Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/hWDuQEnGPTXjX7AnNjHujqGX7uE.roa
File:                     hWDuQEnGPTXjX7AnNjHujqGX7uE.roa (raw, json)
Hash identifier:          isLAgVaRn0eW69FZ2pSXXKnX1975yZpzofaOqUddHc4=
Subject key identifier:   85:60:EE:40:49:C6:3D:35:E3:5F:B0:27:36:31:EE:8E:A1:97:EE:E1
Certificate issuer:       /CN=f3d85c47d0b7d6dc5ddda08572b6454c1059512c
Certificate serial:       018CC86EEE3E840B3D7B7D90E73465B15187
Authority key identifier: F3:D8:5C:47:D0:B7:D6:DC:5D:DD:A0:85:72:B6:45:4C:10:59:51:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/hWDuQEnGPTXjX7AnNjHujqGX7uE.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203130
IP address blocks:        194.62.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ee:3e:84:0b:3d:7b:7d:90:e7:34:65:b1:51:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3d85c47d0b7d6dc5ddda08572b6454c1059512c
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8560ee4049c63d35e35fb0273631ee8ea197eee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4f:d4:b2:88:02:f1:eb:3d:54:ff:29:1f:68:
                    3e:83:07:df:11:28:47:ff:17:30:51:61:7b:17:e1:
                    0b:62:0a:07:5b:3a:5b:f4:55:23:aa:81:d0:fc:9e:
                    d6:c8:ae:fb:74:20:c2:ce:03:aa:55:91:aa:6f:d6:
                    51:dd:c1:74:cd:f8:d5:14:f4:e6:de:da:02:73:e8:
                    d8:0a:44:ea:60:22:ab:64:fd:1c:c1:74:43:a1:ec:
                    40:77:57:f5:1a:66:89:4c:1e:49:0e:5e:b2:85:70:
                    1f:27:1a:b3:5d:40:36:25:5c:8c:d6:62:2d:32:fa:
                    ec:0e:aa:31:36:5c:d5:17:06:bb:a7:1f:6b:25:31:
                    e4:c8:54:3b:07:37:41:6c:03:7f:08:08:8e:e8:5b:
                    6f:f9:0e:28:a5:75:f7:1c:30:fb:e4:b1:1b:da:e3:
                    84:46:3a:0c:b2:ba:22:8f:56:51:b1:5b:d7:ac:c5:
                    db:07:c3:a4:2a:d6:4e:68:11:0b:ce:d3:e2:94:b6:
                    a0:cb:f5:9c:ae:7e:67:a9:91:96:78:8c:d8:8c:cd:
                    f1:e6:11:8c:61:09:de:ae:63:36:76:9f:6b:02:7c:
                    94:30:80:48:dc:88:8c:68:48:a8:53:0a:9b:f7:44:
                    56:87:29:a6:f4:30:86:c2:03:6b:39:ff:23:a7:ca:
                    a5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:60:EE:40:49:C6:3D:35:E3:5F:B0:27:36:31:EE:8E:A1:97:EE:E1
            X509v3 Authority Key Identifier:
                keyid:F3:D8:5C:47:D0:B7:D6:DC:5D:DD:A0:85:72:B6:45:4C:10:59:51:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/hWDuQEnGPTXjX7AnNjHujqGX7uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:00:e0:37:96:0f:d4:a0:53:c6:48:e2:38:21:17:7c:b9:27:
