Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/HiW_pg5Vjx5YVPRzdcrsIseEg6U.roa
File:                     HiW_pg5Vjx5YVPRzdcrsIseEg6U.roa (raw, json)
Hash identifier:          tdeBVY3OXoRcuQOJezS0k4iNwtNKPjny6jzLVYerWrY=
Subject key identifier:   1E:25:BF:A6:0E:55:8F:1E:58:54:F4:73:75:CA:EC:22:C7:84:83:A5
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       0191DFF4CFD258132E86BF3462C94B5257B6
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/HiW_pg5Vjx5YVPRzdcrsIseEg6U.roa
Signing time:             Wed 11 Sep 2024 07:20:48 +0000
ROA not before:           Wed 11 Sep 2024 07:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        62.3.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:df:f4:cf:d2:58:13:2e:86:bf:34:62:c9:4b:52:57:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Sep 11 07:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e25bfa60e558f1e5854f47375caec22c78483a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:34:d2:c5:5b:cf:d2:b0:9e:5b:43:77:78:2d:
                    09:1f:de:b7:e5:4d:23:4e:a9:c8:9c:0a:d6:f5:23:
                    0c:7b:96:ba:ad:ee:81:bf:9e:fb:a9:b2:9b:a3:d8:
                    a7:39:b6:01:76:05:67:77:2a:57:ad:66:bb:16:df:
                    15:b9:65:ff:5d:af:e9:df:8d:86:18:fd:9a:b1:2d:
                    dd:42:87:3a:3d:48:f6:bb:d2:c3:db:23:0f:06:ef:
                    e3:9b:15:0c:30:e2:67:ad:94:de:9f:67:d9:41:dd:
                    f3:ef:41:7b:c3:56:5a:ac:ad:cf:f4:f6:a9:e9:24:
                    7c:04:8b:df:d4:55:e1:a8:ec:b0:51:47:53:72:6f:
                    31:b0:6c:4b:8b:7b:7d:2a:0c:2d:95:7a:fb:58:8d:
                    93:26:dd:67:f1:46:53:cd:e0:5c:37:8c:b1:f6:34:
                    fb:1d:94:a1:dc:58:a6:53:20:fe:14:e2:6a:c6:48:
                    ca:d3:48:41:bb:63:29:95:f5:87:23:cb:88:1d:fd:
                    e7:eb:90:91:71:0b:0f:2f:99:7c:1f:62:cb:2e:90:
                    e7:94:43:d6:58:eb:6e:87:65:e1:08:17:bb:8e:44:
                    43:8d:02:e6:93:6c:b5:df:5f:05:31:86:c7:4e:01:
                    63:0f:13:59:f9:b4:d8:2e:92:c5:87:51:8f:1a:a2:
                    72:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:25:BF:A6:0E:55:8F:1E:58:54:F4:73:75:CA:EC:22:C7:84:83:A5
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/HiW_pg5Vjx5YVPRzdcrsIseEg6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:76:1b:a5:e3:90:53:ab:e6:bf:af:96:df:64:c8:5e:22:94:
         65:cd:0e:9e:1f:23:85:c3:9c:3c:dc:8d:c2:72:cf:63:47:f0:
         af:ff:f0:5a:76:0d:5c:2a:60:28:69:b0:8e:9a:3b:04:5e:3e:
         a4:10:ff:d7:75:07:ba:6f:f0:7e:27:67:1e:db:b9:7b:93:db:
         94:63:6a:b3:20:bd:a7:1e:fe:5b:08:a9:4b:dd:5a:b9:f6:9b:
         45:22:75:06:56:bd:12:fd:89:97:8c:21:8e:23:f7:5a:64:97:
         a0:33:91:e0:bd:96:fe:d9:c1:ea:46:b8:46:04:82:99:11:e6:
         7a:11:89:51:85:61:66:66:37:da:6f:ad:f2:10:46:8f:f7:5c:
         dc:26:05:ad:b0:01:4b:b5:9b:64:9e:63:48:17:95:6a:2b:94:
         f3:b5:5e:fb:94:b3:20:d0:e4:46:48:36:da:4a:96:c5:74:4b:
         8e:0d:bb:27:cb:45:95:4c:64:f8:52:6d:a2:47:6e:6d:73:e0:
         0a:7a:94:78:1e:60:dc:10:59:9d:28:40:45:47:42:d3:be:74:
         ae:42:81:a7:2f:a1:6d:e6:e1:43:24:dd:7c:06:79:27:74:4c:
         7e:ed:64:d0:a5:5c:77:a1:6f:5a:db:5b:ee:eb:3a:17:f5:34:
         c3:d5:fd:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHf9M/SWBMuhr80YslLUle2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwOTExMDcyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTI1YmZhNjBlNTU4ZjFlNTg1NGY0NzM3NWNhZWMyMmM3ODQ4M2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTTSxVvP0rCeW0N3eC0JH9635U0j
TqnInArW9SMMe5a6re6Bv577qbKbo9inObYBdgVndypXrWa7Ft8VuWX/Xa/p342G
GP2asS3dQoc6PUj2u9LD2yMPBu/jmxUMMOJnrZTen2fZQd3z70F7w1ZarK3P9Pap
6SR8BIvf1FXhqOywUUdTcm8xsGxLi3t9KgwtlXr7WI2TJt1n8UZTzeBcN4yx9jT7
HZSh3FimUyD+FOJqxkjK00hBu2MplfWHI8uIHf3n65CRcQsPL5l8H2LLLpDnlEPW
WOtuh2XhCBe7jkRDjQLmk2y1318FMYbHTgFjDxNZ+bTYLpLFh1GPGqJyOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4lv6YOVY8eWFT0c3XK7CLHhIOlMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvSGlXX3BnNVZqeDVZVlBSemRjcnNJc2VFZzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMcMA0G
CSqGSIb3DQEBCwUAA4IBAQB+dhul45BTq+a/r5bfZMheIpRlzQ6eHyOFw5w83I3C
cs9jR/Cv//Badg1cKmAoabCOmjsEXj6kEP/XdQe6b/B+J2ce27l7k9uUY2qzIL2n
Hv5bCKlL3Vq59ptFInUGVr0S/YmXjCGOI/daZJegM5HgvZb+2cHqRrhGBIKZEeZ6
EYlRhWFmZjfab63yEEaP91zcJgWtsAFLtZtknmNIF5VqK5TztV77lLMg0ORGSDba
SpbFdEuODbsny0WVTGT4Um2iR25tc+AKepR4HmDcEFmdKEBFR0LTvnSuQoGnL6Ft
5uFDJN18BnkndEx+7WTQpVx3oW9a21vu6zoX9TTD1f2e
-----END CERTIFICATE-----