Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/HbLrWYvpZ3oR_JlftkugbPFu1sg.roa
File:                     HbLrWYvpZ3oR_JlftkugbPFu1sg.roa (raw, json)
Hash identifier:          hyVYRW9dEIvcdUsfvs+O6FvP8/Ig+3miBLv5dJqVY64=
Subject key identifier:   1D:B2:EB:59:8B:E9:67:7A:11:FC:99:5F:B6:4B:A0:6C:F1:6E:D6:C8
Certificate issuer:       /CN=5690efa23c778ef7470f3ac0a905619bc7c277e4
Certificate serial:       01942143BC439CCB7435E639645ECFA0380C
Authority key identifier: 56:90:EF:A2:3C:77:8E:F7:47:0F:3A:C0:A9:05:61:9B:C7:C2:77:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VpDvojx3jvdHDzrAqQVhm8fCd-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/HbLrWYvpZ3oR_JlftkugbPFu1sg.roa
Signing time:             Wed 01 Jan 2025 09:47:54 +0000
ROA not before:           Wed 01 Jan 2025 09:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137
IP address blocks:        141.250.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/VpDvojx3jvdHDzrAqQVhm8fCd-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/VpDvojx3jvdHDzrAqQVhm8fCd-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VpDvojx3jvdHDzrAqQVhm8fCd-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 09:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:bc:43:9c:cb:74:35:e6:39:64:5e:cf:a0:38:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5690efa23c778ef7470f3ac0a905619bc7c277e4
        Validity
            Not Before: Jan  1 09:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1db2eb598be9677a11fc995fb64ba06cf16ed6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0c:cd:0b:84:f8:16:9b:8e:fe:ad:68:08:ef:
                    c9:02:a5:58:cb:54:15:11:23:b6:c4:44:ce:f9:8c:
                    c2:a5:d1:4f:72:64:9a:52:eb:be:ab:cd:6c:f6:4c:
                    f6:1c:21:71:04:d8:f4:aa:b6:3d:93:25:d5:c5:62:
                    01:e4:b6:ea:68:3f:5a:66:c5:c5:47:4e:a3:68:c3:
                    13:75:7f:c5:ad:79:14:a2:5a:51:7c:ba:8f:22:00:
                    f8:d0:8d:c9:be:52:f5:61:67:32:2a:8c:7c:50:b6:
                    6a:e3:80:d7:bc:e1:86:d0:b5:48:19:67:10:37:f2:
                    24:82:88:7d:03:bc:ab:d6:aa:70:4f:4f:72:64:91:
                    b7:aa:3c:18:7b:11:9b:7d:e2:a8:ab:e2:06:3f:bc:
                    37:91:17:70:66:6e:dd:55:1e:b6:80:02:2c:2a:b4:
                    aa:6a:3b:ab:8a:0d:91:b7:a2:7c:d0:6a:5e:45:75:
                    0e:24:19:62:82:9e:33:03:b0:aa:8c:8a:80:9a:f0:
                    c6:16:da:fe:3c:02:f1:ed:62:8c:77:5c:98:7d:c4:
                    ed:f7:47:28:e3:40:5c:e5:88:62:2e:75:9f:16:a9:
                    39:99:bf:5e:5a:1d:ba:25:f5:62:7a:88:28:12:7e:
                    88:88:ea:47:14:1a:9c:a0:71:e0:2f:eb:c3:5c:ed:
                    2e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B2:EB:59:8B:E9:67:7A:11:FC:99:5F:B6:4B:A0:6C:F1:6E:D6:C8
            X509v3 Authority Key Identifier:
