGSIb3DQEBCwUAA4IBAQDAFuBEDp3/GcLxe5QvQPxL
Qh18ovnGtxwET9JeG8PuSPjCnCz3rA3ZrK0P771O0CbkbiJ2Ns46tKrqS2LhUE15
1KuNtYvs94pk1W3vgGeQRJD23m8c4q920eoa2RZ7Ena7+ki9epkctcDK4OErrIHY
WaSF3fuO0BYrZt59HVZbNVEdKBpsXenoSjv1CFribUShjxridUj6vVoPW22h7Jbd
KOMKCzNq5pKSZ9gbQ/OPmqyDz4YdTzza/KN3BechYt7bvHOSbb49WyvAgMvcpfEG
RAi/aHuPFiITipRhk14q0jmLpU4G3rnieAOBePUr795WqiEQ+zTH0WWHS652QMNp
-----END CERTIFICATE-----