Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/HBsup8N-tQ6O1O9qvz3xuxt2R7Y.roa
File:                     HBsup8N-tQ6O1O9qvz3xuxt2R7Y.roa (raw, json)
Hash identifier:          1kkwjeIDIfByocngMF8f+O1XcYf9hASrki/RsC7Q7ak=
Subject key identifier:   1C:1B:2E:A7:C3:7E:B5:0E:8E:D4:EF:6A:BF:3D:F1:BB:1B:76:47:B6
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       018CC6B7978E03072D31048865F1FF0A9E40
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/HBsup8N-tQ6O1O9qvz3xuxt2R7Y.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34139
IP address blocks:        62.140.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:97:8e:03:07:2d:31:04:88:65:f1:ff:0a:9e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c1b2ea7c37eb50e8ed4ef6abf3df1bb1b7647b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fd:77:88:64:0b:fa:19:36:85:f5:7a:d9:14:
                    6d:41:19:b5:49:f9:9a:b6:0b:eb:3f:b3:39:28:50:
                    e7:7a:88:bc:46:c4:8b:27:7c:98:30:a6:79:a8:01:
                    b4:9c:40:f2:e1:34:f6:8d:24:98:a4:5f:e8:1f:c2:
                    84:00:c5:61:86:0c:fe:ce:68:ba:2f:a2:5d:f7:35:
                    c7:64:e8:06:22:a5:8e:16:3a:5b:87:f7:73:95:f5:
                    8b:25:df:19:c0:c0:ba:3b:9b:5c:f0:20:c7:c5:65:
                    f2:c9:9a:ac:c4:6b:4f:07:57:3b:f3:57:8f:26:1e:
                    95:bc:a7:ca:fc:de:b3:23:68:2a:47:fd:d5:d7:ec:
                    b0:9c:b7:e5:a9:b9:42:f8:0d:b5:09:a6:c3:2c:d3:
                    cb:99:e8:aa:7f:c9:d0:69:70:5b:05:18:15:56:be:
                    20:27:09:83:d3:5b:3b:3b:d3:0d:c1:c3:1f:b0:30:
                    a1:b2:c7:be:77:f5:f0:82:a1:d9:77:71:31:fb:b5:
                    d1:da:69:c2:b0:e5:0f:f7:cc:5d:1a:7b:7b:04:3b:
                    2b:cf:11:f2:3f:1f:8b:6b:1e:d6:99:29:fb:49:1c:
                    16:b9:3d:a0:b0:14:d4:b4:70:65:e7:cd:0a:bd:29:
                    05:bc:a3:a3:68:80:97:e8:30:a7:37:f5:a9:2f:18:
                    38:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:1B:2E:A7:C3:7E:B5:0E:8E:D4:EF:6A:BF:3D:F1:BB:1B:76:47:B6
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/HBsup8N-tQ6O1O9qvz3xuxt2R7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.140.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:e3:d3:41:6b:f1:44:9c:e3:9f:9d:3f:59:6e:e0:98:a9:b0:
         a1:4d:11:c0:87:fc:37:57:8f:39:d2:df:08:c2:3c:94:30:47:
         76:86:87:70:2a:75:a3:36:6d:bc:7c:15:22:1b:21:17:e2:de:
         a8:c4:14:36:8a:bf:b2:c9:da:f9:90:64:1f:68:11:9c:5e:51:
         6a:f8:5b:33:84:19:b7:4f:be:a6:74:44:23:78:3a:8e:9f:31:
         68:af:1f:29:5d:ae:b7:8e:c5:d5:f8:25:ea:a0:98:46:6f:95:
         b6:ca:00:39:15:52:c0:8a:54:6a:bb:02:81:8e:54:2b:95:0a:
         07:f1:e0:60:36:26:4e:e3:e4:f4:d5:f5:2d:50:4c:46:65:b2:
         53:79:81:50:ba:bf:58:12:0b:78:2d:4e:4b:d6:e8:31:8e:aa:
         0c:1b:6b:ae:65:fa:1a:94:a8:fb:ba:a9:23:53:e1:91:cf:fb:
         86:81:a6:ad:51:d1:b0:6b:ac:73:7a:7d:67:30:26:3d:62:ab:
         fc:0d:20:db:3e:33:7c:06:f8:ca:89:a0:78:f9:b3:91:8a:6a:
         7c:77:d0:98:14:63:40:2a:4c:71:cb:44:73:63:1e:4d:9d:01:
         65:e2:3e:6f:ca:e9:7b:87:e1:5d:98:bd:1a:2c:68:0d:f5:7b:
         04:69:e4:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5eOAwctMQSIZfH/Cp5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzFiMmVhN2MzN2ViNTBlOGVkNGVmNmFiZjNkZjFiYjFiNzY0N2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlf13iGQL+hk2hfV62RRtQRm1Sfma
tgvrP7M5KFDneoi8RsSLJ3yYMKZ5qAG0nEDy4TT2jSSYpF/oH8KEAMVhhgz+zmi6
L6Jd9zXHZOgGIqWOFjpbh/dzlfWLJd8ZwMC6O5tc8CDHxWXyyZqsxGtPB1c781eP
Jh6VvKfK/N6zI2gqR/3V1+ywnLflqblC+A21CabDLNPLmeiqf8nQaXBbBRgVVr4g
JwmD01s7O9MNwcMfsDChsse+d/XwgqHZd3Ex+7XR2mnCsOUP98xdGnt7BDsrzxHy
Px+Lax7WmSn7SRwWuT2gsBTUtHBl580KvSkFvKOjaICX6DCnN/WpLxg4BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwbLqfDfrUOjtTvar898bsbdke2MB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvSEJzdXA4Ti10UTZPMU85cXZ6M3h1eHQyUjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPozoMA0G
CSqGSIb3DQEBCwUAA4IBAQB249NBa/FEnOOfnT9ZbuCYqbChTRHAh/w3V4850t8I
wjyUMEd2hodwKnWjNm28fBUiGyEX4t6oxBQ2ir+yydr5kGQfaBGcXlFq+FszhBm3
T76mdEQjeDqOnzForx8pXa63jsXV+CXqoJhGb5W2ygA5FVLAilRquwKBjlQrlQoH
8eBgNiZO4+T01fUtUExGZbJTeYFQur9YEgt4LU5L1ugxjqoMG2uuZfoalKj7uqkj
U+GRz/uGgaatUdGwa6xzen1nMCY9Yqv8DSDbPjN8BvjKiaB4+bORimp8d9CYFGNA
Kkxxy0RzYx5NnQFl4j5vyul7h+FdmL0aLGgN9XsEaeQ5
-----END CERTIFICATE-----