Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/19ac58-c7af-40fd-b2f7-0a7e019899cf/1/L37bFRM_Vy8FgANjlZTFkjMwj_U.roa
File:                     L37bFRM_Vy8FgANjlZTFkjMwj_U.roa (raw, json)
Hash identifier:          J3xge7hkNyUIzpW/hEhDRjEQdWlaoMfHFfkMhMBbvJ4=
Subject key identifier:   2F:7E:DB:15:13:3F:57:2F:05:80:03:63:95:94:C5:92:33:30:8F:F5
Certificate issuer:       /CN=2bcc1cf8b8e21066b6ec647697d4945d8f9bb05b
Certificate serial:       018CC3490FC5EDAC80E0264C08173117A20F
Authority key identifier: 2B:CC:1C:F8:B8:E2:10:66:B6:EC:64:76:97:D4:94:5D:8F:9B:B0:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K8wc-LjiEGa27GR2l9SUXY-bsFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/19ac58-c7af-40fd-b2f7-0a7e019899cf/1/L37bFRM_Vy8FgANjlZTFkjMwj_U.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15716
IP address blocks:        91.234.189.0/24 maxlen: 24
                          95.128.32.0/21 maxlen: 21
                          2001:618::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/19ac58-c7af-40fd-b2f7-0a7e019899cf/1/K8wc-LjiEGa27GR2l9SUXY-bsFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/19ac58-c7af-40fd-b2f7-0a7e019899cf/1/K8wc-LjiEGa27GR2l9SUXY-bsFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K8wc-LjiEGa27GR2l9SUXY-bsFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0f:c5:ed:ac:80:e0:26:4c:08:17:31:17:a2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bcc1cf8b8e21066b6ec647697d4945d8f9bb05b
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f7edb15133f572f058003639594c59233308ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6b:ad:bc:ca:73:cf:ab:2c:e9:53:24:31:7a:
                    a2:66:5a:07:95:6d:45:56:1b:1c:76:9d:38:e5:52:
                    c5:eb:ec:2d:d0:36:5a:d2:42:5a:ab:fd:d4:5f:54:
                    9a:14:c0:09:27:ce:fd:63:56:a8:37:83:59:af:d5:
                    1c:fd:16:03:aa:bf:23:74:fc:c3:33:32:80:43:48:
                    b9:d4:89:12:f5:eb:21:58:25:77:78:b3:00:08:d5:
                    a4:e2:ab:0a:b4:a2:f8:1c:0a:87:77:84:59:04:bb:
                    a7:b5:0d:50:9e:88:dc:50:fd:be:5d:6f:34:92:c9:
                    a6:9e:40:b7:59:15:17:db:02:a9:81:ef:58:65:0e:
                    ea:a9:0d:93:65:41:62:51:7d:34:06:f0:10:c8:47:
                    44:4c:01:28:b6:a3:77:07:4d:8a:db:28:00:4e:ec:
                    2d:a9:84:af:47:30:98:9d:3a:e6:09:83:8f:84:c0:
                    43:e2:30:50:20:2e:8b:4d:39:2c:28:b0:a2:6a:10:
                    17:34:b1:d2:ca:0f:07:9a:86:7f:32:25:8e:27:77:
                    5a:38:f0:5a:5c:df:3d:b4:d8:9d:70:6a:d3:7c:da:
                    a8:2f:26:8f:e8:ff:ba:d4:63:f1:ea:fd:82:fe:95:
                    6d:19:6e:03:ac:34:e2:c1:5f:de:1d:24:d5:91:38:
                    03:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7E:DB:15:13:3F:57:2F:05:80:03:63:95:94:C5:92:33:30:8F:F5
            X509v3 Authority Key Identifier:
