Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/88301c-ac79-4083-928f-5b49db65c545/1/HW--gyFyIjJfbbNnSxJATPWJGEI.roa
File:                     HW--gyFyIjJfbbNnSxJATPWJGEI.roa (raw, json)
Hash identifier:          shKJNjvcZlh2Drp2JswFM6L89Fwml75F7pDB0H15/3Q=
Subject key identifier:   1D:6F:BE:83:21:72:22:32:5F:6D:B3:67:4B:12:40:4C:F5:89:18:42
Certificate issuer:       /CN=aaac6197799fd68b6e5bbe0b57e652fd80dd3621
Certificate serial:       0194933009AFEE39A9BF3EDF9037BDCABB89
Authority key identifier: AA:AC:61:97:79:9F:D6:8B:6E:5B:BE:0B:57:E6:52:FD:80:DD:36:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqxhl3mf1otuW74LV-ZS_YDdNiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/88301c-ac79-4083-928f-5b49db65c545/1/HW--gyFyIjJfbbNnSxJATPWJGEI.roa
Signing time:             Thu 23 Jan 2025 12:43:06 +0000
ROA not before:           Thu 23 Jan 2025 12:43:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213601
IP address blocks:        203.8.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/88301c-ac79-4083-928f-5b49db65c545/1/qqxhl3mf1otuW74LV-ZS_YDdNiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/88301c-ac79-4083-928f-5b49db65c545/1/qqxhl3mf1otuW74LV-ZS_YDdNiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqxhl3mf1otuW74LV-ZS_YDdNiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:93:30:09:af:ee:39:a9:bf:3e:df:90:37:bd:ca:bb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaac6197799fd68b6e5bbe0b57e652fd80dd3621
        Validity
            Not Before: Jan 23 12:43:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d6fbe83217222325f6db3674b12404cf5891842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:63:d6:3f:7e:fa:b5:9d:61:ea:05:30:34:93:
                    a3:f6:c1:c4:69:c1:06:6b:df:1c:76:8e:bc:ea:2f:
                    42:34:e3:7f:8c:88:87:28:2a:10:5d:99:14:3c:34:
                    d0:26:b1:60:95:bb:07:cc:54:40:87:f0:e5:49:63:
                    8d:07:79:79:4a:c0:db:81:d3:70:46:6b:bb:02:38:
                    b5:74:1a:7b:d8:1c:38:1a:b3:0e:ab:10:8a:3f:6c:
                    59:83:d4:06:29:11:92:a8:dd:5e:8c:99:36:40:85:
                    fa:90:89:d2:fb:fd:ca:e5:cd:c2:d1:7f:1b:d1:b7:
                    70:ed:45:a1:9d:04:d1:0c:e6:75:59:cc:20:45:c2:
                    a5:5f:53:1f:6b:fc:7e:f7:86:6d:0b:41:b1:e5:6c:
                    5f:38:f4:22:3d:d1:5f:a7:80:eb:4a:59:e8:56:d4:
                    81:25:6c:94:a9:86:f3:82:52:6d:fa:7c:eb:9a:df:
                    bc:a5:24:fa:40:47:43:4e:30:cc:28:0c:82:f5:64:
                    46:1a:69:e1:05:49:1c:37:19:91:c4:74:aa:d1:df:
                    8d:66:e7:dd:d1:d7:c9:19:0b:ed:b8:bf:b6:05:e7:
                    9b:02:8a:79:20:e1:5a:b5:46:fb:14:79:c4:7e:d4:
                    55:40:ce:e1:87:cd:2f:83:15:cf:db:04:ae:7c:02:
                    cc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:6F:BE:83:21:72:22:32:5F:6D:B3:67:4B:12:40:4C:F5:89:18:42
            X509v3 Authority Key Identifier:
