Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/27a748-884d-4f19-b285-59199331ee09/1/hGgGDOXVkgwSfaTNB6f2wdhDGxs.roa
File:                     hGgGDOXVkgwSfaTNB6f2wdhDGxs.roa (raw, json)
Hash identifier:          dHzb/LeQLw4ask3VtI96WQsjNqnR7mMY0YrnMxa/VN8=
Subject key identifier:   84:68:06:0C:E5:D5:92:0C:12:7D:A4:CD:07:A7:F6:C1:D8:43:1B:1B
Certificate issuer:       /CN=5aa58d5f2712ccc0044b59efa7cbc3e98c5fc25c
Certificate serial:       018CC349053ECF7AE857E21A830842FE56C0
Authority key identifier: 5A:A5:8D:5F:27:12:CC:C0:04:4B:59:EF:A7:CB:C3:E9:8C:5F:C2:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WqWNXycSzMAES1nvp8vD6Yxfwlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/27a748-884d-4f19-b285-59199331ee09/1/hGgGDOXVkgwSfaTNB6f2wdhDGxs.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39910
IP address blocks:        185.203.90.0/24 maxlen: 24
                          2a10:7a40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/27a748-884d-4f19-b285-59199331ee09/1/WqWNXycSzMAES1nvp8vD6Yxfwlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/27a748-884d-4f19-b285-59199331ee09/1/WqWNXycSzMAES1nvp8vD6Yxfwlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WqWNXycSzMAES1nvp8vD6Yxfwlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:05:3e:cf:7a:e8:57:e2:1a:83:08:42:fe:56:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5aa58d5f2712ccc0044b59efa7cbc3e98c5fc25c
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8468060ce5d5920c127da4cd07a7f6c1d8431b1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2d:c0:08:6e:c4:b0:fc:95:4a:cc:e1:3f:92:
                    66:2e:c9:e9:b9:01:a0:9c:01:99:e2:11:c7:2c:88:
                    20:47:f0:54:ab:b4:aa:4e:72:fc:8e:5e:a2:e8:35:
                    56:d2:ab:70:ce:ba:f3:37:bc:39:ab:1c:72:90:0d:
                    9d:81:6f:5c:e3:1f:28:fd:1b:64:a9:1d:76:75:4c:
                    d9:ed:c6:3d:10:36:1e:3b:02:d8:41:fe:5e:f8:8c:
                    0f:14:bb:c9:6f:7a:f5:f8:4b:87:9c:84:6b:4f:bf:
                    4d:df:9a:d0:0e:40:1f:df:b0:7b:69:90:ed:96:01:
                    0d:36:fd:c8:4b:db:94:a0:2b:e1:5c:96:1d:fd:37:
                    12:73:bc:d4:07:8b:c2:8e:1b:be:8c:33:8e:29:12:
                    bd:a7:eb:78:07:d9:4a:d4:05:7a:e2:97:2d:19:76:
                    4f:34:fe:fb:50:2f:84:e7:e1:54:bd:63:dc:4d:7c:
                    ab:16:f4:51:6a:eb:e8:d2:f5:01:93:4c:a9:37:bb:
                    7b:b3:c6:34:d4:a4:30:ca:7e:f6:b2:8f:97:8b:71:
                    b8:c0:22:9c:ce:56:77:7e:2e:91:39:52:0e:e1:07:
                    b1:7e:6c:97:0d:3c:d8:4e:4e:51:ff:fe:ba:ec:75:
                    ce:84:9e:d1:2a:d4:67:dc:b0:28:21:c1:10:47:8a:
                    c8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:68:06:0C:E5:D5:92:0C:12:7D:A4:CD:07:A7:F6:C1:D8:43:1B:1B
            X509v3 Authority Key Identifier:
                keyid:5A:A5:8D:5F:27:12:CC:C0:04:4B:59:EF:A7:CB:C3:E9:8C:5F:C2:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WqWNXycSzMAES1nvp8vD6Yxfwlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/27a748-884d-4f19-b285-59199331ee09/1/hGgGDOXVkgwSfaTNB6f2wdhDGxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/27a748-884d-4f19-b285-59199331ee09/1/WqWNXycSzMAES1nvp8vD6Yxfwlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.90.0/24
                IPv6:
                  2a10:7a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:2b:63:9d:93:ea:3b:2c:a2:84:f1:dd:c8:ec:eb:a5:73:8a:
         9f:03:0c:f9:37:c9:7d:d7:2d:d5:8e:3c:76:9f:ef:c3:f5:fb:
         04:97:8d:66:0f:ec:ff:5f:40:b5:f7:d3:ae:27:7a:d6:5c:87:
         a7:6e:10:87:5b:e9:0b:ff:d1:8e:27:18:e3:bf:be:44:20:2a:
         86:b6:16:51:42:bd:c4:0c:15:08:cd:3f:0c:c5:73:4d:c7:7e:
         d4:70:68:7f:9b:5f:a6:c3:94:3e:b2:ec:7e:c5:c9:de:37:ad:
         4b:aa:06:de:05:c8:6d:f3:32:53:40:a3:5c:3a:12:55:5f:ca:
         6c:82:3d:0f:27:4f:c7:15:f6:f8:0a:7b:07:1d:a6:cb:70:15:
         e6:08:69:b0:29:cf:53:a6:65:23:8c:16:bd:7f:91:ea:b5:c7:
         73:a7:c7:d7:12:d3:ab:dc:9b:d2:a1:62:30:c7:0c:71:a3:85:
         c2:ff:ce:0c:2a:a1:ae:a2:21:f7:12:b9:08:e5:a6:58:f9:38:
         5b:af:76:d3:24:8b:50:12:d3:70:dc:85:b7:da:c6:0e:b8:36:
         83:6d:a2:32:2d:dd:2a:bd:e1:00:cf:32:d9:5c:51:a3:f6:f0:
         fa:e1:4b:cc:1d:9f:6d:70:43:41:02:9b:7c:43:69:4c:c0:d1:
         d1:5b:5d:63
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSQU+z3roV+IagwhC/lbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYTU4ZDVmMjcxMmNjYzAwNDRiNTllZmE3Y2JjM2U5OGM1
ZmMyNWMwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDY4MDYwY2U1ZDU5MjBjMTI3ZGE0Y2QwN2E3ZjZjMWQ4NDMxYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS3ACG7EsPyVSszhP5JmLsnpuQGg
nAGZ4hHHLIggR/BUq7SqTnL8jl6i6DVW0qtwzrrzN7w5qxxykA2dgW9c4x8o/Rtk
qR12dUzZ7cY9EDYeOwLYQf5e+IwPFLvJb3r1+EuHnIRrT79N35rQDkAf37B7aZDt
lgENNv3IS9uUoCvhXJYd/TcSc7zUB4vCjhu+jDOOKRK9p+t4B9lK1AV64pctGXZP
NP77UC+E5+FUvWPcTXyrFvRRauvo0vUBk0ypN7t7s8Y01KQwyn72so+Xi3G4wCKc
zlZ3fi6ROVIO4QexfmyXDTzYTk5R//667HXOhJ7RKtRn3LAoIcEQR4rIDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIRoBgzl1ZIMEn2kzQen9sHYQxsbMB8GA1UdIwQY
MBaAFFqljV8nEszABEtZ76fLw+mMX8JcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3FXTlh5Y1N6TUFFUzFudnA4dkQ2WXhmd2x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8yN2E3NDgtODg0ZC00ZjE5LWIyODUt
NTkxOTkzMzFlZTA5LzEvaEdnR0RPWFZrZ3dTZmFUTkI2ZjJ3ZGhER3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8yN2E3NDgtODg0ZC00ZjE5LWIyODUtNTkxOTkzMzFlZTA5
LzEvV3FXTlh5Y1N6TUFFUzFudnA4dkQ2WXhmd2x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuctaMA0E
AgACMAcDBQMqEHpAMA0GCSqGSIb3DQEBCwUAA4IBAQAsK2Odk+o7LKKE8d3I7Oul
c4qfAwz5N8l91y3Vjjx2n+/D9fsEl41mD+z/X0C199OuJ3rWXIenbhCHW+kL/9GO
Jxjjv75EICqGthZRQr3EDBUIzT8MxXNNx37UcGh/m1+mw5Q+sux+xcneN61Lqgbe
Bcht8zJTQKNcOhJVX8psgj0PJ0/HFfb4CnsHHabLcBXmCGmwKc9TpmUjjBa9f5Hq
tcdzp8fXEtOr3JvSoWIwxwxxo4XC/84MKqGuoiH3ErkI5aZY+Thbr3bTJItQEtNw
3IW32sYOuDaDbaIyLd0qveEAzzLZXFGj9vD64UvMHZ9tcENBApt8Q2lMwNHRW11j
-----END CERTIFICATE-----