                keyid:56:90:EF:A2:3C:77:8E:F7:47:0F:3A:C0:A9:05:61:9B:C7:C2:77:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VpDvojx3jvdHDzrAqQVhm8fCd-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/HbLrWYvpZ3oR_JlftkugbPFu1sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/VpDvojx3jvdHDzrAqQVhm8fCd-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.250.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a6:4b:3f:09:40:5f:40:83:58:58:4f:9f:60:c1:f9:88:51:21:
         b2:4a:de:88:7f:fd:71:04:1c:55:49:68:fa:53:05:8c:aa:fc:
         6a:e8:28:64:4e:01:e7:0c:72:d1:dc:69:b7:64:1c:a9:6a:18:
         0a:44:6f:a1:15:40:9c:c9:b7:69:39:e2:c3:e3:92:13:6b:82:
         2d:98:2d:0f:44:1a:69:08:66:0d:f7:a6:10:16:ac:e7:f4:8e:
         3a:50:b9:15:39:2e:73:95:77:79:33:b4:c1:62:03:6c:2d:3b:
         51:c8:48:20:48:88:9f:a9:59:0f:88:9e:42:62:0a:15:fa:4c:
         ba:e9:94:32:0c:f7:db:76:77:61:ee:19:8f:3a:3c:4b:c1:d7:
         c8:08:2a:64:8f:75:8e:5e:cb:36:f1:45:fb:a6:06:f4:4b:26:
         b3:14:e4:06:2f:e0:6a:b1:0e:d6:8a:f7:53:b7:e0:b9:75:a9:
         d0:be:28:37:15:55:22:6a:64:45:29:94:42:ff:58:5c:e7:bc:
         8a:d8:af:e8:b8:92:12:90:81:56:e8:b9:d8:73:a1:da:40:b7:
         72:79:8a:0f:81:81:ec:dc:fc:ae:c4:d0:fb:48:b3:d7:1a:18:
         ee:22:81:63:ca:41:bd:fc:95:17:9c:8b:a4:d8:d1:1d:17:95:
         00:eb:b8:59
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQhQ7xDnMt0NeY5ZF7PoDgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OTBlZmEyM2M3NzhlZjc0NzBmM2FjMGE5MDU2MTliYzdj
Mjc3ZTQwHhcNMjUwMTAxMDk0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIyZWI1OThiZTk2NzdhMTFmYzk5NWZiNjRiYTA2Y2YxNmVkNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAzNC4T4FpuO/q1oCO/JAqVYy1QV
ESO2xETO+YzCpdFPcmSaUuu+q81s9kz2HCFxBNj0qrY9kyXVxWIB5LbqaD9aZsXF
R06jaMMTdX/FrXkUolpRfLqPIgD40I3JvlL1YWcyKox8ULZq44DXvOGG0LVIGWcQ
N/Ikgoh9A7yr1qpwT09yZJG3qjwYexGbfeKoq+IGP7w3kRdwZm7dVR62gAIsKrSq
ajurig2Rt6J80GpeRXUOJBligp4zA7CqjIqAmvDGFtr+PALx7WKMd1yYfcTt90co
40Bc5YhiLnWfFqk5mb9eWh26JfVieogoEn6IiOpHFBqcoHHgL+vDXO0uhQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFB2y61mL6Wd6EfyZX7ZLoGzxbtbIMB8GA1UdIwQY
MBaAFFaQ76I8d473Rw86wKkFYZvHwnfkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnBEdm9qeDNqdmRIRHpyQXFRVmhtOGZDZC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82YjU0N2YtY2ViZC00OGI1LWJkY2It
ODNhZTJmMjE0MTIxLzEvSGJMcldZdnBaM29SX0psZnRrdWdiUEZ1MXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82YjU0N2YtY2ViZC00OGI1LWJkY2ItODNhZTJmMjE0MTIx
LzEvVnBEdm9qeDNqdmRIRHpyQXFRVmhtOGZDZC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjfowDQYJ
KoZIhvcNAQELBQADggEBAKZLPwlAX0CDWFhPn2DB+YhRIbJK3oh//XEEHFVJaPpT
BYyq/GroKGROAecMctHcabdkHKlqGApEb6EVQJzJt2k54sPjkhNrgi2YLQ9EGmkI
Zg33phAWrOf0jjpQuRU5LnOVd3kztMFiA2wtO1HISCBIiJ+pWQ+InkJiChX6TLrp
lDIM99t2d2HuGY86PEvB18gIKmSPdY5eyzbxRfumBvRLJrMU5AYv4GqxDtaK91O3
4Ll1qdC+KDcVVSJqZEUplEL/WFznvIrYr+i4khKQgVboudhzodpAt3J5ig+Bgezc
/K7E0PtIs9caGO4igWPKQb38lReci6TY0R0XlQDruFk=
-----END CERTIFICATE-----