Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/hm8rjmqZCrJZozvFKbZ-CBRhQFw.roa
File:                     hm8rjmqZCrJZozvFKbZ-CBRhQFw.roa (raw, json)
Hash identifier:          jf5LXKzmjLGSVMgCMBQjibyX3nwWBUg2ykB47z4QZsE=
Subject key identifier:   86:6F:2B:8E:6A:99:0A:B2:59:A3:3B:C5:29:B6:7E:08:14:61:40:5C
Certificate issuer:       /CN=1ddd15ef2f59abb95f2d9be5cee3303888623b97
Certificate serial:       019423D6F26E2830495EF77752FCF45FF0EA
Authority key identifier: 1D:DD:15:EF:2F:59:AB:B9:5F:2D:9B:E5:CE:E3:30:38:88:62:3B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/hm8rjmqZCrJZozvFKbZ-CBRhQFw.roa
Signing time:             Wed 01 Jan 2025 21:47:56 +0000
ROA not before:           Wed 01 Jan 2025 21:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50876
IP address blocks:        193.202.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f2:6e:28:30:49:5e:f7:77:52:fc:f4:5f:f0:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ddd15ef2f59abb95f2d9be5cee3303888623b97
        Validity
            Not Before: Jan  1 21:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=866f2b8e6a990ab259a33bc529b67e081461405c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:db:cb:04:da:4b:b0:0c:38:6d:63:f7:33:fa:
                    77:fe:f6:9e:eb:3c:6a:d5:95:6a:14:dd:14:d0:ec:
                    a8:44:f0:bb:28:ab:db:69:39:dc:5b:fa:e3:ba:8b:
                    2d:1f:2e:36:67:62:1d:1d:a2:e5:0a:6d:8e:06:d3:
                    c5:6a:12:6b:02:24:41:d0:7e:7f:e8:29:94:3c:bf:
                    a0:5f:5e:74:cb:fb:54:2e:d3:a3:c8:da:71:e2:5a:
                    be:eb:aa:ea:67:74:9d:15:92:28:90:39:0c:ee:4b:
                    94:06:63:58:9d:9b:21:1d:13:3a:a0:42:a3:c1:a7:
                    b1:fd:09:fe:29:26:f1:17:a8:07:eb:e6:fc:ad:9c:
                    ab:86:e7:be:eb:67:d5:e5:28:ea:34:c5:d6:7c:47:
                    73:91:0b:3c:ed:89:59:21:36:22:52:dc:00:f0:9c:
                    0c:8f:bf:fc:e9:53:81:23:bb:cd:48:88:b5:10:ff:
                    08:e4:88:d2:66:ed:ff:56:b5:94:54:d9:33:0d:ed:
                    c9:0b:32:a2:f7:93:00:0f:cb:db:4a:98:29:4d:03:
                    f5:2d:ed:08:64:da:2e:a9:a1:90:d4:e5:d5:47:c9:
                    4b:f0:49:4c:3c:85:30:50:92:d4:75:e2:7d:74:a2:
                    90:ba:03:05:02:dd:54:cc:39:f4:6b:d3:a3:87:f2:
                    e7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:6F:2B:8E:6A:99:0A:B2:59:A3:3B:C5:29:B6:7E:08:14:61:40:5C
            X509v3 Authority Key Identifier:
                keyid:1D:DD:15:EF:2F:59:AB:B9:5F:2D:9B:E5:CE:E3:30:38:88:62:3B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/hm8rjmqZCrJZozvFKbZ-CBRhQFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/0afa88-b526-4763-9528-8b60e4b94bcf/1/Hd0V7y9Zq7lfLZvlzuMwOIhiO5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:29:9b:66:04:94:fd:5c:19:bd:f0:13:80:7e:d5:bc:70:37:
