Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/hs08Sp3xnNDZ3XAsQNyWIlLq4m0.roa
File:                     hs08Sp3xnNDZ3XAsQNyWIlLq4m0.roa (raw, json)
Hash identifier:          oZN6r1XRbgFg4MIbXtenflK12nk57JNnUKe9VbuD6A8=
Subject key identifier:   86:CD:3C:4A:9D:F1:9C:D0:D9:DD:70:2C:40:DC:96:22:52:EA:E2:6D
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CC8DF3DC7ED149A97D69E94086935DBCD
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/hs08Sp3xnNDZ3XAsQNyWIlLq4m0.roa
Signing time:             Tue 02 Jan 2024 06:32:02 +0000
ROA not before:           Tue 02 Jan 2024 06:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207795
IP address blocks:        213.209.131.0/24 maxlen: 24
                          77.90.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3d:c7:ed:14:9a:97:d6:9e:94:08:69:35:db:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 06:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86cd3c4a9df19cd0d9dd702c40dc962252eae26d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:15:d4:d2:43:0b:d1:13:04:8b:97:d2:0d:4b:
                    73:85:fe:fd:46:8c:ed:f2:3b:cc:06:b2:8b:c1:79:
                    e1:4e:b0:b2:af:5d:f6:51:b3:e0:11:35:e8:db:cf:
                    4b:0f:1e:11:f6:82:03:4f:fa:6a:0c:e5:c7:e9:e2:
                    76:19:eb:ba:8d:21:13:a7:89:65:7a:a5:07:9f:0b:
                    f0:55:15:fe:5b:3e:13:ae:53:5c:2e:04:6b:e4:d1:
                    34:fc:fc:cd:79:0a:81:be:2c:e9:7c:93:a7:83:26:
                    eb:ab:3d:12:75:d1:f1:e9:74:b0:34:eb:3b:e6:50:
                    a6:63:91:02:eb:42:75:b1:29:ce:26:9a:c5:c5:11:
                    96:56:e8:87:8d:41:9b:3e:88:1a:b0:55:14:72:6d:
                    53:7f:04:7c:be:9a:6f:3f:b9:7c:45:e1:91:21:0e:
                    c9:69:64:2a:df:77:f7:40:47:59:bb:5b:d8:ac:5a:
                    02:f8:8c:9a:ae:98:78:e8:c5:99:a5:80:15:eb:7b:
                    e1:59:2b:f7:ec:72:a8:4f:f6:fc:af:dd:05:0f:04:
                    e9:15:11:10:00:92:3e:47:f4:39:d2:7f:ba:dc:80:
                    72:8f:b5:f1:5d:a5:29:99:44:e9:e4:56:8d:34:bf:
                    c1:5e:19:c8:f6:27:9d:c7:6c:d6:58:22:78:33:70:
                    dd:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CD:3C:4A:9D:F1:9C:D0:D9:DD:70:2C:40:DC:96:22:52:EA:E2:6D
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/hs08Sp3xnNDZ3XAsQNyWIlLq4m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.177.0/24
                  213.209.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:d5:83:90:a7:fd:92:af:f0:a8:d8:5e:0b:48:71:48:54:f6:
         ee:9f:87:89:9c:d1:36:cd:05:33:98:5b:e4:cd:da:f3:d5:d7:
         73:07:2c:92:49:5c:85:1c:f4:73:f6:e6:3d:2e:34:c5:31:1a:
         55:19:c2:d2:74:ff:7d:2d:47:ed:2b:f1:55:b7:d2:d6:23:43:
         20:02:d3:42:58:0c:8a:bf:9a:e8:ff:45:1f:e3:8a:1c:33:95:
         d2:87:68:a9:5e:fd:02:6c:81:f7:ed:51:20:03:7d:92:c5:b1:
         8f:8e:c6:e8:8d:8f:a4:6e:7b:0c:64:b0:1c:02:33:03:b8:72:
         fe:99:6d:d3:d9:5d:d3:48:92:46:5d:95:96:1f:46:9c:7f:14:
         be:ed:af:ec:92:c4:17:5a:dd:9a:01:5c:3f:a3:ac:46:9b:33:
         4f:7a:76:bf:68:d8:a3:41:bb:84:ce:10:51:92:df:c7:9b:b5:
         e7:42:d0:98:d6:0a:0d:d8:71:9a:e9:89:57:6a:c9:6f:a2:a6:
         31:d5:df:ac:3d:65:22:66:f7:10:59:91:4d:b3:9c:51:b5:63:
         29:de:9a:38:80:e6:64:f3:1c:ae:1d:62:07:7e:1e:c7:5d:99:
         19:1c:01:74:f8:eb:3f:27:60:cb:a5:3b:03:6e:29:73:ce:fc:
         63:c3:74:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3z3H7RSal9aelAhpNdvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMTAyMDYzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNkM2M0YTlkZjE5Y2QwZDlkZDcwMmM0MGRjOTYyMjUyZWFlMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRXU0kML0RMEi5fSDUtzhf79Rozt
8jvMBrKLwXnhTrCyr132UbPgETXo289LDx4R9oIDT/pqDOXH6eJ2Geu6jSETp4ll
eqUHnwvwVRX+Wz4TrlNcLgRr5NE0/PzNeQqBvizpfJOngybrqz0SddHx6XSwNOs7
5lCmY5EC60J1sSnOJprFxRGWVuiHjUGbPogasFUUcm1TfwR8vppvP7l8ReGRIQ7J
aWQq33f3QEdZu1vYrFoC+Iyarph46MWZpYAV63vhWSv37HKoT/b8r90FDwTpFREQ
AJI+R/Q50n+63IByj7XxXaUpmUTp5FaNNL/BXhnI9iedx2zWWCJ4M3DdswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIbNPEqd8ZzQ2d1wLEDcliJS6uJtMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvaHMwOFNwM3huTkRaM1hBc1FOeVdJbExxNG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVqxAwQA
1dGDMA0GCSqGSIb3DQEBCwUAA4IBAQCV1YOQp/2Sr/Co2F4LSHFIVPbun4eJnNE2
zQUzmFvkzdrz1ddzByySSVyFHPRz9uY9LjTFMRpVGcLSdP99LUftK/FVt9LWI0Mg
AtNCWAyKv5ro/0Uf44ocM5XSh2ipXv0CbIH37VEgA32SxbGPjsbojY+kbnsMZLAc
AjMDuHL+mW3T2V3TSJJGXZWWH0acfxS+7a/sksQXWt2aAVw/o6xGmzNPena/aNij
QbuEzhBRkt/Hm7XnQtCY1goN2HGa6YlXaslvoqYx1d+sPWUiZvcQWZFNs5xRtWMp
3po4gOZk8xyuHWIHfh7HXZkZHAF0+Os/J2DLpTsDbilzzvxjw3S2
-----END CERTIFICATE-----