Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/H9brTu9sJYR1L_WhwxGXwE1hBnc.roa
File:                     H9brTu9sJYR1L_WhwxGXwE1hBnc.roa (raw, json)
Hash identifier:          8pFMNGOz6x2pkym3gWBGOr67VvC8iA1WWbB52ThHNoQ=
Subject key identifier:   1F:D6:EB:4E:EF:6C:25:84:75:2F:F5:A1:C3:11:97:C0:4D:61:06:77
Certificate issuer:       /CN=c7db56cda2e7ddb023168c5d77ec97d9a006baed
Certificate serial:       018CC4245B21100A537665E300B44527BDD4
Authority key identifier: C7:DB:56:CD:A2:E7:DD:B0:23:16:8C:5D:77:EC:97:D9:A0:06:BA:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/H9brTu9sJYR1L_WhwxGXwE1hBnc.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3399
IP address blocks:        193.178.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:21:10:0a:53:76:65:e3:00:b4:45:27:bd:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7db56cda2e7ddb023168c5d77ec97d9a006baed
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fd6eb4eef6c2584752ff5a1c31197c04d610677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:73:41:00:cf:e9:2f:a4:37:61:35:36:a2:a1:
                    9c:87:bd:c2:f8:98:76:50:55:cd:40:b0:f8:87:02:
                    ed:e1:67:8a:13:9b:a7:83:bf:93:35:30:19:ff:30:
                    4d:55:97:85:75:a5:71:57:7e:84:b0:80:e3:49:ef:
                    10:8b:22:a5:2a:47:8d:60:32:82:f8:0d:0b:92:58:
                    30:f7:05:3d:c8:09:6c:e2:ba:ef:4a:6e:c8:17:dd:
                    c6:70:f7:11:81:3c:60:6e:95:70:a0:fa:9a:e4:43:
                    6f:de:0f:e0:a9:fb:17:25:a5:e4:ee:5d:47:66:be:
                    3c:b9:da:33:93:9c:8e:08:9d:f0:39:67:2c:50:90:
                    1e:2e:c9:7f:66:b4:da:2a:8a:c8:f8:2c:be:37:8c:
                    a4:b8:9f:fe:97:51:64:cd:a9:62:7e:5c:13:43:e8:
                    3b:dd:95:88:73:b4:15:a4:a5:ae:c4:cc:bd:59:43:
                    ca:fc:fb:d8:86:ab:92:a9:6f:a2:d1:fd:03:86:6d:
                    e8:34:9d:76:8f:1a:58:3b:dd:ef:63:d8:fd:50:44:
                    cc:1f:d2:f5:fc:1d:43:fa:ba:26:c4:69:fa:b8:77:
                    f8:98:65:9e:24:06:0f:3c:72:29:60:57:6e:31:3b:
                    3a:ec:24:9a:3a:e5:73:4c:89:6d:19:61:4f:57:e0:
                    f7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D6:EB:4E:EF:6C:25:84:75:2F:F5:A1:C3:11:97:C0:4D:61:06:77
            X509v3 Authority Key Identifier:
                keyid:C7:DB:56:CD:A2:E7:DD:B0:23:16:8C:5D:77:EC:97:D9:A0:06:BA:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/H9brTu9sJYR1L_WhwxGXwE1hBnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:e5:f4:11:cc:b3:21:78:e2:87:74:89:38:7f:97:8e:ef:b8:
