Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/hPuuxvG6wf_iyGajLZm0PrPRNTE.roa
File:                     hPuuxvG6wf_iyGajLZm0PrPRNTE.roa (raw, json)
Hash identifier:          SqhFWrnGhewNDVxVRZLbY/mjVnrnZ6zHK448/hSwl8Y=
Subject key identifier:   84:FB:AE:C6:F1:BA:C1:FF:E2:C8:66:A3:2D:99:B4:3E:B3:D1:35:31
Certificate issuer:       /CN=5867ac6985cc0b3fea216945c92eb2e932189403
Certificate serial:       0194206862C90C532B18E407D6759B0680D1
Authority key identifier: 58:67:AC:69:85:CC:0B:3F:EA:21:69:45:C9:2E:B2:E9:32:18:94:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/hPuuxvG6wf_iyGajLZm0PrPRNTE.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        178.211.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:62:c9:0c:53:2b:18:e4:07:d6:75:9b:06:80:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5867ac6985cc0b3fea216945c92eb2e932189403
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84fbaec6f1bac1ffe2c866a32d99b43eb3d13531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:31:9b:36:79:8d:51:af:3d:5e:04:2e:01:e6:
                    f8:54:af:40:9d:4c:11:b0:f8:77:bf:6c:f6:4a:d6:
                    56:5d:0d:50:ae:b7:2d:86:18:52:7e:88:ea:15:36:
                    ae:63:0f:90:9d:e6:8f:a0:09:56:24:84:07:bc:f4:
                    c4:93:52:b4:2a:b1:04:8b:cd:80:44:b6:19:4e:de:
                    ec:f5:93:a8:30:d8:12:9f:e9:25:98:f7:a1:55:51:
                    69:86:45:6b:2f:db:7a:fe:3b:95:12:bd:eb:2b:ae:
                    56:3f:be:85:75:77:0a:18:19:bc:cf:7e:19:0d:40:
                    f1:2d:a2:11:6e:5b:56:fb:a6:4d:13:28:37:8e:36:
                    34:60:bf:3c:23:4f:c9:4a:21:c2:1f:ef:f7:3d:cd:
                    95:05:0e:c1:59:ce:5e:e3:cc:a5:df:0e:3c:aa:46:
                    d8:fd:60:3f:4c:c0:9d:22:e6:0b:39:13:e6:39:43:
                    cb:25:e0:6a:16:96:a8:3f:d9:ce:83:5b:82:7d:12:
                    d9:b8:b6:b7:35:58:d6:4e:8f:cc:bf:dd:ad:2c:96:
                    35:35:5e:d3:48:e2:24:1c:d7:83:6b:b5:80:ae:fd:
                    b8:0a:29:48:20:99:ad:3b:18:4f:7d:7f:31:8b:63:
                    a3:a2:da:51:ec:b0:09:6c:bb:12:0c:66:d9:78:25:
                    1c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FB:AE:C6:F1:BA:C1:FF:E2:C8:66:A3:2D:99:B4:3E:B3:D1:35:31
            X509v3 Authority Key Identifier:
                keyid:58:67:AC:69:85:CC:0B:3F:EA:21:69:45:C9:2E:B2:E9:32:18:94:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/hPuuxvG6wf_iyGajLZm0PrPRNTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:55:ca:61:e7:49:a4:3f:10:61:15:dd:83:04:6e:69:56:40:
