Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hzbPTkeC-infa48qiBIZHGWzszw.roa
File:                     hzbPTkeC-infa48qiBIZHGWzszw.roa (raw, json)
Hash identifier:          KQDop8WKjJSNgFXL0WWEjAfDXPb3kfv4hPK+nPvCiVk=
Subject key identifier:   87:36:CF:4E:47:82:FA:29:DF:6B:8F:2A:88:12:19:1C:65:B3:B3:3C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01914FCFBBC159ED95BF0E8E276135D1793F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hzbPTkeC-infa48qiBIZHGWzszw.roa
Signing time:             Wed 14 Aug 2024 07:34:59 +0000
ROA not before:           Wed 14 Aug 2024 07:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49392
IP address blocks:        194.87.118.0/23 maxlen: 24
                          195.133.10.0/23 maxlen: 23
                          195.133.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Oct 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4f:cf:bb:c1:59:ed:95:bf:0e:8e:27:61:35:d1:79:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 14 07:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8736cf4e4782fa29df6b8f2a8812191c65b3b33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5a:83:19:9a:d0:ce:28:00:0a:ff:a8:4d:cf:
                    c9:17:aa:5b:27:fb:bb:15:62:4e:22:73:e9:74:f2:
                    30:e6:df:59:8e:e8:18:c7:2d:b8:58:b9:c3:24:24:
                    85:2b:b5:6f:7e:8e:46:fd:99:89:78:23:4d:3e:1c:
                    90:55:6b:18:a4:0b:e7:a4:18:a6:4c:59:17:1a:3f:
                    6e:de:47:66:75:5f:97:7b:83:8e:0c:44:ef:75:b9:
                    79:22:e4:0e:de:c6:60:10:9c:64:0b:bd:94:2e:4c:
                    92:a8:09:14:b4:6c:72:6f:ff:1e:62:bd:0b:94:89:
                    6e:b9:89:42:2d:d4:03:59:15:b5:b6:9c:d6:1c:7b:
                    2b:ca:81:80:b7:b3:fd:0b:02:6b:49:85:6e:23:a8:
                    ee:3f:45:ab:84:0d:1a:3f:fc:6b:94:d4:eb:93:5f:
                    56:60:0e:63:ec:db:76:4e:a1:9a:fa:cb:4f:3a:55:
                    37:24:7d:1f:ba:2d:de:67:d8:d0:7d:d3:28:50:0c:
                    82:7a:7f:49:26:5d:84:68:86:90:55:b0:c1:cb:b9:
                    8e:af:c6:5c:47:f8:69:90:33:01:d5:a5:49:1d:d5:
                    72:91:61:3c:0b:67:0e:a9:bd:8c:b8:fd:a5:a6:ea:
                    b8:2e:f6:08:03:c7:ba:b8:4e:aa:0e:04:99:e9:40:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:36:CF:4E:47:82:FA:29:DF:6B:8F:2A:88:12:19:1C:65:B3:B3:3C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hzbPTkeC-infa48qiBIZHGWzszw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.118.0/23
                  195.133.10.0/23
                  195.133.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:be:db:c4:22:9c:6a:fe:46:30:72:68:16:c8:3c:8a:44:66:
         79:da:4b:33:bd:1d:01:51:c6:37:12:84:40:97:58:6f:a3:07:
         69:de:52:97:d5:f6:88:8d:7f:e0:6f:77:88:8c:a8:49:92:cd:
         7f:d7:a8:aa:0b:3a:f8:54:87:0e:a8:b3:0b:58:18:f6:12:de:
         30:65:81:8c:9e:ed:03:21:ae:67:68:c3:12:02:60:7b:c6:0e:
         92:98:58:34:4b:cf:e5:88:44:6f:27:d6:3c:dc:9e:82:1d:58:
         71:44:93:01:94:0d:1e:57:62:f1:2b:bd:5b:78:a1:0d:fd:2e:
         51:6e:28:07:4a:d5:ac:02:18:ba:c5:90:ad:b8:6d:8d:e6:45:
         cd:11:f6:ba:ca:ed:9f:88:d4:10:2c:a8:35:25:31:82:7e:91:
         ec:3d:7c:3e:a2:6f:63:26:13:91:fb:c6:78:0f:b5:08:80:80:
         7b:1e:87:c6:6d:fd:05:3d:c6:28:9e:96:d1:96:98:34:3a:2a:
         d8:5f:8f:fa:0d:bc:3c:ed:a8:92:af:31:88:34:40:8e:05:6d:
         c8:3c:7b:9c:97:c7:b7:ae:19:47:53:93:df:c5:e0:f5:24:82:
         a0:d7:62:32:f4:64:e0:1d:05:0f:4a:ee:c2:06:2c:1b:51:a8:
         95:60:e8:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZFPz7vBWe2Vvw6OJ2E10Xk/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODE0MDczNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzM2Y2Y0ZTQ3ODJmYTI5ZGY2YjhmMmE4ODEyMTkxYzY1YjNiMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVqDGZrQzigACv+oTc/JF6pbJ/u7
FWJOInPpdPIw5t9ZjugYxy24WLnDJCSFK7Vvfo5G/ZmJeCNNPhyQVWsYpAvnpBim
TFkXGj9u3kdmdV+Xe4OODETvdbl5IuQO3sZgEJxkC72ULkySqAkUtGxyb/8eYr0L
lIluuYlCLdQDWRW1tpzWHHsryoGAt7P9CwJrSYVuI6juP0WrhA0aP/xrlNTrk19W
YA5j7Nt2TqGa+stPOlU3JH0fui3eZ9jQfdMoUAyCen9JJl2EaIaQVbDBy7mOr8Zc
R/hpkDMB1aVJHdVykWE8C2cOqb2MuP2lpuq4LvYIA8e6uE6qDgSZ6UB8/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIc2z05Hgvop32uPKogSGRxls7M8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaHpiUFRrZUMtaW5mYTQ4cWlCSVpIR1d6c3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBwld2AwQB
w4UKAwQBw4U0MA0GCSqGSIb3DQEBCwUAA4IBAQAavtvEIpxq/kYwcmgWyDyKRGZ5
2kszvR0BUcY3EoRAl1hvowdp3lKX1faIjX/gb3eIjKhJks1/16iqCzr4VIcOqLML
WBj2Et4wZYGMnu0DIa5naMMSAmB7xg6SmFg0S8/liERvJ9Y83J6CHVhxRJMBlA0e
V2LxK71beKEN/S5RbigHStWsAhi6xZCtuG2N5kXNEfa6yu2fiNQQLKg1JTGCfpHs
PXw+om9jJhOR+8Z4D7UIgIB7HofGbf0FPcYonpbRlpg0OirYX4/6Dbw87aiSrzGI
NECOBW3IPHucl8e3rhlHU5PfxeD1JIKg12Iy9GTgHQUPSu7CBiwbUaiVYOif
-----END CERTIFICATE-----
Generated at Wed Oct 9 23:32:14 2024 by rpki-client on console-fra.rpki-client.org