Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/c383bb-e806-4a6d-a2e8-ee5ca36f1d9a/1/hOVBvk9xyaSPKFv-FoSFEMdG9hw.roa
File:                     hOVBvk9xyaSPKFv-FoSFEMdG9hw.roa (raw, json)
Hash identifier:          Bm07JRpw0B9nA61/kyyQwZUCx/6M4kapfZ7mgaQQZ/c=
Subject key identifier:   84:E5:41:BE:4F:71:C9:A4:8F:28:5B:FE:16:84:85:10:C7:46:F6:1C
Certificate issuer:       /CN=178235df535526d9e6d6aff6fa7ac52293a92c71
Certificate serial:       019343A3FA79C7FB14BDDB32E98F17AB6380
Authority key identifier: 17:82:35:DF:53:55:26:D9:E6:D6:AF:F6:FA:7A:C5:22:93:A9:2C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F4I131NVJtnm1q_2-nrFIpOpLHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/c383bb-e806-4a6d-a2e8-ee5ca36f1d9a/1/hOVBvk9xyaSPKFv-FoSFEMdG9hw.roa
Signing time:             Tue 19 Nov 2024 08:57:20 +0000
ROA not before:           Tue 19 Nov 2024 08:57:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213904
IP address blocks:        82.214.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/c383bb-e806-4a6d-a2e8-ee5ca36f1d9a/1/F4I131NVJtnm1q_2-nrFIpOpLHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/c383bb-e806-4a6d-a2e8-ee5ca36f1d9a/1/F4I131NVJtnm1q_2-nrFIpOpLHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F4I131NVJtnm1q_2-nrFIpOpLHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:a3:fa:79:c7:fb:14:bd:db:32:e9:8f:17:ab:63:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=178235df535526d9e6d6aff6fa7ac52293a92c71
        Validity
            Not Before: Nov 19 08:57:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84e541be4f71c9a48f285bfe16848510c746f61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b2:09:bc:a5:a9:1a:f9:dc:c6:cb:61:5b:99:
                    55:44:6e:6b:8b:e9:ba:cf:57:18:e8:c7:45:fd:31:
                    84:a4:72:af:aa:ac:ef:29:06:20:fb:70:34:a9:c7:
                    ff:bc:71:c0:7d:f5:15:11:c8:b3:7d:97:01:ba:d8:
                    bd:56:e1:14:f6:da:92:b9:ed:52:56:9b:33:e5:3f:
                    f4:b7:aa:82:22:5f:a3:9c:8c:06:e4:2c:7a:e6:20:
                    34:b9:02:3d:1c:7e:a3:e1:a8:17:21:74:f4:37:5a:
                    7a:bc:14:4f:55:14:a9:9c:a9:92:43:e0:42:8f:1e:
                    db:19:7e:74:4f:d1:3a:ea:54:33:bc:f7:0d:51:1a:
                    a5:44:3b:b3:01:0f:a0:5e:e4:78:9f:85:fe:0d:41:
                    6c:5a:d5:cb:f9:48:39:fa:c4:7e:af:3c:21:3b:dd:
                    40:7b:13:7d:98:47:b6:7d:84:d7:3e:5b:69:d5:65:
                    17:f2:29:e6:cc:b4:ae:89:25:89:5b:b0:8b:16:3e:
                    e7:ba:38:8e:c8:15:dd:6c:e1:b3:8a:db:c0:05:6b:
                    50:49:f1:fe:98:8e:35:9d:12:3c:53:ad:04:84:57:
                    97:ea:03:ef:04:04:d5:b2:0f:b4:e3:bb:cc:a8:c7:
                    43:a9:5a:e5:f4:b4:6e:7a:46:67:0d:5e:43:4e:ad:
                    a8:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E5:41:BE:4F:71:C9:A4:8F:28:5B:FE:16:84:85:10:C7:46:F6:1C
            X509v3 Authority Key Identifier:
                keyid:17:82:35:DF:53:55:26:D9:E6:D6:AF:F6:FA:7A:C5:22:93:A9:2C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F4I131NVJtnm1q_2-nrFIpOpLHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/c383bb-e806-4a6d-a2e8-ee5ca36f1d9a/1/hOVBvk9xyaSPKFv-FoSFEMdG9hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/c383bb-e806-4a6d-a2e8-ee5ca36f1d9a/1/F4I131NVJtnm1q_2-nrFIpOpLHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.214.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:30:85:ee:83:a7:c2:9b:d6:f4:52:3b:04:a9:66:f4:a1:61:
         e2:bd:da:43:a9:92:cb:8f:9f:e7:96:dd:b1:7b:33:2a:76:27:
         0c:41:85:d3:02:b9:20:a0:62:d6:0b:86:4b:06:10:cb:3f:4d:
         68:ee:af:8b:ff:fc:fe:68:36:a1:4d:65:1a:cc:f0:d0:eb:84:
         6f:77:53:17:f3:a9:f5:ec:79:67:73:4d:d2:dc:0d:d0:a9:e6:
         e4:ac:f3:06:98:3e:f5:48:f4:86:57:cc:91:eb:29:d0:cb:12:
         31:78:bc:62:fb:8c:ef:26:5b:d2:d6:c3:a6:20:cb:bd:2c:f6:
         2a:cf:03:c6:5d:6d:77:0e:24:8f:3f:71:e8:c6:11:48:e3:98:
         f5:b3:24:be:09:97:2c:49:73:e5:cb:96:18:fe:69:fa:91:45:
         be:02:1e:d7:61:9e:ba:3a:c4:bf:e9:d3:86:2e:d6:7a:69:03:
         7a:b7:31:2f:fa:a2:63:5b:4b:ac:f3:db:c9:e4:d7:f0:81:e4:
         3f:43:40:88:7a:75:a0:ea:2e:a6:a2:f8:2c:31:d4:95:7c:c9:
         63:ad:51:ab:68:52:2b:d5:20:d6:13:ab:76:c4:c5:8b:fa:01:
         5a:08:cf:54:28:a7:0a:d6:94:93:ad:78:4a:82:7f:76:3d:bc:
         ee:fd:a5:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNDo/p5x/sUvdsy6Y8Xq2OAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ODIzNWRmNTM1NTI2ZDllNmQ2YWZmNmZhN2FjNTIyOTNh
OTJjNzEwHhcNMjQxMTE5MDg1NzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGU1NDFiZTRmNzFjOWE0OGYyODViZmUxNjg0ODUxMGM3NDZmNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLIJvKWpGvncxsthW5lVRG5ri+m6
z1cY6MdF/TGEpHKvqqzvKQYg+3A0qcf/vHHAffUVEcizfZcButi9VuEU9tqSue1S
Vpsz5T/0t6qCIl+jnIwG5Cx65iA0uQI9HH6j4agXIXT0N1p6vBRPVRSpnKmSQ+BC
jx7bGX50T9E66lQzvPcNURqlRDuzAQ+gXuR4n4X+DUFsWtXL+Ug5+sR+rzwhO91A
exN9mEe2fYTXPltp1WUX8inmzLSuiSWJW7CLFj7nujiOyBXdbOGzitvABWtQSfH+
mI41nRI8U60EhFeX6gPvBATVsg+047vMqMdDqVrl9LRuekZnDV5DTq2ofQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITlQb5Pccmkjyhb/haEhRDHRvYcMB8GA1UdIwQY
MBaAFBeCNd9TVSbZ5tav9vp6xSKTqSxxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjRJMTMxTlZKdG5tMXFfMi1uckZJcE9wTEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9jMzgzYmItZTgwNi00YTZkLWEyZTgt
ZWU1Y2EzNmYxZDlhLzEvaE9WQnZrOXh5YVNQS0Z2LUZvU0ZFTWRHOWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9jMzgzYmItZTgwNi00YTZkLWEyZTgtZWU1Y2EzNmYxZDlh
LzEvRjRJMTMxTlZKdG5tMXFfMi1uckZJcE9wTEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUtZOMA0G
CSqGSIb3DQEBCwUAA4IBAQBlMIXug6fCm9b0UjsEqWb0oWHivdpDqZLLj5/nlt2x
ezMqdicMQYXTArkgoGLWC4ZLBhDLP01o7q+L//z+aDahTWUazPDQ64Rvd1MX86n1
7Hlnc03S3A3QqebkrPMGmD71SPSGV8yR6ynQyxIxeLxi+4zvJlvS1sOmIMu9LPYq
zwPGXW13DiSPP3HoxhFI45j1syS+CZcsSXPly5YY/mn6kUW+Ah7XYZ66OsS/6dOG
LtZ6aQN6tzEv+qJjW0us89vJ5NfwgeQ/Q0CIenWg6i6movgsMdSVfMljrVGraFIr
1SDWE6t2xMWL+gFaCM9UKKcK1pSTrXhKgn92Pbzu/aUC
-----END CERTIFICATE-----