Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/bnhhztuxFibvur8FNpe0Q4uP7wo.roa
File:                     bnhhztuxFibvur8FNpe0Q4uP7wo.roa (raw, json)
Hash identifier:          KQsITvPg/PJVER0mAbZoTouNCOSRyBSHFqtg7Z3silI=
Subject key identifier:   6E:78:61:CE:DB:B1:16:26:EF:BA:BF:05:36:97:B4:43:8B:8F:EF:0A
Certificate issuer:       /CN=5867ac6985cc0b3fea216945c92eb2e932189403
Certificate serial:       01942068621CD02BB366D0CD2818B9E75717
Authority key identifier: 58:67:AC:69:85:CC:0B:3F:EA:21:69:45:C9:2E:B2:E9:32:18:94:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/bnhhztuxFibvur8FNpe0Q4uP7wo.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        178.211.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:62:1c:d0:2b:b3:66:d0:cd:28:18:b9:e7:57:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5867ac6985cc0b3fea216945c92eb2e932189403
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e7861cedbb11626efbabf053697b4438b8fef0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bf:84:a8:34:27:24:d7:c5:18:fb:ac:3d:20:
                    ac:0d:a0:2c:c4:88:e0:84:27:7c:cd:17:90:e8:ec:
                    c8:e9:85:1e:5b:19:af:5d:5e:ea:73:b7:77:2a:1b:
                    d9:f4:ba:d0:fb:7a:5e:78:af:bc:55:24:78:48:57:
                    98:82:e0:6a:fb:e1:01:f8:a2:d7:e9:20:a6:4f:31:
                    09:9e:a7:ee:7f:01:92:a7:36:f9:84:af:f1:9d:f8:
                    4c:02:62:5a:e3:a0:53:67:4b:d0:20:04:9c:d4:7b:
                    9b:89:1c:2f:73:0f:aa:dd:5b:17:af:be:73:44:a0:
                    83:80:6f:c7:14:56:9c:55:46:c8:92:65:45:b7:c0:
                    f5:d2:d7:9a:9e:64:12:06:48:1d:3d:18:c3:25:6c:
                    ee:1f:ea:70:7e:ea:fe:77:e7:1b:1e:66:31:ec:e7:
                    0a:72:5f:47:de:8f:55:29:24:e5:3c:05:85:d3:f3:
                    46:d8:5e:1e:17:44:c4:9b:7d:b9:83:0a:9c:c7:04:
                    a0:46:6b:fe:bd:31:2f:9c:3d:e5:3a:a5:35:59:c2:
                    9d:93:97:dd:44:99:3f:4b:47:54:80:84:95:89:5b:
                    6f:dd:39:e0:b8:6e:70:c3:d2:45:2d:2b:8c:0b:14:
                    55:d0:24:93:67:61:46:0c:68:ba:72:18:46:7e:de:
                    b0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:78:61:CE:DB:B1:16:26:EF:BA:BF:05:36:97:B4:43:8B:8F:EF:0A
            X509v3 Authority Key Identifier:
                keyid:58:67:AC:69:85:CC:0B:3F:EA:21:69:45:C9:2E:B2:E9:32:18:94:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/bnhhztuxFibvur8FNpe0Q4uP7wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:00:42:06:f8:c1:f9:32:e5:1a:d8:2c:b6:72:1c:77:54:f4:
         2d:92:d7:c1:a0:11:a9:0d:96:08:6d:e5:8c:13:fd:9a:23:8e:
         c4:ca:eb:38:d5:a3:be:cc:fb:7f:15:f3:bf:72:c9:1d:60:d5:
         30:a2:43:30:5a:69:cb:ca:1d:ad:d4:a5:5b:19:87:66:ca:5c:
         52:87:3d:a3:74:5c:9a:c0:a6:37:f8:1f:e0:5e:b2:27:60:ec:
         e3:d7:67:44:72:b9:97:1f:3b:7c:ed:5b:a5:4d:35:44:a0:4e:
         ed:56:2b:d1:10:6a:91:77:d1:54:b2:95:5a:c6:c6:04:da:9b:
         cd:f7:6b:e1:78:dc:35:82:6b:6a:1c:17:f5:bd:dd:df:a4:29:
         71:0a:84:39:58:ee:4e:bd:3b:7e:f4:c2:d3:e1:7f:2a:89:6f:
         2d:59:80:72:e5:85:2b:ed:7e:54:c7:68:05:de:38:03:19:58:
         6f:a4:ef:0c:1e:9c:ac:15:f0:e2:38:1d:40:fb:00:b0:25:e2:
         20:6c:9c:27:ba:b0:fe:eb:1f:b1:38:b7:74:c7:a0:c5:49:9d:
         30:fe:c9:bb:d8:76:c4:29:90:f6:03:b1:c8:d3:a5:eb:a7:72:
         2b:d8:73:ac:bb:f2:51:78:20:a5:08:36:24:2f:12:e2:04:b9:
         9d:a9:97:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGIc0CuzZtDNKBi551cXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjdhYzY5ODVjYzBiM2ZlYTIxNjk0NWM5MmViMmU5MzIx
ODk0MDMwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc4NjFjZWRiYjExNjI2ZWZiYWJmMDUzNjk3YjQ0MzhiOGZlZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb+EqDQnJNfFGPusPSCsDaAsxIjg
hCd8zReQ6OzI6YUeWxmvXV7qc7d3KhvZ9LrQ+3peeK+8VSR4SFeYguBq++EB+KLX
6SCmTzEJnqfufwGSpzb5hK/xnfhMAmJa46BTZ0vQIASc1HubiRwvcw+q3VsXr75z
RKCDgG/HFFacVUbIkmVFt8D10teanmQSBkgdPRjDJWzuH+pwfur+d+cbHmYx7OcK
cl9H3o9VKSTlPAWF0/NG2F4eF0TEm325gwqcxwSgRmv+vTEvnD3lOqU1WcKdk5fd
RJk/S0dUgISViVtv3TnguG5ww9JFLSuMCxRV0CSTZ2FGDGi6chhGft6wswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG54Yc7bsRYm77q/BTaXtEOLj+8KMB8GA1UdIwQY
MBaAFFhnrGmFzAs/6iFpRckusukyGJQDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dlc2FZWE1Del9xSVdsRnlTNnk2VElZbEFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mNDgyN2ItM2QxZC00YWNiLWE3NzMt
Y2IxNjhhZmRiMzQzLzEvYm5oaHp0dXhGaWJ2dXI4Rk5wZTBRNHVQN3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mNDgyN2ItM2QxZC00YWNiLWE3NzMtY2IxNjhhZmRiMzQz
LzEvV0dlc2FZWE1Del9xSVdsRnlTNnk2VElZbEFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOOMA0G
CSqGSIb3DQEBCwUAA4IBAQB6AEIG+MH5MuUa2Cy2chx3VPQtktfBoBGpDZYIbeWM
E/2aI47Eyus41aO+zPt/FfO/cskdYNUwokMwWmnLyh2t1KVbGYdmylxShz2jdFya
wKY3+B/gXrInYOzj12dEcrmXHzt87VulTTVEoE7tVivREGqRd9FUspVaxsYE2pvN
92vheNw1gmtqHBf1vd3fpClxCoQ5WO5OvTt+9MLT4X8qiW8tWYBy5YUr7X5Ux2gF
3jgDGVhvpO8MHpysFfDiOB1A+wCwJeIgbJwnurD+6x+xOLd0x6DFSZ0w/sm72HbE
KZD2A7HI06Xrp3Ir2HOsu/JReCClCDYkLxLiBLmdqZfZ
-----END CERTIFICATE-----