Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/IUWP9jNtWqP8xiP2q5umQuq_1VI.roa
File:                     IUWP9jNtWqP8xiP2q5umQuq_1VI.roa (raw, json)
Hash identifier:          gqSmnweKTC8gzARl6YfBb7A+HWaF3Ss+mXrwxAMqnQI=
Subject key identifier:   21:45:8F:F6:33:6D:5A:A3:FC:C6:23:F6:AB:9B:A6:42:EA:BF:D5:52
Certificate issuer:       /CN=c7e8d959f1c9564a33f28fe44ab614b8f62b001b
Certificate serial:       018CC8715E26C83670F6DCD65F9FC43A1104
Authority key identifier: C7:E8:D9:59:F1:C9:56:4A:33:F2:8F:E4:4A:B6:14:B8:F6:2B:00:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/IUWP9jNtWqP8xiP2q5umQuq_1VI.roa
Signing time:             Tue 02 Jan 2024 04:32:02 +0000
ROA not before:           Tue 02 Jan 2024 04:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207539
IP address blocks:        37.60.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:5e:26:c8:36:70:f6:dc:d6:5f:9f:c4:3a:11:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7e8d959f1c9564a33f28fe44ab614b8f62b001b
        Validity
            Not Before: Jan  2 04:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21458ff6336d5aa3fcc623f6ab9ba642eabfd552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a1:87:fc:f9:2c:31:61:f0:5b:0b:1b:45:7b:
                    52:3c:5c:30:14:1a:5d:15:b9:ae:e1:76:36:e9:29:
                    61:82:d9:8d:cb:fb:a6:db:e0:6b:8e:9e:be:f5:71:
                    8b:9a:d8:50:3c:f3:c1:7d:cc:8b:a9:1c:04:0a:d5:
                    ce:00:9a:14:36:1f:26:90:a3:94:b1:d6:7f:e7:a6:
                    ed:6e:23:fa:38:7a:e2:94:54:ee:64:fa:9b:48:df:
                    a7:21:f5:5a:52:46:b8:7c:03:c4:00:02:3e:c7:65:
                    a2:e5:95:29:8a:9c:d3:4e:48:5f:62:79:07:cc:18:
                    4a:4a:9c:71:e0:3d:80:68:1b:1c:3e:46:67:98:37:
                    d9:ca:0c:7e:ec:97:9a:33:23:a1:6f:84:2a:47:08:
                    52:50:1b:4f:30:21:41:bc:d0:28:1f:85:1f:02:05:
                    7d:99:2c:ca:3d:20:59:84:12:7f:45:e3:72:6b:a1:
                    b7:dd:8c:ce:ec:d9:b8:9e:37:84:f3:69:e6:ca:00:
                    4f:40:4d:3c:e7:46:9b:34:51:0d:a6:19:23:39:cf:
                    70:3a:d5:1e:1a:ed:19:1f:05:23:8d:76:13:4f:90:
                    34:79:9d:6c:ad:0e:38:1f:f4:19:8c:b3:2f:47:0f:
                    68:2f:aa:d9:b9:bc:82:ad:88:55:98:75:3c:7e:8b:
                    69:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:45:8F:F6:33:6D:5A:A3:FC:C6:23:F6:AB:9B:A6:42:EA:BF:D5:52
            X509v3 Authority Key Identifier:
                keyid:C7:E8:D9:59:F1:C9:56:4A:33:F2:8F:E4:4A:B6:14:B8:F6:2B:00:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/IUWP9jNtWqP8xiP2q5umQuq_1VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c3:84:2e:b6:d2:4e:84:30:5d:52:89:0f:21:6e:ad:85:a7:
