Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/H8pLB57z5fPmVJMGj4akuTzBZ6U.roa
File:                     H8pLB57z5fPmVJMGj4akuTzBZ6U.roa (raw, json)
Hash identifier:          KmqtvAKbOi2oAuL7c2rlf27e4ou+eIO58ZJSGtiydqo=
Subject key identifier:   1F:CA:4B:07:9E:F3:E5:F3:E6:54:93:06:8F:86:A4:B9:3C:C1:67:A5
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3BA15C1E299C29F85B3746E6421A7
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/H8pLB57z5fPmVJMGj4akuTzBZ6U.roa
Signing time:             Thu 02 Jan 2025 01:49:05 +0000
ROA not before:           Thu 02 Jan 2025 01:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     269800
IP address blocks:        95.164.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ba:15:c1:e2:99:c2:9f:85:b3:74:6e:64:21:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fca4b079ef3e5f3e65493068f86a4b93cc167a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b3:47:05:21:b6:d7:0b:59:27:bd:a9:76:ec:
                    db:7f:c3:46:f5:3a:3c:40:cc:45:85:c9:ea:75:3c:
                    65:9d:a7:97:db:79:7e:a7:a6:46:ad:38:5b:fa:a2:
                    73:3b:0c:86:65:eb:aa:a2:ac:76:a8:20:5e:30:eb:
                    94:17:fc:c3:a8:16:f9:24:51:2c:64:fd:8d:9d:41:
                    dc:88:54:50:eb:87:2a:a7:77:07:56:bc:38:7d:46:
                    27:ff:0b:08:f2:b5:b9:5a:54:de:c4:99:58:be:e6:
                    ea:9b:55:77:8f:01:bd:60:b0:95:fc:c8:2c:91:64:
                    4c:fa:18:d0:91:21:be:fd:bc:57:ec:a2:e2:76:b4:
                    17:bb:a6:7f:a2:ab:c9:c0:42:1f:9c:70:15:20:db:
                    15:6e:4d:7f:70:1e:12:82:ec:c1:6b:56:bd:39:07:
                    09:04:8a:28:78:ee:0f:32:c8:48:86:7f:4d:94:66:
                    5a:a4:02:d7:2d:f4:cd:ce:39:55:00:91:ee:72:a2:
                    9d:6b:b5:09:ac:58:e7:c7:2a:22:f9:ab:f4:9b:37:
                    f2:cb:d2:1c:dd:75:ea:a7:b7:1b:30:91:b3:1e:14:
                    65:11:e1:7b:68:0a:70:0b:63:5d:22:54:e2:64:d9:
                    66:e9:93:f6:ae:85:b7:e6:e7:6a:39:81:1f:ed:e8:
                    d5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:CA:4B:07:9E:F3:E5:F3:E6:54:93:06:8F:86:A4:B9:3C:C1:67:A5
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/H8pLB57z5fPmVJMGj4akuTzBZ6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:d4:9f:d5:55:89:fb:6a:4a:65:57:3e:51:58:c8:c1:54:72:
         04:11:3d:c8:aa:13:32:39:eb:1f:7d:f7:95:e0:36:81:01:c7:
         6e:de:20:04:24:da:d3:a4:00:6c:11:5f:b3:bf:da:fc:8c:c4:
         99:dd:f0:3e:a2:f8:6c:07:86:9c:96:30:b1:54:95:dd:88:5c:
         21:d1:00:1d:5f:38:c7:65:66:f2:99:c4:44:59:67:7e:4f:63:
         70:08:0a:c7:70:b5:fd:36:1c:f1:7c:4e:2f:56:c7:68:4e:fd:
         ea:b5:cd:6b:04:bf:5d:a7:0e:b1:68:79:3c:ff:3b:45:93:85:
         6c:e7:c7:e2:f7:83:98:03:c3:2c:78:54:92:ae:9d:ab:77:aa:
         e7:c3:93:6b:6a:bf:29:62:f9:31:b6:a3:eb:68:78:b9:1c:0c:
         36:25:6f:a2:33:ee:93:6a:86:c7:6f:0e:78:b4:7a:38:91:aa:
         b0:85:46:68:7a:09:5b:93:ef:e7:0c:83:40:eb:1b:d4:59:62:
         96:87:c9:d8:29:9a:eb:25:76:ed:01:78:2d:75:74:1b:81:19:
         ef:ab:9a:7e:7f:d2:ba:03:48:a3:a7:4a:9c:52:86:f2:18:1b:
         f5:79:35:24:be:b6:a8:42:f5:ab:fd:93:e3:01:f2:2e:54:03:
         12:3d:78:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7oVweKZwp+Fs3RuZCGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmNhNGIwNzllZjNlNWYzZTY1NDkzMDY4Zjg2YTRiOTNjYzE2N2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbNHBSG21wtZJ72pduzbf8NG9To8
QMxFhcnqdTxlnaeX23l+p6ZGrThb+qJzOwyGZeuqoqx2qCBeMOuUF/zDqBb5JFEs
ZP2NnUHciFRQ64cqp3cHVrw4fUYn/wsI8rW5WlTexJlYvubqm1V3jwG9YLCV/Mgs
kWRM+hjQkSG+/bxX7KLidrQXu6Z/oqvJwEIfnHAVINsVbk1/cB4SguzBa1a9OQcJ
BIooeO4PMshIhn9NlGZapALXLfTNzjlVAJHucqKda7UJrFjnxyoi+av0mzfyy9Ic
3XXqp7cbMJGzHhRlEeF7aApwC2NdIlTiZNlm6ZP2roW35udqOYEf7ejVowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/KSwee8+Xz5lSTBo+GpLk8wWelMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvSDhwTEI1N3o1ZlBtVkpNR2o0YWt1VHpCWjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6TsMA0G
CSqGSIb3DQEBCwUAA4IBAQAK1J/VVYn7akplVz5RWMjBVHIEET3IqhMyOesfffeV
4DaBAcdu3iAEJNrTpABsEV+zv9r8jMSZ3fA+ovhsB4acljCxVJXdiFwh0QAdXzjH
ZWbymcREWWd+T2NwCArHcLX9NhzxfE4vVsdoTv3qtc1rBL9dpw6xaHk8/ztFk4Vs
58fi94OYA8MseFSSrp2rd6rnw5Nrar8pYvkxtqPraHi5HAw2JW+iM+6TaobHbw54
tHo4kaqwhUZoeglbk+/nDINA6xvUWWKWh8nYKZrrJXbtAXgtdXQbgRnvq5p+f9K6
A0ijp0qcUobyGBv1eTUkvraoQvWr/ZPjAfIuVAMSPXit
-----END CERTIFICATE-----