Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XEUqePXW54pg6klharHDE3asqlA.roa
File:                     XEUqePXW54pg6klharHDE3asqlA.roa (raw, json)
Hash identifier:          YC1S+8sOXm3OCbVpeN0o/5/XG5VxFU6uuTvGkqgqN5I=
Subject key identifier:   5C:45:2A:78:F5:D6:E7:8A:60:EA:49:61:6A:B1:C3:13:76:AC:AA:50
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01927AE74E2F83459202EFEF7BB2C6230BBB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XEUqePXW54pg6klharHDE3asqlA.roa
Signing time:             Fri 11 Oct 2024 09:27:11 +0000
ROA not before:           Fri 11 Oct 2024 09:27:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200088
IP address blocks:        37.202.211.0/24 maxlen: 24
                          37.202.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:e7:4e:2f:83:45:92:02:ef:ef:7b:b2:c6:23:0b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 11 09:27:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c452a78f5d6e78a60ea49616ab1c31376acaa50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d5:2d:6d:9e:3f:75:89:a9:6d:56:69:a9:31:
                    a9:04:42:80:06:db:71:de:57:ae:f8:52:dd:8d:9b:
                    35:62:62:36:2d:93:68:68:64:e7:81:9a:79:d5:32:
                    ad:10:e8:5f:5d:96:96:9c:ec:a0:a1:11:86:63:fc:
                    c7:91:79:cd:e5:67:46:b1:21:c5:d9:12:87:e5:08:
                    19:14:5e:05:a8:62:f8:61:fa:f2:07:16:5b:af:6e:
                    b7:3c:6b:60:cd:7d:87:2e:9f:7f:28:ad:aa:33:c0:
                    c1:3f:14:0a:70:58:f5:0b:2d:e7:6f:10:47:76:16:
                    1c:45:dd:bd:a3:04:cf:a0:e1:f5:8a:ec:e3:88:84:
                    71:de:56:04:9d:18:e4:ac:24:d4:4b:c5:3c:2e:7a:
                    77:75:27:15:51:17:d4:02:49:5d:39:8c:ca:22:8f:
                    17:7e:d6:92:72:65:9c:ae:bf:98:5b:a5:42:db:aa:
                    9c:dc:00:82:43:a3:6f:aa:f4:05:98:a9:99:d2:dd:
                    4b:b8:47:86:db:28:99:46:fc:55:fa:17:68:54:e7:
                    45:2b:85:a5:07:37:59:eb:3d:84:86:ce:9f:47:f1:
                    e7:c5:70:6d:45:9e:c8:64:ce:23:17:b5:f6:ca:a0:
                    63:c2:af:5b:c4:b5:a8:9d:e2:5d:3d:23:b2:ef:8d:
                    36:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:45:2A:78:F5:D6:E7:8A:60:EA:49:61:6A:B1:C3:13:76:AC:AA:50
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XEUqePXW54pg6klharHDE3asqlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.211.0/24
                  37.202.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:b6:82:ba:43:d1:4c:11:eb:3d:57:0f:c4:de:3f:12:0e:9d:
         fe:9d:28:44:58:92:4f:6f:b8:9f:08:9a:28:3f:b0:c3:2a:9b:
         6b:6f:1a:95:cc:d0:b9:52:6d:ea:3b:41:fd:43:96:53:98:fc:
         82:de:e1:55:8e:90:fa:bf:2f:1c:9f:3a:23:4b:fd:47:ee:75:
         e8:f0:c4:ce:e1:f8:6c:a4:2f:34:0a:9d:c2:e6:fe:d1:73:fb:
         f2:52:f3:12:ae:dc:15:60:46:76:e6:1b:15:d9:59:1a:50:33:
         b9:c8:3a:a1:c0:b9:f0:e7:17:7e:86:c7:31:db:02:cb:bf:5f:
         b6:d0:e0:1f:1c:ef:97:d6:fc:90:10:f2:20:b5:84:30:34:6e:
         f6:60:1e:0f:a0:5f:fd:75:b8:51:6b:b4:16:c5:f4:78:4e:f1:
         3e:b0:53:48:76:06:75:d5:1f:a9:30:33:0e:83:00:3b:63:8a:
         25:2c:95:99:4b:eb:53:cf:f8:62:e4:94:43:88:a0:e2:cc:7b:
         f7:d3:b5:f0:27:82:56:a9:3f:a4:90:d6:33:a9:d7:f4:28:a5:
         a8:90:34:32:6c:54:a7:06:1a:10:43:b1:d7:98:53:b9:1d:f1:
         91:5c:f6:f3:58:ec:53:2b:7f:7c:b1:30:fb:ab:3d:b7:5b:7c:
         f2:0f:4f:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJ6504vg0WSAu/ve7LGIwu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjQxMDExMDkyNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQ1MmE3OGY1ZDZlNzhhNjBlYTQ5NjE2YWIxYzMxMzc2YWNhYTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdUtbZ4/dYmpbVZpqTGpBEKABttx
3leu+FLdjZs1YmI2LZNoaGTngZp51TKtEOhfXZaWnOygoRGGY/zHkXnN5WdGsSHF
2RKH5QgZFF4FqGL4YfryBxZbr263PGtgzX2HLp9/KK2qM8DBPxQKcFj1Cy3nbxBH
dhYcRd29owTPoOH1iuzjiIRx3lYEnRjkrCTUS8U8Lnp3dScVURfUAkldOYzKIo8X
ftaScmWcrr+YW6VC26qc3ACCQ6NvqvQFmKmZ0t1LuEeG2yiZRvxV+hdoVOdFK4Wl
BzdZ6z2Ehs6fR/HnxXBtRZ7IZM4jF7X2yqBjwq9bxLWoneJdPSOy74028QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFxFKnj11ueKYOpJYWqxwxN2rKpQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWEVVcWVQWFc1NHBnNmtsaGFySERFM2FzcWxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJcrTAwQA
JcrYMA0GCSqGSIb3DQEBCwUAA4IBAQCXtoK6Q9FMEes9Vw/E3j8SDp3+nShEWJJP
b7ifCJooP7DDKptrbxqVzNC5Um3qO0H9Q5ZTmPyC3uFVjpD6vy8cnzojS/1H7nXo
8MTO4fhspC80Cp3C5v7Rc/vyUvMSrtwVYEZ25hsV2VkaUDO5yDqhwLnw5xd+hscx
2wLLv1+20OAfHO+X1vyQEPIgtYQwNG72YB4PoF/9dbhRa7QWxfR4TvE+sFNIdgZ1
1R+pMDMOgwA7Y4olLJWZS+tTz/hi5JRDiKDizHv307XwJ4JWqT+kkNYzqdf0KKWo
kDQybFSnBhoQQ7HXmFO5HfGRXPbzWOxTK398sTD7qz23W3zyD09/
-----END CERTIFICATE-----