Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/hhX2EZrXOGXyv8qOMIxdRj4nSOo.roa
File:                     hhX2EZrXOGXyv8qOMIxdRj4nSOo.roa (raw, json)
Hash identifier:          Q4iTnGWmi8HLf3rHKhTtTBJu1ZlbPI8GGLPaEUW2hfo=
Subject key identifier:   86:15:F6:11:9A:D7:38:65:F2:BF:CA:8E:30:8C:5D:46:3E:27:48:EA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D42DF71DABCF5F538C4D3F1577A78
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/hhX2EZrXOGXyv8qOMIxdRj4nSOo.roa
Signing time:             Tue 02 Jan 2024 08:32:12 +0000
ROA not before:           Tue 02 Jan 2024 08:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205656
IP address blocks:        212.111.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:42:df:71:da:bc:f5:f5:38:c4:d3:f1:57:7a:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8615f6119ad73865f2bfca8e308c5d463e2748ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bc:03:48:19:a0:73:fb:91:f2:00:27:ae:c2:
                    f3:7b:25:13:78:c9:ae:46:a1:44:12:59:df:db:d4:
                    ef:90:26:c3:fd:3e:3f:01:bb:82:df:be:c7:a3:ce:
                    70:41:9d:6a:57:bd:52:fb:70:90:05:54:64:63:e4:
                    b8:8a:df:e7:d6:28:ef:aa:b8:2f:62:a4:4f:2e:2f:
                    9d:64:30:df:3b:df:8c:4f:a5:98:02:63:26:ad:d4:
                    c6:7e:04:c9:84:99:a8:c2:c3:0e:b7:35:90:27:16:
                    d9:9b:e3:79:9c:60:a4:ee:73:ad:fb:e2:25:05:5c:
                    f3:03:9f:77:cb:d7:76:27:82:07:86:43:23:e9:f8:
                    f3:09:84:b8:b8:d9:ae:a9:cf:d1:2c:4b:aa:cb:5b:
                    0c:8f:ec:35:6f:c5:9c:bb:52:58:6c:8a:f0:73:ef:
                    8b:24:07:00:a8:7b:4d:94:d5:bf:90:1a:c3:d7:e1:
                    4f:30:58:d7:39:53:d8:0b:94:fa:5e:b2:a4:56:48:
                    75:6a:76:91:46:03:7c:1f:78:1d:9b:25:28:68:82:
                    34:5c:6e:30:ce:e9:c9:15:d7:61:fe:2f:9b:a2:63:
                    51:06:3e:20:43:e5:c6:b7:da:ac:1b:36:e7:97:20:
                    65:7b:f9:88:3c:02:ca:52:52:f3:20:03:62:34:2b:
                    06:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:15:F6:11:9A:D7:38:65:F2:BF:CA:8E:30:8C:5D:46:3E:27:48:EA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/hhX2EZrXOGXyv8qOMIxdRj4nSOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:d2:38:ae:a9:03:c0:ac:e7:6d:4c:9e:1d:a3:96:63:45:f3:
         68:c7:c5:0d:95:8a:5f:a6:8a:e8:9f:43:ec:e9:16:eb:02:a4:
         42:af:bf:14:e6:5f:9e:3e:f7:3d:f2:bd:a5:a9:39:37:40:63:
         0c:53:0e:4b:8b:f9:6c:e9:70:5c:2e:fc:e8:19:c1:61:da:17:
         ac:24:f2:2d:51:72:a8:8f:04:20:b2:6d:63:4b:71:52:05:6b:
         c7:0a:23:06:10:6f:8e:6e:60:d6:1d:f3:e6:17:fc:e3:38:f1:
         8e:43:a0:ca:70:ab:ba:4b:2f:69:b2:cf:44:5c:84:af:e5:de:
         bb:6f:fd:dc:29:cd:57:f1:ed:d0:ea:29:97:1a:57:38:13:b4:
         15:f5:cd:3f:77:01:a0:c6:4d:3b:9d:c9:2e:56:1e:8f:a9:94:
         b8:61:28:a7:ba:dc:3b:ce:38:46:4e:9e:11:85:c1:18:c7:c7:
         07:40:f0:13:c9:c6:00:4d:be:bd:66:fe:90:77:e2:49:8a:61:
         7e:ab:c4:b3:1f:a6:74:5d:94:1c:eb:2b:32:51:ce:12:40:4e:
         fb:77:fa:3a:79:0f:ae:87:65:1a:9b:61:9d:03:9a:fd:54:63:
         b6:7b:f5:3c:9d:b2:21:22:30:73:f8:42:fe:67:04:6e:ee:a4:
         2a:09:ab:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTULfcdq89fU4xNPxV3p4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjE1ZjYxMTlhZDczODY1ZjJiZmNhOGUzMDhjNWQ0NjNlMjc0OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrwDSBmgc/uR8gAnrsLzeyUTeMmu
RqFEElnf29TvkCbD/T4/AbuC377Ho85wQZ1qV71S+3CQBVRkY+S4it/n1ijvqrgv
YqRPLi+dZDDfO9+MT6WYAmMmrdTGfgTJhJmowsMOtzWQJxbZm+N5nGCk7nOt++Il
BVzzA593y9d2J4IHhkMj6fjzCYS4uNmuqc/RLEuqy1sMj+w1b8Wcu1JYbIrwc++L
JAcAqHtNlNW/kBrD1+FPMFjXOVPYC5T6XrKkVkh1anaRRgN8H3gdmyUoaII0XG4w
zunJFddh/i+bomNRBj4gQ+XGt9qsGzbnlyBle/mIPALKUlLzIANiNCsG+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYV9hGa1zhl8r/KjjCMXUY+J0jqMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvaGhYMkVaclhPR1h5djhxT01JeGRSajRuU09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G/NMA0G
CSqGSIb3DQEBCwUAA4IBAQCh0jiuqQPArOdtTJ4do5ZjRfNox8UNlYpfporon0Ps
6RbrAqRCr78U5l+ePvc98r2lqTk3QGMMUw5Li/ls6XBcLvzoGcFh2hesJPItUXKo
jwQgsm1jS3FSBWvHCiMGEG+ObmDWHfPmF/zjOPGOQ6DKcKu6Sy9pss9EXISv5d67
b/3cKc1X8e3Q6imXGlc4E7QV9c0/dwGgxk07nckuVh6PqZS4YSinutw7zjhGTp4R
hcEYx8cHQPATycYATb69Zv6Qd+JJimF+q8SzH6Z0XZQc6ysyUc4SQE77d/o6eQ+u
h2Uam2GdA5r9VGO2e/U8nbIhIjBz+EL+ZwRu7qQqCauN
-----END CERTIFICATE-----