                keyid:AA:AC:61:97:79:9F:D6:8B:6E:5B:BE:0B:57:E6:52:FD:80:DD:36:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqxhl3mf1otuW74LV-ZS_YDdNiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/88301c-ac79-4083-928f-5b49db65c545/1/HW--gyFyIjJfbbNnSxJATPWJGEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/88301c-ac79-4083-928f-5b49db65c545/1/qqxhl3mf1otuW74LV-ZS_YDdNiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.8.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:16:f6:66:bb:70:af:67:3d:7e:51:78:5f:e6:49:fb:e4:96:
         17:61:a7:ff:b2:68:3c:53:ea:a1:ed:52:1c:9d:a2:a4:7b:40:
         79:39:a1:47:fc:43:5a:9c:02:cf:f6:13:3d:36:6f:0c:3d:de:
         52:85:d1:7c:11:fb:45:3f:bd:94:1a:f3:40:a2:98:a5:c9:23:
         98:7f:44:cb:11:f6:5e:12:75:4f:a9:90:fd:34:94:65:71:ef:
         c6:c3:43:e5:49:89:fa:07:be:46:25:0c:de:3c:c3:ef:04:9b:
         a1:42:0d:bb:13:51:dc:96:65:b8:8f:85:ba:02:f3:c4:72:62:
         e4:c6:9d:7d:1d:49:30:be:46:16:70:e0:e2:e7:14:f4:19:4f:
         c0:de:f0:ad:a5:2b:82:aa:1b:07:6c:7b:24:3f:2e:b5:0f:dc:
         81:a8:81:78:f7:24:a8:fe:5a:70:d9:0d:c6:a8:ef:82:62:4f:
         d7:9d:4f:06:fe:4d:94:06:74:c6:de:0d:57:89:6e:43:fd:06:
         4b:80:48:18:a9:d7:57:85:43:4d:4a:62:3f:13:d7:04:99:5d:
         00:ea:5f:bb:67:de:7d:33:86:b9:5c:47:7f:1a:54:87:92:d0:
         65:15:60:8f:f5:5a:cf:cc:0b:4a:a8:03:e6:5d:f7:d8:f5:69:
         33:b4:86:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSTMAmv7jmpvz7fkDe9yruJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYWM2MTk3Nzk5ZmQ2OGI2ZTViYmUwYjU3ZTY1MmZkODBk
ZDM2MjEwHhcNMjUwMTIzMTI0MzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDZmYmU4MzIxNzIyMjMyNWY2ZGIzNjc0YjEyNDA0Y2Y1ODkxODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GPWP376tZ1h6gUwNJOj9sHEacEG
a98cdo686i9CNON/jIiHKCoQXZkUPDTQJrFglbsHzFRAh/DlSWONB3l5SsDbgdNw
Rmu7Aji1dBp72Bw4GrMOqxCKP2xZg9QGKRGSqN1ejJk2QIX6kInS+/3K5c3C0X8b
0bdw7UWhnQTRDOZ1WcwgRcKlX1Mfa/x+94ZtC0Gx5WxfOPQiPdFfp4DrSlnoVtSB
JWyUqYbzglJt+nzrmt+8pST6QEdDTjDMKAyC9WRGGmnhBUkcNxmRxHSq0d+NZufd
0dfJGQvtuL+2BeebAop5IOFatUb7FHnEftRVQM7hh80vgxXP2wSufALMpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1vvoMhciIyX22zZ0sSQEz1iRhCMB8GA1UdIwQY
MBaAFKqsYZd5n9aLblu+C1fmUv2A3TYhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXF4aGwzbWYxb3R1Vzc0TFYtWlNfWURkTmlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC84ODMwMWMtYWM3OS00MDgzLTkyOGYt
NWI0OWRiNjVjNTQ1LzEvSFctLWd5RnlJakpmYmJOblN4SkFUUFdKR0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC84ODMwMWMtYWM3OS00MDgzLTkyOGYtNWI0OWRiNjVjNTQ1
LzEvcXF4aGwzbWYxb3R1Vzc0TFYtWlNfWURkTmlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAywilMA0G
CSqGSIb3DQEBCwUAA4IBAQBQFvZmu3CvZz1+UXhf5kn75JYXYaf/smg8U+qh7VIc
naKke0B5OaFH/ENanALP9hM9Nm8MPd5ShdF8EftFP72UGvNAopilySOYf0TLEfZe
EnVPqZD9NJRlce/Gw0PlSYn6B75GJQzePMPvBJuhQg27E1HclmW4j4W6AvPEcmLk
xp19HUkwvkYWcODi5xT0GU/A3vCtpSuCqhsHbHskPy61D9yBqIF49ySo/lpw2Q3G
qO+CYk/XnU8G/k2UBnTG3g1XiW5D/QZLgEgYqddXhUNNSmI/E9cEmV0A6l+7Z959
M4a5XEd/GlSHktBlFWCP9VrPzAtKqAPmXffY9WkztIag
-----END CERTIFICATE-----