Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/5e0f5a-c6e7-43e8-bb21-47dc08d7e3ba/1/NhqlXNnUEWOXpgvolT5yHz-Mj7g.roa
File:                     NhqlXNnUEWOXpgvolT5yHz-Mj7g.roa (raw, json)
Hash identifier:          8PKabQ+KxvNCCMJRwVpvRums0/QSKKdNFH0w4OP/lbo=
Subject key identifier:   36:1A:A5:5C:D9:D4:11:63:97:A6:0B:E8:95:3E:72:1F:3F:8C:8F:B8
Certificate issuer:       /CN=85b919a3feb0ec966299ff0fae8defcb415e22fe
Certificate serial:       018F548C5F6E05A85CEC2A29DC964F27A58F
Authority key identifier: 85:B9:19:A3:FE:B0:EC:96:62:99:FF:0F:AE:8D:EF:CB:41:5E:22:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hbkZo_6w7JZimf8Pro3vy0FeIv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/5e0f5a-c6e7-43e8-bb21-47dc08d7e3ba/1/NhqlXNnUEWOXpgvolT5yHz-Mj7g.roa
Signing time:             Tue 07 May 2024 19:33:56 +0000
ROA not before:           Tue 07 May 2024 19:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215054
IP address blocks:        194.164.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/5e0f5a-c6e7-43e8-bb21-47dc08d7e3ba/1/hbkZo_6w7JZimf8Pro3vy0FeIv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/5e0f5a-c6e7-43e8-bb21-47dc08d7e3ba/1/hbkZo_6w7JZimf8Pro3vy0FeIv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hbkZo_6w7JZimf8Pro3vy0FeIv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:54:8c:5f:6e:05:a8:5c:ec:2a:29:dc:96:4f:27:a5:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85b919a3feb0ec966299ff0fae8defcb415e22fe
        Validity
            Not Before: May  7 19:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=361aa55cd9d4116397a60be8953e721f3f8c8fb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:92:20:84:a2:7f:78:85:50:89:3c:da:77:5f:
                    bc:72:5a:f2:c9:ef:8e:1c:b4:43:40:78:0d:4b:a8:
                    5f:4d:b9:74:c8:22:34:5d:30:e2:d9:35:89:4c:18:
                    2d:4f:94:d6:35:86:61:9e:3c:44:cd:81:c6:37:4e:
                    84:a5:9c:22:83:0a:53:b9:fc:f5:86:d9:72:56:98:
                    d1:e2:ad:aa:cb:93:37:9e:f5:a8:d1:42:6b:0d:0d:
                    9a:26:44:3e:af:ba:e3:e3:b0:20:07:1d:78:e9:62:
                    e5:ea:f1:ca:0a:af:7e:2c:d2:41:20:bc:6a:26:c4:
                    e5:dd:59:3e:5d:ec:79:f6:8c:6a:65:7e:d6:b5:24:
                    0f:88:1f:a7:30:fb:eb:97:d7:02:84:65:ce:11:27:
                    37:17:05:76:ed:ee:7c:5d:fc:75:f4:16:66:04:c7:
                    23:4c:09:cb:91:f0:c7:ae:46:2c:4f:d5:3d:48:fe:
                    6f:bc:38:75:04:b3:5c:99:3e:47:5e:77:45:2d:e2:
                    da:58:57:38:47:33:94:27:8d:f4:df:2b:b5:13:83:
                    b6:29:4e:20:f4:e2:ef:77:54:59:b4:9c:3b:8d:37:
                    44:52:de:3d:b0:c5:85:a0:cc:19:c5:77:2a:ce:29:
                    10:cc:bf:50:e0:81:30:1e:28:4b:4a:06:b1:79:49:
                    19:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:1A:A5:5C:D9:D4:11:63:97:A6:0B:E8:95:3E:72:1F:3F:8C:8F:B8
            X509v3 Authority Key Identifier:
