Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/hGrKPanAoBh6xYXw2KyCE3XIwYg.roa
File:                     hGrKPanAoBh6xYXw2KyCE3XIwYg.roa (raw, json)
Hash identifier:          /b544D0/4qltQRdBNN9ChctP8BjkX5wpWvq6CZrOYDU=
Subject key identifier:   84:6A:CA:3D:A9:C0:A0:18:7A:C5:85:F0:D8:AC:82:13:75:C8:C1:88
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       0190E92306E7ECC12A0A72B34AD1414D5A8D
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/hGrKPanAoBh6xYXw2KyCE3XIwYg.roa
Signing time:             Thu 25 Jul 2024 09:05:05 +0000
ROA not before:           Thu 25 Jul 2024 09:05:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214766
IP address blocks:        141.98.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e9:23:06:e7:ec:c1:2a:0a:72:b3:4a:d1:41:4d:5a:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jul 25 09:05:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=846aca3da9c0a0187ac585f0d8ac821375c8c188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:17:2c:c1:d7:fc:1d:22:9a:82:04:56:cd:d6:
                    43:9a:be:7b:62:a7:48:45:c4:00:8e:2f:54:66:d6:
                    3e:2b:6f:39:e4:12:98:6f:0f:24:66:84:0a:ef:48:
                    47:0e:46:f7:d5:23:e9:96:aa:e3:22:12:b6:05:1f:
                    6f:b5:d9:10:de:e0:72:01:8c:6b:99:a4:83:63:70:
                    0a:88:37:7b:9a:15:cc:b3:a3:87:87:a1:b3:87:1b:
                    0f:8b:70:f6:83:20:a0:38:9d:b9:90:d7:1d:f8:79:
                    ab:7a:59:b9:5a:a2:31:67:80:96:7a:5c:a0:d4:36:
                    0e:21:ed:2f:a5:aa:65:aa:2f:e9:da:53:43:88:09:
                    98:e7:91:8e:6c:0a:3d:62:4b:24:57:3d:53:f5:26:
                    87:c8:35:17:85:75:97:ba:c6:ce:8b:0d:0b:ad:c7:
                    aa:d6:28:eb:34:f8:f1:52:c9:e5:fa:9b:dc:61:ab:
                    1c:a5:85:d4:cd:6a:82:2f:75:d4:6c:84:d2:84:14:
                    43:73:39:e2:9b:3e:9b:7c:a7:a0:f5:d6:1d:d0:7e:
                    44:f8:4f:d1:93:a0:bd:db:0c:11:b3:d5:06:21:9a:
                    58:86:33:78:ab:6f:75:ab:f4:da:62:fb:9d:80:22:
                    17:1a:2e:1c:e4:2f:ff:41:5f:78:4f:7d:71:dc:7a:
                    52:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:6A:CA:3D:A9:C0:A0:18:7A:C5:85:F0:D8:AC:82:13:75:C8:C1:88
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/hGrKPanAoBh6xYXw2KyCE3XIwYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c5:f2:3d:4d:35:64:e0:95:52:66:4b:bc:38:02:21:46:9f:
         93:93:84:36:6d:28:b6:4f:8b:50:fc:80:a4:93:fe:e5:5e:0e:
         68:5c:8f:2f:20:ca:8f:5b:d3:cd:a0:70:7a:b0:b4:7b:b3:c4:
         a5:e0:75:f3:df:95:e2:48:07:cb:04:21:41:29:58:a1:52:42:
         c2:f6:3a:9d:8c:53:e4:20:6f:21:cb:e4:80:14:c6:ba:70:5a:
         62:fa:8a:a4:a4:9d:60:9e:e1:3e:e8:c8:60:d3:1a:3b:ca:4e:
         e9:50:2a:aa:7d:e8:8f:ba:4f:70:ee:cf:ea:4d:6a:39:23:72:
         43:1b:57:f5:da:53:ea:5e:c0:c5:02:fa:6c:81:18:d7:be:55:
         0d:0e:1b:eb:04:d4:54:1a:18:4c:a9:ba:09:de:5b:ac:f0:47:
         ae:21:0b:95:fb:0b:78:94:4c:fd:ed:03:cb:73:2b:fa:41:14:
         26:db:83:ff:ca:da:ed:54:cb:00:55:98:c4:05:76:28:8f:fe:
         31:01:e3:8e:db:f7:90:ee:a7:6e:0b:72:08:6c:5a:98:a1:b5:
         2f:ab:af:db:45:3d:99:41:df:ea:60:89:d8:ee:18:8d:63:6e:
         21:11:ab:b5:d0:1d:78:63:64:7b:d4:82:b1:e8:06:a4:a6:22:
         69:3e:da:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDpIwbn7MEqCnKzStFBTVqNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwNzI1MDkwNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDZhY2EzZGE5YzBhMDE4N2FjNTg1ZjBkOGFjODIxMzc1YzhjMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Bcswdf8HSKaggRWzdZDmr57YqdI
RcQAji9UZtY+K2855BKYbw8kZoQK70hHDkb31SPplqrjIhK2BR9vtdkQ3uByAYxr
maSDY3AKiDd7mhXMs6OHh6GzhxsPi3D2gyCgOJ25kNcd+Hmrelm5WqIxZ4CWelyg
1DYOIe0vpaplqi/p2lNDiAmY55GObAo9YkskVz1T9SaHyDUXhXWXusbOiw0Lrceq
1ijrNPjxUsnl+pvcYascpYXUzWqCL3XUbITShBRDcznimz6bfKeg9dYd0H5E+E/R
k6C92wwRs9UGIZpYhjN4q291q/TaYvudgCIXGi4c5C//QV94T31x3HpSbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRqyj2pwKAYesWF8NisghN1yMGIMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvaEdyS1BhbkFvQmg2eFlYdzJLeUNFM1hJd1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKJMA0G
CSqGSIb3DQEBCwUAA4IBAQA1xfI9TTVk4JVSZku8OAIhRp+Tk4Q2bSi2T4tQ/ICk
k/7lXg5oXI8vIMqPW9PNoHB6sLR7s8Sl4HXz35XiSAfLBCFBKVihUkLC9jqdjFPk
IG8hy+SAFMa6cFpi+oqkpJ1gnuE+6Mhg0xo7yk7pUCqqfeiPuk9w7s/qTWo5I3JD
G1f12lPqXsDFAvpsgRjXvlUNDhvrBNRUGhhMqboJ3lus8EeuIQuV+wt4lEz97QPL
cyv6QRQm24P/ytrtVMsAVZjEBXYoj/4xAeOO2/eQ7qduC3IIbFqYobUvq6/bRT2Z
Qd/qYInY7hiNY24hEau10B14Y2R71IKx6AakpiJpPtr3
-----END CERTIFICATE-----