Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/hgKJSj37NLk4a7nv9oIV6B5-BrY.roa
File:                     hgKJSj37NLk4a7nv9oIV6B5-BrY.roa (raw, json)
Hash identifier:          FV5Ajroag+TWBWUaLbesk0f02bQ9127lCtyZLxy6n+k=
Subject key identifier:   86:02:89:4A:3D:FB:34:B9:38:6B:B9:EF:F6:82:15:E8:1E:7E:06:B6
Certificate issuer:       /CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
Certificate serial:       018CC2DAF9901D55F992CF1DCF2E8A9BDF56
Authority key identifier: 50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/hgKJSj37NLk4a7nv9oIV6B5-BrY.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31034
IP address blocks:        178.255.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f9:90:1d:55:f9:92:cf:1d:cf:2e:8a:9b:df:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8602894a3dfb34b9386bb9eff68215e81e7e06b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b2:ef:60:1c:66:d2:46:3e:e1:96:cc:d9:b6:
                    8a:10:c8:b6:e9:56:ae:0c:c0:0f:35:ff:d4:8a:dd:
                    ed:4d:11:89:eb:d0:61:02:cb:e7:57:89:ec:fc:23:
                    a9:20:d5:f1:73:5c:5e:d9:9b:e3:ae:48:e9:65:e8:
                    b0:e2:b0:b2:77:1c:40:00:d1:b4:3b:6c:5b:6e:02:
                    8b:02:d7:64:f7:be:08:a6:05:bc:a9:7c:77:b1:68:
                    39:3c:ec:81:0a:6b:12:ee:cc:6f:f2:fd:a5:d8:51:
                    22:78:4d:05:15:b0:77:bb:12:48:b3:64:c1:7e:d4:
                    68:8a:f8:e5:20:83:56:12:51:93:04:8d:56:aa:48:
                    ab:a8:6d:44:0a:40:e6:ff:97:e9:a9:46:87:78:11:
                    a0:36:11:47:8f:52:fa:a3:19:81:11:79:c2:5e:c1:
                    a8:4e:e9:fe:57:4e:32:89:08:79:44:6c:a5:d3:18:
                    41:a0:fb:25:2b:b1:cb:f7:54:35:7b:db:27:eb:e0:
                    51:80:54:8e:3e:cd:40:e7:77:84:14:69:36:68:e9:
                    5a:f2:99:39:18:ef:ab:09:92:3d:be:67:00:20:e1:
                    06:76:b1:81:71:dc:61:97:27:1f:09:98:e2:97:8d:
                    8b:c0:22:07:8c:1a:56:91:d6:c0:79:d2:99:1c:1e:
                    79:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:02:89:4A:3D:FB:34:B9:38:6B:B9:EF:F6:82:15:E8:1E:7E:06:B6
            X509v3 Authority Key Identifier:
                keyid:50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/hgKJSj37NLk4a7nv9oIV6B5-BrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:04:a0:f2:2d:c0:4b:f1:bc:65:80:24:6a:dd:00:22:c1:b1:
         a2:48:e7:18:32:69:16:a2:7b:4f:8a:c4:b6:84:d0:c9:f6:c0:
         b0:3e:51:2a:53:a1:b0:25:19:3e:65:a0:4f:ae:e5:c6:09:c5:
         e4:39:07:57:35:01:b7:1c:56:66:d9:ca:67:37:1a:d7:83:e6:
         63:5e:4e:ae:58:8b:c2:94:9a:94:c0:cc:3d:e6:b8:d7:f6:6d:
         57:21:6b:f7:cd:6e:77:6f:ed:d2:ff:13:29:70:77:f4:19:40:
         8c:f9:b8:54:2a:1d:fd:be:a7:f4:e2:ae:96:c6:28:0e:ee:ac:
         21:06:b5:88:e1:a1:19:96:12:0d:60:02:6b:2d:fe:26:c4:b0:
         c6:cb:98:0d:ec:d9:1e:fb:c1:bf:bf:2d:12:92:64:c5:58:58:
         ee:ad:d8:76:e4:87:2a:65:98:bc:c3:78:4b:69:84:3d:1a:99:
         75:ed:56:d8:a5:c2:5f:60:b3:68:49:5a:4d:b6:bc:4c:67:05:
         21:d2:60:28:14:18:12:30:dd:b1:7d:4f:b2:24:10:be:74:42:
         54:ca:ee:ce:ab:87:01:0c:3f:49:66:8a:5b:f6:49:e6:a3:78:
         90:e8:34:fe:6c:cd:ae:6c:a1:63:8a:09:d0:c5:f3:40:74:74:
         fc:95:87:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vmQHVX5ks8dzy6Km99WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNWUyZjJkNWU3MDkzZmY4ZDQwMDNhMDJiN2QzZTEzMWNl
NzBhMTIwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjAyODk0YTNkZmIzNGI5Mzg2YmI5ZWZmNjgyMTVlODFlN2UwNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrLvYBxm0kY+4ZbM2baKEMi26Vau
DMAPNf/Uit3tTRGJ69BhAsvnV4ns/COpINXxc1xe2ZvjrkjpZeiw4rCydxxAANG0
O2xbbgKLAtdk974IpgW8qXx3sWg5POyBCmsS7sxv8v2l2FEieE0FFbB3uxJIs2TB
ftRoivjlIINWElGTBI1WqkirqG1ECkDm/5fpqUaHeBGgNhFHj1L6oxmBEXnCXsGo
Tun+V04yiQh5RGyl0xhBoPslK7HL91Q1e9sn6+BRgFSOPs1A53eEFGk2aOla8pk5
GO+rCZI9vmcAIOEGdrGBcdxhlycfCZjil42LwCIHjBpWkdbAedKZHB55EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYCiUo9+zS5OGu57/aCFegefga2MB8GA1UdIwQY
MBaAFFBeLy1ecJP/jUADoCt9PhMc5woSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQt
OThlOWUyNTEwYmI2LzEvaGdLSlNqMzdOTGs0YTdudjlvSVY2QjUtQnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQtOThlOWUyNTEwYmI2
LzEvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv/xMA0G
CSqGSIb3DQEBCwUAA4IBAQBvBKDyLcBL8bxlgCRq3QAiwbGiSOcYMmkWontPisS2
hNDJ9sCwPlEqU6GwJRk+ZaBPruXGCcXkOQdXNQG3HFZm2cpnNxrXg+ZjXk6uWIvC
lJqUwMw95rjX9m1XIWv3zW53b+3S/xMpcHf0GUCM+bhUKh39vqf04q6WxigO7qwh
BrWI4aEZlhINYAJrLf4mxLDGy5gN7Nke+8G/vy0SkmTFWFjurdh25IcqZZi8w3hL
aYQ9Gpl17VbYpcJfYLNoSVpNtrxMZwUh0mAoFBgSMN2xfU+yJBC+dEJUyu7Oq4cB
DD9JZopb9knmo3iQ6DT+bM2ubKFjignQxfNAdHT8lYd2
-----END CERTIFICATE-----