Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/8hkRL4YDWitnr8MREDW8NbHPhWo.roa
File:                     8hkRL4YDWitnr8MREDW8NbHPhWo.roa (raw, json)
Hash identifier:          RiVSHnVti82nDEya6XGykwqZ2vqEOoGo4vocRWftMoU=
Subject key identifier:   F2:19:11:2F:86:03:5A:2B:67:AF:C3:11:10:35:BC:35:B1:CF:85:6A
Certificate issuer:       /CN=521a30077223c25c6f37dcf59480778c0b5b1068
Certificate serial:       01924D6309B955E85CDC4C4AFA5E161E743E
Authority key identifier: 52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/8hkRL4YDWitnr8MREDW8NbHPhWo.roa
Signing time:             Wed 02 Oct 2024 13:19:48 +0000
ROA not before:           Wed 02 Oct 2024 13:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207080
IP address blocks:        185.194.113.0/24 maxlen: 24
                          2a14:5340::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4d:63:09:b9:55:e8:5c:dc:4c:4a:fa:5e:16:1e:74:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521a30077223c25c6f37dcf59480778c0b5b1068
        Validity
            Not Before: Oct  2 13:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f219112f86035a2b67afc3111035bc35b1cf856a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3b:ea:07:4c:20:20:1a:80:de:f0:2b:21:76:
                    de:0c:d4:72:93:64:d6:d1:e9:7a:1b:f0:6e:39:4e:
                    bf:a1:d4:7f:90:99:5c:e1:40:14:9f:a3:8c:6a:79:
                    d7:ef:e5:b4:bb:c7:97:5c:06:7d:de:83:b9:2b:b2:
                    c2:41:8d:50:86:60:47:d8:85:a4:3a:89:13:bb:b6:
                    91:3e:cb:ba:6c:e5:3a:c9:d5:43:3e:d4:71:a0:a9:
                    4e:8d:94:38:1d:5d:b8:78:9f:6c:9d:31:6b:eb:90:
                    1f:c0:56:a6:fe:88:45:6f:87:da:24:d4:02:24:7b:
                    e0:f1:48:77:6b:fb:41:41:1a:78:ca:f7:68:98:36:
                    d8:f9:ba:22:51:4b:53:7b:35:af:6c:28:41:bd:14:
                    95:51:0f:c6:24:12:95:8e:d4:bc:15:d7:06:a4:ee:
                    51:19:d4:ba:34:d5:9e:8f:6d:85:e1:47:da:2a:ee:
                    78:6a:e4:48:ab:90:de:5a:3b:d6:bd:03:52:c0:fe:
                    57:ea:7a:37:e6:4b:d6:90:fa:45:6c:7e:01:b1:d3:
                    62:f5:a4:3a:31:52:3d:51:3d:af:d0:c6:70:9e:37:
                    7b:11:53:da:20:d5:4f:b0:ab:56:74:81:c6:1b:cf:
                    58:a1:c0:80:ff:25:a6:4d:17:c3:0c:55:1d:82:ce:
                    0b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:19:11:2F:86:03:5A:2B:67:AF:C3:11:10:35:BC:35:B1:CF:85:6A
            X509v3 Authority Key Identifier:
                keyid:52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/8hkRL4YDWitnr8MREDW8NbHPhWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.113.0/24
                IPv6:
                  2a14:5340::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:29:f0:01:cd:5c:52:ee:a2:87:20:6f:c7:5f:59:43:64:b7:
         4d:11:1f:9b:53:68:8d:84:68:0d:26:14:eb:32:f3:d6:e2:7e:
         50:43:cc:3f:c1:2f:46:0f:58:c9:1f:32:0f:b1:5d:0e:31:a0:
         00:15:2d:bf:ca:74:b7:81:49:da:3e:c9:6b:9f:a9:f2:66:25:
         c1:8d:5b:fa:c1:3b:31:2d:30:91:f6:f7:45:c2:e1:cd:dc:b7:
         85:d7:cc:1a:56:04:02:f6:3a:31:e6:4f:9e:dc:06:d9:f7:3a:
         3d:f1:8d:0e:8f:ef:a4:73:13:76:95:86:dd:a0:51:59:ec:71:
         b7:10:64:5e:d4:31:48:da:0c:e6:75:2f:f9:58:ab:ac:b3:47:
         9f:d0:88:96:96:30:3f:a2:86:14:1a:cc:44:19:25:cd:e4:a7:
         45:e6:ee:2a:f7:4d:ed:31:1a:34:2c:0b:9f:2a:03:33:8a:fa:
         76:e4:9c:89:f0:37:b0:f0:c4:3c:61:ea:5d:90:08:01:74:62:
         c0:16:a4:64:77:21:54:f9:37:4c:ee:bf:30:68:8e:43:21:6c:
         53:20:a4:41:43:a2:60:8d:88:a1:8e:12:3a:6e:80:32:90:5d:
         32:40:c9:8e:ac:d6:2c:46:86:75:7a:da:a2:78:25:d8:da:d5:
         92:45:c2:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJNYwm5Vehc3ExK+l4WHnQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWEzMDA3NzIyM2MyNWM2ZjM3ZGNmNTk0ODA3NzhjMGI1
YjEwNjgwHhcNMjQxMDAyMTMxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjE5MTEyZjg2MDM1YTJiNjdhZmMzMTExMDM1YmMzNWIxY2Y4NTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzvqB0wgIBqA3vArIXbeDNRyk2TW
0el6G/BuOU6/odR/kJlc4UAUn6OMannX7+W0u8eXXAZ93oO5K7LCQY1QhmBH2IWk
OokTu7aRPsu6bOU6ydVDPtRxoKlOjZQ4HV24eJ9snTFr65AfwFam/ohFb4faJNQC
JHvg8Uh3a/tBQRp4yvdomDbY+boiUUtTezWvbChBvRSVUQ/GJBKVjtS8FdcGpO5R
GdS6NNWej22F4UfaKu54auRIq5DeWjvWvQNSwP5X6no35kvWkPpFbH4BsdNi9aQ6
MVI9UT2v0MZwnjd7EVPaINVPsKtWdIHGG89YocCA/yWmTRfDDFUdgs4L0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPIZES+GA1orZ6/DERA1vDWxz4VqMB8GA1UdIwQY
MBaAFFIaMAdyI8Jcbzfc9ZSAd4wLWxBoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMt
MGY1ZjA5YjJlYjE0LzEvOGhrUkw0WURXaXRucjhNUkVEVzhOYkhQaFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMtMGY1ZjA5YjJlYjE0
LzEvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucJxMA0E
AgACMAcDBQMqFFNAMA0GCSqGSIb3DQEBCwUAA4IBAQCCKfABzVxS7qKHIG/HX1lD
ZLdNER+bU2iNhGgNJhTrMvPW4n5QQ8w/wS9GD1jJHzIPsV0OMaAAFS2/ynS3gUna
Pslrn6nyZiXBjVv6wTsxLTCR9vdFwuHN3LeF18waVgQC9jox5k+e3AbZ9zo98Y0O
j++kcxN2lYbdoFFZ7HG3EGRe1DFI2gzmdS/5WKuss0ef0IiWljA/ooYUGsxEGSXN
5KdF5u4q903tMRo0LAufKgMzivp25JyJ8Dew8MQ8YepdkAgBdGLAFqRkdyFU+TdM
7r8waI5DIWxTIKRBQ6JgjYihjhI6boAykF0yQMmOrNYsRoZ1etqieCXY2tWSRcLf
-----END CERTIFICATE-----