Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/H5dLlVVJetsau8mEO44rNBQ18zk.roa
File:                     H5dLlVVJetsau8mEO44rNBQ18zk.roa (raw, json)
Hash identifier:          ly0PLCIWtEiC7IjQEV6j3s/+5dUu2Rkyb8iutXxcQoY=
Subject key identifier:   1F:97:4B:95:55:49:7A:DB:1A:BB:C9:84:3B:8E:2B:34:14:35:F3:39
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E85635C1FF6E45A6E2594ED506E52D541
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/H5dLlVVJetsau8mEO44rNBQ18zk.roa
Signing time:             Thu 28 Mar 2024 14:07:45 +0000
ROA not before:           Thu 28 Mar 2024 14:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        37.252.28.0/24 maxlen: 24
                          89.213.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:63:5c:1f:f6:e4:5a:6e:25:94:ed:50:6e:52:d5:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 28 14:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f974b9555497adb1abbc9843b8e2b341435f339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:25:3d:ca:16:22:81:04:1b:ae:49:01:1c:28:
                    85:5a:6d:ab:4c:40:31:50:05:30:13:d3:b4:33:7b:
                    2b:87:1e:7f:18:9b:19:71:65:88:26:13:33:c9:34:
                    ab:be:a3:38:f9:f5:e6:ff:5a:76:80:eb:ec:18:0e:
                    72:33:97:a0:f4:12:cd:d8:fa:d2:f1:5d:21:e2:bd:
                    ae:20:25:ba:56:cb:7f:2d:c5:5c:23:12:16:44:48:
                    f6:73:bd:0a:46:65:5d:ee:3c:36:18:0d:4e:98:d2:
                    68:75:f1:01:f4:59:d7:55:17:db:e8:8a:f2:0d:fe:
                    a8:5a:f4:b0:51:06:e5:89:2b:5b:39:e0:a2:fb:81:
                    61:f3:b6:18:5a:2d:39:e2:04:71:42:e1:e5:7d:65:
                    73:6f:a5:0c:61:11:c3:72:9f:91:7f:ae:cc:d7:86:
                    b1:c6:f7:d0:83:30:a6:20:9e:c7:a4:3d:86:c1:b5:
                    ea:1b:6e:81:90:86:cd:90:e9:58:ef:dd:53:b7:48:
                    d1:ce:0a:69:25:da:0a:a6:f7:ab:23:55:3a:5f:e3:
                    a0:45:2e:a4:bf:e1:ea:84:c7:3c:45:8b:94:2d:30:
                    c0:4a:e8:a0:49:ee:a2:8e:04:76:ac:29:d7:d7:c7:
                    4d:5c:42:e6:c5:e1:ff:8a:6d:8c:4f:02:57:61:bb:
                    f0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:97:4B:95:55:49:7A:DB:1A:BB:C9:84:3B:8E:2B:34:14:35:F3:39
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/H5dLlVVJetsau8mEO44rNBQ18zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.28.0/24
                  89.213.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:5d:24:ec:76:4d:86:1e:24:4a:28:b4:0e:c9:fe:01:77:4e:
         3a:49:cd:5e:e9:dd:ee:12:dd:32:2d:a2:08:4f:f7:bd:b5:ba:
         b4:d7:0c:59:fd:bf:d8:c1:84:25:ac:b5:42:40:79:1e:c2:86:
         e6:ee:31:1a:3e:ef:00:b8:3c:e5:82:a1:91:44:7f:68:ff:07:
         dc:f6:32:35:ff:00:d1:c1:70:fb:03:06:68:c3:2f:f8:b3:f7:
         fd:c9:c8:a5:bc:dd:2c:ba:af:20:67:34:57:11:79:f6:af:0e:
         07:7a:d0:7d:04:5e:75:44:41:ad:08:7a:0c:78:f7:50:ec:a4:
         4f:91:86:1b:77:44:cc:36:00:43:e0:d6:9e:99:71:fe:94:73:
         9b:7c:0b:ba:f4:22:95:8e:02:be:74:97:29:1e:7c:dd:ba:4f:
         93:db:02:44:d2:21:b2:5f:b0:d8:13:5b:68:1b:dc:e1:67:5d:
         65:e1:2e:2f:3f:83:66:3d:8c:a9:fa:1c:c0:c5:92:2b:29:6a:
         73:f3:99:55:2c:3f:8c:1a:09:cb:ee:9e:bf:b9:f7:1d:01:24:
         39:f9:09:9a:fe:a1:fe:a0:de:b3:4f:1c:cc:8a:58:0b:4a:2f:
         d9:93:8b:4a:3d:61:8e:d6:e5:38:22:76:48:8a:12:31:87:be:
         72:0a:27:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6FY1wf9uRabiWU7VBuUtVBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI4MTQwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjk3NGI5NTU1NDk3YWRiMWFiYmM5ODQzYjhlMmIzNDE0MzVmMzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyU9yhYigQQbrkkBHCiFWm2rTEAx
UAUwE9O0M3srhx5/GJsZcWWIJhMzyTSrvqM4+fXm/1p2gOvsGA5yM5eg9BLN2PrS
8V0h4r2uICW6Vst/LcVcIxIWREj2c70KRmVd7jw2GA1OmNJodfEB9FnXVRfb6Iry
Df6oWvSwUQbliStbOeCi+4Fh87YYWi054gRxQuHlfWVzb6UMYRHDcp+Rf67M14ax
xvfQgzCmIJ7HpD2GwbXqG26BkIbNkOlY791Tt0jRzgppJdoKpverI1U6X+OgRS6k
v+HqhMc8RYuULTDASuigSe6ijgR2rCnX18dNXELmxeH/im2MTwJXYbvwvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB+XS5VVSXrbGrvJhDuOKzQUNfM5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSDVkTGxWVkpldHNhdThtRU80NHJOQlExOHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJfwcAwQA
WdV1MA0GCSqGSIb3DQEBCwUAA4IBAQADXSTsdk2GHiRKKLQOyf4Bd046Sc1e6d3u
Et0yLaIIT/e9tbq01wxZ/b/YwYQlrLVCQHkewobm7jEaPu8AuDzlgqGRRH9o/wfc
9jI1/wDRwXD7AwZowy/4s/f9ycilvN0suq8gZzRXEXn2rw4HetB9BF51REGtCHoM
ePdQ7KRPkYYbd0TMNgBD4NaemXH+lHObfAu69CKVjgK+dJcpHnzduk+T2wJE0iGy
X7DYE1toG9zhZ11l4S4vP4NmPYyp+hzAxZIrKWpz85lVLD+MGgnL7p6/ufcdASQ5
+Qma/qH+oN6zTxzMilgLSi/Zk4tKPWGO1uU4InZIihIxh75yCif7
-----END CERTIFICATE-----