Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hQcJ2Qs8jIpSh5soXHW0IoyNbDI.roa
File:                     hQcJ2Qs8jIpSh5soXHW0IoyNbDI.roa (raw, json)
Hash identifier:          w6IXP0RoGutT2Q5Y0xnp8N6Wq8mcal8ptGVwLHZexy0=
Subject key identifier:   85:07:09:D9:0B:3C:8C:8A:52:87:9B:28:5C:75:B4:22:8C:8D:6C:32
Certificate issuer:       /CN=85d0e763f935c171694f172056eb44209db2e2cd
Certificate serial:       018CC5DBFE2B7244153DBF132E8BED134EA8
Authority key identifier: 85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hQcJ2Qs8jIpSh5soXHW0IoyNbDI.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198404
IP address blocks:        89.39.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fe:2b:72:44:15:3d:bf:13:2e:8b:ed:13:4e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d0e763f935c171694f172056eb44209db2e2cd
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=850709d90b3c8c8a52879b285c75b4228c8d6c32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b5:65:7b:61:33:5f:f4:08:91:f7:29:fd:90:
                    8b:04:cc:b1:d0:68:cd:50:59:06:f0:80:6a:65:5b:
                    d6:89:28:ad:a4:47:e3:af:7f:14:e8:db:56:f3:ce:
                    ec:1d:a8:a2:3f:2f:b6:b5:a7:ce:a2:8d:82:aa:c2:
                    1d:e0:fb:10:51:e4:a9:c5:d7:7a:95:45:3f:b6:b2:
                    6b:56:95:62:ab:90:9c:16:a7:20:8a:ad:c8:ca:3f:
                    aa:50:50:c8:34:b3:1a:22:08:65:10:bd:1b:55:12:
                    68:2d:00:b5:4c:ac:52:c3:cc:80:f7:03:4e:f9:ca:
                    ad:4e:fd:1b:26:66:b7:67:49:25:5f:07:70:93:ee:
                    6e:00:c8:3e:75:90:51:df:21:7f:e6:9f:c2:e3:6b:
                    2e:12:c6:62:dd:ec:66:fe:6e:31:7a:72:f8:26:1f:
                    d5:4d:7c:7a:90:55:9d:f0:e1:b9:c1:04:e2:96:b2:
                    e1:c5:17:a0:9d:41:56:7d:ef:9d:eb:f4:cd:2e:03:
                    c9:2e:63:ff:12:68:c5:1f:7c:02:10:4f:6a:0c:60:
                    b6:64:ae:92:27:64:2a:82:15:e1:18:fd:99:a3:f3:
                    2a:e5:10:8d:95:6b:15:b2:f1:78:b9:46:a1:f7:68:
                    0b:00:0e:e4:d3:3b:76:4c:d8:52:8d:98:67:c1:5c:
                    3d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:07:09:D9:0B:3C:8C:8A:52:87:9B:28:5C:75:B4:22:8C:8D:6C:32
            X509v3 Authority Key Identifier:
                keyid:85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hQcJ2Qs8jIpSh5soXHW0IoyNbDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:3d:8b:e0:3e:e4:e2:38:a4:3d:f3:ed:71:30:0e:77:bb:e1:
         4f:e2:cc:2c:b8:cf:2d:60:0c:61:f2:2e:a3:af:02:a5:80:bc:
         57:da:1f:9c:0f:e2:55:45:31:e0:3d:dc:77:64:09:ed:9b:5b:
         02:7f:7f:b6:e4:f6:9d:a0:9b:c5:f5:12:9b:c1:4d:7c:9f:19:
         ea:9e:96:57:ae:a9:36:20:67:9b:71:92:a1:2d:7d:f5:02:2f:
         fb:b2:a8:a5:45:e7:5e:7d:cf:1e:db:77:b4:9e:47:e8:1e:43:
         6b:e6:9f:0a:b2:15:cf:ec:a1:aa:cc:7c:02:c3:34:08:25:5e:
         15:a7:0a:f2:d4:a3:d3:f6:33:a0:46:61:b7:e8:e0:fe:96:8c:
         44:39:e2:93:d3:69:52:69:65:7d:70:80:2f:8b:90:97:35:69:
         1c:89:84:eb:ce:c6:cc:9d:ac:1e:77:b1:b6:df:0e:0d:bb:17:
         f8:1b:83:64:a2:10:95:ef:a1:ec:87:75:ce:c4:47:d9:6f:3b:
         ed:c5:7f:8b:5c:50:84:9a:59:ca:98:39:4e:d1:e2:d9:a0:71:
         f6:2e:a2:b9:8d:f8:9d:93:38:04:59:10:dc:63:9b:c3:d9:05:
         5a:5b:5c:60:46:7c:10:7a:7b:c3:35:93:27:0c:ed:3f:36:4a:
         67:ff:5e:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/4rckQVPb8TLovtE06oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDBlNzYzZjkzNWMxNzE2OTRmMTcyMDU2ZWI0NDIwOWRi
MmUyY2QwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTA3MDlkOTBiM2M4YzhhNTI4NzliMjg1Yzc1YjQyMjhjOGQ2YzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLVle2EzX/QIkfcp/ZCLBMyx0GjN
UFkG8IBqZVvWiSitpEfjr38U6NtW887sHaiiPy+2tafOoo2CqsId4PsQUeSpxdd6
lUU/trJrVpViq5CcFqcgiq3Iyj+qUFDINLMaIghlEL0bVRJoLQC1TKxSw8yA9wNO
+cqtTv0bJma3Z0klXwdwk+5uAMg+dZBR3yF/5p/C42suEsZi3exm/m4xenL4Jh/V
TXx6kFWd8OG5wQTilrLhxRegnUFWfe+d6/TNLgPJLmP/EmjFH3wCEE9qDGC2ZK6S
J2QqghXhGP2Zo/Mq5RCNlWsVsvF4uUah92gLAA7k0zt2TNhSjZhnwVw9UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUHCdkLPIyKUoebKFx1tCKMjWwyMB8GA1UdIwQY
MBaAFIXQ52P5NcFxaU8XIFbrRCCdsuLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2Qt
ZjEyODM1ZjAyNDdiLzEvaFFjSjJRczhqSXBTaDVzb1hIVzBJb3lOYkRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2QtZjEyODM1ZjAyNDdi
LzEvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWScgMA0G
CSqGSIb3DQEBCwUAA4IBAQALPYvgPuTiOKQ98+1xMA53u+FP4swsuM8tYAxh8i6j
rwKlgLxX2h+cD+JVRTHgPdx3ZAntm1sCf3+25PadoJvF9RKbwU18nxnqnpZXrqk2
IGebcZKhLX31Ai/7sqilRedefc8e23e0nkfoHkNr5p8KshXP7KGqzHwCwzQIJV4V
pwry1KPT9jOgRmG36OD+loxEOeKT02lSaWV9cIAvi5CXNWkciYTrzsbMnawed7G2
3w4Nuxf4G4NkohCV76Hsh3XOxEfZbzvtxX+LXFCEmlnKmDlO0eLZoHH2LqK5jfid
kzgEWRDcY5vD2QVaW1xgRnwQenvDNZMnDO0/Nkpn/16h
-----END CERTIFICATE-----