Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/H2wHdWmbXYZQqvnyxk7QDAlI3PE.roa
File:                     H2wHdWmbXYZQqvnyxk7QDAlI3PE.roa (raw, json)
Hash identifier:          uvz84Caz/fo5o779mLeuOR5TfcqAhzmQ8yIpZjmCFvs=
Subject key identifier:   1F:6C:07:75:69:9B:5D:86:50:AA:F9:F2:C6:4E:D0:0C:09:48:DC:F1
Certificate issuer:       /CN=297c508d23b38315bbf45b726d22050a46127b8c
Certificate serial:       018CC8713109CD84D240D5470A073D77A392
Authority key identifier: 29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/H2wHdWmbXYZQqvnyxk7QDAlI3PE.roa
Signing time:             Tue 02 Jan 2024 04:31:50 +0000
ROA not before:           Tue 02 Jan 2024 04:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51335
IP address blocks:        185.4.44.0/22 maxlen: 24
                          185.4.46.0/24 maxlen: 24
                          194.213.124.0/23 maxlen: 23
                          2a02:68c0::/32 maxlen: 32
                          2001:67c:10f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:31:09:cd:84:d2:40:d5:47:0a:07:3d:77:a3:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297c508d23b38315bbf45b726d22050a46127b8c
        Validity
            Not Before: Jan  2 04:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f6c0775699b5d8650aaf9f2c64ed00c0948dcf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:95:63:b6:0b:fa:3a:eb:05:83:2b:c0:3e:4e:
                    4a:be:35:87:b4:57:76:b2:6f:c6:ea:11:eb:0f:8c:
                    26:66:73:0c:ff:ae:76:e3:30:ec:ae:2e:6f:ca:83:
                    54:da:25:3a:ed:35:b8:62:11:97:06:dc:a2:95:53:
                    92:36:4d:53:bc:e0:3d:09:90:ce:0f:58:86:0b:ab:
                    af:3d:11:b2:2c:9a:1c:45:d0:6f:30:c1:6f:fe:c4:
                    da:b8:98:e8:8e:3a:db:13:73:37:b6:62:45:9c:28:
                    6b:e4:42:52:95:70:1f:21:aa:5d:09:17:06:cf:b3:
                    f1:a9:48:7d:c4:ea:a4:be:7d:ba:be:60:1d:a8:c6:
                    e4:71:73:ba:8b:7f:58:df:8a:81:59:54:91:12:49:
                    2f:24:e3:94:63:ea:73:1b:bc:71:fc:4e:8f:bb:59:
                    11:3d:91:80:82:70:9f:15:d9:54:0c:ff:36:8c:52:
                    82:d1:df:a7:b1:4a:22:2f:43:b6:ae:3b:ed:61:8b:
                    b9:d2:46:d3:33:d0:51:b7:9c:da:b1:81:b8:be:84:
                    9a:6c:54:32:58:b5:df:99:9a:2c:97:50:8b:1c:40:
                    43:23:b8:0f:be:69:bd:3b:b3:aa:5c:80:98:72:40:
                    35:12:8c:d1:d3:f0:66:d3:f7:cb:d6:85:50:47:75:
                    15:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:6C:07:75:69:9B:5D:86:50:AA:F9:F2:C6:4E:D0:0C:09:48:DC:F1
            X509v3 Authority Key Identifier:
                keyid:29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/H2wHdWmbXYZQqvnyxk7QDAlI3PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.44.0/22
