Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/hsn4xu1bETPWA1iHrPdmWR0n-Ww.roa
File:                     hsn4xu1bETPWA1iHrPdmWR0n-Ww.roa (raw, json)
Hash identifier:          rCUWaDcPTPOQM1D+e6lVe+1Ki1hSADu8X95ciJ+clhs=
Subject key identifier:   86:C9:F8:C6:ED:5B:11:33:D6:03:58:87:AC:F7:66:59:1D:27:F9:6C
Certificate issuer:       /CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
Certificate serial:       018CC49389B7239B13550E5B349D963471AE
Authority key identifier: 8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/hsn4xu1bETPWA1iHrPdmWR0n-Ww.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212865
IP address blocks:        213.133.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:89:b7:23:9b:13:55:0e:5b:34:9d:96:34:71:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86c9f8c6ed5b1133d6035887acf766591d27f96c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:19:71:28:45:1d:5d:7d:69:66:79:19:4b:95:
                    9e:97:55:c6:41:23:5a:4f:99:f6:72:3e:0f:8d:ad:
                    19:d3:e2:74:d6:0c:92:e4:6a:33:f4:c6:24:ea:43:
                    2c:b4:a9:ae:5c:0e:4d:69:0b:ab:6c:78:d8:0d:b5:
                    44:ca:d7:e9:a5:45:09:db:8c:f2:3f:5b:02:04:18:
                    fb:c6:10:0c:61:04:97:9f:d5:0d:36:9f:a6:94:bb:
                    04:cc:20:80:90:53:ab:bd:7f:6c:b0:a5:45:55:22:
                    52:1e:3d:13:dd:70:b3:04:dd:c6:db:07:36:7c:0b:
                    37:f3:87:b6:1c:18:07:e8:2f:d1:ea:a6:5e:3b:20:
                    b5:e4:fe:88:44:41:05:00:20:64:17:2c:3b:7a:de:
                    d9:61:7b:bc:6c:08:77:f0:f5:95:1a:cc:87:5f:f7:
                    07:ef:70:99:3f:4e:e5:8e:62:d8:c1:df:9c:01:3a:
                    6f:5f:3e:97:dd:85:f9:aa:17:a0:9f:45:78:72:3a:
                    df:48:89:11:4d:a4:99:be:c5:67:55:22:2d:ea:7b:
                    2c:87:4d:1b:29:4a:23:d5:67:4c:61:28:b3:ec:fa:
                    17:a0:8a:8c:7d:0f:8a:75:62:c2:e2:1e:d4:80:23:
                    42:9d:4d:28:e7:de:fe:b8:d7:90:bf:c6:04:83:73:
                    b6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C9:F8:C6:ED:5B:11:33:D6:03:58:87:AC:F7:66:59:1D:27:F9:6C
            X509v3 Authority Key Identifier:
                keyid:8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/hsn4xu1bETPWA1iHrPdmWR0n-Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.133.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:18:b2:b5:39:7c:47:11:b4:2e:53:f9:ef:64:38:bc:64:ce:
         8b:40:7a:59:d1:12:84:54:88:04:34:21:33:36:29:fa:9a:e3:
         04:3f:22:a5:3d:b6:2f:51:e0:cc:b0:d7:e3:16:3d:b8:62:f4:
         02:8a:38:84:6c:93:ea:7a:de:13:9f:1d:cd:dc:48:73:0e:f6:
         79:21:7d:0f:f6:ea:1c:13:ad:b7:25:4a:d8:31:89:57:35:eb:
         d8:4c:3f:98:9e:9c:8a:8d:df:54:2c:fb:1f:de:2c:eb:27:ab:
         2d:b8:07:74:12:5c:c1:2d:21:1f:01:06:de:db:fb:d3:50:0c:
         bf:60:ff:ea:72:d6:2f:7b:3d:1a:60:6f:b4:72:ad:c2:d8:44:
         14:db:d0:e3:34:6a:86:e7:ef:e6:b1:6e:7d:3e:1d:c0:ea:aa:
         22:29:18:cc:9e:e0:74:b7:9d:34:c2:d1:71:d5:52:26:fc:b9:
         d7:f7:43:79:38:92:84:cf:8e:75:9d:e4:32:b8:a2:a9:04:af:
         23:04:6f:56:dc:46:97:bc:a6:a4:60:40:66:d0:8f:88:b0:10:
         2d:e8:80:e9:92:02:ef:3a:3a:0a:70:da:82:2d:2c:f3:e3:4f:
         65:89:a2:16:ba:bc:b1:bd:3d:96:58:06:5e:5b:ac:13:ea:05:
         84:54:6d:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4m3I5sTVQ5bNJ2WNHGuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhY2QyZWIyZjA2MThiNzJjNjQ2ZDk5N2QzYzk1ZGQ4MzZi
ZGQwMDYwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmM5ZjhjNmVkNWIxMTMzZDYwMzU4ODdhY2Y3NjY1OTFkMjdmOTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hlxKEUdXX1pZnkZS5Wel1XGQSNa
T5n2cj4Pja0Z0+J01gyS5Goz9MYk6kMstKmuXA5NaQurbHjYDbVEytfppUUJ24zy
P1sCBBj7xhAMYQSXn9UNNp+mlLsEzCCAkFOrvX9ssKVFVSJSHj0T3XCzBN3G2wc2
fAs384e2HBgH6C/R6qZeOyC15P6IREEFACBkFyw7et7ZYXu8bAh38PWVGsyHX/cH
73CZP07ljmLYwd+cATpvXz6X3YX5qhegn0V4cjrfSIkRTaSZvsVnVSIt6nssh00b
KUoj1WdMYSiz7PoXoIqMfQ+KdWLC4h7UgCNCnU0o597+uNeQv8YEg3O2TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbJ+MbtWxEz1gNYh6z3ZlkdJ/lsMB8GA1UdIwQY
MBaAFIrNLrLwYYtyxkbZl9PJXdg2vdAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjkt
Nzk0YzlkOTI4Y2RjLzEvaHNuNHh1MWJFVFBXQTFpSHJQZG1XUjBuLVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjktNzk0YzlkOTI4Y2Rj
LzEvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1YXwMA0G
CSqGSIb3DQEBCwUAA4IBAQAFGLK1OXxHEbQuU/nvZDi8ZM6LQHpZ0RKEVIgENCEz
Nin6muMEPyKlPbYvUeDMsNfjFj24YvQCijiEbJPqet4Tnx3N3EhzDvZ5IX0P9uoc
E623JUrYMYlXNevYTD+YnpyKjd9ULPsf3izrJ6stuAd0ElzBLSEfAQbe2/vTUAy/
YP/qctYvez0aYG+0cq3C2EQU29DjNGqG5+/msW59Ph3A6qoiKRjMnuB0t500wtFx
1VIm/LnX90N5OJKEz451neQyuKKpBK8jBG9W3EaXvKakYEBm0I+IsBAt6IDpkgLv
OjoKcNqCLSzz409liaIWuryxvT2WWAZeW6wT6gWEVG3X
-----END CERTIFICATE-----