Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/hf5Mj5DoTVCHOxxdISYw9_hXJHo.roa
File:                     hf5Mj5DoTVCHOxxdISYw9_hXJHo.roa (raw, json)
Hash identifier:          EFml9x8LI6U5+f+7icI+kQ3Sqo9y5E63r+I1Vw/WKWw=
Subject key identifier:   85:FE:4C:8F:90:E8:4D:50:87:3B:1C:5D:21:26:30:F7:F8:57:24:7A
Certificate issuer:       /CN=8e90bd2870050c84477a161eb090f05eb962016c
Certificate serial:       018CC5011461360D3E40F557E63FB3C64073
Authority key identifier: 8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/hf5Mj5DoTVCHOxxdISYw9_hXJHo.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1213
IP address blocks:        136.201.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:14:61:36:0d:3e:40:f5:57:e6:3f:b3:c6:40:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e90bd2870050c84477a161eb090f05eb962016c
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85fe4c8f90e84d50873b1c5d212630f7f857247a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:df:aa:e4:58:c5:10:89:5e:f1:39:3e:7d:13:
                    9d:1e:da:1a:88:bb:90:bd:92:b8:81:8a:ed:0f:b1:
                    96:cd:a2:bd:9e:4e:2d:55:0f:ee:98:46:31:50:dc:
                    78:bd:ff:78:9a:3f:23:0c:13:6d:67:ce:7d:3d:e6:
                    73:68:b2:a6:1c:54:ef:8e:b3:b3:6b:54:88:92:98:
                    c5:f1:62:d3:bc:a6:46:bb:1d:83:53:17:9c:09:5c:
                    bb:11:b4:59:c5:d4:16:37:11:f4:52:5a:7a:1f:94:
                    6e:09:71:f3:e2:57:4f:78:ec:03:f6:1c:4e:e7:00:
                    3a:06:6c:6a:08:2b:ac:ed:ae:1b:7e:a5:af:0c:c9:
                    3e:dd:de:c0:37:6e:55:0e:fe:3f:6f:d4:54:1f:cb:
                    b1:3a:f2:31:54:8e:29:b8:e9:c1:48:90:cf:41:f1:
                    ea:7a:72:cc:6b:19:ea:84:c9:b5:b2:ff:31:3f:09:
                    ec:e6:12:65:8d:eb:c4:07:e9:ba:bc:a3:f7:17:cf:
                    49:3e:b9:a2:74:48:8b:b8:43:91:55:75:1a:eb:54:
                    45:da:c9:17:0d:64:36:e9:13:11:ae:58:d9:4d:46:
                    fd:16:11:f6:bf:06:b1:6d:79:c8:e8:cf:fc:51:79:
                    c2:30:ca:1b:a6:28:b8:3e:71:53:81:6b:7c:a8:e2:
                    d9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FE:4C:8F:90:E8:4D:50:87:3B:1C:5D:21:26:30:F7:F8:57:24:7A
            X509v3 Authority Key Identifier:
                keyid:8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/hf5Mj5DoTVCHOxxdISYw9_hXJHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.201.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         14:74:fc:72:ca:93:80:83:f8:46:9f:2b:7e:c5:4b:48:00:ff:
         84:2d:4f:04:a9:85:aa:97:ac:60:ef:c5:71:7b:40:76:03:1d:
         cb:f0:d7:72:e4:62:62:b3:43:22:bf:ee:aa:a8:18:11:59:cd:
         37:7f:40:d0:0d:ba:0f:b9:b2:09:b1:c7:ad:18:d5:cc:52:0d:
         c3:a6:57:90:b3:4c:7d:46:50:f1:c7:7e:d9:a2:0a:8e:f6:f6:
         81:8a:5b:7b:ca:ec:5e:bc:23:b8:42:dd:f8:03:df:6c:6e:48:
         df:a7:cf:b3:c1:82:14:d8:44:4b:be:d8:ac:9a:e7:8c:b9:7f:
         5c:68:36:78:06:5f:04:e0:11:4a:7f:c0:69:13:33:bc:e6:af:
         31:48:f7:f9:7e:18:72:0f:05:44:fd:13:5c:9d:d7:a5:63:82:
         ab:25:5f:d4:c1:b9:97:5b:be:9e:92:c0:89:37:be:c3:12:d2:
         6a:d4:f7:9d:cb:54:de:fb:8b:32:7b:5c:ef:04:fd:49:4d:c6:
         85:b7:08:35:30:f7:63:bf:c0:4a:3e:da:ea:74:10:25:c0:35:
         be:5d:ac:e7:0a:28:11:90:60:25:e3:ee:b8:63:98:11:5b:50:
         07:77:22:86:29:68:32:5f:28:3e:39:54:5c:17:55:95:45:50:
         30:20:e9:9f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFARRhNg0+QPVX5j+zxkBzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTBiZDI4NzAwNTBjODQ0NzdhMTYxZWIwOTBmMDVlYjk2
MjAxNmMwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWZlNGM4ZjkwZTg0ZDUwODczYjFjNWQyMTI2MzBmN2Y4NTcyNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiN+q5FjFEIle8Tk+fROdHtoaiLuQ
vZK4gYrtD7GWzaK9nk4tVQ/umEYxUNx4vf94mj8jDBNtZ859PeZzaLKmHFTvjrOz
a1SIkpjF8WLTvKZGux2DUxecCVy7EbRZxdQWNxH0Ulp6H5RuCXHz4ldPeOwD9hxO
5wA6BmxqCCus7a4bfqWvDMk+3d7AN25VDv4/b9RUH8uxOvIxVI4puOnBSJDPQfHq
enLMaxnqhMm1sv8xPwns5hJljevEB+m6vKP3F89JPrmidEiLuEORVXUa61RF2skX
DWQ26RMRrljZTUb9FhH2vwaxbXnI6M/8UXnCMMobpii4PnFTgWt8qOLZAQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIX+TI+Q6E1QhzscXSEmMPf4VyR6MB8GA1UdIwQY
MBaAFI6QvShwBQyER3oWHrCQ8F65YgFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMt
ZWNiODA3MDJhMTE3LzEvaGY1TWo1RG9UVkNIT3h4ZElTWXc5X2hYSkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMtZWNiODA3MDJhMTE3
LzEvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiMkwDQYJ
KoZIhvcNAQELBQADggEBABR0/HLKk4CD+EafK37FS0gA/4QtTwSphaqXrGDvxXF7
QHYDHcvw13LkYmKzQyK/7qqoGBFZzTd/QNANug+5sgmxx60Y1cxSDcOmV5CzTH1G
UPHHftmiCo729oGKW3vK7F68I7hC3fgD32xuSN+nz7PBghTYREu+2Kya54y5f1xo
NngGXwTgEUp/wGkTM7zmrzFI9/l+GHIPBUT9E1yd16VjgqslX9TBuZdbvp6SwIk3
vsMS0mrU953LVN77izJ7XO8E/UlNxoW3CDUw92O/wEo+2up0ECXANb5drOcKKBGQ
YCXj7rhjmBFbUAd3IoYpaDJfKD45VFwXVZVFUDAg6Z8=
-----END CERTIFICATE-----