Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/HGzp4lITxgjWfHg6caZc2s9iooo.roa
File:                     HGzp4lITxgjWfHg6caZc2s9iooo.roa (raw, json)
Hash identifier:          5Jja63p0lkK4R/vntyRAXHQTpWDO3M1fcp5Vn3f+iL4=
Subject key identifier:   1C:6C:E9:E2:52:13:C6:08:D6:7C:78:3A:71:A6:5C:DA:CF:62:A2:8A
Certificate issuer:       /CN=4317dd15b62bdd7112599b81423360eee7a01296
Certificate serial:       018F0FA9AC651D5A1038B957CAC166E1E867
Authority key identifier: 43:17:DD:15:B6:2B:DD:71:12:59:9B:81:42:33:60:EE:E7:A0:12:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QxfdFbYr3XESWZuBQjNg7uegEpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/HGzp4lITxgjWfHg6caZc2s9iooo.roa
Signing time:             Wed 24 Apr 2024 10:32:08 +0000
ROA not before:           Wed 24 Apr 2024 10:32:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208697
IP address blocks:        194.29.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/QxfdFbYr3XESWZuBQjNg7uegEpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/QxfdFbYr3XESWZuBQjNg7uegEpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QxfdFbYr3XESWZuBQjNg7uegEpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:a9:ac:65:1d:5a:10:38:b9:57:ca:c1:66:e1:e8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4317dd15b62bdd7112599b81423360eee7a01296
        Validity
            Not Before: Apr 24 10:32:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c6ce9e25213c608d67c783a71a65cdacf62a28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fc:f6:0c:e0:13:2a:23:23:9f:ba:18:3f:bd:
                    cf:51:75:f1:3b:c1:aa:f0:1d:76:7a:91:3c:5f:79:
                    ca:b4:da:3a:41:6d:f5:09:3c:a2:3f:44:e6:5f:5a:
                    bf:a5:fd:c0:c2:23:a8:c9:e0:1c:87:d2:33:9d:32:
                    99:d5:cb:12:c1:f4:8c:e7:5a:e1:16:75:f5:4f:3e:
                    c3:78:ef:f8:b2:8d:5f:15:f1:82:3b:38:a3:74:8e:
                    2c:82:0c:f4:89:a1:21:84:ad:c7:99:8a:b7:17:df:
                    1c:5c:11:eb:8f:4c:69:a6:f1:3b:ae:eb:61:2d:eb:
                    5f:08:82:3e:56:26:d3:d9:ac:48:21:a6:f7:27:40:
                    c8:67:ac:7f:69:bd:04:37:a2:55:6d:20:10:45:05:
                    e3:5f:c5:c0:ec:50:90:9a:dd:e5:43:84:24:df:8e:
                    2b:d9:5f:27:ac:5b:c9:aa:b4:d4:5e:eb:3b:f4:cb:
                    3e:fe:fb:34:ed:08:e7:c2:1f:de:9e:da:a1:14:5f:
                    40:35:95:8c:76:b9:1a:e2:13:22:60:a3:ab:07:3d:
                    d9:a4:e7:e6:c7:ca:5e:dd:6a:e0:60:9c:37:ee:8e:
                    6f:26:5c:fb:31:1a:f6:21:63:9d:e8:cf:8c:12:f5:
                    23:06:5e:9d:b0:3e:15:d8:78:57:63:28:9b:c5:0a:
                    bd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:6C:E9:E2:52:13:C6:08:D6:7C:78:3A:71:A6:5C:DA:CF:62:A2:8A
            X509v3 Authority Key Identifier:
