Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hokMtlwvXcP_-Haqhy9xwfChMvQ.roa
File:                     hokMtlwvXcP_-Haqhy9xwfChMvQ.roa (raw, json)
Hash identifier:          nMr/g1/kzw15tO/bQ3ar7lcRoSgjAMnxtXR1i5CxB6I=
Subject key identifier:   86:89:0C:B6:5C:2F:5D:C3:FF:F8:76:AA:87:2F:71:C1:F0:A1:32:F4
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018F13EC12ED0E6987A1D6A31CBB66A9B9F3
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hokMtlwvXcP_-Haqhy9xwfChMvQ.roa
Signing time:             Thu 25 Apr 2024 06:23:09 +0000
ROA not before:           Thu 25 Apr 2024 06:23:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        45.85.107.0/24 maxlen: 24
                          185.150.0.0/24 maxlen: 24
                          185.192.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:13:ec:12:ed:0e:69:87:a1:d6:a3:1c:bb:66:a9:b9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 25 06:23:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86890cb65c2f5dc3fff876aa872f71c1f0a132f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b0:9f:33:fe:f3:de:19:90:c6:d8:d5:d1:c0:
                    6d:76:e1:cf:ca:e0:fb:f8:0f:aa:71:57:12:88:32:
                    35:72:34:f9:b3:b0:08:37:ed:b0:55:fd:de:78:3a:
                    ec:4e:79:30:1b:4b:10:40:b7:60:1c:9f:2a:c1:fa:
                    be:f0:59:16:5a:90:f3:80:3f:5f:ce:55:06:a6:2f:
                    0a:bf:ae:39:97:80:31:20:a9:97:1c:24:b6:26:b6:
                    75:20:84:6e:e3:04:55:6d:81:e9:0e:b1:69:51:25:
                    38:4b:8b:25:30:05:ef:3b:8a:d8:cb:be:fa:4b:56:
                    ac:1d:5b:f5:7c:9e:30:42:9e:90:3d:6e:9a:47:fa:
                    60:ba:e3:ea:5e:cd:63:9f:3d:be:6d:f1:78:12:d6:
                    7c:5d:36:ac:94:71:a2:73:f2:c8:2f:1b:db:bc:44:
                    06:b6:c8:40:e7:38:bf:19:3c:ba:5a:d8:30:64:82:
                    a2:42:be:bc:83:37:72:50:c6:8d:3c:88:3d:1d:d0:
                    ed:2b:6b:d6:83:24:34:d4:f6:ea:99:99:09:2e:31:
                    27:1c:6e:18:ba:90:f8:df:77:25:16:aa:2b:29:0c:
                    61:84:04:2a:81:c2:7e:a8:39:cf:fe:77:10:3f:b2:
                    b2:5d:82:3d:f5:37:a4:39:bc:3c:b5:78:35:2c:f7:
                    51:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:89:0C:B6:5C:2F:5D:C3:FF:F8:76:AA:87:2F:71:C1:F0:A1:32:F4
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hokMtlwvXcP_-Haqhy9xwfChMvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.107.0/24
                  185.150.0.0/24
                  185.192.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:0c:3f:9d:26:d6:6f:f5:71:8c:f9:27:94:d2:5b:7b:78:8d:
         ec:0e:16:da:d2:9a:ba:d7:6d:b4:12:29:4c:0a:2b:60:b1:33:
         66:08:00:5e:33:53:4a:e4:fc:d9:1c:b0:ca:b1:c4:02:ac:0d:
         d9:a9:cb:dc:e8:e4:dc:1b:a7:b2:a0:1e:37:98:a0:4c:f3:ae:
         73:8f:98:29:4b:d1:0b:0d:0e:2d:b3:24:dc:3d:4d:2f:94:11:
         d9:60:6b:b2:0a:a2:38:93:75:36:a6:77:85:3d:b5:6f:66:7f:
         d8:e5:f7:ea:b0:01:40:6f:21:f7:bb:99:10:87:20:22:7c:39:
         8d:95:8b:9e:4a:4a:b6:f1:6c:f7:b5:c0:5d:25:04:f0:97:fc:
         cd:0f:e6:58:9d:d0:cb:0d:1d:c7:4b:43:33:3d:28:85:84:ef:
         b2:23:c3:37:85:77:90:5f:84:b1:87:92:25:f1:35:8a:63:3c:
         fa:04:d8:d3:6f:78:f0:a0:3c:ac:3d:09:b9:33:48:7c:6a:f7:
         ea:8e:10:e2:7a:5f:ae:e8:56:d8:29:2f:26:43:47:7c:c5:93:
         68:a0:c5:62:a3:4a:07:89:5b:84:81:f7:90:37:86:e4:6a:31:
         d6:e1:44:4a:1d:3d:e6:a9:e6:c8:e5:4b:4e:5e:e5:8e:ff:c3:
         53:54:0d:e2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8T7BLtDmmHodajHLtmqbnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwNDI1MDYyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njg5MGNiNjVjMmY1ZGMzZmZmODc2YWE4NzJmNzFjMWYwYTEzMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbCfM/7z3hmQxtjV0cBtduHPyuD7
+A+qcVcSiDI1cjT5s7AIN+2wVf3eeDrsTnkwG0sQQLdgHJ8qwfq+8FkWWpDzgD9f
zlUGpi8Kv645l4AxIKmXHCS2JrZ1IIRu4wRVbYHpDrFpUSU4S4slMAXvO4rYy776
S1asHVv1fJ4wQp6QPW6aR/pguuPqXs1jnz2+bfF4EtZ8XTaslHGic/LILxvbvEQG
tshA5zi/GTy6WtgwZIKiQr68gzdyUMaNPIg9HdDtK2vWgyQ01PbqmZkJLjEnHG4Y
upD433clFqorKQxhhAQqgcJ+qDnP/ncQP7KyXYI99TekObw8tXg1LPdRJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIaJDLZcL13D//h2qocvccHwoTL0MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaG9rTXRsd3ZYY1BfLUhhcWh5OXh3ZkNoTXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVVrAwQA
uZYAAwQAucBEMA0GCSqGSIb3DQEBCwUAA4IBAQCVDD+dJtZv9XGM+SeU0lt7eI3s
Dhba0pq61220EilMCitgsTNmCABeM1NK5PzZHLDKscQCrA3Zqcvc6OTcG6eyoB43
mKBM865zj5gpS9ELDQ4tsyTcPU0vlBHZYGuyCqI4k3U2pneFPbVvZn/Y5ffqsAFA
byH3u5kQhyAifDmNlYueSkq28Wz3tcBdJQTwl/zND+ZYndDLDR3HS0MzPSiFhO+y
I8M3hXeQX4Sxh5Il8TWKYzz6BNjTb3jwoDysPQm5M0h8avfqjhDiel+u6FbYKS8m
Q0d8xZNooMVio0oHiVuEgfeQN4bkajHW4URKHT3mqebI5UtOXuWO/8NTVA3i
-----END CERTIFICATE-----