Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/hXvKA5uXq9fHfGbQP3jsD3XVrgo.roa
File:                     hXvKA5uXq9fHfGbQP3jsD3XVrgo.roa (raw, json)
Hash identifier:          kSmYrg/l/aoXGp6g2rsqAnZqsn/T1RMfjN3KJX086Q0=
Subject key identifier:   85:7B:CA:03:9B:97:AB:D7:C7:7C:66:D0:3F:78:EC:0F:75:D5:AE:0A
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       01941FFA1C7DBE67E067B838E07306EA767E
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/hXvKA5uXq9fHfGbQP3jsD3XVrgo.roa
Signing time:             Wed 01 Jan 2025 03:47:52 +0000
ROA not before:           Wed 01 Jan 2025 03:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        185.143.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:1c:7d:be:67:e0:67:b8:38:e0:73:06:ea:76:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jan  1 03:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=857bca039b97abd7c77c66d03f78ec0f75d5ae0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d9:f7:14:4b:d8:8d:3e:5b:20:8e:9a:a3:90:
                    57:ba:62:ee:a6:6b:9c:47:4d:56:9a:ca:c9:7e:2a:
                    93:cf:d7:6b:f8:77:67:71:e7:41:bf:a9:bd:b8:a4:
                    dc:49:04:1c:7c:91:a7:58:f0:42:58:e5:9e:3b:bf:
                    94:ee:76:e9:1c:eb:3e:b9:9e:f2:4b:f1:e2:db:26:
                    9e:f3:6c:cd:29:40:da:48:58:70:c5:ea:5a:50:cc:
                    4d:88:dd:ad:f7:4a:55:f4:54:56:cc:56:77:49:45:
                    e5:b6:f4:1e:f7:36:bf:28:4f:76:9d:d4:79:1e:32:
                    f8:3a:c7:54:02:a9:ed:82:08:91:c8:8d:8e:c2:61:
                    22:6c:18:26:76:12:61:67:6e:f6:a0:cf:84:60:5a:
                    a8:24:2a:16:1b:0a:a5:7c:2c:30:fa:08:89:7e:8a:
                    55:cb:1f:b9:63:26:7b:e2:fd:68:fc:dd:c5:82:57:
                    3c:f9:f8:d3:e9:a4:0a:82:f6:00:c8:89:03:90:b2:
                    7b:53:55:f8:f1:7b:74:0c:32:9c:04:92:98:c2:c1:
                    79:dc:7d:44:9b:9d:e1:86:a3:fe:04:da:eb:81:3f:
                    5c:6f:72:50:39:5d:10:43:8c:a9:d7:5a:22:bb:8f:
                    69:8f:a2:a1:3a:bb:83:f6:b5:b8:84:6d:5d:ab:3b:
                    7f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:7B:CA:03:9B:97:AB:D7:C7:7C:66:D0:3F:78:EC:0F:75:D5:AE:0A
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/hXvKA5uXq9fHfGbQP3jsD3XVrgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:3c:11:bd:1a:99:35:3e:e5:5d:3b:86:6d:91:50:08:2e:38:
         d7:fa:e0:69:fd:14:9f:c6:aa:6f:c0:78:ee:e1:2f:a1:b0:73:
         b8:85:1f:91:13:c4:70:21:c7:08:3f:d0:68:45:cd:92:cc:c2:
         c9:34:de:4b:39:21:41:a6:e8:ca:9c:32:40:6f:b7:cc:e4:71:
         32:50:c7:ad:8f:e3:df:76:19:62:4d:fc:79:ba:0d:d9:4a:9c:
         8f:21:f9:0a:c5:c9:ba:5c:1a:e8:ad:6a:ab:d8:07:0f:49:a6:
         77:88:df:cf:51:ab:e9:1c:11:ef:6b:40:af:b7:f3:4c:39:58:
         b5:bc:78:9c:79:5c:ae:0d:b8:f0:0b:e4:1d:83:0f:2c:87:21:
         bc:5b:90:0c:53:53:17:39:c3:54:ae:9e:9e:e0:eb:83:4f:3e:
         29:a2:d6:ee:b1:7a:80:64:d9:c0:2e:f0:b7:28:bc:e4:a5:12:
         cc:dd:8c:9f:29:aa:e0:6f:9d:c8:c2:d8:b6:a9:7c:f7:87:1d:
         8c:64:91:d2:fd:99:44:c3:22:67:6a:79:e6:9a:54:30:c3:d6:
         50:92:9e:79:a4:c4:1a:42:38:b8:ab:a1:9e:82:e7:aa:33:ec:
         21:85:b6:f6:2d:f2:92:1f:91:d4:e6:a5:a3:82:e8:ee:fb:b0:
         7a:71:2f:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hx9vmfgZ7g44HMG6nZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjUwMTAxMDM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTdiY2EwMzliOTdhYmQ3Yzc3YzY2ZDAzZjc4ZWMwZjc1ZDVhZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdn3FEvYjT5bII6ao5BXumLupmuc
R01WmsrJfiqTz9dr+HdncedBv6m9uKTcSQQcfJGnWPBCWOWeO7+U7nbpHOs+uZ7y
S/Hi2yae82zNKUDaSFhwxepaUMxNiN2t90pV9FRWzFZ3SUXltvQe9za/KE92ndR5
HjL4OsdUAqntggiRyI2OwmEibBgmdhJhZ272oM+EYFqoJCoWGwqlfCww+giJfopV
yx+5YyZ74v1o/N3Fglc8+fjT6aQKgvYAyIkDkLJ7U1X48Xt0DDKcBJKYwsF53H1E
m53hhqP+BNrrgT9cb3JQOV0QQ4yp11oiu49pj6KhOruD9rW4hG1dqzt/NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIV7ygObl6vXx3xm0D947A911a4KMB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvaFh2S0E1dVhxOWZIZkdiUVAzanNEM1hWcmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/fMA0G
CSqGSIb3DQEBCwUAA4IBAQCmPBG9Gpk1PuVdO4ZtkVAILjjX+uBp/RSfxqpvwHju
4S+hsHO4hR+RE8RwIccIP9BoRc2SzMLJNN5LOSFBpujKnDJAb7fM5HEyUMetj+Pf
dhliTfx5ug3ZSpyPIfkKxcm6XBrorWqr2AcPSaZ3iN/PUavpHBHva0Cvt/NMOVi1
vHiceVyuDbjwC+Qdgw8shyG8W5AMU1MXOcNUrp6e4OuDTz4potbusXqAZNnALvC3
KLzkpRLM3YyfKargb53Iwti2qXz3hx2MZJHS/ZlEwyJnannmmlQww9ZQkp55pMQa
Qji4q6GegueqM+whhbb2LfKSH5HU5qWjguju+7B6cS+E
-----END CERTIFICATE-----