                keyid:43:17:DD:15:B6:2B:DD:71:12:59:9B:81:42:33:60:EE:E7:A0:12:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QxfdFbYr3XESWZuBQjNg7uegEpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/HGzp4lITxgjWfHg6caZc2s9iooo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/QxfdFbYr3XESWZuBQjNg7uegEpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:ab:c7:f9:c6:c2:a5:c1:12:10:fd:95:73:4d:3f:5a:d0:59:
         e0:92:4d:64:91:08:a7:bf:cc:6c:7c:f2:67:ef:a8:30:c4:87:
         5e:3b:f6:b8:3f:ec:cf:b6:48:95:fe:85:89:4b:90:15:77:13:
         b2:19:a0:3a:6c:f7:fe:ef:60:00:dd:35:a0:29:ab:8e:53:33:
         a4:cf:be:5a:bd:03:00:2c:23:d8:a1:2d:83:e8:30:70:1f:7e:
         34:bd:0d:d1:b1:cd:cb:17:02:ec:ba:dd:cc:dd:72:51:fa:7c:
         97:35:37:aa:c7:1e:7e:c9:30:49:91:91:21:be:0c:dd:ee:eb:
         51:a6:d0:c3:21:60:16:ac:61:a1:7b:54:1e:76:16:80:fa:ed:
         78:bf:9d:60:f7:1d:7a:92:ac:0f:a1:02:64:20:27:e1:31:8b:
         3f:e8:7f:7a:b6:a9:55:54:67:f9:3a:1d:c4:ad:d8:c3:f9:10:
         45:fe:d3:df:3b:d9:f5:cd:eb:b2:62:5a:80:35:7a:69:71:9f:
         ee:19:5d:cc:03:00:d3:02:94:e4:78:d5:b2:48:39:02:03:b0:
         97:e7:ed:1b:0c:23:e9:7d:06:88:12:87:f7:e9:0e:3f:01:79:
         12:42:4e:3d:cb:1b:29:5a:3c:ab:4f:8b:3a:9d:01:62:69:0f:
         b0:7c:29:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8PqaxlHVoQOLlXysFm4ehnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMTdkZDE1YjYyYmRkNzExMjU5OWI4MTQyMzM2MGVlZTdh
MDEyOTYwHhcNMjQwNDI0MTAzMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzZjZTllMjUyMTNjNjA4ZDY3Yzc4M2E3MWE2NWNkYWNmNjJhMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfz2DOATKiMjn7oYP73PUXXxO8Gq
8B12epE8X3nKtNo6QW31CTyiP0TmX1q/pf3AwiOoyeAch9IznTKZ1csSwfSM51rh
FnX1Tz7DeO/4so1fFfGCOzijdI4sggz0iaEhhK3HmYq3F98cXBHrj0xppvE7ruth
LetfCII+VibT2axIIab3J0DIZ6x/ab0EN6JVbSAQRQXjX8XA7FCQmt3lQ4Qk344r
2V8nrFvJqrTUXus79Ms+/vs07Qjnwh/entqhFF9ANZWMdrka4hMiYKOrBz3ZpOfm
x8pe3WrgYJw37o5vJlz7MRr2IWOd6M+MEvUjBl6dsD4V2HhXYyibxQq9GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxs6eJSE8YI1nx4OnGmXNrPYqKKMB8GA1UdIwQY
MBaAFEMX3RW2K91xElmbgUIzYO7noBKWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXhmZEZiWXIzWEVTV1p1QlFqTmc3dWVnRXBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82NTRiODktMzdjMS00MDYxLTkwYjMt
NmI5NTUwMGRhMjNiLzEvSEd6cDRsSVR4Z2pXZkhnNmNhWmMyczlpb29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82NTRiODktMzdjMS00MDYxLTkwYjMtNmI5NTUwMGRhMjNi
LzEvUXhmZEZiWXIzWEVTV1p1QlFqTmc3dWVnRXBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh1HMA0G
CSqGSIb3DQEBCwUAA4IBAQB5q8f5xsKlwRIQ/ZVzTT9a0Fngkk1kkQinv8xsfPJn
76gwxIdeO/a4P+zPtkiV/oWJS5AVdxOyGaA6bPf+72AA3TWgKauOUzOkz75avQMA
LCPYoS2D6DBwH340vQ3Rsc3LFwLsut3M3XJR+nyXNTeqxx5+yTBJkZEhvgzd7utR
ptDDIWAWrGGhe1QedhaA+u14v51g9x16kqwPoQJkICfhMYs/6H96tqlVVGf5Oh3E
rdjD+RBF/tPfO9n1zeuyYlqANXppcZ/uGV3MAwDTApTkeNWySDkCA7CX5+0bDCPp
fQaIEof36Q4/AXkSQk49yxspWjyrT4s6nQFiaQ+wfClh
-----END CERTIFICATE-----