Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7rAxRYftH8PD9_rwTsDyZlIKLGM.roa
File:                     7rAxRYftH8PD9_rwTsDyZlIKLGM.roa (raw, json)
Hash identifier:          o0wKULjCRA9UUH1ShnEHTxNPGmkUgH9VC62Bnzelz9s=
Subject key identifier:   EE:B0:31:45:87:ED:1F:C3:C3:F7:FA:F0:4E:C0:F2:66:52:0A:2C:63
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019053B9A9DAADB577714C23172FA93D047E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7rAxRYftH8PD9_rwTsDyZlIKLGM.roa
Signing time:             Wed 26 Jun 2024 08:46:34 +0000
ROA not before:           Wed 26 Jun 2024 08:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        37.252.27.0/24 maxlen: 24
                          81.168.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:b9:a9:da:ad:b5:77:71:4c:23:17:2f:a9:3d:04:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 26 08:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeb0314587ed1fc3c3f7faf04ec0f266520a2c63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:75:8e:76:6f:47:32:96:9e:fa:65:af:d9:d1:
                    93:98:95:84:5f:61:ed:73:d6:49:8e:73:6f:43:3f:
                    8d:19:22:fe:d2:43:80:66:d2:3b:af:0e:dd:c5:e0:
                    ea:e0:d8:07:4e:de:55:9d:c1:e9:24:3e:68:d2:0b:
                    03:a1:be:a0:e4:cf:6a:ac:b5:4e:22:06:c0:30:2c:
                    b7:bc:33:42:f6:c4:f5:67:c4:09:83:cc:ea:42:9b:
                    a8:d2:e5:4f:7a:ef:6a:05:0b:94:59:7c:d1:de:2c:
                    f6:d0:79:f2:02:eb:7d:3f:91:03:cd:cc:01:91:02:
                    d5:c0:7d:13:fd:18:52:5a:13:b5:41:06:29:61:44:
                    b9:ba:2e:d4:d0:43:de:88:3b:5a:dc:77:84:0d:90:
                    5c:71:98:f1:f6:cb:09:92:55:25:ad:2a:3a:83:26:
                    8a:80:e2:a9:0d:f1:28:04:e9:02:39:3a:ba:b1:58:
                    44:ad:a6:f9:15:f9:b5:6c:6c:64:21:f4:c1:2d:06:
                    15:09:91:75:22:dd:ed:d3:7f:22:c2:07:7e:81:61:
                    b3:51:8f:41:64:21:d8:e5:da:70:7f:81:95:85:91:
                    4c:3f:8a:35:98:e7:2b:10:11:f2:73:4d:ba:07:0c:
                    99:e6:d9:8d:3c:2b:97:49:f0:c6:1b:35:7e:ee:12:
                    f2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B0:31:45:87:ED:1F:C3:C3:F7:FA:F0:4E:C0:F2:66:52:0A:2C:63
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7rAxRYftH8PD9_rwTsDyZlIKLGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.27.0/24
                  81.168.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:b2:4f:e3:c1:8a:2c:cc:1e:d9:97:ef:4d:64:c0:91:70:cb:
         86:45:50:b3:d2:72:a9:86:3d:61:25:29:6f:c5:e0:bb:7d:ec:
         cb:22:ea:7f:8d:7a:b1:e4:93:69:4c:b9:91:83:ed:6d:6e:b4:
         eb:17:2e:3b:8e:4e:93:8e:5f:33:fc:67:ea:b1:c5:c2:53:3d:
         86:ff:c4:10:00:04:0b:14:96:39:19:34:05:b4:cc:e9:2a:08:
         09:d2:7c:f3:33:57:76:0b:69:e7:66:04:6d:11:09:51:b5:94:
         31:28:48:57:d6:7e:db:91:a6:c1:74:d9:25:d5:2b:e2:b7:92:
         91:31:fa:96:e7:c6:fd:e1:29:73:43:c0:d9:fb:70:62:28:32:
         db:b7:97:dc:56:de:dc:f5:2b:8d:40:29:ce:4a:ff:ad:b1:af:
         53:60:dc:bd:e8:03:1d:2a:0c:6c:b3:b6:11:14:02:49:d9:87:
         ae:be:52:47:02:da:fa:d4:c4:d3:67:17:73:9a:62:66:d5:ce:
         1d:d6:88:9d:03:63:7f:ae:26:8a:a9:60:b6:a8:20:da:2c:b8:
         77:ec:34:e5:af:bd:0d:55:f0:f5:41:f3:66:44:8c:c5:1a:3e:
         1e:1b:8d:08:a6:0a:07:dd:f8:40:d1:31:ad:12:13:52:e8:2e:
         70:55:67:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBTuanarbV3cUwjFy+pPQR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjI2MDg0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWIwMzE0NTg3ZWQxZmMzYzNmN2ZhZjA0ZWMwZjI2NjUyMGEyYzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknWOdm9HMpae+mWv2dGTmJWEX2Ht
c9ZJjnNvQz+NGSL+0kOAZtI7rw7dxeDq4NgHTt5VncHpJD5o0gsDob6g5M9qrLVO
IgbAMCy3vDNC9sT1Z8QJg8zqQpuo0uVPeu9qBQuUWXzR3iz20HnyAut9P5EDzcwB
kQLVwH0T/RhSWhO1QQYpYUS5ui7U0EPeiDta3HeEDZBccZjx9ssJklUlrSo6gyaK
gOKpDfEoBOkCOTq6sVhErab5Ffm1bGxkIfTBLQYVCZF1It3t038iwgd+gWGzUY9B
ZCHY5dpwf4GVhZFMP4o1mOcrEBHyc026BwyZ5tmNPCuXSfDGGzV+7hLy5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO6wMUWH7R/Dw/f68E7A8mZSCixjMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN3JBeFJZZnRIOFBEOV9yd1RzRHlabElLTEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJfwbAwQA
UagyMA0GCSqGSIb3DQEBCwUAA4IBAQABsk/jwYoszB7Zl+9NZMCRcMuGRVCz0nKp
hj1hJSlvxeC7fezLIup/jXqx5JNpTLmRg+1tbrTrFy47jk6Tjl8z/GfqscXCUz2G
/8QQAAQLFJY5GTQFtMzpKggJ0nzzM1d2C2nnZgRtEQlRtZQxKEhX1n7bkabBdNkl
1Svit5KRMfqW58b94SlzQ8DZ+3BiKDLbt5fcVt7c9SuNQCnOSv+tsa9TYNy96AMd
Kgxss7YRFAJJ2YeuvlJHAtr61MTTZxdzmmJm1c4d1oidA2N/riaKqWC2qCDaLLh3
7DTlr70NVfD1QfNmRIzFGj4eG40IpgoH3fhA0TGtEhNS6C5wVWe9
-----END CERTIFICATE-----