         f2:c9:46:15:a4:cc:59:95:8a:78:87:c0:4a:4a:1a:4a:36:2a:
         37:61:35:b7:a4:5b:0b:01:54:98:a9:16:9b:ec:4e:99:6a:be:
         e1:66:ed:bc:cc:6e:50:7d:97:5a:76:84:ac:c7:bc:c6:a5:62:
         38:55:89:e3:0f:c6:71:45:ee:1f:ed:f9:6b:be:da:ea:c1:55:
         f2:17:7c:48:1d:49:fd:c7:58:cd:d6:73:8c:b8:20:2d:7b:bf:
         ef:43:be:68:66:fc:dc:c6:cb:9c:3c:50:ac:c0:bc:6c:e5:5a:
         cb:2f:63:42:c5:35:67:04:7b:ca:31:12:c7:32:98:fc:a2:0a:
         62:1b:a9:64:7d:e8:65:f4:51:f3:4d:cb:ea:fc:da:e4:f7:a6:
         7b:2f:cf:f8:c8:d8:e2:5a:33:88:d9:ce:c1:b3:64:fa:5a:05:
         01:29:41:bb:06:b3:38:e9:00:f5:dc:18:08:1b:b5:69:de:a5:
         a8:52:8d:da:9d:dd:fd:83:2d:76:7d:9f:f5:79:64:cb:7b:80:
         06:97:89:8d:8c:f6:00:eb:4b:79:bb:ba:98:bb:4f:50:ce:79:
         f9:0f:3c:14:8c:53:ee:85:1d:87:76:bf:36:ca:02:95:2c:f4:
         68:7a:0a:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGLJDFMrGOQH1nWbBoDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjdhYzY5ODVjYzBiM2ZlYTIxNjk0NWM5MmViMmU5MzIx
ODk0MDMwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGZiYWVjNmYxYmFjMWZmZTJjODY2YTMyZDk5YjQzZWIzZDEzNTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDGbNnmNUa89XgQuAeb4VK9AnUwR
sPh3v2z2StZWXQ1QrrcthhhSfojqFTauYw+QneaPoAlWJIQHvPTEk1K0KrEEi82A
RLYZTt7s9ZOoMNgSn+klmPehVVFphkVrL9t6/juVEr3rK65WP76FdXcKGBm8z34Z
DUDxLaIRbltW+6ZNEyg3jjY0YL88I0/JSiHCH+/3Pc2VBQ7BWc5e48yl3w48qkbY
/WA/TMCdIuYLORPmOUPLJeBqFpaoP9nOg1uCfRLZuLa3NVjWTo/Mv92tLJY1NV7T
SOIkHNeDa7WArv24CilIIJmtOxhPfX8xi2OjotpR7LAJbLsSDGbZeCUciwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIT7rsbxusH/4shmoy2ZtD6z0TUxMB8GA1UdIwQY
MBaAFFhnrGmFzAs/6iFpRckusukyGJQDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dlc2FZWE1Del9xSVdsRnlTNnk2VElZbEFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mNDgyN2ItM2QxZC00YWNiLWE3NzMt
Y2IxNjhhZmRiMzQzLzEvaFB1dXh2RzZ3Zl9peUdhakxabTBQclBSTlRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mNDgyN2ItM2QxZC00YWNiLWE3NzMtY2IxNjhhZmRiMzQz
LzEvV0dlc2FZWE1Del9xSVdsRnlTNnk2VElZbEFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOOMA0G
CSqGSIb3DQEBCwUAA4IBAQCGVcph50mkPxBhFd2DBG5pVkDyyUYVpMxZlYp4h8BK
ShpKNio3YTW3pFsLAVSYqRab7E6Zar7hZu28zG5QfZdadoSsx7zGpWI4VYnjD8Zx
Re4f7flrvtrqwVXyF3xIHUn9x1jN1nOMuCAte7/vQ75oZvzcxsucPFCswLxs5VrL
L2NCxTVnBHvKMRLHMpj8ogpiG6lkfehl9FHzTcvq/Nrk96Z7L8/4yNjiWjOI2c7B
s2T6WgUBKUG7BrM46QD13BgIG7Vp3qWoUo3and39gy12fZ/1eWTLe4AGl4mNjPYA
60t5u7qYu09Qznn5DzwUjFPuhR2Hdr82ygKVLPRoegqg
-----END CERTIFICATE-----