Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/H-XMJrZrLLOTI-DEbCL4bHpbKCQ.roa
File:                     H-XMJrZrLLOTI-DEbCL4bHpbKCQ.roa (raw, json)
Hash identifier:          8+C0hEnQv51JZJGLlTEb9oFeieVdw5L0W2spWnd2PRo=
Subject key identifier:   1F:E5:CC:26:B6:6B:2C:B3:93:23:E0:C4:6C:22:F8:6C:7A:5B:28:24
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       0191B1A19614D505DD6E0EC7A6E01A687A14
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/H-XMJrZrLLOTI-DEbCL4bHpbKCQ.roa
Signing time:             Mon 02 Sep 2024 07:27:22 +0000
ROA not before:           Mon 02 Sep 2024 07:27:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        91.200.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b1:a1:96:14:d5:05:dd:6e:0e:c7:a6:e0:1a:68:7a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Sep  2 07:27:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fe5cc26b66b2cb39323e0c46c22f86c7a5b2824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6d:6f:78:e8:3f:86:73:9e:3f:f1:a5:63:42:
                    30:ef:24:db:eb:f5:42:08:81:be:7f:0a:34:07:15:
                    8e:41:60:30:2b:fd:6f:f6:9d:80:74:51:b9:af:a4:
                    26:38:59:cc:20:cb:0b:d9:ec:b8:ef:12:e3:b8:89:
                    12:e8:c3:52:e1:4e:03:42:25:37:ae:7f:b3:b7:c1:
                    2a:0e:6c:93:2f:24:cf:c9:33:62:16:03:47:54:6a:
                    18:dc:aa:01:ac:ce:8a:df:0d:eb:b9:10:e8:0a:cd:
                    de:ef:a5:4c:22:9e:5e:96:52:ba:07:3d:a1:3c:d3:
                    af:cd:26:e1:aa:06:46:bb:74:de:71:b6:3e:54:76:
                    05:5d:5d:82:33:59:2e:ea:cd:dd:c4:45:21:4d:a1:
                    6c:ad:3a:3f:4b:7e:84:dd:90:d7:64:23:5c:5c:f0:
                    d7:af:28:f1:3b:cf:34:62:1a:7e:91:5f:dc:4d:9f:
                    60:dd:b3:0c:43:d7:0f:26:c4:6d:53:33:b3:b8:55:
                    b3:01:56:cd:00:10:c5:a5:e7:19:cd:77:cc:75:ad:
                    5d:5a:49:59:43:58:83:d2:76:6e:19:c1:c3:78:73:
                    87:5c:99:54:df:ad:4f:65:21:77:ca:a2:26:45:f1:
                    c8:36:89:37:29:8b:ad:02:f7:38:b9:2a:4b:3e:8c:
                    18:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E5:CC:26:B6:6B:2C:B3:93:23:E0:C4:6C:22:F8:6C:7A:5B:28:24
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/H-XMJrZrLLOTI-DEbCL4bHpbKCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:d2:a6:57:3d:e2:d1:84:6f:41:23:ad:10:9f:c2:55:3c:8e:
         04:71:54:6d:fb:74:9a:7e:43:c7:8c:b4:85:79:b8:fc:7e:dd:
         8a:56:ef:44:ea:28:b6:f7:0e:1b:62:23:12:d2:d9:73:be:c5:
         3b:ec:41:58:1f:42:8f:d3:de:52:9e:a0:c4:57:c5:d8:1a:37:
         2d:01:22:ee:e5:c5:35:2f:aa:78:c1:11:c3:f4:7c:b9:8a:31:
         a2:22:c2:d4:72:8c:75:55:bb:88:88:28:21:86:91:d9:50:a4:
         63:1b:6d:89:be:ae:7c:bb:db:46:59:f7:d8:79:b6:1f:51:ff:
         68:06:0e:24:68:26:07:5a:2c:12:31:5c:50:99:a9:77:70:73:
         96:af:3a:4f:69:45:15:d6:d4:78:7d:61:36:ca:e1:99:3e:eb:
         5d:15:6a:63:83:d8:e3:65:7d:94:61:7e:8c:c9:3e:cf:e5:49:
         c0:44:f3:39:7a:46:bd:4a:dd:6b:dc:25:41:3b:30:8a:8b:69:
         28:66:a6:6b:32:20:89:53:78:ec:da:c2:5b:ab:20:18:00:77:
         94:be:4c:d6:d3:7b:26:03:1d:bf:24:20:eb:dc:5b:80:c1:11:
         f3:48:96:fb:75:35:64:e0:79:99:b3:3f:d2:22:a1:9e:f6:51:
         f8:cf:03:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGxoZYU1QXdbg7HpuAaaHoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQwOTAyMDcyNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU1Y2MyNmI2NmIyY2IzOTMyM2UwYzQ2YzIyZjg2YzdhNWIyODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkm1veOg/hnOeP/GlY0Iw7yTb6/VC
CIG+fwo0BxWOQWAwK/1v9p2AdFG5r6QmOFnMIMsL2ey47xLjuIkS6MNS4U4DQiU3
rn+zt8EqDmyTLyTPyTNiFgNHVGoY3KoBrM6K3w3ruRDoCs3e76VMIp5ellK6Bz2h
PNOvzSbhqgZGu3TecbY+VHYFXV2CM1ku6s3dxEUhTaFsrTo/S36E3ZDXZCNcXPDX
ryjxO880Yhp+kV/cTZ9g3bMMQ9cPJsRtUzOzuFWzAVbNABDFpecZzXfMda1dWklZ
Q1iD0nZuGcHDeHOHXJlU361PZSF3yqImRfHINok3KYutAvc4uSpLPowYYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/lzCa2ayyzkyPgxGwi+Gx6WygkMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvSC1YTUpyWnJMTE9USS1ERWJDTDRiSHBiS0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8j9MA0G
CSqGSIb3DQEBCwUAA4IBAQBV0qZXPeLRhG9BI60Qn8JVPI4EcVRt+3SafkPHjLSF
ebj8ft2KVu9E6ii29w4bYiMS0tlzvsU77EFYH0KP095SnqDEV8XYGjctASLu5cU1
L6p4wRHD9Hy5ijGiIsLUcox1VbuIiCghhpHZUKRjG22Jvq58u9tGWffYebYfUf9o
Bg4kaCYHWiwSMVxQmal3cHOWrzpPaUUV1tR4fWE2yuGZPutdFWpjg9jjZX2UYX6M
yT7P5UnARPM5eka9St1r3CVBOzCKi2koZqZrMiCJU3js2sJbqyAYAHeUvkzW03sm
Ax2/JCDr3FuAwRHzSJb7dTVk4HmZsz/SIqGe9lH4zwPB
-----END CERTIFICATE-----