Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HXQszCNzbWmAyVkaO7bPiNiLnbE.roa
File:                     HXQszCNzbWmAyVkaO7bPiNiLnbE.roa (raw, json)
Hash identifier:          SsWuU8MMT4GF76ISuS+pvNCYaY5CreqZrL/Mh64wNw0=
Subject key identifier:   1D:74:2C:CC:23:73:6D:69:80:C9:59:1A:3B:B6:CF:88:D8:8B:9D:B1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0193220A72125107E10A59883BAC0B1388EB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HXQszCNzbWmAyVkaO7bPiNiLnbE.roa
Signing time:             Tue 12 Nov 2024 20:22:10 +0000
ROA not before:           Tue 12 Nov 2024 20:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214304
IP address blocks:        194.87.246.0/24 maxlen: 24
                          212.192.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:52:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:22:0a:72:12:51:07:e1:0a:59:88:3b:ac:0b:13:88:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 12 20:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d742ccc23736d6980c9591a3bb6cf88d88b9db1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:19:43:02:cd:28:c0:b2:10:4f:d7:35:7a:3d:
                    06:4c:2b:39:ad:f1:f0:b5:03:5a:08:3a:be:12:3d:
                    c8:5c:5c:4d:e0:dd:98:57:df:d4:c8:50:41:0c:ab:
                    7a:50:6c:68:be:8f:75:9f:65:5b:f5:6c:d2:08:2b:
                    54:a1:60:77:99:17:6a:f1:fe:c3:34:f1:61:16:95:
                    2a:a5:e8:0d:0c:5a:8f:32:fe:99:c5:1a:43:36:82:
                    55:1f:df:4a:9b:45:66:04:12:c3:1c:47:3e:50:79:
                    c1:ae:c2:bc:45:7f:7f:82:46:0b:eb:5c:7d:91:6b:
                    2e:15:66:ff:7f:83:d9:46:58:d2:84:4c:58:17:56:
                    a8:b7:1a:94:5c:60:b1:b8:32:2c:1b:41:83:08:fe:
                    f2:25:05:ee:a9:e9:b0:1e:cd:26:53:03:98:2e:b9:
                    fd:61:c8:82:4c:69:c5:fd:88:07:3d:05:af:a5:0a:
                    2c:be:ad:cc:85:8a:b7:49:bd:a2:4b:66:06:15:3f:
                    d6:55:70:53:b3:7d:5a:ec:1e:eb:aa:be:eb:e3:b1:
                    8e:18:6a:f7:ae:0a:98:b9:97:2c:e3:d5:83:a2:0e:
                    03:eb:8e:95:c8:c7:d7:0c:f0:12:30:9b:d1:de:96:
                    ec:94:61:70:1f:17:f8:78:6c:24:6e:8e:02:b6:69:
                    6e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:74:2C:CC:23:73:6D:69:80:C9:59:1A:3B:B6:CF:88:D8:8B:9D:B1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HXQszCNzbWmAyVkaO7bPiNiLnbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.246.0/24
                  212.192.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:59:3e:e9:81:d1:3b:5d:3b:6c:fd:12:ca:65:6e:79:f8:e6:
         ef:79:11:d3:7a:27:02:de:ee:01:5f:6d:df:d9:55:8e:a4:11:
         78:c8:b1:0e:73:bf:1d:c1:c3:ee:2d:93:fa:51:95:09:03:a7:
         54:67:48:28:d7:47:84:d1:71:2e:e5:f6:b7:d4:46:97:bc:27:
         50:05:86:71:e7:4e:8f:5c:2d:fd:af:c3:e2:58:b1:66:27:39:
         4d:7c:2b:cc:19:83:a8:df:5d:7a:00:39:dc:00:53:36:8f:2e:
         56:16:bf:7d:64:3d:4e:e2:d9:1e:74:16:50:bc:a4:37:0b:ae:
         2c:82:be:7d:ee:62:80:b7:e8:31:82:c0:76:ae:3e:5b:95:41:
         10:41:32:49:24:8b:da:b5:10:94:d8:86:a1:65:8b:47:cf:cf:
         97:fe:41:b9:ca:91:e6:00:c2:4f:cd:04:fc:ee:f0:1c:ea:31:
         03:6d:94:fd:aa:48:8d:29:50:f6:c5:28:c3:af:93:1b:7f:6e:
         d0:03:c2:12:13:0a:5d:58:dd:73:51:a0:72:a1:be:42:1b:f7:
         66:fe:a0:96:09:63:3e:9b:50:aa:63:c0:50:09:c2:9a:ff:b3:
         41:9e:f2:ca:9b:e1:89:2f:5b:c1:64:d4:73:9d:6d:28:5d:04:
         3d:82:9b:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMiCnISUQfhClmIO6wLE4jrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMTEyMjAyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDc0MmNjYzIzNzM2ZDY5ODBjOTU5MWEzYmI2Y2Y4OGQ4OGI5ZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRlDAs0owLIQT9c1ej0GTCs5rfHw
tQNaCDq+Ej3IXFxN4N2YV9/UyFBBDKt6UGxovo91n2Vb9WzSCCtUoWB3mRdq8f7D
NPFhFpUqpegNDFqPMv6ZxRpDNoJVH99Km0VmBBLDHEc+UHnBrsK8RX9/gkYL61x9
kWsuFWb/f4PZRljShExYF1aotxqUXGCxuDIsG0GDCP7yJQXuqemwHs0mUwOYLrn9
YciCTGnF/YgHPQWvpQosvq3MhYq3Sb2iS2YGFT/WVXBTs31a7B7rqr7r47GOGGr3
rgqYuZcs49WDog4D646VyMfXDPASMJvR3pbslGFwHxf4eGwkbo4CtmluDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB10LMwjc21pgMlZGju2z4jYi52xMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSFhRc3pDTnpiV21BeVZrYU83YlBpTmlMbmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwlf2AwQA
1MD3MA0GCSqGSIb3DQEBCwUAA4IBAQBaWT7pgdE7XTts/RLKZW55+ObveRHTeicC
3u4BX23f2VWOpBF4yLEOc78dwcPuLZP6UZUJA6dUZ0go10eE0XEu5fa31EaXvCdQ
BYZx506PXC39r8PiWLFmJzlNfCvMGYOo3116ADncAFM2jy5WFr99ZD1O4tkedBZQ
vKQ3C64sgr597mKAt+gxgsB2rj5blUEQQTJJJIvatRCU2IahZYtHz8+X/kG5ypHm
AMJPzQT87vAc6jEDbZT9qkiNKVD2xSjDr5Mbf27QA8ISEwpdWN1zUaByob5CG/dm
/qCWCWM+m1CqY8BQCcKa/7NBnvLKm+GJL1vBZNRznW0oXQQ9gpvc
-----END CERTIFICATE-----