Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iw_h_hf-Hyax3qWU5oAT0h3aB-s.roa
File:                     iw_h_hf-Hyax3qWU5oAT0h3aB-s.roa (raw, json)
Hash identifier:          TKvlYTJQz3p2ZP+yg//YMo7wi37UC17FB2aJkFX/JVg=
Subject key identifier:   8B:0F:E1:FE:17:FE:1F:26:B1:DE:A5:94:E6:80:13:D2:1D:DA:07:EB
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018D0C87C4BAC55097B8AE37DA9B106F0DAF
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iw_h_hf-Hyax3qWU5oAT0h3aB-s.roa
Signing time:             Mon 15 Jan 2024 09:50:40 +0000
ROA not before:           Mon 15 Jan 2024 09:50:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        5.180.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:87:c4:ba:c5:50:97:b8:ae:37:da:9b:10:6f:0d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan 15 09:50:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b0fe1fe17fe1f26b1dea594e68013d21dda07eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9f:a4:32:71:02:6c:2a:37:04:48:51:ae:c1:
                    e5:98:07:10:4d:dc:70:18:1e:7a:46:bc:cb:86:61:
                    21:bb:5b:86:7c:28:0c:55:90:5f:15:c9:5d:39:04:
                    79:65:9f:7a:cf:de:27:55:89:a2:6d:be:a1:5f:69:
                    5c:09:04:b0:ad:55:3c:ae:1f:6f:03:f1:05:47:84:
                    04:c3:bd:81:be:b9:0e:5c:ab:69:08:10:02:28:a4:
                    13:3c:18:d1:5e:7a:61:fc:88:13:73:18:d6:2f:38:
                    73:a1:12:0f:f4:1b:0f:cb:36:6c:71:d7:bb:4c:97:
                    33:f1:4f:61:1d:37:71:b2:dc:96:bb:83:21:d3:e7:
                    30:40:19:88:bd:79:19:41:68:95:a1:c3:5c:f7:8e:
                    3a:b0:f7:86:b2:74:0b:a7:0d:0b:99:73:88:f8:6f:
                    97:a2:96:44:e4:97:d9:38:59:e7:21:f7:86:7f:1d:
                    9a:2d:02:dc:70:d7:68:ef:3f:1b:38:41:82:b0:7f:
                    f2:fc:f2:7a:11:07:ec:29:bb:f9:67:36:d8:06:00:
                    ab:38:e7:f3:a8:9b:29:20:08:5a:83:71:0d:38:e7:
                    43:11:9b:32:22:c6:8d:56:85:b5:c7:fc:b8:a7:3e:
                    b3:af:77:3d:52:ad:72:57:6a:b0:75:18:3e:b4:19:
                    22:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0F:E1:FE:17:FE:1F:26:B1:DE:A5:94:E6:80:13:D2:1D:DA:07:EB
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iw_h_hf-Hyax3qWU5oAT0h3aB-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:18:0c:cf:7c:fc:d5:df:55:9f:57:5d:06:e9:59:4a:b5:36:
         76:68:b0:d6:81:02:5a:ae:3d:6f:c0:32:db:9e:ff:bf:b2:b0:
         91:e2:0f:2d:3d:4e:b5:6a:a0:1a:e3:89:f7:60:1a:9a:a1:fa:
         9f:7f:b7:cf:84:12:3c:7e:c5:d5:1d:8f:a3:c4:ab:51:a0:5d:
         8b:f0:97:31:c2:be:b1:bc:27:c5:89:25:c7:e9:26:6e:3d:ae:
         ca:d0:9b:3f:fd:70:d8:dc:1c:1f:25:b3:53:dc:17:97:8d:61:
         7a:05:6d:eb:d1:0e:f9:87:fa:8d:ca:ff:26:34:61:1a:bd:e5:
         d5:61:90:f6:92:82:0d:a4:d4:14:0c:81:37:e6:98:1a:54:57:
         63:f1:2d:25:f8:cf:91:10:c5:c8:f9:61:58:a9:fd:0e:e6:c6:
         d4:3f:9e:c0:74:0a:90:75:4a:86:9a:48:9d:6b:73:63:f0:21:
         dd:b2:ae:86:d1:bc:1f:ea:2d:d2:b7:4e:e8:e5:23:e2:39:c6:
         d2:27:5c:b5:ed:1d:40:5a:28:53:89:f9:6d:af:da:8e:88:7a:
         ac:81:4f:6c:a5:2e:eb:36:3b:ef:55:4c:1f:a5:0c:ef:d0:0b:
         5e:09:54:d6:bc:5e:d1:29:56:3b:98:05:e4:ab:49:ba:3b:2a:
         f1:73:14:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0Mh8S6xVCXuK432psQbw2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTE1MDk1MDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjBmZTFmZTE3ZmUxZjI2YjFkZWE1OTRlNjgwMTNkMjFkZGEwN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5+kMnECbCo3BEhRrsHlmAcQTdxw
GB56RrzLhmEhu1uGfCgMVZBfFcldOQR5ZZ96z94nVYmibb6hX2lcCQSwrVU8rh9v
A/EFR4QEw72BvrkOXKtpCBACKKQTPBjRXnph/IgTcxjWLzhzoRIP9BsPyzZscde7
TJcz8U9hHTdxstyWu4Mh0+cwQBmIvXkZQWiVocNc9446sPeGsnQLpw0LmXOI+G+X
opZE5JfZOFnnIfeGfx2aLQLccNdo7z8bOEGCsH/y/PJ6EQfsKbv5ZzbYBgCrOOfz
qJspIAhag3ENOOdDEZsyIsaNVoW1x/y4pz6zr3c9Uq1yV2qwdRg+tBkiGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsP4f4X/h8msd6llOaAE9Id2gfrMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvaXdfaF9oZi1IeWF4M3FXVTVvQVQwaDNhQi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbTpMA0G
CSqGSIb3DQEBCwUAA4IBAQABGAzPfPzV31WfV10G6VlKtTZ2aLDWgQJarj1vwDLb
nv+/srCR4g8tPU61aqAa44n3YBqaofqff7fPhBI8fsXVHY+jxKtRoF2L8Jcxwr6x
vCfFiSXH6SZuPa7K0Js//XDY3BwfJbNT3BeXjWF6BW3r0Q75h/qNyv8mNGEaveXV
YZD2koINpNQUDIE35pgaVFdj8S0l+M+REMXI+WFYqf0O5sbUP57AdAqQdUqGmkid
a3Nj8CHdsq6G0bwf6i3St07o5SPiOcbSJ1y17R1AWihTifltr9qOiHqsgU9spS7r
NjvvVUwfpQzv0AteCVTWvF7RKVY7mAXkq0m6OyrxcxTz
-----END CERTIFICATE-----