Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/72e91a-014f-483a-a544-4e33427f734e/1/haFSg_WCcHDZ-etFo156pXc0qk4.roa
File:                     haFSg_WCcHDZ-etFo156pXc0qk4.roa (raw, json)
Hash identifier:          i0Xb/3AZHYwzF61CJ3SKR7C8DBsGAlRzVuSQmsK9RCI=
Subject key identifier:   85:A1:52:83:F5:82:70:70:D9:F9:EB:45:A3:5E:7A:A5:77:34:AA:4E
Certificate issuer:       /CN=0eb1bd30d3191a87c7d0a462e67932431633dd1e
Certificate serial:       019251111C0D258A1659B2D52F9DA2B70B36
Authority key identifier: 0E:B1:BD:30:D3:19:1A:87:C7:D0:A4:62:E6:79:32:43:16:33:DD:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DrG9MNMZGofH0KRi5nkyQxYz3R4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/72e91a-014f-483a-a544-4e33427f734e/1/haFSg_WCcHDZ-etFo156pXc0qk4.roa
Signing time:             Thu 03 Oct 2024 06:28:48 +0000
ROA not before:           Thu 03 Oct 2024 06:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        171.25.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/72e91a-014f-483a-a544-4e33427f734e/1/DrG9MNMZGofH0KRi5nkyQxYz3R4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/72e91a-014f-483a-a544-4e33427f734e/1/DrG9MNMZGofH0KRi5nkyQxYz3R4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DrG9MNMZGofH0KRi5nkyQxYz3R4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:11:1c:0d:25:8a:16:59:b2:d5:2f:9d:a2:b7:0b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0eb1bd30d3191a87c7d0a462e67932431633dd1e
        Validity
            Not Before: Oct  3 06:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85a15283f5827070d9f9eb45a35e7aa57734aa4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:08:7d:9f:c0:dd:0c:39:71:ab:73:b7:62:77:
                    e9:09:f2:5c:16:68:b4:70:ba:c0:53:3f:92:7b:70:
                    0a:33:dd:bc:23:8b:9b:69:9a:8b:06:d3:d8:81:eb:
                    77:4e:07:d1:8e:b2:98:0d:55:a3:86:b3:cb:9e:1d:
                    a6:cb:62:9e:28:91:80:12:e5:ff:4f:ec:dc:13:1f:
                    c4:dc:97:cc:03:b9:12:b3:e7:1e:47:e5:2d:74:be:
                    d5:ea:77:f7:1e:ed:92:46:c6:a5:42:15:75:31:ec:
                    cb:7e:5c:68:66:24:c8:c1:ba:c7:7f:ec:fb:48:56:
                    32:1d:b7:e2:cb:ea:b0:a6:d3:cf:ae:51:de:b8:56:
                    77:28:a1:99:3c:c2:4d:17:02:d7:65:fb:9c:dc:a8:
                    ac:4b:a2:07:63:62:ca:49:ba:19:df:26:47:28:d9:
                    b9:95:44:42:9b:bc:19:66:c4:12:47:56:42:de:e9:
                    ce:85:92:5f:b9:43:d1:fe:0c:27:9a:21:bf:96:cb:
                    32:75:6a:3c:43:b8:be:71:71:0e:54:ca:01:01:e3:
                    61:61:47:d0:24:5e:63:31:9d:70:df:bd:cf:39:20:
                    4e:93:7c:e8:1b:2d:57:bd:bd:e3:b8:78:a4:4e:89:
                    38:71:e0:10:d6:69:1c:ce:c8:c9:a0:a0:0c:f6:ba:
                    76:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A1:52:83:F5:82:70:70:D9:F9:EB:45:A3:5E:7A:A5:77:34:AA:4E
            X509v3 Authority Key Identifier:
                keyid:0E:B1:BD:30:D3:19:1A:87:C7:D0:A4:62:E6:79:32:43:16:33:DD:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DrG9MNMZGofH0KRi5nkyQxYz3R4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/72e91a-014f-483a-a544-4e33427f734e/1/haFSg_WCcHDZ-etFo156pXc0qk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/72e91a-014f-483a-a544-4e33427f734e/1/DrG9MNMZGofH0KRi5nkyQxYz3R4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:79:22:ed:9b:4b:18:a4:c4:18:f7:57:e4:7d:c8:c4:34:d2:
         f8:5c:f4:91:1a:06:e4:a7:af:eb:15:42:79:e6:a3:5c:ef:8f:
         94:11:86:c4:0e:72:9d:5e:65:86:9e:93:a1:09:0d:b3:fc:f5:
         c4:76:69:05:c5:d5:83:84:1b:c4:07:fe:23:99:6f:8b:9e:d6:
         69:22:f4:8c:d6:2d:05:fd:ce:28:e0:54:55:36:1b:ce:1e:c8:
         b3:3a:c4:0e:c4:27:07:43:03:74:16:6e:87:92:41:f6:e0:9d:
         b7:f3:a3:d0:f7:dd:49:00:64:79:8a:71:e3:bd:85:e8:cb:33:
         6f:64:3d:73:10:6a:25:59:35:a7:43:1d:53:c6:00:4c:f5:4f:
         8b:22:1c:bc:9d:29:a6:2e:2c:0c:95:98:ec:0a:b8:97:7f:82:
         91:bb:07:80:bf:e1:4e:6a:ec:30:d0:9b:07:78:5b:21:2a:0d:
         f5:71:1e:dd:7e:d5:ed:d2:c3:bc:6a:90:f7:71:fa:b3:03:3a:
         cd:3b:bf:f7:19:01:18:91:a8:b7:89:e1:1a:c1:f8:13:62:cc:
         96:a3:5b:71:30:08:57:94:7c:15:c3:c2:81:ee:ad:4c:1f:9d:
         9a:f7:f6:ea:fa:e3:5c:1b:42:8c:29:58:e4:e3:df:22:75:7a:
         f1:42:0a:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRERwNJYoWWbLVL52itws2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlYjFiZDMwZDMxOTFhODdjN2QwYTQ2MmU2NzkzMjQzMTYz
M2RkMWUwHhcNMjQxMDAzMDYyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWExNTI4M2Y1ODI3MDcwZDlmOWViNDVhMzVlN2FhNTc3MzRhYTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQh9n8DdDDlxq3O3YnfpCfJcFmi0
cLrAUz+Se3AKM928I4ubaZqLBtPYget3TgfRjrKYDVWjhrPLnh2my2KeKJGAEuX/
T+zcEx/E3JfMA7kSs+ceR+UtdL7V6nf3Hu2SRsalQhV1MezLflxoZiTIwbrHf+z7
SFYyHbfiy+qwptPPrlHeuFZ3KKGZPMJNFwLXZfuc3KisS6IHY2LKSboZ3yZHKNm5
lURCm7wZZsQSR1ZC3unOhZJfuUPR/gwnmiG/lssydWo8Q7i+cXEOVMoBAeNhYUfQ
JF5jMZ1w373POSBOk3zoGy1Xvb3juHikTok4ceAQ1mkczsjJoKAM9rp2xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWhUoP1gnBw2fnrRaNeeqV3NKpOMB8GA1UdIwQY
MBaAFA6xvTDTGRqHx9CkYuZ5MkMWM90eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHJHOU1OTVpHb2ZIMEtSaTVua3lReFl6M1I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83MmU5MWEtMDE0Zi00ODNhLWE1NDQt
NGUzMzQyN2Y3MzRlLzEvaGFGU2dfV0NjSERaLWV0Rm8xNTZwWGMwcWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83MmU5MWEtMDE0Zi00ODNhLWE1NDQtNGUzMzQyN2Y3MzRl
LzEvRHJHOU1OTVpHb2ZIMEtSaTVua3lReFl6M1I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxnkMA0G
CSqGSIb3DQEBCwUAA4IBAQCGeSLtm0sYpMQY91fkfcjENNL4XPSRGgbkp6/rFUJ5
5qNc74+UEYbEDnKdXmWGnpOhCQ2z/PXEdmkFxdWDhBvEB/4jmW+LntZpIvSM1i0F
/c4o4FRVNhvOHsizOsQOxCcHQwN0Fm6HkkH24J2386PQ991JAGR5inHjvYXoyzNv
ZD1zEGolWTWnQx1TxgBM9U+LIhy8nSmmLiwMlZjsCriXf4KRuweAv+FOauww0JsH
eFshKg31cR7dftXt0sO8apD3cfqzAzrNO7/3GQEYkai3ieEawfgTYsyWo1txMAhX
lHwVw8KB7q1MH52a9/bq+uNcG0KMKVjk498idXrxQgqH
-----END CERTIFICATE-----