Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/hTpBUHjKSibUjSu531PR8oyCGJo.roa
File:                     hTpBUHjKSibUjSu531PR8oyCGJo.roa (raw, json)
Hash identifier:          FVUbBHWJuqqaaxaoiRKqWrwd28wE7nfe382mHHXTOas=
Subject key identifier:   85:3A:41:50:78:CA:4A:26:D4:8D:2B:B9:DF:53:D1:F2:8C:82:18:9A
Certificate issuer:       /CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
Certificate serial:       01907D8359AF5C11C3CF0B3323ADFFCEE0C5
Authority key identifier: 08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/hTpBUHjKSibUjSu531PR8oyCGJo.roa
Signing time:             Thu 04 Jul 2024 11:31:18 +0000
ROA not before:           Thu 04 Jul 2024 11:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        62.108.64.0/22 maxlen: 24
                          62.108.68.0/22 maxlen: 24
                          62.108.72.0/22 maxlen: 24
                          62.108.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7d:83:59:af:5c:11:c3:cf:0b:33:23:ad:ff:ce:e0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
        Validity
            Not Before: Jul  4 11:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=853a415078ca4a26d48d2bb9df53d1f28c82189a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7f:ec:8e:68:16:09:49:42:b8:23:7f:7f:1a:
                    60:c8:7a:15:7d:3b:62:2a:0e:ad:2c:c0:95:bb:f5:
                    e6:e1:d8:74:a6:70:b9:b6:2b:66:e5:3c:a4:b1:7d:
                    78:37:5f:67:ce:80:33:82:ce:b4:e4:c9:86:bf:8e:
                    25:3f:79:ec:15:fc:15:88:bc:f8:05:5b:18:74:fd:
                    62:96:f7:a0:51:27:f4:ee:eb:0d:d8:7d:63:91:f2:
                    bd:f9:b2:27:fc:fe:48:a9:c1:e3:41:e2:40:59:8a:
                    9a:97:4e:89:ca:eb:3a:ae:ef:00:09:df:54:a3:e1:
                    2a:98:8f:92:51:d1:05:d1:40:b3:68:dc:d0:10:18:
                    4a:ba:ed:c4:d4:87:4c:a0:e8:8e:e9:0e:d2:67:d6:
                    27:f2:67:f2:a7:73:d1:cb:96:6a:14:2b:7a:65:b8:
                    29:16:50:89:7c:11:5e:b7:c4:65:11:36:38:1c:b0:
                    96:61:b0:df:75:c1:c0:94:0e:19:fa:cf:ff:3d:a1:
                    3b:33:29:f3:eb:2a:46:0e:9f:4a:61:a0:f3:bb:50:
                    25:bd:39:f4:c9:58:03:cb:d8:15:73:55:28:86:8a:
                    c9:2b:0f:06:9e:5f:bf:0b:59:7a:da:95:7c:f5:f5:
                    7f:9e:3c:52:07:69:44:29:f5:8d:3d:89:36:da:cc:
                    ea:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:3A:41:50:78:CA:4A:26:D4:8D:2B:B9:DF:53:D1:F2:8C:82:18:9A
            X509v3 Authority Key Identifier:
                keyid:08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/hTpBUHjKSibUjSu531PR8oyCGJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         57:9e:34:58:de:57:34:30:ef:37:93:7d:59:37:b7:c0:45:27:
         ec:e0:fc:af:1e:10:94:30:0c:3a:e2:eb:04:90:bd:8c:e1:ed:
         44:f5:39:00:7a:bf:71:57:aa:8b:38:32:4f:d2:c5:6f:00:dc:
         83:5f:98:55:a7:fc:18:2a:90:e6:77:44:a0:45:75:89:0f:b0:
         42:1b:f6:81:7d:a6:6f:4a:d3:6d:30:4e:62:9c:8a:78:ca:fc:
         28:62:88:01:35:ba:c4:1e:2f:fe:9a:63:ec:82:6a:bf:33:65:
         f3:1a:e0:18:04:7d:d5:42:15:c7:3d:be:fc:5e:83:4e:f3:e0:
         91:72:fa:b4:c9:b6:0f:c1:f1:a2:1a:99:a1:24:1c:4e:3d:66:
         22:a6:00:49:2c:65:28:71:62:ca:c5:42:d9:c2:c3:29:a5:68:
         db:19:3e:c0:89:91:b9:e0:61:0b:ee:27:04:e4:8a:53:cb:94:
         7a:02:32:1a:52:60:ce:df:7b:70:d8:b6:df:09:f0:b9:2e:0b:
         c0:b7:d2:c7:d0:ab:30:d4:02:dc:e3:f7:32:0e:a3:f4:ac:4d:
         bb:24:32:bc:27:c1:9a:e5:b5:5d:2c:44:7c:54:20:c7:44:a5:
         2a:a2:cd:9e:00:0d:64:77:4a:7d:64:0a:9d:e3:6a:1f:86:a6:
         ae:25:6c:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB9g1mvXBHDzwszI63/zuDFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDc5ZDIwZDc2YTlkZGIwNzViOTRmOWYwMDA1MmFiMjE4
Mjc2YjcwHhcNMjQwNzA0MTEzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNhNDE1MDc4Y2E0YTI2ZDQ4ZDJiYjlkZjUzZDFmMjhjODIxODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3/sjmgWCUlCuCN/fxpgyHoVfTti
Kg6tLMCVu/Xm4dh0pnC5titm5TyksX14N19nzoAzgs605MmGv44lP3nsFfwViLz4
BVsYdP1ilvegUSf07usN2H1jkfK9+bIn/P5IqcHjQeJAWYqal06Jyus6ru8ACd9U
o+EqmI+SUdEF0UCzaNzQEBhKuu3E1IdMoOiO6Q7SZ9Yn8mfyp3PRy5ZqFCt6Zbgp
FlCJfBFet8RlETY4HLCWYbDfdcHAlA4Z+s//PaE7Mynz6ypGDp9KYaDzu1AlvTn0
yVgDy9gVc1UohorJKw8Gnl+/C1l62pV89fV/njxSB2lEKfWNPYk22szqtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU6QVB4ykom1I0rud9T0fKMghiaMB8GA1UdIwQY
MBaAFAjXnSDXap3bB1uU+fAAUqshgna3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWIt
NDhkYzg4YjU2MDIwLzEvaFRwQlVIaktTaWJValN1NTMxUFI4b3lDR0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWItNDhkYzg4YjU2MDIw
LzEvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPmxAMA0G
CSqGSIb3DQEBCwUAA4IBAQBXnjRY3lc0MO83k31ZN7fARSfs4PyvHhCUMAw64usE
kL2M4e1E9TkAer9xV6qLODJP0sVvANyDX5hVp/wYKpDmd0SgRXWJD7BCG/aBfaZv
StNtME5inIp4yvwoYogBNbrEHi/+mmPsgmq/M2XzGuAYBH3VQhXHPb78XoNO8+CR
cvq0ybYPwfGiGpmhJBxOPWYipgBJLGUocWLKxULZwsMppWjbGT7AiZG54GEL7icE
5IpTy5R6AjIaUmDO33tw2LbfCfC5LgvAt9LH0Ksw1ALc4/cyDqP0rE27JDK8J8Ga
5bVdLER8VCDHRKUqos2eAA1kd0p9ZAqd42ofhqauJWyQ
-----END CERTIFICATE-----