Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/1HbC3ihkQnTCyJAdj3Dx55aYCU0.roa
File:                     1HbC3ihkQnTCyJAdj3Dx55aYCU0.roa (raw, json)
Hash identifier:          5btH+RL0rcMK5w9gdmmyvvCCon9RL+02yUUweQerWXQ=
Subject key identifier:   D4:76:C2:DE:28:64:42:74:C2:C8:90:1D:8F:70:F1:E7:96:98:09:4D
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       018CC7940D44F9D604AFD4DD600E453AA2E2
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/1HbC3ihkQnTCyJAdj3Dx55aYCU0.roa
Signing time:             Tue 02 Jan 2024 00:30:17 +0000
ROA not before:           Tue 02 Jan 2024 00:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        194.104.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:0d:44:f9:d6:04:af:d4:dd:60:0e:45:3a:a2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Jan  2 00:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d476c2de28644274c2c8901d8f70f1e79698094d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d4:fe:7d:92:73:44:09:7b:46:69:bb:89:a1:
                    75:10:a9:f8:ae:fd:c7:71:62:22:5a:68:e7:9c:28:
                    3e:4c:58:3e:51:f4:12:61:99:07:c1:6b:db:8b:c6:
                    d6:bb:a8:22:7a:2f:e0:dc:43:56:93:1c:6f:7f:83:
                    a2:c8:b8:cd:4e:59:1d:63:5d:d7:12:b5:b3:71:ec:
                    70:25:d2:e4:61:b3:1a:e1:11:2e:cb:d0:eb:15:e5:
                    73:73:60:5b:80:d1:2b:9f:3e:69:8e:ce:03:dc:4b:
                    69:d2:d1:c6:a0:2c:60:d8:0c:4a:c1:fd:74:a3:ad:
                    4b:7f:78:42:1d:4f:53:5b:11:2d:ec:b9:f9:70:0f:
                    cc:2f:9c:65:6a:1a:42:53:33:67:ea:56:aa:2f:13:
                    94:12:19:86:51:55:88:f4:fa:4e:b8:de:ce:27:8c:
                    1b:7b:7b:32:60:e9:81:58:0e:13:34:59:23:70:55:
                    ed:28:24:ca:0f:9a:1c:4a:55:4e:5f:40:fd:42:0b:
                    82:45:d9:8c:ee:74:2e:cd:c4:0a:6d:b1:0c:8a:9d:
                    11:69:1b:02:09:41:5f:5e:ef:49:07:28:03:ce:f5:
                    30:cf:7a:67:19:b3:60:0f:a1:8c:3b:c5:98:06:fc:
                    00:d1:d1:ce:fa:31:a9:85:34:6f:01:b1:7c:5b:41:
                    02:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:76:C2:DE:28:64:42:74:C2:C8:90:1D:8F:70:F1:E7:96:98:09:4D
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/1HbC3ihkQnTCyJAdj3Dx55aYCU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:3a:1a:3f:dd:1e:f2:97:b5:8d:85:ec:e9:7e:ab:d5:d3:61:
         2f:a0:11:7f:6c:6e:ea:35:4d:a1:07:53:74:82:ab:cc:54:31:
         86:b8:60:a0:99:96:42:61:84:79:22:38:06:6a:2d:64:dc:0d:
         48:93:c4:b0:21:ed:6d:18:ad:3e:cc:e5:87:6b:6f:ed:0f:57:
         5b:07:51:31:d4:58:97:05:62:76:d4:b8:5d:e3:78:72:d0:6f:
         9f:01:c7:5c:53:a9:82:ed:81:25:06:2a:b1:20:32:39:75:00:
         54:3e:c9:8c:c5:9f:18:53:11:af:29:08:13:e1:03:e8:b5:1f:
         de:42:d8:20:68:d9:44:2c:b2:13:f6:cf:5b:97:f5:2f:a6:4c:
         6c:11:c5:fa:3b:80:e0:58:2a:21:51:b7:28:fb:c5:a1:e6:98:
         25:df:b9:22:a9:86:b2:9c:57:f4:b3:37:ed:66:30:4b:c7:af:
         ff:01:7c:38:cc:db:72:ab:1b:75:fa:7a:02:28:95:fc:93:56:
         36:1e:f8:9d:43:74:0a:bc:17:3a:ff:7e:9a:eb:3e:8b:9c:04:
         b5:77:41:de:8b:29:80:c1:bd:be:12:dc:cb:eb:d5:f2:df:78:
         17:77:c5:f1:53:f4:0f:f4:6d:fb:af:06:c9:e9:06:70:af:19:
         83:e2:bc:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlA1E+dYEr9TdYA5FOqLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjQwMTAyMDAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDc2YzJkZTI4NjQ0Mjc0YzJjODkwMWQ4ZjcwZjFlNzk2OTgwOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9T+fZJzRAl7Rmm7iaF1EKn4rv3H
cWIiWmjnnCg+TFg+UfQSYZkHwWvbi8bWu6giei/g3ENWkxxvf4OiyLjNTlkdY13X
ErWzcexwJdLkYbMa4REuy9DrFeVzc2BbgNErnz5pjs4D3Etp0tHGoCxg2AxKwf10
o61Lf3hCHU9TWxEt7Ln5cA/ML5xlahpCUzNn6laqLxOUEhmGUVWI9PpOuN7OJ4wb
e3syYOmBWA4TNFkjcFXtKCTKD5ocSlVOX0D9QguCRdmM7nQuzcQKbbEMip0RaRsC
CUFfXu9JBygDzvUwz3pnGbNgD6GMO8WYBvwA0dHO+jGphTRvAbF8W0ECkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNR2wt4oZEJ0wsiQHY9w8eeWmAlNMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvMUhiQzNpaGtRblRDeUpBZGozRHg1NWFZQ1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiKMA0G
CSqGSIb3DQEBCwUAA4IBAQCWOho/3R7yl7WNhezpfqvV02EvoBF/bG7qNU2hB1N0
gqvMVDGGuGCgmZZCYYR5IjgGai1k3A1Ik8SwIe1tGK0+zOWHa2/tD1dbB1Ex1FiX
BWJ21Lhd43hy0G+fAcdcU6mC7YElBiqxIDI5dQBUPsmMxZ8YUxGvKQgT4QPotR/e
QtggaNlELLIT9s9bl/UvpkxsEcX6O4DgWCohUbco+8Wh5pgl37kiqYaynFf0szft
ZjBLx6//AXw4zNtyqxt1+noCKJX8k1Y2HvidQ3QKvBc6/36a6z6LnAS1d0HeiymA
wb2+EtzL69Xy33gXd8XxU/QP9G37rwbJ6QZwrxmD4rzw
-----END CERTIFICATE-----