Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/hasa0coTrJTulX3r78a2jLaNCXY.roa
File:                     hasa0coTrJTulX3r78a2jLaNCXY.roa (raw, json)
Hash identifier:          w7HShToJQZygUOFy2xUiPHLj0oWPGKKUt1xWhnZx8wE=
Subject key identifier:   85:AB:1A:D1:CA:13:AC:94:EE:95:7D:EB:EF:C6:B6:8C:B6:8D:09:76
Certificate issuer:       /CN=8af7847737e74942b2be74b93fd02d900d309b20
Certificate serial:       018CC8701A49BABFB47715137A4977F3CD71
Authority key identifier: 8A:F7:84:77:37:E7:49:42:B2:BE:74:B9:3F:D0:2D:90:0D:30:9B:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iveEdzfnSUKyvnS5P9AtkA0wmyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/hasa0coTrJTulX3r78a2jLaNCXY.roa
Signing time:             Tue 02 Jan 2024 04:30:39 +0000
ROA not before:           Tue 02 Jan 2024 04:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        139.17.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/iveEdzfnSUKyvnS5P9AtkA0wmyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/iveEdzfnSUKyvnS5P9AtkA0wmyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iveEdzfnSUKyvnS5P9AtkA0wmyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:1a:49:ba:bf:b4:77:15:13:7a:49:77:f3:cd:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8af7847737e74942b2be74b93fd02d900d309b20
        Validity
            Not Before: Jan  2 04:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85ab1ad1ca13ac94ee957debefc6b68cb68d0976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2d:66:a2:9a:07:32:2b:93:69:8d:04:aa:6e:
                    8b:d2:c6:a1:8f:20:8b:28:f7:b0:d8:2e:09:f3:ed:
                    d6:7e:20:98:aa:f3:37:02:89:cf:71:83:2b:59:70:
                    ae:90:5d:ab:d3:21:c5:cc:ae:d6:ba:f2:89:36:fa:
                    9e:69:5a:a6:a9:89:cd:4a:de:d9:13:fb:be:db:6f:
                    c9:c4:7d:e6:86:09:7d:72:dd:64:d1:ed:c2:a1:8d:
                    1e:2a:f9:cc:70:b7:fa:5c:88:39:68:c6:96:2b:99:
                    51:93:2b:a6:36:9d:77:c1:b4:3b:09:db:bb:ad:03:
                    45:09:a1:cc:64:d7:08:ea:87:b8:2f:a1:92:fe:b4:
                    fa:44:6e:00:54:06:1b:94:89:96:c7:78:ab:a9:99:
                    c9:9d:15:b2:d8:b4:ea:77:b0:90:69:7b:ab:b1:eb:
                    be:3b:85:51:09:22:8b:7a:b5:41:6c:cc:db:07:5e:
                    83:29:d9:35:d7:94:a3:3c:2f:aa:d8:26:cc:db:5d:
                    96:22:12:11:05:2b:4a:2f:c3:70:94:bc:9e:84:96:
                    be:f4:61:5e:2b:80:21:d0:b5:94:86:50:24:05:bd:
                    f9:58:64:94:bc:58:1f:9b:eb:bf:ee:e5:70:8d:9c:
                    07:b9:18:31:33:cd:86:77:69:b0:b5:98:38:4e:19:
                    05:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AB:1A:D1:CA:13:AC:94:EE:95:7D:EB:EF:C6:B6:8C:B6:8D:09:76
            X509v3 Authority Key Identifier:
                keyid:8A:F7:84:77:37:E7:49:42:B2:BE:74:B9:3F:D0:2D:90:0D:30:9B:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iveEdzfnSUKyvnS5P9AtkA0wmyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/hasa0coTrJTulX3r78a2jLaNCXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/52384b-e7a4-4269-a0cc-7efc2808d125/1/iveEdzfnSUKyvnS5P9AtkA0wmyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4b:de:b7:6c:dd:3d:03:03:d0:23:35:a0:8f:a9:2c:67:bc:25:
         40:64:ca:cc:1e:43:58:a4:f7:27:a7:22:d4:0a:92:94:a6:06:
         0b:d5:44:50:bd:13:f5:c3:fd:68:b0:aa:51:88:02:9e:cb:0d:
         45:14:f3:b3:c6:a7:f3:e5:35:4f:59:f4:1d:69:60:5f:60:ef:
         c2:59:96:42:46:5d:87:2a:62:fb:75:b0:b0:e0:0a:8b:67:e8:
         eb:4d:44:07:43:0b:a4:23:38:99:33:6a:41:33:d4:3e:ca:ee:
         12:b5:01:57:62:93:e3:d6:ae:93:c6:d8:27:ae:3a:2a:f7:97:
         4e:9c:23:d4:60:9d:37:a4:27:54:97:f4:22:d0:df:73:00:5b:
         97:04:27:ac:84:47:8a:29:0e:a0:62:c1:a5:e3:25:6c:17:43:
         35:e9:c6:5a:75:18:29:97:4a:87:50:58:3a:9d:6a:45:8f:25:
         80:20:bb:c4:26:b6:65:b9:60:9f:0f:7d:50:8b:49:68:78:23:
         0d:ad:a0:50:14:74:47:33:8c:0d:ea:e5:f6:02:73:ba:92:6e:
         e0:70:73:f1:c9:86:03:7f:44:0e:aa:7b:7d:a3:1b:e4:f3:2c:
         c1:8e:15:b5:4d:d8:90:85:b7:72:19:f1:d3:a1:25:13:4d:ff:
         9e:66:aa:20
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIcBpJur+0dxUTekl3881xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZjc4NDc3MzdlNzQ5NDJiMmJlNzRiOTNmZDAyZDkwMGQz
MDliMjAwHhcNMjQwMTAyMDQzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWFiMWFkMWNhMTNhYzk0ZWU5NTdkZWJlZmM2YjY4Y2I2OGQwOTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC1mopoHMiuTaY0Eqm6L0sahjyCL
KPew2C4J8+3WfiCYqvM3AonPcYMrWXCukF2r0yHFzK7WuvKJNvqeaVqmqYnNSt7Z
E/u+22/JxH3mhgl9ct1k0e3CoY0eKvnMcLf6XIg5aMaWK5lRkyumNp13wbQ7Cdu7
rQNFCaHMZNcI6oe4L6GS/rT6RG4AVAYblImWx3irqZnJnRWy2LTqd7CQaXurseu+
O4VRCSKLerVBbMzbB16DKdk115SjPC+q2CbM212WIhIRBStKL8NwlLyehJa+9GFe
K4Ah0LWUhlAkBb35WGSUvFgfm+u/7uVwjZwHuRgxM82Gd2mwtZg4ThkFOQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIWrGtHKE6yU7pV96+/Gtoy2jQl2MB8GA1UdIwQY
MBaAFIr3hHc350lCsr50uT/QLZANMJsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZlRWR6Zm5TVUt5dm5TNVA5QXRrQTB3bXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81MjM4NGItZTdhNC00MjY5LWEwY2Mt
N2VmYzI4MDhkMTI1LzEvaGFzYTBjb1RySlR1bFgzcjc4YTJqTGFOQ1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81MjM4NGItZTdhNC00MjY5LWEwY2MtN2VmYzI4MDhkMTI1
LzEvaXZlRWR6Zm5TVUt5dm5TNVA5QXRrQTB3bXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAixEwDQYJ
KoZIhvcNAQELBQADggEBAEvet2zdPQMD0CM1oI+pLGe8JUBkysweQ1ik9yenItQK
kpSmBgvVRFC9E/XD/WiwqlGIAp7LDUUU87PGp/PlNU9Z9B1pYF9g78JZlkJGXYcq
Yvt1sLDgCotn6OtNRAdDC6QjOJkzakEz1D7K7hK1AVdik+PWrpPG2CeuOir3l06c
I9RgnTekJ1SX9CLQ33MAW5cEJ6yER4opDqBiwaXjJWwXQzXpxlp1GCmXSodQWDqd
akWPJYAgu8QmtmW5YJ8PfVCLSWh4Iw2toFAUdEczjA3q5fYCc7qSbuBwc/HJhgN/
RA6qe32jG+TzLMGOFbVN2JCFt3IZ8dOhJRNN/55mqiA=
-----END CERTIFICATE-----