                keyid:85:B9:19:A3:FE:B0:EC:96:62:99:FF:0F:AE:8D:EF:CB:41:5E:22:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hbkZo_6w7JZimf8Pro3vy0FeIv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/5e0f5a-c6e7-43e8-bb21-47dc08d7e3ba/1/NhqlXNnUEWOXpgvolT5yHz-Mj7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/5e0f5a-c6e7-43e8-bb21-47dc08d7e3ba/1/hbkZo_6w7JZimf8Pro3vy0FeIv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:1e:a7:69:33:fb:bc:e5:2a:f7:da:14:6a:c8:0c:e4:01:31:
         bd:66:c6:03:41:47:68:67:aa:7f:99:29:32:2f:d5:a3:6f:a2:
         cb:41:d9:e4:09:0c:7d:a7:b6:65:9e:99:08:d7:3c:47:76:8e:
         9f:1e:66:2f:ad:00:b6:e0:8f:51:a9:e0:04:3d:72:f8:84:16:
         1e:60:82:34:fe:33:91:64:db:97:0c:ed:0b:af:ed:56:96:65:
         d6:f4:d5:0c:18:ba:86:aa:61:8b:2f:3b:5b:8f:54:33:29:80:
         6d:8a:9e:e4:e4:58:4a:59:54:a8:be:2a:26:fd:c0:f1:02:05:
         13:35:41:85:b2:99:1d:e3:eb:62:b7:44:3d:c6:89:de:37:75:
         4e:5b:cc:bd:9a:d8:d5:33:88:b2:10:ae:f3:da:da:13:9c:20:
         b3:f3:5a:26:8c:51:89:bd:4c:7b:71:5b:f1:6d:b7:2d:10:11:
         0c:06:cc:45:7f:d4:7d:26:53:a0:8b:72:82:53:80:c4:ce:bf:
         3b:f8:32:21:22:27:fc:19:c1:4b:f4:51:ee:14:bc:44:02:43:
         c2:cd:38:97:c9:91:5a:c7:a3:02:e5:79:d0:4a:18:c0:45:be:
         3c:03:6e:b0:cd:99:8c:8b:f8:b4:53:07:0b:e5:87:bd:d8:b0:
         bf:74:01:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9UjF9uBahc7Cop3JZPJ6WPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YjkxOWEzZmViMGVjOTY2Mjk5ZmYwZmFlOGRlZmNiNDE1
ZTIyZmUwHhcNMjQwNTA3MTkzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjFhYTU1Y2Q5ZDQxMTYzOTdhNjBiZTg5NTNlNzIxZjNmOGM4ZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5IghKJ/eIVQiTzad1+8clryye+O
HLRDQHgNS6hfTbl0yCI0XTDi2TWJTBgtT5TWNYZhnjxEzYHGN06EpZwigwpTufz1
htlyVpjR4q2qy5M3nvWo0UJrDQ2aJkQ+r7rj47AgBx146WLl6vHKCq9+LNJBILxq
JsTl3Vk+Xex59oxqZX7WtSQPiB+nMPvrl9cChGXOESc3FwV27e58Xfx19BZmBMcj
TAnLkfDHrkYsT9U9SP5vvDh1BLNcmT5HXndFLeLaWFc4RzOUJ4303yu1E4O2KU4g
9OLvd1RZtJw7jTdEUt49sMWFoMwZxXcqzikQzL9Q4IEwHihLSgaxeUkZUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYapVzZ1BFjl6YL6JU+ch8/jI+4MB8GA1UdIwQY
MBaAFIW5GaP+sOyWYpn/D66N78tBXiL+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGJrWm9fNnc3SlppbWY4UHJvM3Z5MEZlSXY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy81ZTBmNWEtYzZlNy00M2U4LWJiMjEt
NDdkYzA4ZDdlM2JhLzEvTmhxbFhOblVFV09YcGd2b2xUNXlIei1NajdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy81ZTBmNWEtYzZlNy00M2U4LWJiMjEtNDdkYzA4ZDdlM2Jh
LzEvaGJrWm9fNnc3SlppbWY4UHJvM3Z5MEZlSXY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqTpMA0G
CSqGSIb3DQEBCwUAA4IBAQCdHqdpM/u85Sr32hRqyAzkATG9ZsYDQUdoZ6p/mSky
L9Wjb6LLQdnkCQx9p7ZlnpkI1zxHdo6fHmYvrQC24I9RqeAEPXL4hBYeYII0/jOR
ZNuXDO0Lr+1WlmXW9NUMGLqGqmGLLztbj1QzKYBtip7k5FhKWVSoviom/cDxAgUT
NUGFspkd4+tit0Q9xoneN3VOW8y9mtjVM4iyEK7z2toTnCCz81omjFGJvUx7cVvx
bbctEBEMBsxFf9R9JlOgi3KCU4DEzr87+DIhIif8GcFL9FHuFLxEAkPCzTiXyZFa
x6MC5XnQShjARb48A26wzZmMi/i0UwcL5Ye92LC/dAGF
-----END CERTIFICATE-----