Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/HFBLipOSZ0jhYOsA-5-4P9z41sE.roa
File:                     HFBLipOSZ0jhYOsA-5-4P9z41sE.roa (raw, json)
Hash identifier:          eX2XG8GZv/L/qFalSVcQ8CjQYSHoag+SgOTWIn7KPfM=
Subject key identifier:   1C:50:4B:8A:93:92:67:48:E1:60:EB:00:FB:9F:B8:3F:DC:F8:D6:C1
Certificate issuer:       /CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
Certificate serial:       018CC2DAEC70F30C9C6A25FDE3BBE6934FEA
Authority key identifier: D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/HFBLipOSZ0jhYOsA-5-4P9z41sE.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47681
IP address blocks:        185.191.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ec:70:f3:0c:9c:6a:25:fd:e3:bb:e6:93:4f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c504b8a93926748e160eb00fb9fb83fdcf8d6c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:1b:ba:26:bc:32:ea:80:54:5c:03:fa:34:a9:
                    48:3c:85:9c:94:4e:18:51:e6:cb:1c:d3:17:62:e4:
                    d5:1e:a9:e4:f1:9b:5e:1f:08:4c:17:e7:00:68:09:
                    e7:25:3c:56:2f:7a:28:11:47:9d:f1:93:93:44:d9:
                    f8:06:3d:58:ef:ae:0d:52:51:2a:75:ac:51:92:95:
                    0a:a1:af:ea:b9:ba:0b:8d:7f:29:69:91:9f:d2:15:
                    bf:9f:e6:5a:58:fe:e1:c5:3d:f4:fe:34:e0:6e:9e:
                    01:33:b1:68:21:82:f4:61:34:34:c2:db:c0:e0:04:
                    01:0b:bb:20:37:3b:3d:0c:ca:f0:c0:d2:0f:70:d8:
                    e9:7c:86:67:5e:17:2a:01:7c:14:0f:06:07:99:fc:
                    4b:66:b1:84:a4:41:d2:0f:8d:8c:bf:f0:dd:69:3f:
                    2c:55:0f:19:e3:87:fa:f0:ff:4d:ab:2f:87:dd:fd:
                    73:02:3e:af:80:05:70:c2:84:4a:65:75:90:76:f6:
                    c8:f3:97:64:2a:f4:c3:52:94:c8:b2:05:2d:f9:ec:
                    79:e6:5d:7d:65:7e:5e:0a:d2:26:9d:3b:a6:69:40:
                    67:cc:59:69:cd:98:d4:09:c7:7b:d4:b8:ba:f2:c9:
                    96:18:88:0b:6c:7e:27:16:0d:84:99:b1:f3:0b:51:
                    a5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:50:4B:8A:93:92:67:48:E1:60:EB:00:FB:9F:B8:3F:DC:F8:D6:C1
            X509v3 Authority Key Identifier:
                keyid:D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/HFBLipOSZ0jhYOsA-5-4P9z41sE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:48:c9:50:f5:a3:0a:55:9e:bd:f8:b7:32:82:2f:57:86:7e:
         92:34:de:01:6b:a0:72:eb:47:36:11:7a:3a:0d:64:31:a0:16:
         03:fa:eb:6c:38:c8:b3:2f:17:8c:98:44:5a:c8:ad:75:e4:89:
         61:f4:a0:8d:2f:12:11:48:7b:e8:e4:28:0d:17:ad:e3:e2:14:
         ca:fd:1d:ae:e6:3b:05:d8:33:4c:a2:b2:18:31:be:6c:98:78:
         f0:91:07:a2:68:59:71:a6:2e:dd:4a:3c:f3:b1:8f:fb:de:d1:
         8c:7f:c1:68:70:77:fa:c6:28:98:fd:95:75:52:5e:af:fa:bd:
         19:35:86:49:32:95:84:83:b1:41:09:64:38:cd:30:3b:a9:64:
         34:f5:f8:e4:e7:76:b4:2b:8d:d6:cf:6b:ff:3f:59:f0:88:f4:
         81:ee:7b:f7:bd:7a:20:c6:05:9a:4b:95:8b:8e:21:f1:35:90:
         3f:3a:1f:b1:68:ce:dd:82:07:d0:4d:63:15:a1:e5:06:4f:ed:
         19:ba:b8:c3:b8:63:2c:22:07:14:0f:bb:ec:d9:07:23:9c:f2:
         f3:50:ab:bf:ce:60:87:79:92:12:ee:80:6f:5c:d3:0e:fe:28:
         4d:3e:6f:4f:ab:31:72:2b:bd:13:bd:3f:b8:20:94:60:47:66:
         95:1c:43:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uxw8wycaiX947vmk0/qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZmYwZmVjZDdiZjQ0MTQ4OTMxNzg4ZGZlN2YyMGQ2N2E2
N2EwZGIwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzUwNGI4YTkzOTI2NzQ4ZTE2MGViMDBmYjlmYjgzZmRjZjhkNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxu6Jrwy6oBUXAP6NKlIPIWclE4Y
UebLHNMXYuTVHqnk8ZteHwhMF+cAaAnnJTxWL3ooEUed8ZOTRNn4Bj1Y764NUlEq
daxRkpUKoa/quboLjX8paZGf0hW/n+ZaWP7hxT30/jTgbp4BM7FoIYL0YTQ0wtvA
4AQBC7sgNzs9DMrwwNIPcNjpfIZnXhcqAXwUDwYHmfxLZrGEpEHSD42Mv/DdaT8s
VQ8Z44f68P9Nqy+H3f1zAj6vgAVwwoRKZXWQdvbI85dkKvTDUpTIsgUt+ex55l19
ZX5eCtImnTumaUBnzFlpzZjUCcd71Li68smWGIgLbH4nFg2EmbHzC1GlVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxQS4qTkmdI4WDrAPufuD/c+NbBMB8GA1UdIwQY
MBaAFNT/D+zXv0QUiTF4jf5/INZ6Z6DbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUt
ZjBjMjFmODE4NmYwLzEvSEZCTGlwT1NaMGpoWU9zQS01LTRQOXo0MXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUtZjBjMjFmODE4NmYw
LzEvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub+4MA0G
CSqGSIb3DQEBCwUAA4IBAQA+SMlQ9aMKVZ69+Lcygi9Xhn6SNN4Ba6By60c2EXo6
DWQxoBYD+utsOMizLxeMmERayK115Ilh9KCNLxIRSHvo5CgNF63j4hTK/R2u5jsF
2DNMorIYMb5smHjwkQeiaFlxpi7dSjzzsY/73tGMf8FocHf6xiiY/ZV1Ul6v+r0Z
NYZJMpWEg7FBCWQ4zTA7qWQ09fjk53a0K43Wz2v/P1nwiPSB7nv3vXogxgWaS5WL
jiHxNZA/Oh+xaM7dggfQTWMVoeUGT+0ZurjDuGMsIgcUD7vs2QcjnPLzUKu/zmCH
eZIS7oBvXNMO/ihNPm9PqzFyK70TvT+4IJRgR2aVHEMd
-----END CERTIFICATE-----