         4f:6f:b8:13:4a:55:a7:1a:ae:be:ae:80:14:27:9e:a7:ce:3f:
         ff:e1:71:db:99:f9:c5:3b:c7:70:25:1e:cd:6c:44:80:09:67:
         3f:9d:85:ad:c3:9d:5f:e6:26:3b:5c:df:10:fa:bf:04:01:5a:
         89:db:96:d3:c7:6a:f3:b8:a1:e1:02:a1:8b:b7:ce:38:6b:a9:
         dd:27:e3:6e:6d:34:f8:87:3c:c6:61:67:be:87:b0:06:8d:a9:
         13:c0:71:43:54:3a:4d:d0:58:0b:99:04:e0:77:f2:8c:a1:77:
         08:4f:00:1c:b0:5d:19:ac:6d:ac:af:72:4c:58:c6:10:fd:33:
         06:12:48:6a:c7:2e:df:66:91:2b:db:23:f3:82:0c:bd:25:7b:
         81:68:2a:48:4f:48:85:21:b3:aa:63:8e:be:8a:10:47:8d:56:
         fb:65:bd:49:52:a3:3b:81:69:92:44:09:66:31:e0:f3:51:92:
         62:ab:ac:9b:bd:b5:f4:1c:06:dd:48:25:a9:38:c7:8f:8d:cb:
         b9:57:80:d8:f1:2e:1c:c6:85:46:dd:83:0f:ca:a7:cf:40:79:
         2a:3e:3c:66:02:18:58:59:b1:d8:64:c2:fa:57:7b:19:a3:19:
         17:66:54:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbu4+hAs9e32Q5zRlsVGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZDg1YzQ3ZDBiN2Q2ZGM1ZGRkYTA4NTcyYjY0NTRjMTA1
OTUxMmMwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTYwZWU0MDQ5YzYzZDM1ZTM1ZmIwMjczNjMxZWU4ZWExOTdlZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0/UsogC8es9VP8pH2g+gwffEShH
/xcwUWF7F+ELYgoHWzpb9FUjqoHQ/J7WyK77dCDCzgOqVZGqb9ZR3cF0zfjVFPTm
3toCc+jYCkTqYCKrZP0cwXRDoexAd1f1GmaJTB5JDl6yhXAfJxqzXUA2JVyM1mIt
MvrsDqoxNlzVFwa7px9rJTHkyFQ7BzdBbAN/CAiO6Ftv+Q4opXX3HDD75LEb2uOE
RjoMsroij1ZRsVvXrMXbB8OkKtZOaBELztPilLagy/Wcrn5nqZGWeIzYjM3x5hGM
YQnermM2dp9rAnyUMIBI3IiMaEioUwqb90RWhymm9DCGwgNrOf8jp8qlfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVg7kBJxj0141+wJzYx7o6hl+7hMB8GA1UdIwQY
MBaAFPPYXEfQt9bcXd2ghXK2RUwQWVEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODloY1I5QzMxdHhkM2FDRmNyWkZUQkJaVVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNmZiMTEtMmQwMC00ZTdiLWIyOTct
NTIxMmRiOTc1NGY0LzEvaFdEdVFFbkdQVFhqWDdBbk5qSHVqcUdYN3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNmZiMTEtMmQwMC00ZTdiLWIyOTctNTIxMmRiOTc1NGY0
LzEvODloY1I5QzMxdHhkM2FDRmNyWkZUQkJaVVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj6hMA0G
CSqGSIb3DQEBCwUAA4IBAQAhAOA3lg/UoFPGSOI4IRd8uSdPb7gTSlWnGq6+roAU
J56nzj//4XHbmfnFO8dwJR7NbESACWc/nYWtw51f5iY7XN8Q+r8EAVqJ25bTx2rz
uKHhAqGLt844a6ndJ+NubTT4hzzGYWe+h7AGjakTwHFDVDpN0FgLmQTgd/KMoXcI
TwAcsF0ZrG2sr3JMWMYQ/TMGEkhqxy7fZpEr2yPzggy9JXuBaCpIT0iFIbOqY46+
ihBHjVb7Zb1JUqM7gWmSRAlmMeDzUZJiq6ybvbX0HAbdSCWpOMePjcu5V4DY8S4c
xoVG3YMPyqfPQHkqPjxmAhhYWbHYZML6V3sZoxkXZlQ6
-----END CERTIFICATE-----