Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/hxSl-UeD6oHva-ileELw86t_ctQ.roa
File:                     hxSl-UeD6oHva-ileELw86t_ctQ.roa (raw, json)
Hash identifier:          WqTNYd/k6UHTpQfCP4P/Zw/jGkyO7Vx9FIae9nI459A=
Subject key identifier:   87:14:A5:F9:47:83:EA:81:EF:6B:E8:A5:78:42:F0:F3:AB:7F:72:D4
Certificate issuer:       /CN=048dc3b923c7738f9a58ee80b49bcd0c5e7dcffa
Certificate serial:       018CC2DAF48C59491C50979A8FEFDBF8922D
Authority key identifier: 04:8D:C3:B9:23:C7:73:8F:9A:58:EE:80:B4:9B:CD:0C:5E:7D:CF:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/hxSl-UeD6oHva-ileELw86t_ctQ.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        79.174.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f4:8c:59:49:1c:50:97:9a:8f:ef:db:f8:92:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048dc3b923c7738f9a58ee80b49bcd0c5e7dcffa
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8714a5f94783ea81ef6be8a57842f0f3ab7f72d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:48:97:72:c8:a9:62:4c:e7:fc:a7:28:25:fe:
                    cf:b3:5a:2b:a1:24:4d:cc:b1:ab:15:1a:d5:99:4a:
                    b6:ca:5c:03:2a:1f:fa:a4:2d:c5:2b:d6:cc:3a:d0:
                    10:58:c6:71:51:63:af:5c:cd:44:87:f7:5b:bd:3c:
                    7f:cd:40:6a:8b:88:c2:35:15:45:43:1b:f9:d7:b8:
                    49:0a:9b:43:e7:95:9b:c4:e4:14:7b:1f:6a:b8:26:
                    cf:db:6f:49:ae:06:f6:40:c3:6d:ab:d6:b2:e7:ba:
                    48:1b:9b:28:8f:51:a1:9d:da:e2:42:59:93:c8:31:
                    01:bf:ea:7c:60:35:97:57:49:2b:0c:97:1a:8c:9d:
                    6f:31:25:ef:ea:d8:74:14:ba:a4:a3:57:d9:31:d9:
                    c2:41:d1:eb:69:f2:31:6c:55:e4:7e:01:12:e0:d3:
                    bf:5c:36:6e:e1:ac:d6:95:08:7c:24:73:1a:ca:46:
                    5f:be:57:9a:2a:a6:f4:2c:7d:94:09:4d:f5:1d:6f:
                    8e:ce:d2:1a:d9:4d:04:a0:39:80:78:49:65:5b:19:
                    82:c2:ea:c8:16:94:a7:a5:ab:88:34:2d:de:50:18:
                    16:7b:77:0d:bb:1d:30:63:c5:98:1c:a1:8d:d1:ca:
                    a9:9b:47:f9:75:6a:92:07:80:1c:18:2b:dc:01:7e:
                    de:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:14:A5:F9:47:83:EA:81:EF:6B:E8:A5:78:42:F0:F3:AB:7F:72:D4
            X509v3 Authority Key Identifier:
                keyid:04:8D:C3:B9:23:C7:73:8F:9A:58:EE:80:B4:9B:CD:0C:5E:7D:CF:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/hxSl-UeD6oHva-ileELw86t_ctQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:5a:68:1b:98:87:7c:1e:f1:74:30:a2:72:58:84:0c:2e:6d:
         15:12:2f:56:d4:b8:fb:44:4a:e8:15:90:48:df:23:c0:78:3c:
         ab:f5:df:b5:25:fc:ce:7a:ad:62:15:98:3f:b6:59:5c:1e:01:
         2d:85:b1:ec:82:de:69:7c:46:a5:a5:02:87:a5:03:29:19:ed:
         a8:fd:37:36:55:d3:05:ff:df:e0:2c:b6:f3:b2:c3:26:f4:55:
         20:63:08:a0:5b:78:2a:0c:21:3b:9f:6f:47:83:01:ff:e0:6a:
         f9:93:c2:d8:8d:8f:e2:8a:54:c0:b7:93:80:dd:82:13:73:ee:
         01:14:70:60:b9:87:e6:d6:2a:d3:a1:52:71:1a:51:8f:4b:6e:
         b6:04:af:88:9e:ae:ef:83:d8:88:3f:5d:3b:e8:19:d8:d4:fd:
         80:df:f7:ed:2b:9e:84:3b:3e:10:a9:fb:b1:c8:21:05:b8:64:
         10:41:2f:68:ae:af:b1:e6:38:4d:86:e2:7a:ce:ac:5f:96:6d:
         ee:0c:b0:58:ca:a7:3f:6e:2c:b7:d9:52:b0:20:a7:76:71:f6:
         01:f4:30:75:6f:8c:cb:c7:00:b2:24:47:ae:1a:22:c3:14:98:
         56:d0:3f:7f:cd:1b:a5:1b:bd:ff:62:b2:6b:6b:a6:c2:2e:a0:
         01:17:16:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vSMWUkcUJeaj+/b+JItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OGRjM2I5MjNjNzczOGY5YTU4ZWU4MGI0OWJjZDBjNWU3
ZGNmZmEwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzE0YTVmOTQ3ODNlYTgxZWY2YmU4YTU3ODQyZjBmM2FiN2Y3MmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0iXcsipYkzn/KcoJf7Ps1oroSRN
zLGrFRrVmUq2ylwDKh/6pC3FK9bMOtAQWMZxUWOvXM1Eh/dbvTx/zUBqi4jCNRVF
Qxv517hJCptD55WbxOQUex9quCbP229Jrgb2QMNtq9ay57pIG5soj1GhndriQlmT
yDEBv+p8YDWXV0krDJcajJ1vMSXv6th0FLqko1fZMdnCQdHrafIxbFXkfgES4NO/
XDZu4azWlQh8JHMaykZfvleaKqb0LH2UCU31HW+OztIa2U0EoDmAeEllWxmCwurI
FpSnpauINC3eUBgWe3cNux0wY8WYHKGN0cqpm0f5dWqSB4AcGCvcAX7eZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcUpflHg+qB72vopXhC8POrf3LUMB8GA1UdIwQY
MBaAFASNw7kjx3OPmljugLSbzQxefc/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkkzRHVTUEhjNC1hV082QXRKdk5ERjU5el9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mOGMwMTgtYjkwZi00Zjg5LWEzZjQt
MmVjODcxNDY1NTk5LzEvaHhTbC1VZUQ2b0h2YS1pbGVFTHc4NnRfY3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mOGMwMTgtYjkwZi00Zjg5LWEzZjQtMmVjODcxNDY1NTk5
LzEvQkkzRHVTUEhjNC1hV082QXRKdk5ERjU5el9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT64DMA0G
CSqGSIb3DQEBCwUAA4IBAQCqWmgbmId8HvF0MKJyWIQMLm0VEi9W1Lj7REroFZBI
3yPAeDyr9d+1JfzOeq1iFZg/tllcHgEthbHsgt5pfEalpQKHpQMpGe2o/Tc2VdMF
/9/gLLbzssMm9FUgYwigW3gqDCE7n29HgwH/4Gr5k8LYjY/iilTAt5OA3YITc+4B
FHBguYfm1irToVJxGlGPS262BK+Inq7vg9iIP1076BnY1P2A3/ftK56EOz4Qqfux
yCEFuGQQQS9orq+x5jhNhuJ6zqxflm3uDLBYyqc/biy32VKwIKd2cfYB9DB1b4zL
xwCyJEeuGiLDFJhW0D9/zRulG73/YrJra6bCLqABFxaI
-----END CERTIFICATE-----