         0a:af:5e:ae:44:4a:52:2a:ac:d7:cf:14:4c:9f:e7:bb:f0:57:
         3f:bc:a3:85:45:18:bb:96:2e:e6:59:28:2d:43:c4:6b:a8:34:
         3b:8c:94:81:bc:1a:af:86:c6:9e:78:38:6a:3f:c7:6b:d9:d6:
         fc:6d:e5:97:48:d1:0b:d7:30:a0:97:d3:2a:1a:df:42:70:82:
         08:fa:6f:a3:55:b2:0f:d6:d2:dc:5e:c2:b5:02:65:86:45:58:
         12:06:0f:5c:6d:bb:83:ec:2d:c3:82:75:3f:51:0e:96:60:32:
         2a:ac:a7:72:96:09:1b:b0:e4:93:72:b8:c5:bf:61:12:a0:f5:
         e5:e7:f4:6f:93:d0:ae:7e:c9:78:43:4f:6c:17:ad:a0:63:4d:
         13:7e:40:0b:e0:61:00:c9:8c:72:03:74:77:14:a7:3c:d1:af:
         ee:bb:63:46:05:d6:2d:aa:3e:e0:3f:7d:d9:90:90:9b:e5:24:
         98:34:e2:76:18:a6:37:1e:23:a4:c8:25:64:de:79:a1:c6:42:
         a9:a6:5d:3e:3b:5b:92:8d:a5:21:bc:d0:47:82:20:d7:4a:c2:
         e7:7e:20:f5:41:3e:63:b3:ca:50:bf:8b:ec:d0:71:10:d5:a2:
         8d:12:5a:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFshEApTdmXjALRFJ73UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZGI1NmNkYTJlN2RkYjAyMzE2OGM1ZDc3ZWM5N2Q5YTAw
NmJhZWQwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQ2ZWI0ZWVmNmMyNTg0NzUyZmY1YTFjMzExOTdjMDRkNjEwNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3NBAM/pL6Q3YTU2oqGch73C+Jh2
UFXNQLD4hwLt4WeKE5ung7+TNTAZ/zBNVZeFdaVxV36EsIDjSe8QiyKlKkeNYDKC
+A0Lklgw9wU9yAls4rrvSm7IF93GcPcRgTxgbpVwoPqa5ENv3g/gqfsXJaXk7l1H
Zr48udozk5yOCJ3wOWcsUJAeLsl/ZrTaKorI+Cy+N4ykuJ/+l1FkzaliflwTQ+g7
3ZWIc7QVpKWuxMy9WUPK/PvYhquSqW+i0f0Dhm3oNJ12jxpYO93vY9j9UETMH9L1
/B1D+romxGn6uHf4mGWeJAYPPHIpYFduMTs67CSaOuVzTIltGWFPV+D3/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/W607vbCWEdS/1ocMRl8BNYQZ3MB8GA1UdIwQY
MBaAFMfbVs2i592wIxaMXXfsl9mgBrrtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDl0V3phTG4zYkFqRm94ZGQteVgyYUFHdXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hOTc4YWItNDNkNS00MzM1LWFmYTIt
ODJlYjZmZDExZGQ1LzEvSDliclR1OXNKWVIxTF9XaHd4R1h3RTFoQm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hOTc4YWItNDNkNS00MzM1LWFmYTItODJlYjZmZDExZGQ1
LzEveDl0V3phTG4zYkFqRm94ZGQteVgyYUFHdXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKBMA0G
CSqGSIb3DQEBCwUAA4IBAQCp5fQRzLMheOKHdIk4f5eO77gKr16uREpSKqzXzxRM
n+e78Fc/vKOFRRi7li7mWSgtQ8RrqDQ7jJSBvBqvhsaeeDhqP8dr2db8beWXSNEL
1zCgl9MqGt9CcIII+m+jVbIP1tLcXsK1AmWGRVgSBg9cbbuD7C3DgnU/UQ6WYDIq
rKdylgkbsOSTcrjFv2ESoPXl5/Rvk9Cufsl4Q09sF62gY00TfkAL4GEAyYxyA3R3
FKc80a/uu2NGBdYtqj7gP33ZkJCb5SSYNOJ2GKY3HiOkyCVk3nmhxkKppl0+O1uS
jaUhvNBHgiDXSsLnfiD1QT5js8pQv4vs0HEQ1aKNElps
-----END CERTIFICATE-----