Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/H644qvSIi4hwUIb-CyyYUM8rMus.roa
File:                     H644qvSIi4hwUIb-CyyYUM8rMus.roa (raw, json)
Hash identifier:          scsi2At85IjeoWklfO7y9OkKDqP3ef8nX067Dkj+VCI=
Subject key identifier:   1F:AE:38:AA:F4:88:8B:88:70:50:86:FE:0B:2C:98:50:CF:2B:32:EB
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018F1EBEB9727D4D157D8C6E7B190510B786
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/H644qvSIi4hwUIb-CyyYUM8rMus.roa
Signing time:             Sat 27 Apr 2024 08:49:26 +0000
ROA not before:           Sat 27 Apr 2024 08:49:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57186
IP address blocks:        85.235.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1e:be:b9:72:7d:4d:15:7d:8c:6e:7b:19:05:10:b7:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Apr 27 08:49:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fae38aaf4888b88705086fe0b2c9850cf2b32eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:95:23:5c:60:6b:82:8b:9b:21:95:42:57:a9:
                    5d:01:d6:d0:c1:db:99:d7:b1:9c:41:c7:65:46:55:
                    17:24:36:f2:75:c5:3b:63:bd:94:79:d3:ff:8a:a9:
                    3b:68:8e:f2:02:40:e4:3e:ce:c2:ee:f2:42:14:02:
                    50:28:94:47:76:25:c1:aa:5f:11:ef:33:b1:30:07:
                    43:3a:0b:a2:c5:f2:d6:3f:7d:eb:5a:0c:a1:45:69:
                    6c:5b:76:1f:8f:6c:bd:11:c1:04:83:1b:8a:eb:45:
                    54:8b:2b:78:95:94:1f:d1:d5:b4:1f:20:50:c9:ea:
                    30:42:d3:1a:3f:e6:8e:5b:4f:20:be:b9:bc:84:25:
                    d2:91:97:e6:39:b3:ac:cd:37:08:68:82:24:e5:b8:
                    67:e6:33:b6:5d:d9:3d:c7:39:cb:71:4f:f2:87:c4:
                    f0:81:19:c9:bb:45:44:e2:ea:aa:5c:30:e6:a1:90:
                    7e:e9:25:f7:51:ee:72:56:e9:d3:ab:e2:4b:7f:24:
                    d1:a5:96:9c:3e:51:6f:77:b8:fc:35:de:ed:a1:b8:
                    36:8f:b6:ef:56:15:68:e9:2d:71:92:fe:cd:c8:80:
                    69:8a:6b:c0:ff:86:e8:62:5c:97:cb:f3:c6:26:dd:
                    c1:18:ab:af:78:6c:53:d0:8e:7d:54:7e:15:13:d1:
                    17:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AE:38:AA:F4:88:8B:88:70:50:86:FE:0B:2C:98:50:CF:2B:32:EB
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/H644qvSIi4hwUIb-CyyYUM8rMus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:5a:77:7e:04:e5:14:18:e2:da:fa:42:48:c2:43:33:73:17:
         cc:47:01:45:5e:4e:21:a3:5f:fe:f1:9c:bf:16:80:bb:d4:1d:
         f3:ee:4c:52:85:f4:e0:37:31:ab:91:20:ce:b3:22:52:b8:81:
         af:b6:49:5a:15:62:03:f3:80:df:8d:0f:0e:aa:8c:e0:78:b0:
         ee:24:b6:bb:ff:64:09:c9:8a:dd:bf:ff:8c:7e:6b:ba:2c:ad:
         7d:ae:ae:64:c2:f9:c7:cd:56:da:d1:b1:a6:1b:a5:46:6f:a5:
         79:f5:2d:c6:a0:66:6a:84:60:7d:36:99:d5:a4:9c:9c:2d:bf:
         67:c2:17:7c:8c:b2:c9:23:1b:bd:1a:d2:67:6d:d7:59:15:2a:
         03:8e:d9:63:f2:09:ee:38:fe:6b:00:69:6e:08:53:96:77:31:
         47:b1:96:ca:68:9d:95:b9:fe:a7:90:3e:89:01:b5:36:97:af:
         1a:5f:1f:e1:7b:16:d5:c5:88:6e:2c:3f:53:17:86:d3:09:15:
         29:ff:30:da:41:b0:97:8d:41:88:26:0f:7f:2d:e4:10:a2:cf:
         2b:de:c4:d1:2b:dd:6a:86:f4:c8:6d:df:e8:a4:57:47:2d:ad:
         3c:9c:56:eb:ed:84:0e:5e:4e:71:30:c7:b8:13:ff:a3:e4:95:
         c7:43:60:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8evrlyfU0VfYxuexkFELeGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwNDI3MDg0OTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFlMzhhYWY0ODg4Yjg4NzA1MDg2ZmUwYjJjOTg1MGNmMmIzMmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5UjXGBrgoubIZVCV6ldAdbQwduZ
17GcQcdlRlUXJDbydcU7Y72UedP/iqk7aI7yAkDkPs7C7vJCFAJQKJRHdiXBql8R
7zOxMAdDOguixfLWP33rWgyhRWlsW3Yfj2y9EcEEgxuK60VUiyt4lZQf0dW0HyBQ
yeowQtMaP+aOW08gvrm8hCXSkZfmObOszTcIaIIk5bhn5jO2Xdk9xznLcU/yh8Tw
gRnJu0VE4uqqXDDmoZB+6SX3Ue5yVunTq+JLfyTRpZacPlFvd7j8Nd7tobg2j7bv
VhVo6S1xkv7NyIBpimvA/4boYlyXy/PGJt3BGKuveGxT0I59VH4VE9EXkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+uOKr0iIuIcFCG/gssmFDPKzLrMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvSDY0NHF2U0lpNGh3VUliLUN5eVlVTThyTXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVetQMA0G
CSqGSIb3DQEBCwUAA4IBAQCLWnd+BOUUGOLa+kJIwkMzcxfMRwFFXk4ho1/+8Zy/
FoC71B3z7kxShfTgNzGrkSDOsyJSuIGvtklaFWID84DfjQ8OqozgeLDuJLa7/2QJ
yYrdv/+Mfmu6LK19rq5kwvnHzVba0bGmG6VGb6V59S3GoGZqhGB9NpnVpJycLb9n
whd8jLLJIxu9GtJnbddZFSoDjtlj8gnuOP5rAGluCFOWdzFHsZbKaJ2Vuf6nkD6J
AbU2l68aXx/hexbVxYhuLD9TF4bTCRUp/zDaQbCXjUGIJg9/LeQQos8r3sTRK91q
hvTIbd/opFdHLa08nFbr7YQOXk5xMMe4E/+j5JXHQ2CX
-----END CERTIFICATE-----