Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f26f62-ffa2-4170-be4f-983d4da13447/1/H-VwsQe9_LITnYFHb4bMvhWPO5M.roa
File:                     H-VwsQe9_LITnYFHb4bMvhWPO5M.roa (raw, json)
Hash identifier:          5TEdHcuoet6Wh7j/PoMrQaH76LlChl2l0xr8tUkP3BQ=
Subject key identifier:   1F:E5:70:B1:07:BD:FC:B2:13:9D:81:47:6F:86:CC:BE:15:8F:3B:93
Certificate issuer:       /CN=b61bc97b98276eb3babd9e7aa67e2705ae11e658
Certificate serial:       0190B72810994FE3F6E1AA879E8722675A14
Authority key identifier: B6:1B:C9:7B:98:27:6E:B3:BA:BD:9E:7A:A6:7E:27:05:AE:11:E6:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/thvJe5gnbrO6vZ56pn4nBa4R5lg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f26f62-ffa2-4170-be4f-983d4da13447/1/H-VwsQe9_LITnYFHb4bMvhWPO5M.roa
Signing time:             Mon 15 Jul 2024 16:09:34 +0000
ROA not before:           Mon 15 Jul 2024 16:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207630
IP address blocks:        37.32.103.0/24 maxlen: 24
                          194.76.156.0/22 maxlen: 24
                          2a04:55c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f26f62-ffa2-4170-be4f-983d4da13447/1/thvJe5gnbrO6vZ56pn4nBa4R5lg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f26f62-ffa2-4170-be4f-983d4da13447/1/thvJe5gnbrO6vZ56pn4nBa4R5lg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/thvJe5gnbrO6vZ56pn4nBa4R5lg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b7:28:10:99:4f:e3:f6:e1:aa:87:9e:87:22:67:5a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b61bc97b98276eb3babd9e7aa67e2705ae11e658
        Validity
            Not Before: Jul 15 16:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fe570b107bdfcb2139d81476f86ccbe158f3b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1d:16:9e:57:4f:d7:09:98:d2:4b:2a:64:47:
                    f4:5e:22:42:50:81:35:90:69:90:a0:e3:2b:73:c7:
                    bf:cf:9e:3e:b1:fb:c6:a7:8b:8e:37:26:23:d9:f7:
                    e3:20:ac:5d:e8:dd:5c:6f:13:4d:c6:fc:d3:79:14:
                    0a:ea:8c:46:4a:70:2f:8f:0c:98:5a:a2:9a:54:05:
                    77:cb:aa:3b:b9:0e:bc:3b:5b:3f:c9:91:0e:97:24:
                    86:6a:4f:64:11:00:06:f2:d8:62:8b:b3:b1:25:50:
                    f2:fe:df:98:e0:1d:3b:31:fc:24:ba:7e:bc:af:00:
                    7f:99:3c:93:f5:c6:a8:f4:e2:ff:b4:0b:a6:ea:73:
                    60:1e:0d:68:bc:bd:6f:77:09:03:69:00:8d:71:ea:
                    66:2f:bf:3d:99:37:04:03:c6:ce:d4:f0:ab:4c:2f:
                    e8:84:c5:4a:c3:20:44:f7:6e:67:4c:7b:78:73:85:
                    7d:da:70:22:5e:4c:0d:01:11:b7:4d:dc:7e:28:e5:
                    57:ef:b3:a1:e4:9f:5c:fd:fe:3a:38:f7:45:9c:33:
                    50:20:04:41:22:e2:f9:87:df:3b:f1:53:54:f1:83:
                    47:3f:7e:d7:94:3b:4a:18:8b:de:24:06:cd:7c:7d:
                    58:c4:bb:14:ce:8e:16:1e:2d:9a:a9:07:e2:a0:06:
                    ca:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E5:70:B1:07:BD:FC:B2:13:9D:81:47:6F:86:CC:BE:15:8F:3B:93
            X509v3 Authority Key Identifier:
                keyid:B6:1B:C9:7B:98:27:6E:B3:BA:BD:9E:7A:A6:7E:27:05:AE:11:E6:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/thvJe5gnbrO6vZ56pn4nBa4R5lg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f26f62-ffa2-4170-be4f-983d4da13447/1/H-VwsQe9_LITnYFHb4bMvhWPO5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f26f62-ffa2-4170-be4f-983d4da13447/1/thvJe5gnbrO6vZ56pn4nBa4R5lg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.103.0/24
                  194.76.156.0/22
                IPv6:
                  2a04:55c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:64:fc:d2:90:9f:0e:3a:49:1b:ee:b7:9f:60:1c:1c:d0:c0:
         73:26:7c:f7:68:a3:45:c5:9c:34:a2:7e:b5:83:68:03:81:a2:
         b8:e7:36:85:f2:72:0c:70:ad:02:b4:df:9f:db:ce:58:af:1d:
         66:03:67:44:c7:53:6c:aa:fb:d9:e9:f2:50:21:38:68:4c:fe:
         de:5f:60:c1:4f:a7:6b:5b:46:f1:e2:b2:12:d5:8a:28:58:75:
         f5:f8:05:d1:bc:2c:1a:69:42:e2:56:52:4a:8f:fe:ad:5f:ca:
         c9:7c:4c:51:51:54:9e:ea:34:8b:ce:73:90:d8:5e:d5:75:3d:
         50:d4:18:03:a4:7b:d8:92:0b:9b:89:25:6c:a3:63:ec:2f:41:
         0e:e3:8c:a0:e6:1c:ff:68:17:8f:f4:6d:7a:f2:c8:76:39:6c:
         df:48:01:04:df:aa:63:42:80:6f:48:5c:79:08:43:d4:8b:3d:
         98:78:e0:1f:aa:07:3f:6c:c7:bb:6b:58:f5:2b:54:81:5b:09:
         e9:f1:32:fe:14:7e:0d:ac:ae:1e:d6:e2:5f:93:f6:fa:4f:ca:
         98:6b:59:1c:bc:95:ef:77:36:be:7e:bb:ac:bb:77:e5:54:a1:
         48:75:2a:0a:7d:53:15:58:43:f9:45:58:b0:2e:6f:78:ce:01:
         cc:d4:68:74
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZC3KBCZT+P24aqHnociZ1oUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MWJjOTdiOTgyNzZlYjNiYWJkOWU3YWE2N2UyNzA1YWUx
MWU2NTgwHhcNMjQwNzE1MTYwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU1NzBiMTA3YmRmY2IyMTM5ZDgxNDc2Zjg2Y2NiZTE1OGYzYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnB0WnldP1wmY0ksqZEf0XiJCUIE1
kGmQoOMrc8e/z54+sfvGp4uONyYj2ffjIKxd6N1cbxNNxvzTeRQK6oxGSnAvjwyY
WqKaVAV3y6o7uQ68O1s/yZEOlySGak9kEQAG8thii7OxJVDy/t+Y4B07Mfwkun68
rwB/mTyT9cao9OL/tAum6nNgHg1ovL1vdwkDaQCNcepmL789mTcEA8bO1PCrTC/o
hMVKwyBE925nTHt4c4V92nAiXkwNARG3Tdx+KOVX77Oh5J9c/f46OPdFnDNQIARB
IuL5h9878VNU8YNHP37XlDtKGIveJAbNfH1YxLsUzo4WHi2aqQfioAbKoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB/lcLEHvfyyE52BR2+GzL4VjzuTMB8GA1UdIwQY
MBaAFLYbyXuYJ26zur2eeqZ+JwWuEeZYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGh2SmU1Z25ick82dlo1NnBuNG5CYTRSNWxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mMjZmNjItZmZhMi00MTcwLWJlNGYt
OTgzZDRkYTEzNDQ3LzEvSC1Wd3NRZTlfTElUbllGSGI0Yk12aFdQTzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mMjZmNjItZmZhMi00MTcwLWJlNGYtOTgzZDRkYTEzNDQ3
LzEvdGh2SmU1Z25ick82dlo1NnBuNG5CYTRSNWxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJSBnAwQC
wkycMA0EAgACMAcDBQMqBFXAMA0GCSqGSIb3DQEBCwUAA4IBAQAGZPzSkJ8OOkkb
7refYBwc0MBzJnz3aKNFxZw0on61g2gDgaK45zaF8nIMcK0CtN+f285Yrx1mA2dE
x1NsqvvZ6fJQIThoTP7eX2DBT6drW0bx4rIS1YooWHX1+AXRvCwaaULiVlJKj/6t
X8rJfExRUVSe6jSLznOQ2F7VdT1Q1BgDpHvYkgubiSVso2PsL0EO44yg5hz/aBeP
9G168sh2OWzfSAEE36pjQoBvSFx5CEPUiz2YeOAfqgc/bMe7a1j1K1SBWwnp8TL+
FH4NrK4e1uJfk/b6T8qYa1kcvJXvdza+frusu3flVKFIdSoKfVMVWEP5RViwLm94
zgHM1Gh0
-----END CERTIFICATE-----