Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/HzteG6m_zHU-TDek3QEYZxYF6yY.roa
File:                     HzteG6m_zHU-TDek3QEYZxYF6yY.roa (raw, json)
Hash identifier:          AVONj5MoBMa7ZXZvSz7uWzLSs3uJyqttROWpn6Mf9RI=
Subject key identifier:   1F:3B:5E:1B:A9:BF:CC:75:3E:4C:37:A4:DD:01:18:67:16:05:EB:26
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE31427726D5A6B622CB2220D08D5
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/HzteG6m_zHU-TDek3QEYZxYF6yY.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205813
IP address blocks:        81.15.239.0/24 maxlen: 24
                          81.15.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:14:27:72:6d:5a:6b:62:2c:b2:22:0d:08:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f3b5e1ba9bfcc753e4c37a4dd0118671605eb26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:21:13:99:68:6d:80:ed:52:87:8e:17:51:62:
                    35:0d:c6:58:3d:a8:6c:b5:0f:88:67:ea:f0:0f:04:
                    5b:ad:87:b3:e6:67:68:98:7b:23:1e:2a:cf:ed:75:
                    3a:61:c3:c3:02:f8:15:ec:fb:78:11:81:64:1d:d6:
                    3b:a8:b5:48:85:1b:d1:3a:39:0f:d8:84:f5:4b:95:
                    d6:d5:93:47:bb:ad:67:4e:07:34:e8:95:fe:0c:6e:
                    79:21:79:68:8c:be:9a:8e:0d:1f:50:6e:2f:79:ae:
                    74:06:e9:15:4a:f1:c0:bf:a0:8e:09:fb:c3:72:10:
                    69:5d:d9:1d:53:67:01:7e:68:39:fb:c4:d1:d5:03:
                    29:cf:8d:6a:60:00:e3:60:8e:f1:07:98:66:00:01:
                    fa:65:a4:e3:86:8d:d9:36:f4:a3:d0:d1:98:21:0d:
                    90:2d:c4:0a:87:83:8a:b4:79:d4:4a:09:50:dd:9b:
                    1d:8c:72:d3:ab:b6:b7:e3:b7:13:8c:a2:6a:4b:79:
                    6c:23:9f:58:a9:1a:c3:78:f0:9c:2a:a6:8b:c0:4e:
                    3d:31:75:20:86:ff:09:fb:86:fa:9c:3e:f2:ac:6d:
                    b9:61:cb:3f:93:1b:82:cd:e7:c9:a6:a9:33:5c:8b:
                    a6:41:0e:9d:f9:09:ce:dc:e3:9c:17:5d:92:0b:57:
                    8c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3B:5E:1B:A9:BF:CC:75:3E:4C:37:A4:DD:01:18:67:16:05:EB:26
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/HzteG6m_zHU-TDek3QEYZxYF6yY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.239.0/24
                  81.15.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:4b:b4:32:1d:a6:2a:8b:ae:08:92:7e:ee:eb:17:20:dd:e9:
         d0:9b:ca:c0:c9:49:1e:01:0f:b3:ae:2a:1f:7a:9d:ef:25:e0:
         d2:83:df:e3:76:aa:2a:82:44:dc:c9:be:ef:26:7b:3a:cd:9b:
         c9:fd:32:e8:87:f9:e2:fb:3f:f6:81:4a:8e:ca:63:48:0e:57:
         fe:f2:6b:0c:ae:f4:72:e7:1f:0c:5e:fd:e7:5f:83:e6:89:44:
         cd:d9:0d:08:0f:ec:32:d4:4d:f1:ca:af:0e:c1:88:7b:bf:ea:
         b8:cc:6f:4c:f2:2f:e0:f0:aa:a1:fd:10:ca:7a:24:a1:25:85:
         7a:f3:28:2e:8c:11:fa:74:e0:8b:79:d2:e4:ce:95:56:ae:81:
         26:af:f3:43:3d:aa:62:a5:d1:8c:5f:8c:ee:05:5a:96:a4:9a:
         8a:a5:0a:f6:f0:9a:01:59:85:b8:9b:ec:ac:55:dc:18:8a:82:
         9b:4b:f5:0e:47:a2:db:3a:e7:e0:ce:48:56:ab:09:c2:94:f4:
         aa:dd:3c:36:9e:c1:37:d4:ce:c7:e9:3d:f4:07:c6:ea:2d:cb:
         1b:ad:7c:2f:52:2c:bc:99:8e:7e:74:41:e8:b5:e0:a7:d1:85:
         b2:92:bd:88:b5:70:ec:63:25:5e:1f:cc:e0:8d:97:f3:6d:a4:
         12:61:bf:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uMUJ3JtWmtiLLIiDQjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjNiNWUxYmE5YmZjYzc1M2U0YzM3YTRkZDAxMTg2NzE2MDVlYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCETmWhtgO1Sh44XUWI1DcZYPahs
tQ+IZ+rwDwRbrYez5mdomHsjHirP7XU6YcPDAvgV7Pt4EYFkHdY7qLVIhRvROjkP
2IT1S5XW1ZNHu61nTgc06JX+DG55IXlojL6ajg0fUG4vea50BukVSvHAv6COCfvD
chBpXdkdU2cBfmg5+8TR1QMpz41qYADjYI7xB5hmAAH6ZaTjho3ZNvSj0NGYIQ2Q
LcQKh4OKtHnUSglQ3ZsdjHLTq7a347cTjKJqS3lsI59YqRrDePCcKqaLwE49MXUg
hv8J+4b6nD7yrG25Ycs/kxuCzefJpqkzXIumQQ6d+QnO3OOcF12SC1eMcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB87Xhupv8x1Pkw3pN0BGGcWBesmMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvSHp0ZUc2bV96SFUtVERlazNRRVlaeFlGNnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQ/vAwQA
UQ/yMA0GCSqGSIb3DQEBCwUAA4IBAQAmS7QyHaYqi64Ikn7u6xcg3enQm8rAyUke
AQ+zriofep3vJeDSg9/jdqoqgkTcyb7vJns6zZvJ/TLoh/ni+z/2gUqOymNIDlf+
8msMrvRy5x8MXv3nX4PmiUTN2Q0ID+wy1E3xyq8OwYh7v+q4zG9M8i/g8Kqh/RDK
eiShJYV68ygujBH6dOCLedLkzpVWroEmr/NDPapipdGMX4zuBVqWpJqKpQr28JoB
WYW4m+ysVdwYioKbS/UOR6LbOufgzkhWqwnClPSq3Tw2nsE31M7H6T30B8bqLcsb
rXwvUiy8mY5+dEHoteCn0YWykr2ItXDsYyVeH8zgjZfzbaQSYb/y
-----END CERTIFICATE-----