Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/hyHtH3rRQScWGmlj_42LL0qXWC8.roa
File:                     hyHtH3rRQScWGmlj_42LL0qXWC8.roa (raw, json)
Hash identifier:          H5deeQ0BfMEZO6smpLeBRgGRZCnzQfMcAWznZoo8ESE=
Subject key identifier:   87:21:ED:1F:7A:D1:41:27:16:1A:69:63:FF:8D:8B:2F:4A:97:58:2F
Certificate issuer:       /CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Certificate serial:       018CC8DEEF7815E6125B40E64C5304F3AE20
Authority key identifier: D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/hyHtH3rRQScWGmlj_42LL0qXWC8.roa
Signing time:             Tue 02 Jan 2024 06:31:42 +0000
ROA not before:           Tue 02 Jan 2024 06:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198551
IP address blocks:        185.238.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ef:78:15:e6:12:5b:40:e6:4c:53:04:f3:ae:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
        Validity
            Not Before: Jan  2 06:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8721ed1f7ad14127161a6963ff8d8b2f4a97582f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:af:bd:01:59:11:fa:65:f6:cc:27:50:14:18:
                    00:12:e4:92:5a:2f:c8:bf:cd:03:fc:7e:17:ed:0d:
                    e0:2b:6a:65:fb:a1:53:d6:12:a0:7f:4e:fa:bd:f1:
                    d4:db:6a:66:da:f1:0f:d2:64:25:e2:cb:01:22:43:
                    d2:92:e9:26:2d:0e:6e:fe:29:45:21:bc:70:6d:a9:
                    9f:3f:b9:55:95:96:0a:e6:ba:34:d8:39:53:38:4b:
                    f4:8c:76:3e:b0:de:e5:16:2f:e6:98:b9:d1:0e:9a:
                    5c:77:20:87:f9:d2:34:12:e7:e3:b8:94:a3:d0:38:
                    56:91:e4:28:29:62:3f:4b:85:5a:1e:c5:7d:d3:50:
                    b8:9c:b6:db:ee:7d:3f:ec:07:97:71:de:f1:3d:00:
                    f8:83:4e:33:0a:48:6b:45:55:ad:08:80:01:2d:67:
                    8b:1c:bc:75:be:d2:7b:86:5c:76:27:cf:b8:5f:15:
                    2c:98:66:6c:8c:c1:01:ea:cd:a3:46:e9:c4:fa:25:
                    98:08:15:a1:9e:f8:ed:29:07:11:3f:d1:14:ed:c3:
                    38:6c:5b:45:cc:86:94:9f:30:6c:6f:d4:6d:af:24:
                    9d:ea:68:ad:18:e0:61:7f:18:b1:6c:a1:be:37:41:
                    ee:86:d4:49:5d:35:56:42:22:62:5c:d3:49:96:1d:
                    97:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:21:ED:1F:7A:D1:41:27:16:1A:69:63:FF:8D:8B:2F:4A:97:58:2F
            X509v3 Authority Key Identifier:
                keyid:D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/hyHtH3rRQScWGmlj_42LL0qXWC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:73:08:18:77:77:e9:10:45:ef:e0:3f:36:63:79:ce:42:f2:
         5f:5d:77:33:55:17:ac:9d:a2:82:46:dd:2b:56:21:72:f8:84:
         1e:b8:fb:d4:e1:d5:91:45:50:55:d2:ca:12:fd:2a:01:bd:6a:
         74:10:16:d4:77:e4:61:27:a0:b0:73:48:94:64:36:4a:a8:0e:
         0e:2e:b3:6a:cd:13:f5:b4:38:7d:2e:b9:38:c6:4a:98:ea:37:
         69:47:82:43:9e:6e:8b:3e:42:85:c1:f8:5c:61:aa:61:00:75:
         c9:bf:55:35:92:fa:8e:bb:63:14:57:a0:c7:21:56:3a:88:a4:
         e4:c9:73:7c:95:94:56:2b:d6:cd:50:7b:75:40:6b:41:2b:29:
         b0:83:dd:af:28:33:7d:62:09:99:71:4c:aa:45:6b:87:ea:64:
         9d:72:8d:ea:5f:d8:66:1b:c1:13:8f:6d:59:93:18:c6:fa:3f:
         db:dc:47:09:9b:28:d2:a2:be:df:91:53:80:85:e2:31:6e:9c:
         b7:4c:29:71:80:86:42:ac:b7:d7:91:e4:30:d4:f6:60:2f:a6:
         7b:2f:58:af:05:2e:ef:89:a2:09:3a:49:f4:c7:0d:e5:07:77:
         a8:27:42:fe:45:b8:d3:b2:08:6b:d4:b3:cd:60:5b:3b:06:68:
         61:c8:64:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3u94FeYSW0DmTFME864gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZWUwMzg5Njg3ZGJkNDQ1ZGU2ZjkyMzljMWQwMmMzNzcw
Y2Y1NzQwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzIxZWQxZjdhZDE0MTI3MTYxYTY5NjNmZjhkOGIyZjRhOTc1ODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlq+9AVkR+mX2zCdQFBgAEuSSWi/I
v80D/H4X7Q3gK2pl+6FT1hKgf076vfHU22pm2vEP0mQl4ssBIkPSkukmLQ5u/ilF
IbxwbamfP7lVlZYK5ro02DlTOEv0jHY+sN7lFi/mmLnRDppcdyCH+dI0EufjuJSj
0DhWkeQoKWI/S4VaHsV901C4nLbb7n0/7AeXcd7xPQD4g04zCkhrRVWtCIABLWeL
HLx1vtJ7hlx2J8+4XxUsmGZsjMEB6s2jRunE+iWYCBWhnvjtKQcRP9EU7cM4bFtF
zIaUnzBsb9RtrySd6mitGOBhfxixbKG+N0HuhtRJXTVWQiJiXNNJlh2XwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIch7R960UEnFhppY/+Niy9Kl1gvMB8GA1UdIwQY
MBaAFNDuA4lofb1EXeb5I5wdAsN3DPV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEt
MWEyOWE0NDhkMzA5LzEvaHlIdEgzclJRU2NXR21sal80MkxMMHFYV0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEtMWEyOWE0NDhkMzA5
LzEvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue4kMA0G
CSqGSIb3DQEBCwUAA4IBAQAPcwgYd3fpEEXv4D82Y3nOQvJfXXczVResnaKCRt0r
ViFy+IQeuPvU4dWRRVBV0soS/SoBvWp0EBbUd+RhJ6Cwc0iUZDZKqA4OLrNqzRP1
tDh9Lrk4xkqY6jdpR4JDnm6LPkKFwfhcYaphAHXJv1U1kvqOu2MUV6DHIVY6iKTk
yXN8lZRWK9bNUHt1QGtBKymwg92vKDN9YgmZcUyqRWuH6mSdco3qX9hmG8ETj21Z
kxjG+j/b3EcJmyjSor7fkVOAheIxbpy3TClxgIZCrLfXkeQw1PZgL6Z7L1ivBS7v
iaIJOkn0xw3lB3eoJ0L+RbjTsghr1LPNYFs7BmhhyGTD
-----END CERTIFICATE-----