                keyid:2B:CC:1C:F8:B8:E2:10:66:B6:EC:64:76:97:D4:94:5D:8F:9B:B0:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8wc-LjiEGa27GR2l9SUXY-bsFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/19ac58-c7af-40fd-b2f7-0a7e019899cf/1/L37bFRM_Vy8FgANjlZTFkjMwj_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/19ac58-c7af-40fd-b2f7-0a7e019899cf/1/K8wc-LjiEGa27GR2l9SUXY-bsFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.189.0/24
                  95.128.32.0/21
                IPv6:
                  2001:618::/32

    Signature Algorithm: sha256WithRSAEncryption
         d6:da:1e:5b:2e:cc:1a:c7:21:76:fe:6f:ae:b6:43:5b:75:0c:
         54:f5:cf:c6:fb:99:0c:f2:0e:50:11:56:c6:e9:6a:67:9a:fa:
         2c:04:3e:16:15:48:0a:46:53:82:75:70:a1:fc:1b:55:e2:58:
         bf:48:11:25:a2:bd:2c:25:15:80:25:c2:db:ed:1d:51:36:8f:
         4c:4f:12:c7:4e:64:85:7f:57:15:11:ba:ef:61:92:9a:8b:b4:
         9e:a2:94:c4:92:0d:58:cd:6b:3c:c4:d3:20:f3:57:d4:fe:6b:
         9d:f1:2a:aa:e1:0b:52:80:e5:26:ab:bd:02:0d:17:b0:a1:8e:
         f2:a3:69:49:7b:78:f2:0c:44:8a:2f:68:2b:fd:60:ae:ee:5f:
         55:4e:8c:b7:44:b1:18:7e:09:b7:62:0b:55:41:0b:77:16:16:
         0e:22:cd:c1:52:e8:21:a5:64:c8:e6:f1:93:76:40:b4:54:e6:
         95:39:9e:8b:ce:77:a3:a3:5c:a5:4a:15:fb:af:57:2d:57:45:
         96:91:db:f7:9f:2e:78:34:ef:1f:53:3f:39:e3:a7:dd:8f:ad:
         e2:20:8a:89:2d:5e:13:ac:64:8a:68:28:06:ba:86:76:1f:a9:
         a2:ce:b9:92:e1:64:93:8e:24:af:0e:f3:c5:0b:fe:d4:dc:c4:
         09:34:07:28
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSQ/F7ayA4CZMCBcxF6IPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiY2MxY2Y4YjhlMjEwNjZiNmVjNjQ3Njk3ZDQ5NDVkOGY5
YmIwNWIwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjdlZGIxNTEzM2Y1NzJmMDU4MDAzNjM5NTk0YzU5MjMzMzA4ZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmutvMpzz6ss6VMkMXqiZloHlW1F
Vhscdp045VLF6+wt0DZa0kJaq/3UX1SaFMAJJ879Y1aoN4NZr9Uc/RYDqr8jdPzD
MzKAQ0i51IkS9eshWCV3eLMACNWk4qsKtKL4HAqHd4RZBLuntQ1QnojcUP2+XW80
ksmmnkC3WRUX2wKpge9YZQ7qqQ2TZUFiUX00BvAQyEdETAEotqN3B02K2ygATuwt
qYSvRzCYnTrmCYOPhMBD4jBQIC6LTTksKLCiahAXNLHSyg8HmoZ/MiWOJ3daOPBa
XN89tNidcGrTfNqoLyaP6P+61GPx6v2C/pVtGW4DrDTiwV/eHSTVkTgDmwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC9+2xUTP1cvBYADY5WUxZIzMI/1MB8GA1UdIwQY
MBaAFCvMHPi44hBmtuxkdpfUlF2Pm7BbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzh3Yy1MamlFR2EyN0dSMmw5U1VYWS1ic0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8xOWFjNTgtYzdhZi00MGZkLWIyZjct
MGE3ZTAxOTg5OWNmLzEvTDM3YkZSTV9WeThGZ0FOamxaVEZrak13al9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8xOWFjNTgtYzdhZi00MGZkLWIyZjctMGE3ZTAxOTg5OWNm
LzEvSzh3Yy1MamlFR2EyN0dSMmw5U1VYWS1ic0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+q9AwQD
X4AgMA0EAgACMAcDBQAgAQYYMA0GCSqGSIb3DQEBCwUAA4IBAQDW2h5bLswaxyF2
/m+utkNbdQxU9c/G+5kM8g5QEVbG6WpnmvosBD4WFUgKRlOCdXCh/BtV4li/SBEl
or0sJRWAJcLb7R1RNo9MTxLHTmSFf1cVEbrvYZKai7SeopTEkg1YzWs8xNMg81fU
/mud8Sqq4QtSgOUmq70CDRewoY7yo2lJe3jyDESKL2gr/WCu7l9VToy3RLEYfgm3
YgtVQQt3FhYOIs3BUughpWTI5vGTdkC0VOaVOZ6Lznejo1ylShX7r1ctV0WWkdv3
ny54NO8fUz8546fdj63iIIqJLV4TrGSKaCgGuoZ2H6mizrmS4WSTjiSvDvPFC/7U
3MQJNAco
-----END CERTIFICATE-----