Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8hOnP6l-xiOgsDmUQK26U9fB7Go.roa
File:                     8hOnP6l-xiOgsDmUQK26U9fB7Go.roa (raw, json)
Hash identifier:          gOL3OE7HVEikD7j6WgtjTPVj9qfNnfSOk9JXiYTiTRI=
Subject key identifier:   F2:13:A7:3F:A9:7E:C6:23:A0:B0:39:94:40:AD:BA:53:D7:C1:EC:6A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019342CBC26A84BB46794DFB72F1D8B97345
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8hOnP6l-xiOgsDmUQK26U9fB7Go.roa
Signing time:             Tue 19 Nov 2024 05:01:09 +0000
ROA not before:           Tue 19 Nov 2024 05:01:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        37.202.194.0/24 maxlen: 24
                          37.202.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:42:cb:c2:6a:84:bb:46:79:4d:fb:72:f1:d8:b9:73:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov 19 05:01:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f213a73fa97ec623a0b0399440adba53d7c1ec6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ac:fe:89:41:ef:fd:47:0f:5c:62:8c:98:28:
                    91:1a:ba:ad:76:34:33:22:00:32:0f:90:d4:71:ad:
                    d9:d1:5c:f1:af:3a:df:b8:7e:ec:67:87:fe:de:d7:
                    aa:50:e2:81:e1:e5:48:ad:72:e6:4e:28:e8:bd:88:
                    d5:1a:78:ca:f0:9a:7b:f4:b6:fb:6e:0b:b4:f5:cf:
                    b7:fa:e9:67:94:09:05:01:25:0f:45:03:ce:84:cb:
                    c8:ba:c1:43:46:ee:98:7c:ad:05:49:be:b6:77:46:
                    da:0f:8c:dd:c1:a1:76:9a:f6:29:4e:5a:fd:5e:bb:
                    ee:c0:e8:31:b6:36:9c:ed:1f:59:86:c6:95:de:9b:
                    36:58:3f:23:63:d1:77:bd:ea:c7:9c:b5:92:b3:c1:
                    0f:36:1c:63:9f:b0:af:94:28:87:af:a4:93:70:49:
                    3a:d6:0f:60:e7:33:f5:22:98:ea:94:2e:a5:21:aa:
                    38:d5:dc:c4:c7:f8:31:f7:59:f7:74:4f:55:e0:12:
                    9e:17:1f:a5:b2:51:e3:0d:8d:19:2d:a6:ba:d9:49:
                    d4:39:c0:d7:c6:a6:12:37:0d:31:75:3f:81:f6:0c:
                    c2:c4:7c:8d:fb:a9:50:4a:65:d7:5e:cf:ca:b7:b7:
                    df:a7:ae:0f:90:3a:36:5f:cf:8c:c6:5e:22:33:48:
                    3c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:13:A7:3F:A9:7E:C6:23:A0:B0:39:94:40:AD:BA:53:D7:C1:EC:6A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8hOnP6l-xiOgsDmUQK26U9fB7Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.194.0/24
                  37.202.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:cb:6e:00:1c:ce:36:2d:61:5c:d6:89:7a:e1:47:b5:8a:54:
         8e:85:2e:00:6d:bb:ba:28:15:d1:2e:c4:7f:31:95:ec:30:b2:
         26:bd:47:dc:7c:6b:e0:5d:d3:a8:e5:26:3a:58:8b:01:d3:51:
         6d:c3:ad:ba:3b:30:4e:6f:3f:d0:f5:88:83:ad:5f:f6:2e:7a:
         f5:61:86:91:08:d6:22:0e:a8:3c:74:62:21:6e:e6:fa:dc:1c:
         d5:08:0f:87:0d:08:5d:4b:3f:94:4d:ae:5a:e2:8f:a3:03:0b:
         a5:0f:88:89:1b:75:e6:5c:cf:0f:c9:f9:6d:67:a4:1b:d5:bb:
         c9:48:9a:e8:84:2b:b4:d2:0b:06:ff:b6:a9:01:8a:e3:20:34:
         d4:46:65:e4:02:ed:e3:32:ae:8f:7b:62:8f:f8:ba:e9:04:2f:
         3e:c9:d3:5f:ae:f5:48:ce:63:d3:0b:9b:13:91:79:2e:65:1d:
         7d:8f:0a:5d:98:ce:be:e0:42:09:16:8b:a6:b1:c2:be:d9:9d:
         12:26:12:fd:e5:83:31:cc:2e:23:a8:f4:47:09:1f:8b:3d:29:
         64:90:3b:b1:05:2b:eb:0a:b0:59:1a:12:d1:30:96:9b:c4:66:
         8b:34:78:72:40:cf:e8:c5:a8:dd:61:05:0b:36:f1:7f:19:27:
         fa:01:40:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNCy8JqhLtGeU37cvHYuXNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjQxMTE5MDUwMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjEzYTczZmE5N2VjNjIzYTBiMDM5OTQ0MGFkYmE1M2Q3YzFlYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6z+iUHv/UcPXGKMmCiRGrqtdjQz
IgAyD5DUca3Z0VzxrzrfuH7sZ4f+3teqUOKB4eVIrXLmTijovYjVGnjK8Jp79Lb7
bgu09c+3+ulnlAkFASUPRQPOhMvIusFDRu6YfK0FSb62d0baD4zdwaF2mvYpTlr9
XrvuwOgxtjac7R9ZhsaV3ps2WD8jY9F3verHnLWSs8EPNhxjn7CvlCiHr6STcEk6
1g9g5zP1IpjqlC6lIao41dzEx/gx91n3dE9V4BKeFx+lslHjDY0ZLaa62UnUOcDX
xqYSNw0xdT+B9gzCxHyN+6lQSmXXXs/Kt7ffp64PkDo2X8+Mxl4iM0g82QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPITpz+pfsYjoLA5lECtulPXwexqMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOGhPblA2bC14aU9nc0RtVVFLMjZVOWZCN0dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJcrCAwQA
JcrKMA0GCSqGSIb3DQEBCwUAA4IBAQA2y24AHM42LWFc1ol64Ue1ilSOhS4Abbu6
KBXRLsR/MZXsMLImvUfcfGvgXdOo5SY6WIsB01Ftw626OzBObz/Q9YiDrV/2Lnr1
YYaRCNYiDqg8dGIhbub63BzVCA+HDQhdSz+UTa5a4o+jAwulD4iJG3XmXM8Pyflt
Z6Qb1bvJSJrohCu00gsG/7apAYrjIDTURmXkAu3jMq6Pe2KP+LrpBC8+ydNfrvVI
zmPTC5sTkXkuZR19jwpdmM6+4EIJFoumscK+2Z0SJhL95YMxzC4jqPRHCR+LPSlk
kDuxBSvrCrBZGhLRMJabxGaLNHhyQM/oxajdYQULNvF/GSf6AUAn
-----END CERTIFICATE-----