                  194.213.124.0/23
                IPv6:
                  2001:67c:10f0::/48
                  2a02:68c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:53:93:d3:55:3c:8f:2d:18:6e:eb:99:36:03:38:9a:b4:15:
         3b:92:b0:46:94:39:3b:30:20:a8:5c:88:9f:99:33:27:53:fc:
         a0:4e:36:ba:c2:e6:bd:0f:86:64:72:da:29:ea:b2:07:68:e1:
         8c:77:8a:d0:fc:43:a4:e6:d0:43:c0:81:8f:3c:7d:f8:0e:be:
         b1:ae:a6:51:76:a2:52:b8:8d:4e:2b:f2:9c:6a:03:3d:34:64:
         31:cb:d2:d1:0c:f6:c9:24:0f:56:8c:a2:68:22:99:b8:df:18:
         1c:35:b1:64:e8:14:69:7c:d8:de:ad:d0:1f:56:79:e9:1e:63:
         cc:45:cc:11:1e:3c:d0:ee:09:1e:57:91:52:06:1f:ce:9b:c4:
         8c:8b:dd:20:3a:54:fb:8c:6f:84:a2:73:63:6e:2f:b5:65:05:
         52:1b:0d:9d:f8:62:45:20:7b:96:d2:7d:95:e6:2c:be:7d:2b:
         25:b4:02:a5:38:4f:77:12:f0:d5:75:ca:2e:15:65:05:49:80:
         b4:1b:21:88:b1:fa:c0:bb:9a:ce:a7:c7:3a:e3:22:d5:9e:23:
         ef:37:a5:b0:1b:35:b8:32:09:16:0b:2f:59:36:b7:a7:04:9a:
         61:e5:05:36:6b:60:f8:3f:96:f9:a2:ff:bb:6a:92:17:ba:7e:
         5a:03:d3:6c
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzIcTEJzYTSQNVHCgc9d6OSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2M1MDhkMjNiMzgzMTViYmY0NWI3MjZkMjIwNTBhNDYx
MjdiOGMwHhcNMjQwMTAyMDQzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjZjMDc3NTY5OWI1ZDg2NTBhYWY5ZjJjNjRlZDAwYzA5NDhkY2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJVjtgv6OusFgyvAPk5KvjWHtFd2
sm/G6hHrD4wmZnMM/6524zDsri5vyoNU2iU67TW4YhGXBtyilVOSNk1TvOA9CZDO
D1iGC6uvPRGyLJocRdBvMMFv/sTauJjojjrbE3M3tmJFnChr5EJSlXAfIapdCRcG
z7PxqUh9xOqkvn26vmAdqMbkcXO6i39Y34qBWVSREkkvJOOUY+pzG7xx/E6Pu1kR
PZGAgnCfFdlUDP82jFKC0d+nsUoiL0O2rjvtYYu50kbTM9BRt5zasYG4voSabFQy
WLXfmZosl1CLHEBDI7gPvmm9O7OqXICYckA1EozR0/Bm0/fL1oVQR3UVrQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFB9sB3Vpm12GUKr58sZO0AwJSNzxMB8GA1UdIwQY
MBaAFCl8UI0js4MVu/Rbcm0iBQpGEnuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTIt
MzZlOWE3OWJkOTUwLzEvSDJ3SGRXbWJYWVpRcXZueXhrN1FEQWxJM1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTItMzZlOWE3OWJkOTUw
LzEvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQCuQQsAwQB
wtV8MBYEAgACMBADBwAgAQZ8EPADBQAqAmjAMA0GCSqGSIb3DQEBCwUAA4IBAQAf
U5PTVTyPLRhu65k2AziatBU7krBGlDk7MCCoXIifmTMnU/ygTja6wua9D4Zkctop
6rIHaOGMd4rQ/EOk5tBDwIGPPH34Dr6xrqZRdqJSuI1OK/KcagM9NGQxy9LRDPbJ
JA9WjKJoIpm43xgcNbFk6BRpfNjerdAfVnnpHmPMRcwRHjzQ7gkeV5FSBh/Om8SM
i90gOlT7jG+EonNjbi+1ZQVSGw2d+GJFIHuW0n2V5iy+fSsltAKlOE93EvDVdcou
FWUFSYC0GyGIsfrAu5rOp8c64yLVniPvN6WwGzW4MgkWCy9ZNrenBJph5QU2a2D4
P5b5ov+7apIXun5aA9Ns
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:25:29 2024 by rpki-client on console-ams.rpki-client.org