Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HuWWM7nill-1DlgF7fQKhjn7FLk.roa
File:                     HuWWM7nill-1DlgF7fQKhjn7FLk.roa (raw, json)
Hash identifier:          TAtHa2A4mh2a1r80ld1jgZiSUhIRE+YUzMm1HkSnQIM=
Subject key identifier:   1E:E5:96:33:B9:E2:96:5F:B5:0E:58:05:ED:F4:0A:86:39:FB:14:B9
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01923D50A7727EC47E248EAB524EEEA30A23
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HuWWM7nill-1DlgF7fQKhjn7FLk.roa
Signing time:             Sun 29 Sep 2024 10:25:48 +0000
ROA not before:           Sun 29 Sep 2024 10:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149875
IP address blocks:        212.192.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:52:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3d:50:a7:72:7e:c4:7e:24:8e:ab:52:4e:ee:a3:0a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 29 10:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ee59633b9e2965fb50e5805edf40a8639fb14b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d2:39:98:2c:b5:f7:83:fa:19:3c:98:b8:9a:
                    54:4c:c9:76:fe:2b:8f:0b:a1:e7:66:73:ee:0d:c6:
                    6d:3f:5d:99:85:9a:34:a8:ff:e2:8e:da:f7:01:fc:
                    90:31:8d:ce:80:df:97:b9:27:4c:af:69:7f:39:50:
                    83:5f:ba:bd:d6:1a:e9:8d:c8:f2:cf:55:31:4c:39:
                    42:9f:aa:67:c6:48:14:6a:b9:4a:61:59:1d:35:3d:
                    15:43:38:b8:52:71:39:b5:df:25:18:d2:7a:5e:ff:
                    95:29:d8:5f:92:c6:9c:37:2e:38:e0:af:59:a1:df:
                    81:b9:57:05:b0:46:77:01:69:7d:c7:9a:ca:94:5c:
                    30:0c:10:6e:83:21:71:ec:de:8b:e6:70:e2:34:be:
                    c5:23:b4:2a:7a:56:65:ed:aa:23:97:ff:2a:91:09:
                    a4:52:a3:0e:7e:cc:9f:c6:6e:2b:36:88:4b:39:c5:
                    4d:6f:8c:db:02:32:05:d3:e5:ef:0b:f8:04:5b:45:
                    12:f7:70:6d:1c:57:06:46:83:64:77:6a:f9:e0:cf:
                    a7:db:39:b1:c4:f7:56:05:fd:ef:dd:e1:12:cd:ce:
                    ad:76:27:7b:be:dc:39:e8:da:49:c4:b8:b8:e8:ef:
                    80:85:33:6a:f2:3d:5f:2e:e6:e4:5c:48:84:63:b4:
                    f8:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E5:96:33:B9:E2:96:5F:B5:0E:58:05:ED:F4:0A:86:39:FB:14:B9
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HuWWM7nill-1DlgF7fQKhjn7FLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:aa:17:3e:90:10:7c:12:4f:93:90:f4:85:c9:15:ec:af:16:
         46:14:ce:a3:ad:a7:da:e9:85:5a:d6:b5:8c:b6:9a:8c:69:d8:
         a9:3d:e5:f6:cb:51:28:6c:ce:ff:dc:05:7b:fe:41:9e:10:fe:
         76:cf:7b:c3:14:6f:15:29:e4:96:40:43:21:85:0c:b1:c8:bf:
         d6:6e:10:5c:5a:23:56:5a:37:36:fd:9a:1a:ea:64:6d:cd:24:
         ed:a1:0e:04:36:c7:ed:ad:8d:25:e0:86:b1:fe:ff:f0:7e:33:
         20:f7:62:42:e1:a1:a1:7e:a3:d5:ac:5f:4d:4e:57:55:68:ef:
         76:35:81:a9:a4:88:8b:06:90:a2:5f:d2:21:8f:bb:a6:99:44:
         6d:40:26:2a:f0:b3:ba:87:53:c6:5e:6d:8c:3c:67:5e:51:1b:
         db:6c:e7:4a:70:70:4d:9e:d7:8f:64:af:7d:96:5d:43:20:22:
         e0:cd:51:da:cb:d9:01:50:ba:c4:a8:c2:72:55:79:fa:6a:77:
         10:5b:0c:32:20:d5:09:77:fa:19:25:6c:01:6f:83:ec:2c:8b:
         cf:2b:21:3a:c2:e0:50:60:1b:60:94:bb:02:b0:47:f9:4f:4c:
         88:03:93:0a:a5:95:0b:27:9b:3c:52:a9:a2:4d:7b:50:d2:c3:
         15:83:c1:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI9UKdyfsR+JI6rUk7uowojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTI5MTAyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWU1OTYzM2I5ZTI5NjVmYjUwZTU4MDVlZGY0MGE4NjM5ZmIxNGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tI5mCy194P6GTyYuJpUTMl2/iuP
C6HnZnPuDcZtP12ZhZo0qP/ijtr3AfyQMY3OgN+XuSdMr2l/OVCDX7q91hrpjcjy
z1UxTDlCn6pnxkgUarlKYVkdNT0VQzi4UnE5td8lGNJ6Xv+VKdhfksacNy444K9Z
od+BuVcFsEZ3AWl9x5rKlFwwDBBugyFx7N6L5nDiNL7FI7QqelZl7aojl/8qkQmk
UqMOfsyfxm4rNohLOcVNb4zbAjIF0+XvC/gEW0US93BtHFcGRoNkd2r54M+n2zmx
xPdWBf3v3eESzc6tdid7vtw56NpJxLi46O+AhTNq8j1fLubkXEiEY7T48wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7lljO54pZftQ5YBe30CoY5+xS5MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSHVXV003bmlsbC0xRGxnRjdmUUtoam43RkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD5MA0G
CSqGSIb3DQEBCwUAA4IBAQARqhc+kBB8Ek+TkPSFyRXsrxZGFM6jrafa6YVa1rWM
tpqMadipPeX2y1EobM7/3AV7/kGeEP52z3vDFG8VKeSWQEMhhQyxyL/WbhBcWiNW
Wjc2/Zoa6mRtzSTtoQ4ENsftrY0l4Iax/v/wfjMg92JC4aGhfqPVrF9NTldVaO92
NYGppIiLBpCiX9Ihj7ummURtQCYq8LO6h1PGXm2MPGdeURvbbOdKcHBNntePZK99
ll1DICLgzVHay9kBULrEqMJyVXn6ancQWwwyINUJd/oZJWwBb4PsLIvPKyE6wuBQ
YBtglLsCsEf5T0yIA5MKpZULJ5s8UqmiTXtQ0sMVg8Gc
-----END CERTIFICATE-----