Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/HqvqAZYNTgGxWwoiMVdYxxuX9pQ.roa
File:                     HqvqAZYNTgGxWwoiMVdYxxuX9pQ.roa (raw, json)
Hash identifier:          Cs67dHOFuoe++nsazMemr6V8dp4xFyclX2264pXkuC0=
Subject key identifier:   1E:AB:EA:01:96:0D:4E:01:B1:5B:0A:22:31:57:58:C7:1B:97:F6:94
Certificate issuer:       /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial:       018CC26D369ECBD13E5A417ED137F1885175
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/HqvqAZYNTgGxWwoiMVdYxxuX9pQ.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29646
IP address blocks:        89.30.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:9e:cb:d1:3e:5a:41:7e:d1:37:f1:88:51:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1eabea01960d4e01b15b0a22315758c71b97f694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:93:2f:82:e9:c3:ba:76:6b:a4:21:1a:2d:2b:
                    2b:a1:9a:36:2b:ea:b9:3e:67:72:2b:78:c0:e7:a9:
                    8a:3e:c6:c1:dc:27:3f:36:e7:59:5d:ca:60:21:a5:
                    4e:8b:2c:22:cd:73:42:3f:3a:85:03:d9:5c:21:4d:
                    87:b3:47:8f:b9:92:d6:c5:2c:57:33:c5:0d:20:9d:
                    2f:55:dc:ea:72:ad:c3:f5:3d:9e:1c:43:3b:48:58:
                    28:40:0e:26:85:ab:12:ef:45:52:83:4f:c0:a4:cf:
                    ea:e9:f5:e0:f7:99:4a:10:52:c1:53:e9:c0:b3:99:
                    07:88:8c:23:fd:47:76:58:f6:71:18:bc:b1:3d:c2:
                    53:47:b0:53:0a:b5:8d:4b:4f:17:7d:26:bb:f4:97:
                    8e:7a:f6:8e:91:a0:0a:6a:f5:ce:69:32:50:18:8e:
                    25:30:25:62:13:87:c8:54:5d:1c:a2:09:6c:b0:98:
                    d4:96:a3:9d:3f:00:4d:67:4f:44:74:50:71:00:8d:
                    a0:03:13:9b:18:28:38:ea:cc:2b:13:87:d8:e3:12:
                    9d:f0:45:ee:31:36:2a:b4:62:de:9f:f3:ea:b1:c8:
                    10:0f:84:27:80:9e:20:dc:be:ed:e2:9b:78:c1:db:
                    41:c4:4a:53:ad:c0:26:4c:7e:44:a8:94:c8:57:11:
                    8f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:AB:EA:01:96:0D:4E:01:B1:5B:0A:22:31:57:58:C7:1B:97:F6:94
            X509v3 Authority Key Identifier:
                keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/HqvqAZYNTgGxWwoiMVdYxxuX9pQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.30.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:7d:2d:a6:1e:02:75:33:3f:8b:97:27:1d:82:de:9a:df:75:
         f2:b1:1a:ba:20:4d:64:c9:31:09:d9:ca:f2:9f:a1:d7:36:e1:
         75:a6:3b:77:9f:16:cf:04:51:3a:ee:38:2a:dc:b2:1a:e7:9f:
         c9:00:4f:2b:6c:94:61:c1:eb:df:41:a5:f5:a6:3c:40:86:88:
         76:33:a6:e8:52:cd:8f:d8:df:63:19:63:36:62:fd:11:a3:5b:
         b1:8c:8f:f0:59:01:71:c3:d0:cd:9b:ac:ba:f3:f5:19:c3:5c:
         69:e6:b5:d1:b1:f5:84:61:77:43:b7:aa:e9:50:bc:83:5e:13:
         89:5f:f0:03:a6:7d:66:b5:9b:db:88:31:5e:5e:6e:e7:bd:45:
         2a:69:40:10:6d:92:0a:74:28:1e:14:2d:73:85:f9:33:71:54:
         28:21:f1:01:94:be:3d:55:17:34:cd:92:b8:15:80:02:33:ae:
         b4:4e:94:4a:20:10:65:f8:a9:06:0f:e3:65:e0:b4:12:02:ec:
         a7:a6:12:ca:2d:13:51:09:3a:bd:80:3d:4d:df:68:42:b5:33:
         d5:17:de:37:ac:b0:28:eb:a4:1e:24:2e:2c:bc:97:c9:2d:36:
         5f:91:a1:4c:80:0f:4b:a7:fe:3c:3f:95:92:b9:fd:15:f8:bc:
         55:50:d0:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTaey9E+WkF+0TfxiFF1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWFiZWEwMTk2MGQ0ZTAxYjE1YjBhMjIzMTU3NThjNzFiOTdmNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5MvgunDunZrpCEaLSsroZo2K+q5
PmdyK3jA56mKPsbB3Cc/NudZXcpgIaVOiywizXNCPzqFA9lcIU2Hs0ePuZLWxSxX
M8UNIJ0vVdzqcq3D9T2eHEM7SFgoQA4mhasS70VSg0/ApM/q6fXg95lKEFLBU+nA
s5kHiIwj/Ud2WPZxGLyxPcJTR7BTCrWNS08XfSa79JeOevaOkaAKavXOaTJQGI4l
MCViE4fIVF0coglssJjUlqOdPwBNZ09EdFBxAI2gAxObGCg46swrE4fY4xKd8EXu
MTYqtGLen/PqscgQD4QngJ4g3L7t4pt4wdtBxEpTrcAmTH5EqJTIVxGPjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6r6gGWDU4BsVsKIjFXWMcbl/aUMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvSHF2cUFaWU5UZ0d4V3dvaU1WZFl4eHVYOXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR5xMA0G
CSqGSIb3DQEBCwUAA4IBAQDGfS2mHgJ1Mz+Llycdgt6a33XysRq6IE1kyTEJ2cry
n6HXNuF1pjt3nxbPBFE67jgq3LIa55/JAE8rbJRhwevfQaX1pjxAhoh2M6boUs2P
2N9jGWM2Yv0Ro1uxjI/wWQFxw9DNm6y68/UZw1xp5rXRsfWEYXdDt6rpULyDXhOJ
X/ADpn1mtZvbiDFeXm7nvUUqaUAQbZIKdCgeFC1zhfkzcVQoIfEBlL49VRc0zZK4
FYACM660TpRKIBBl+KkGD+Nl4LQSAuynphLKLRNRCTq9gD1N32hCtTPVF943rLAo
66QeJC4svJfJLTZfkaFMgA9Lp/48P5WSuf0V+LxVUNAz
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:12:56 2024 by rpki-client on console-fra.rpki-client.org