Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/hRG76VocwZXhxkxCAJrESxkkjbY.roa
File:                     hRG76VocwZXhxkxCAJrESxkkjbY.roa (raw, json)
Hash identifier:          R6reBqJWi+zQpuGx/72cFGp8W0OEKy5DLaWeb2k91DA=
Subject key identifier:   85:11:BB:E9:5A:1C:C1:95:E1:C6:4C:42:00:9A:C4:4B:19:24:8D:B6
Certificate issuer:       /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial:       019427B664ED0E0AA3B53720902670B8E84B
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/hRG76VocwZXhxkxCAJrESxkkjbY.roa
Signing time:             Thu 02 Jan 2025 15:50:52 +0000
ROA not before:           Thu 02 Jan 2025 15:50:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206512
IP address blocks:        185.165.78.0/24 maxlen: 24
                          185.165.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:64:ed:0e:0a:a3:b5:37:20:90:26:70:b8:e8:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
        Validity
            Not Before: Jan  2 15:50:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8511bbe95a1cc195e1c64c42009ac44b19248db6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5e:ab:cd:0d:13:d6:fe:51:aa:d3:24:24:1b:
                    7e:fb:78:b5:38:98:e5:08:15:8b:d3:f5:3c:c6:26:
                    6c:2b:fd:f6:25:06:da:f7:d9:33:e7:64:63:ac:54:
                    70:f2:9b:8b:c0:72:dc:fb:78:0f:db:0d:02:88:e6:
                    ae:2f:02:f2:97:0f:81:47:a4:28:83:7e:8f:3e:33:
                    d2:fc:20:59:bf:25:f3:7c:20:e0:ce:23:48:ec:7f:
                    60:fa:b5:4e:e1:ef:d1:f5:e9:62:5e:99:2e:83:53:
                    02:1c:39:92:9d:5a:80:c4:61:f1:b2:e7:85:0b:03:
                    3c:55:3d:b3:d6:15:a9:ed:92:11:8a:4c:ea:42:f9:
                    18:fb:ec:36:b1:a5:3d:09:db:35:f4:7a:cb:18:a5:
                    5d:c3:ee:a7:e5:80:62:f8:a3:bc:5a:16:5f:fd:4c:
                    3e:08:f0:1d:98:b0:40:3a:5d:be:fc:3c:35:15:4a:
                    ca:86:ec:7d:92:a6:82:7a:09:77:57:7f:d7:70:5d:
                    b2:f9:28:34:bc:33:b5:19:2b:67:ab:c6:e2:9d:6f:
                    e2:1f:95:58:35:91:26:de:a7:92:cd:9d:ed:0e:5e:
                    ec:32:8e:52:f7:4d:ed:e5:c0:db:9a:ea:e9:6a:a2:
                    55:72:ec:e5:d7:a3:5c:39:3c:fc:ea:f0:69:c8:ba:
                    df:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:11:BB:E9:5A:1C:C1:95:E1:C6:4C:42:00:9A:C4:4B:19:24:8D:B6
            X509v3 Authority Key Identifier:
                keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/hRG76VocwZXhxkxCAJrESxkkjbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:e1:47:ae:f7:49:ad:ac:5f:a7:b9:03:35:8d:06:b5:5b:8f:
         97:aa:bd:57:30:f9:89:a1:fc:5e:e4:c3:c0:eb:b2:77:e3:22:
         9d:10:7a:88:ac:83:40:61:91:6a:15:14:8f:cf:3e:b5:4a:fa:
         af:b7:eb:51:8c:0a:cc:e6:db:bd:d2:f1:f0:29:c7:10:bc:b8:
         b2:4e:c7:e4:3e:c6:cb:d4:40:21:80:d1:a0:7a:3d:96:42:1d:
         a3:b5:b0:9a:0e:14:97:ad:0d:e7:10:f2:75:ca:a7:6f:d1:0f:
         42:00:85:76:a5:bf:5d:26:10:60:3c:30:2b:c7:36:fb:84:93:
         d7:04:c3:8f:82:9a:04:3c:e2:af:27:a2:6f:96:38:de:5f:30:
         28:a2:62:ae:c6:a8:46:45:b5:ec:ea:ee:20:90:d5:3d:9a:d3:
         e6:46:6f:1e:d9:a6:bc:b7:d9:af:ab:ff:5b:82:db:2c:39:15:
         1f:7e:35:64:fb:8f:d0:56:ee:9a:d4:77:88:3e:8c:a9:45:f5:
         34:81:a1:6b:78:17:77:3f:ca:78:83:2f:b8:0d:08:35:70:88:
         f4:71:5b:e8:77:b1:3c:46:d5:89:3c:7d:c5:a5:86:94:94:b3:
         70:19:6b:03:dc:96:6f:7b:ac:54:56:b3:79:d1:fc:71:5e:19:
         22:b0:1e:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntmTtDgqjtTcgkCZwuOhLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjUwMTAyMTU1MDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTExYmJlOTVhMWNjMTk1ZTFjNjRjNDIwMDlhYzQ0YjE5MjQ4ZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx16rzQ0T1v5RqtMkJBt++3i1OJjl
CBWL0/U8xiZsK/32JQba99kz52RjrFRw8puLwHLc+3gP2w0CiOauLwLylw+BR6Qo
g36PPjPS/CBZvyXzfCDgziNI7H9g+rVO4e/R9eliXpkug1MCHDmSnVqAxGHxsueF
CwM8VT2z1hWp7ZIRikzqQvkY++w2saU9Cds19HrLGKVdw+6n5YBi+KO8WhZf/Uw+
CPAdmLBAOl2+/Dw1FUrKhux9kqaCegl3V3/XcF2y+Sg0vDO1GStnq8binW/iH5VY
NZEm3qeSzZ3tDl7sMo5S903t5cDbmurpaqJVcuzl16NcOTz86vBpyLrfaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIURu+laHMGV4cZMQgCaxEsZJI22MB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvaFJHNzZWb2N3WlhoeGt4Q0FKckVTeGtramJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaVOMA0G
CSqGSIb3DQEBCwUAA4IBAQCw4Ueu90mtrF+nuQM1jQa1W4+Xqr1XMPmJofxe5MPA
67J34yKdEHqIrINAYZFqFRSPzz61Svqvt+tRjArM5tu90vHwKccQvLiyTsfkPsbL
1EAhgNGgej2WQh2jtbCaDhSXrQ3nEPJ1yqdv0Q9CAIV2pb9dJhBgPDArxzb7hJPX
BMOPgpoEPOKvJ6JvljjeXzAoomKuxqhGRbXs6u4gkNU9mtPmRm8e2aa8t9mvq/9b
gtssORUffjVk+4/QVu6a1HeIPoypRfU0gaFreBd3P8p4gy+4DQg1cIj0cVvod7E8
RtWJPH3FpYaUlLNwGWsD3JZve6xUVrN50fxxXhkisB5Q
-----END CERTIFICATE-----