Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/hug8E-GbrDH-NNJamzlkUtl_fOo.roa
File:                     hug8E-GbrDH-NNJamzlkUtl_fOo.roa (raw, json)
Hash identifier:          1iSvprfEIFea8OXFaTaCfQ8mGeEyDOCQGi8wsTrbf68=
Subject key identifier:   86:E8:3C:13:E1:9B:AC:31:FE:34:D2:5A:9B:39:64:52:D9:7F:7C:EA
Certificate issuer:       /CN=6af9c540b146bb44c8219d01375c10124920ae9f
Certificate serial:       018CC8DE424882D5BB0E96E893A2AC9C3D48
Authority key identifier: 6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/hug8E-GbrDH-NNJamzlkUtl_fOo.roa
Signing time:             Tue 02 Jan 2024 06:30:58 +0000
ROA not before:           Tue 02 Jan 2024 06:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        193.37.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:42:48:82:d5:bb:0e:96:e8:93:a2:ac:9c:3d:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6af9c540b146bb44c8219d01375c10124920ae9f
        Validity
            Not Before: Jan  2 06:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86e83c13e19bac31fe34d25a9b396452d97f7cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fa:e9:b9:31:b2:f8:87:ef:1e:c0:be:93:55:
                    da:7f:fc:96:8b:1f:7c:9d:0a:6a:3b:dc:0c:f2:71:
                    d8:c0:ae:83:9d:ee:5c:1a:9e:c5:5e:ce:a2:1b:6c:
                    63:01:25:af:db:2b:d8:fb:65:bb:eb:64:59:1d:22:
                    f5:59:6c:a9:84:c8:10:44:35:b6:79:48:0b:21:25:
                    cf:c0:2a:1a:fe:ce:c6:5e:e0:8d:89:17:b8:27:6d:
                    2f:f6:f7:25:5e:9a:b6:a4:8b:47:12:51:36:4d:1f:
                    47:f1:53:ad:2e:db:76:e4:d8:d0:59:90:98:6f:d9:
                    95:6c:f2:2d:f7:f6:d8:f2:4c:25:1e:10:f6:1c:7e:
                    50:33:a1:d8:6d:7a:c6:8f:5e:63:f0:30:84:a6:e1:
                    cb:37:e4:13:f8:99:6e:76:1b:db:0f:ca:20:a4:ec:
                    19:a5:9a:d5:92:56:4c:cb:f1:6c:79:56:aa:c5:ca:
                    9a:58:3f:74:cf:f6:21:9f:38:51:e8:13:bb:87:8a:
                    df:92:28:17:c2:44:61:13:5c:1e:94:48:0b:bf:ee:
                    aa:12:68:90:91:ee:0b:0e:2a:fd:a5:12:8c:db:35:
                    70:05:30:ca:cf:4d:c6:d6:63:fb:0c:ab:37:d7:1c:
                    75:b8:71:d0:ff:b4:e6:e5:25:bb:fa:5a:bb:d5:26:
                    7f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E8:3C:13:E1:9B:AC:31:FE:34:D2:5A:9B:39:64:52:D9:7F:7C:EA
            X509v3 Authority Key Identifier:
                keyid:6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/hug8E-GbrDH-NNJamzlkUtl_fOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:cf:55:4d:ba:a0:f6:90:82:0b:2c:a5:07:6e:99:77:8e:b5:
         da:ee:12:44:77:f2:57:38:dd:20:a2:c0:55:30:3d:6f:0a:96:
         a9:e7:3c:0e:6d:3a:0a:2d:f6:fb:03:e2:4e:41:4a:d4:0d:be:
         59:01:f5:f5:83:9f:f1:fb:ee:68:ad:45:6f:56:7d:d3:5f:6b:
         26:3a:eb:ff:6f:5e:5d:f7:02:38:05:e2:2e:b7:53:73:34:9a:
         63:44:8a:c1:0c:bc:4c:e0:25:46:7e:c1:51:f4:0f:e0:2d:6c:
         38:8f:8b:2a:7d:39:f3:a7:f7:aa:9e:ee:fe:a0:bf:14:f3:7a:
         97:28:7f:54:b0:2d:32:4f:2a:16:b8:d9:da:c5:91:4c:47:6a:
         19:db:e5:cd:c1:a2:ff:53:3d:8f:49:8e:55:c8:ea:e9:df:73:
         71:7a:ff:cb:fb:fd:72:42:69:d4:7e:74:21:d8:84:12:dd:c0:
         e9:66:df:bf:92:19:dc:ce:91:99:3b:db:b6:2b:b7:f0:5c:73:
         e8:2a:95:04:7a:65:23:3c:8e:2f:ef:7f:55:2d:2f:47:e2:e6:
         ec:ec:8f:ba:5f:e5:53:08:07:c4:3f:66:12:81:93:2f:b8:f8:
         bb:1c:f9:aa:30:9b:4c:94:a5:9a:44:cd:f6:f3:e4:92:56:bb:
         b0:58:f5:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3kJIgtW7Dpbok6KsnD1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZjljNTQwYjE0NmJiNDRjODIxOWQwMTM3NWMxMDEyNDky
MGFlOWYwHhcNMjQwMTAyMDYzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmU4M2MxM2UxOWJhYzMxZmUzNGQyNWE5YjM5NjQ1MmQ5N2Y3Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/rpuTGy+IfvHsC+k1Xaf/yWix98
nQpqO9wM8nHYwK6Dne5cGp7FXs6iG2xjASWv2yvY+2W762RZHSL1WWyphMgQRDW2
eUgLISXPwCoa/s7GXuCNiRe4J20v9vclXpq2pItHElE2TR9H8VOtLtt25NjQWZCY
b9mVbPIt9/bY8kwlHhD2HH5QM6HYbXrGj15j8DCEpuHLN+QT+JludhvbD8ogpOwZ
pZrVklZMy/FseVaqxcqaWD90z/YhnzhR6BO7h4rfkigXwkRhE1welEgLv+6qEmiQ
ke4LDir9pRKM2zVwBTDKz03G1mP7DKs31xx1uHHQ/7Tm5SW7+lq71SZ/eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIboPBPhm6wx/jTSWps5ZFLZf3zqMB8GA1UdIwQY
MBaAFGr5xUCxRrtEyCGdATdcEBJJIK6fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODct
NDIxYTk5YmRkNzhmLzEvaHVnOEUtR2JyREgtTk5KYW16bGtVdGxfZk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODctNDIxYTk5YmRkNzhm
LzEvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSX6MA0G
CSqGSIb3DQEBCwUAA4IBAQA3z1VNuqD2kIILLKUHbpl3jrXa7hJEd/JXON0gosBV
MD1vCpap5zwObToKLfb7A+JOQUrUDb5ZAfX1g5/x++5orUVvVn3TX2smOuv/b15d
9wI4BeIut1NzNJpjRIrBDLxM4CVGfsFR9A/gLWw4j4sqfTnzp/eqnu7+oL8U83qX
KH9UsC0yTyoWuNnaxZFMR2oZ2+XNwaL/Uz2PSY5VyOrp33Nxev/L+/1yQmnUfnQh
2IQS3cDpZt+/khnczpGZO9u2K7fwXHPoKpUEemUjPI4v739VLS9H4ubs7I+6X+VT
CAfEP2YSgZMvuPi7HPmqMJtMlKWaRM328+SSVruwWPVX
-----END CERTIFICATE-----