         51:7a:db:9c:1a:01:82:f8:1f:19:ac:5f:1e:03:4d:46:dc:7b:
         36:bf:64:67:ff:59:23:0c:9f:8b:9b:5d:ae:ee:6a:d9:f9:3a:
         8f:98:c0:1e:1b:88:56:f2:a4:96:7f:8b:fe:22:29:09:1b:12:
         09:cd:83:c0:bc:c1:ba:73:56:97:09:a5:49:ee:33:aa:4d:dc:
         5d:0b:12:b9:a1:01:30:a8:c9:9a:83:72:a8:59:3d:62:e6:13:
         6d:15:14:2c:4b:6c:48:44:25:e9:2b:e4:22:65:09:21:dc:a4:
         a8:f0:c1:dc:f7:92:c4:d2:58:aa:e6:33:d4:b6:f2:15:a7:72:
         93:1c:3c:32:26:4e:ef:66:2e:77:84:e9:a7:3a:09:0b:e3:f7:
         c9:ad:34:e3:49:b5:99:ee:f6:e6:68:5f:92:b0:9c:9e:98:5f:
         f5:47:2f:85:94:98:b9:bb:11:e3:cc:01:30:1c:7a:cb:ea:22:
         eb:d4:8e:f8:cf:42:a6:09:17:c7:af:e5:6b:17:89:65:14:f9:
         ea:b2:8f:ae:27:36:d7:ab:dc:6d:b0:fc:ec:e5:79:79:fc:3b:
         e2:54:16:32:0f:24:07:87:1a:8f:b0:31:5e:bf:b1:a9:4c:a9:
         42:ef:2b:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1vJuKDBJXvd3Uvz0X/DqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZGQxNWVmMmY1OWFiYjk1ZjJkOWJlNWNlZTMzMDM4ODg2
MjNiOTcwHhcNMjUwMTAxMjE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjZmMmI4ZTZhOTkwYWIyNTlhMzNiYzUyOWI2N2UwODE0NjE0MDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9vLBNpLsAw4bWP3M/p3/vae6zxq
1ZVqFN0U0OyoRPC7KKvbaTncW/rjuostHy42Z2IdHaLlCm2OBtPFahJrAiRB0H5/
6CmUPL+gX150y/tULtOjyNpx4lq+66rqZ3SdFZIokDkM7kuUBmNYnZshHRM6oEKj
waex/Qn+KSbxF6gH6+b8rZyrhue+62fV5SjqNMXWfEdzkQs87YlZITYiUtwA8JwM
j7/86VOBI7vNSIi1EP8I5IjSZu3/VrWUVNkzDe3JCzKi95MAD8vbSpgpTQP1Le0I
ZNouqaGQ1OXVR8lL8ElMPIUwUJLUdeJ9dKKQugMFAt1UzDn0a9Ojh/LnLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZvK45qmQqyWaM7xSm2fggUYUBcMB8GA1UdIwQY
MBaAFB3dFe8vWau5Xy2b5c7jMDiIYjuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGQwVjd5OVpxN2xmTFp2bHp1TXdPSWhpTzVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wYWZhODgtYjUyNi00NzYzLTk1Mjgt
OGI2MGU0Yjk0YmNmLzEvaG04cmptcVpDckpab3p2RktiWi1DQlJoUUZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wYWZhODgtYjUyNi00NzYzLTk1MjgtOGI2MGU0Yjk0YmNm
LzEvSGQwVjd5OVpxN2xmTFp2bHp1TXdPSWhpTzVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcp7MA0G
CSqGSIb3DQEBCwUAA4IBAQAJKZtmBJT9XBm98BOAftW8cDdRetucGgGC+B8ZrF8e
A01G3Hs2v2Rn/1kjDJ+Lm12u7mrZ+TqPmMAeG4hW8qSWf4v+IikJGxIJzYPAvMG6
c1aXCaVJ7jOqTdxdCxK5oQEwqMmag3KoWT1i5hNtFRQsS2xIRCXpK+QiZQkh3KSo
8MHc95LE0liq5jPUtvIVp3KTHDwyJk7vZi53hOmnOgkL4/fJrTTjSbWZ7vbmaF+S
sJyemF/1Ry+FlJi5uxHjzAEwHHrL6iLr1I74z0KmCRfHr+VrF4llFPnqso+uJzbX
q9xtsPzs5Xl5/DviVBYyDyQHhxqPsDFev7GpTKlC7ysW
-----END CERTIFICATE-----