Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/HtweApmpirSKbOYmFvq5SqfryMQ.roa
File:                     HtweApmpirSKbOYmFvq5SqfryMQ.roa (raw, json)
Hash identifier:          4Lot5k0XecCGi3/eK6x90KiI+wqMhU8DmEIo8PIvdIc=
Subject key identifier:   1E:DC:1E:02:99:A9:8A:B4:8A:6C:E6:26:16:FA:B9:4A:A7:EB:C8:C4
Certificate issuer:       /CN=7edbf83aff434512c503712f22291602f55bff48
Certificate serial:       018CC26D3D9A4B768DD1005FE9387099E999
Authority key identifier: 7E:DB:F8:3A:FF:43:45:12:C5:03:71:2F:22:29:16:02:F5:5B:FF:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ftv4Ov9DRRLFA3EvIikWAvVb_0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/HtweApmpirSKbOYmFvq5SqfryMQ.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        193.30.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/ftv4Ov9DRRLFA3EvIikWAvVb_0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/ftv4Ov9DRRLFA3EvIikWAvVb_0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ftv4Ov9DRRLFA3EvIikWAvVb_0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3d:9a:4b:76:8d:d1:00:5f:e9:38:70:99:e9:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7edbf83aff434512c503712f22291602f55bff48
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1edc1e0299a98ab48a6ce62616fab94aa7ebc8c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b1:d4:87:3b:19:fd:82:df:6c:6d:12:fa:9a:
                    ab:ed:ac:7e:d6:0b:6d:ea:d3:78:4a:d0:c8:d0:42:
                    b6:80:45:50:dc:97:a6:cd:de:0d:9c:2b:81:f6:52:
                    0f:9d:a3:5d:f4:21:b2:1a:c1:23:b5:35:6b:ce:53:
                    61:39:9a:45:ae:84:74:6a:09:be:42:a0:da:85:a4:
                    47:88:c6:5b:4f:87:d4:08:c1:88:89:1d:e8:a7:61:
                    f4:ba:e5:0c:79:e9:61:68:25:1d:15:33:38:a6:80:
                    9c:63:63:9a:94:38:de:be:51:5e:73:ca:20:c0:09:
                    15:83:4a:31:be:91:ac:10:8d:2b:10:7e:84:2f:3d:
                    c7:cf:57:b3:b8:62:ca:cb:e6:13:3f:e0:ad:2e:de:
                    be:b8:20:94:22:c6:b2:f3:87:3e:95:1e:eb:62:71:
                    72:98:a0:c5:74:44:a0:cd:9d:71:14:20:e6:43:c9:
                    27:3b:d0:4f:47:39:c7:1f:dd:d3:79:d0:69:45:38:
                    34:d1:a4:d2:84:43:9d:03:5c:5c:2c:2d:0e:a4:e5:
                    f8:d3:38:94:18:87:97:eb:92:09:20:4b:57:a7:cd:
                    9c:ad:84:05:60:c6:bf:07:9f:11:cb:9f:6a:34:b5:
                    ba:bf:29:ac:e3:01:57:c1:8a:1b:38:e0:70:c4:b5:
                    f0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:DC:1E:02:99:A9:8A:B4:8A:6C:E6:26:16:FA:B9:4A:A7:EB:C8:C4
            X509v3 Authority Key Identifier:
                keyid:7E:DB:F8:3A:FF:43:45:12:C5:03:71:2F:22:29:16:02:F5:5B:FF:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ftv4Ov9DRRLFA3EvIikWAvVb_0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/HtweApmpirSKbOYmFvq5SqfryMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/3615b1-73a9-4c3e-aad1-0335d1a748fc/1/ftv4Ov9DRRLFA3EvIikWAvVb_0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:2e:40:2e:80:9b:9c:66:cf:e6:3d:52:5d:a5:71:13:84:5e:
         5e:7a:69:f1:1c:a4:81:47:d4:18:63:f5:2c:28:fd:54:f4:f0:
         2f:0a:3b:31:94:cd:ce:17:c8:b5:57:cb:ab:b6:15:c4:87:aa:
         2f:6d:04:18:27:1f:9b:a4:0d:42:4d:30:6c:33:93:46:8c:31:
         b8:6d:e4:ff:8a:80:4e:06:e9:fa:db:2b:6f:0f:43:a9:be:fe:
         e1:22:f2:a1:35:86:21:fc:38:80:fa:36:8b:44:b1:0f:98:a0:
         5d:7b:b6:ac:ce:97:f7:84:34:81:5f:3b:ff:1d:17:da:e1:64:
         90:30:80:ce:aa:52:3c:63:1b:14:4b:7f:d6:84:01:68:0b:04:
         4a:e7:8f:b8:e7:a9:1e:11:2c:c0:5a:cc:02:11:32:b6:c7:64:
         69:12:c4:7d:5a:0d:11:a8:cb:ef:d9:c4:04:bb:a6:41:34:62:
         74:68:b3:88:aa:4a:4c:15:bc:cb:66:99:6c:6a:92:03:89:9f:
         9f:23:3d:9b:84:77:82:9b:21:38:10:d3:15:b1:d2:e2:48:e1:
         65:44:78:ea:3d:a0:12:87:02:86:79:f7:59:8f:31:7f:06:cb:
         f2:83:34:66:3c:61:de:c2:71:ca:73:4f:35:3c:69:1f:d6:d6:
         f1:e2:1d:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbT2aS3aN0QBf6ThwmemZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZGJmODNhZmY0MzQ1MTJjNTAzNzEyZjIyMjkxNjAyZjU1
YmZmNDgwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWRjMWUwMjk5YTk4YWI0OGE2Y2U2MjYxNmZhYjk0YWE3ZWJjOGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbHUhzsZ/YLfbG0S+pqr7ax+1gtt
6tN4StDI0EK2gEVQ3Jemzd4NnCuB9lIPnaNd9CGyGsEjtTVrzlNhOZpFroR0agm+
QqDahaRHiMZbT4fUCMGIiR3op2H0uuUMeelhaCUdFTM4poCcY2OalDjevlFec8og
wAkVg0oxvpGsEI0rEH6ELz3Hz1ezuGLKy+YTP+CtLt6+uCCUIsay84c+lR7rYnFy
mKDFdESgzZ1xFCDmQ8knO9BPRznHH93TedBpRTg00aTShEOdA1xcLC0OpOX40ziU
GIeX65IJIEtXp82crYQFYMa/B58Ry59qNLW6vyms4wFXwYobOOBwxLXw0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7cHgKZqYq0imzmJhb6uUqn68jEMB8GA1UdIwQY
MBaAFH7b+Dr/Q0USxQNxLyIpFgL1W/9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnR2NE92OURSUkxGQTNFdklpa1dBdlZiXzBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zNjE1YjEtNzNhOS00YzNlLWFhZDEt
MDMzNWQxYTc0OGZjLzEvSHR3ZUFwbXBpclNLYk9ZbUZ2cTVTcWZyeU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zNjE1YjEtNzNhOS00YzNlLWFhZDEtMDMzNWQxYTc0OGZj
LzEvZnR2NE92OURSUkxGQTNFdklpa1dBdlZiXzBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5wMA0G
CSqGSIb3DQEBCwUAA4IBAQBHLkAugJucZs/mPVJdpXEThF5eemnxHKSBR9QYY/Us
KP1U9PAvCjsxlM3OF8i1V8urthXEh6ovbQQYJx+bpA1CTTBsM5NGjDG4beT/ioBO
Bun62ytvD0Opvv7hIvKhNYYh/DiA+jaLRLEPmKBde7aszpf3hDSBXzv/HRfa4WSQ
MIDOqlI8YxsUS3/WhAFoCwRK54+456keESzAWswCETK2x2RpEsR9Wg0RqMvv2cQE
u6ZBNGJ0aLOIqkpMFbzLZplsapIDiZ+fIz2bhHeCmyE4ENMVsdLiSOFlRHjqPaAS
hwKGefdZjzF/BsvygzRmPGHewnHKc081PGkf1tbx4h1y
-----END CERTIFICATE-----