         9b:59:1b:80:7c:5c:cd:de:e8:8f:01:ee:7c:2c:6e:84:e5:c8:
         2d:79:4a:3c:fe:cf:1a:70:87:c4:9a:b3:33:66:a5:d0:55:b2:
         d8:5f:a0:61:36:82:92:29:13:da:fd:2e:4d:49:c9:1a:fd:b2:
         7d:d6:c0:b5:27:d6:7d:54:77:a0:8e:5b:9b:31:04:be:0a:54:
         e5:36:3e:02:ac:28:f6:88:f4:e1:fe:6f:6a:e1:3d:e8:08:d7:
         71:3c:e6:04:9d:35:75:9d:d2:4c:4c:47:05:e6:ed:36:c3:be:
         c4:4b:ec:f7:44:5c:d1:8e:d0:e8:0f:25:03:45:45:7b:bf:f5:
         f2:3f:d1:a2:1e:9d:e3:52:24:0c:ee:fd:ee:3d:6b:29:14:91:
         55:7a:e1:bc:45:a8:df:cd:c2:ae:9a:fe:ce:ff:30:96:57:9b:
         3e:98:4a:2c:4f:cc:b0:e9:1a:47:bc:e5:e4:f4:bc:a6:7a:17:
         a5:cc:22:16:b0:88:aa:af:26:dc:5c:c5:84:45:5c:b4:92:68:
         3b:33:36:01:2c:8f:f3:fd:62:c4:77:36:d6:95:49:03:19:72:
         82:06:3e:f6:ee:e4:73:c4:6b:87:0c:86:01:51:b9:30:a5:e4:
         ca:be:84:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcV4myDZw9tzWX5/EOhEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZThkOTU5ZjFjOTU2NGEzM2YyOGZlNDRhYjYxNGI4ZjYy
YjAwMWIwHhcNMjQwMTAyMDQzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQ1OGZmNjMzNmQ1YWEzZmNjNjIzZjZhYjliYTY0MmVhYmZkNTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6GH/PksMWHwWwsbRXtSPFwwFBpd
Fbmu4XY26SlhgtmNy/um2+Brjp6+9XGLmthQPPPBfcyLqRwECtXOAJoUNh8mkKOU
sdZ/56btbiP6OHrilFTuZPqbSN+nIfVaUka4fAPEAAI+x2Wi5ZUpipzTTkhfYnkH
zBhKSpxx4D2AaBscPkZnmDfZygx+7JeaMyOhb4QqRwhSUBtPMCFBvNAoH4UfAgV9
mSzKPSBZhBJ/ReNya6G33YzO7Nm4njeE82nmygBPQE0850abNFENphkjOc9wOtUe
Gu0ZHwUjjXYTT5A0eZ1srQ44H/QZjLMvRw9oL6rZubyCrYhVmHU8fotpTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFFj/YzbVqj/MYj9qubpkLqv9VSMB8GA1UdIwQY
MBaAFMfo2VnxyVZKM/KP5Eq2FLj2KwAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC1qWldmSEpWa296OG9fa1NyWVV1UFlyQUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yNGUzMjctNzY1OC00NjNjLTg5OTAt
YjFjOWI3ODlhYWE5LzEvSVVXUDlqTnRXcVA4eGlQMnE1dW1RdXFfMVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yNGUzMjctNzY1OC00NjNjLTg5OTAtYjFjOWI3ODlhYWE5
LzEveC1qWldmSEpWa296OG9fa1NyWVV1UFlyQUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJTwdMA0G
CSqGSIb3DQEBCwUAA4IBAQAuw4QuttJOhDBdUokPIW6thaebWRuAfFzN3uiPAe58
LG6E5cgteUo8/s8acIfEmrMzZqXQVbLYX6BhNoKSKRPa/S5NScka/bJ91sC1J9Z9
VHegjlubMQS+ClTlNj4CrCj2iPTh/m9q4T3oCNdxPOYEnTV1ndJMTEcF5u02w77E
S+z3RFzRjtDoDyUDRUV7v/XyP9GiHp3jUiQM7v3uPWspFJFVeuG8RajfzcKumv7O
/zCWV5s+mEosT8yw6RpHvOXk9LymehelzCIWsIiqrybcXMWERVy0kmg7MzYBLI/z
/WLEdzbWlUkDGXKCBj727uRzxGuHDIYBUbkwpeTKvoQI
-----END CERTIFICATE-----