Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/hth3rJjFWs6NUkK-o0tTbHyr4L0.roa
File:                     hth3rJjFWs6NUkK-o0tTbHyr4L0.roa (raw, json)
Hash identifier:          Vn4AMxs64boyWbgENvm4Of96GFQtj+G6HAjnQ0teAh4=
Subject key identifier:   86:D8:77:AC:98:C5:5A:CE:8D:52:42:BE:A3:4B:53:6C:7C:AB:E0:BD
Certificate issuer:       /CN=d50cda48c35e54eb802575aaa408cce579927216
Certificate serial:       0194282528EE88EEA91F0A778BD3C0B2A622
Authority key identifier: D5:0C:DA:48:C3:5E:54:EB:80:25:75:AA:A4:08:CC:E5:79:92:72:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QzaSMNeVOuAJXWqpAjM5XmSchY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/hth3rJjFWs6NUkK-o0tTbHyr4L0.roa
Signing time:             Thu 02 Jan 2025 17:51:51 +0000
ROA not before:           Thu 02 Jan 2025 17:51:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        217.12.224.0/22 maxlen: 28
                          217.12.234.0/23 maxlen: 28
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/1QzaSMNeVOuAJXWqpAjM5XmSchY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/1QzaSMNeVOuAJXWqpAjM5XmSchY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QzaSMNeVOuAJXWqpAjM5XmSchY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:28:ee:88:ee:a9:1f:0a:77:8b:d3:c0:b2:a6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d50cda48c35e54eb802575aaa408cce579927216
        Validity
            Not Before: Jan  2 17:51:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86d877ac98c55ace8d5242bea34b536c7cabe0bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d0:95:4f:0e:76:d3:2d:75:11:7f:9e:e6:67:
                    93:3a:ba:3c:df:47:15:a1:89:8e:5c:26:dc:54:a1:
                    4a:2b:33:6b:44:9b:86:bc:69:1a:2c:dd:a5:2c:5d:
                    9a:41:34:0c:4c:6b:b2:6e:53:f6:e4:d4:3c:b4:fd:
                    2a:1c:05:b4:d7:60:24:32:de:1b:3e:56:66:bd:01:
                    84:32:73:03:41:f3:81:43:25:fe:a8:17:88:81:9c:
                    06:c2:52:b5:4a:b1:a0:53:82:d8:5c:cc:98:f0:ae:
                    7e:8d:d9:94:e6:ed:ef:86:d9:07:fc:03:ae:dd:1f:
                    2f:69:eb:bd:2d:b7:4c:1c:e0:f5:81:cb:15:9f:dc:
                    97:66:da:25:d5:72:e6:22:4f:eb:07:32:09:07:87:
                    c2:e7:f0:dc:91:bd:a5:0e:1e:8a:0f:d3:3a:76:35:
                    16:59:34:49:40:39:8b:b9:39:94:b9:6c:47:9b:0a:
                    78:e2:e8:0a:a9:2b:c3:7e:1e:27:ae:41:1c:75:b8:
                    ce:1e:66:31:bd:f5:b4:2a:72:7e:43:1b:1b:91:46:
                    66:30:e9:2c:64:3f:2c:c5:30:81:9e:d9:46:d8:5a:
                    24:6b:8e:ab:08:91:0e:b3:59:90:9d:08:cb:5b:35:
                    6a:0c:9d:2f:31:c5:49:60:97:da:0a:57:de:b2:a4:
                    33:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D8:77:AC:98:C5:5A:CE:8D:52:42:BE:A3:4B:53:6C:7C:AB:E0:BD
            X509v3 Authority Key Identifier:
                keyid:D5:0C:DA:48:C3:5E:54:EB:80:25:75:AA:A4:08:CC:E5:79:92:72:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QzaSMNeVOuAJXWqpAjM5XmSchY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/hth3rJjFWs6NUkK-o0tTbHyr4L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/1QzaSMNeVOuAJXWqpAjM5XmSchY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.12.224.0/22
                  217.12.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:97:a8:67:2b:e5:23:a4:7a:13:2b:45:28:42:cb:2a:be:ab:
         b2:64:0e:ab:e6:96:aa:b9:f5:2d:be:44:a2:8f:77:76:c5:39:
         19:e6:86:8b:99:c2:95:5c:72:10:93:1b:a5:d9:71:e4:42:27:
         80:83:66:97:bc:3d:98:b9:d0:c1:b5:41:70:97:a7:fb:40:52:
         dd:4e:1f:d4:d7:0a:56:08:e1:62:ed:da:b1:3d:2f:a7:de:9b:
         bf:27:5a:7a:a7:73:0b:26:1c:10:5d:d9:67:ab:94:3b:aa:b6:
         c2:a3:26:68:ea:ba:2e:2c:b0:b8:81:4c:62:5b:8f:20:68:ac:
         e8:a9:8b:33:e1:f9:be:c8:95:bf:b1:71:7f:6e:23:c3:e8:8a:
         cf:97:ae:97:d9:9e:98:be:b2:f7:73:95:17:35:eb:93:fd:f6:
         bf:c0:57:29:1c:8e:2f:7c:ca:78:50:f7:84:a8:10:19:5e:21:
         8c:96:2b:9e:b9:9b:a5:a5:fc:e7:27:e4:18:3e:69:92:5c:99:
         5d:68:5d:30:76:70:1f:0d:54:2d:03:91:5b:28:17:ae:39:2a:
         d2:40:63:ac:42:12:8d:fd:86:7f:cd:68:e9:df:1e:42:f6:a9:
         ca:f7:73:df:35:5a:8a:03:e2:e4:93:56:f7:86:e5:53:2e:91:
         a8:5d:0d:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJSjuiO6pHwp3i9PAsqYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MGNkYTQ4YzM1ZTU0ZWI4MDI1NzVhYWE0MDhjY2U1Nzk5
MjcyMTYwHhcNMjUwMTAyMTc1MTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQ4NzdhYzk4YzU1YWNlOGQ1MjQyYmVhMzRiNTM2YzdjYWJlMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9CVTw520y11EX+e5meTOro830cV
oYmOXCbcVKFKKzNrRJuGvGkaLN2lLF2aQTQMTGuyblP25NQ8tP0qHAW012AkMt4b
PlZmvQGEMnMDQfOBQyX+qBeIgZwGwlK1SrGgU4LYXMyY8K5+jdmU5u3vhtkH/AOu
3R8vaeu9LbdMHOD1gcsVn9yXZtol1XLmIk/rBzIJB4fC5/Dckb2lDh6KD9M6djUW
WTRJQDmLuTmUuWxHmwp44ugKqSvDfh4nrkEcdbjOHmYxvfW0KnJ+QxsbkUZmMOks
ZD8sxTCBntlG2Foka46rCJEOs1mQnQjLWzVqDJ0vMcVJYJfaClfesqQz6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIbYd6yYxVrOjVJCvqNLU2x8q+C9MB8GA1UdIwQY
MBaAFNUM2kjDXlTrgCV1qqQIzOV5knIWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVF6YVNNTmVWT3VBSlhXcXBBak01WG1TY2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zNTg3ZWItZWJkNC00MGFiLWExOWIt
MjI5MjA1NjVjZGE0LzEvaHRoM3JKakZXczZOVWtLLW8wdFRiSHlyNEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zNTg3ZWItZWJkNC00MGFiLWExOWItMjI5MjA1NjVjZGE0
LzEvMVF6YVNNTmVWT3VBSlhXcXBBak01WG1TY2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQC2QzgAwQB
2QzqMA0GCSqGSIb3DQEBCwUAA4IBAQBLl6hnK+UjpHoTK0UoQssqvquyZA6r5paq
ufUtvkSij3d2xTkZ5oaLmcKVXHIQkxul2XHkQieAg2aXvD2YudDBtUFwl6f7QFLd
Th/U1wpWCOFi7dqxPS+n3pu/J1p6p3MLJhwQXdlnq5Q7qrbCoyZo6rouLLC4gUxi
W48gaKzoqYsz4fm+yJW/sXF/biPD6IrPl66X2Z6YvrL3c5UXNeuT/fa/wFcpHI4v
fMp4UPeEqBAZXiGMliueuZulpfznJ+QYPmmSXJldaF0wdnAfDVQtA5FbKBeuOSrS
QGOsQhKN/YZ/zWjp3x5C9qnK93PfNVqKA+Lkk1b3huVTLpGoXQ1R
-----END CERTIFICATE-----