Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/HE-VYGoJuOFKttfq98QKXlaKvZI.roa
File:                     HE-VYGoJuOFKttfq98QKXlaKvZI.roa (raw, json)
Hash identifier:          DiI2zoxpYs11kZllqIyKpF1hhzO1I/XD/xCiyfgLOS8=
Subject key identifier:   1C:4F:95:60:6A:09:B8:E1:4A:B6:D7:EA:F7:C4:0A:5E:56:8A:BD:92
Certificate issuer:       /CN=7c835498f35199a1571964d855c3877751681ab9
Certificate serial:       018CCA2BA7B41A7C37274A67A37DC032A708
Authority key identifier: 7C:83:54:98:F3:51:99:A1:57:19:64:D8:55:C3:87:77:51:68:1A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fINUmPNRmaFXGWTYVcOHd1FoGrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/HE-VYGoJuOFKttfq98QKXlaKvZI.roa
Signing time:             Tue 02 Jan 2024 12:35:07 +0000
ROA not before:           Tue 02 Jan 2024 12:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61207
IP address blocks:        185.15.120.0/22 maxlen: 22
                          87.237.208.0/21 maxlen: 21
                          195.35.82.0/23 maxlen: 23
                          89.221.240.0/23 maxlen: 23
                          89.221.243.0/24 maxlen: 24
                          89.221.247.0/24 maxlen: 24
                          89.221.248.0/21 maxlen: 21
                          185.215.196.0/22 maxlen: 22
                          185.215.196.0/24 maxlen: 24
                          2a02:fc00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/fINUmPNRmaFXGWTYVcOHd1FoGrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/fINUmPNRmaFXGWTYVcOHd1FoGrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fINUmPNRmaFXGWTYVcOHd1FoGrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a7:b4:1a:7c:37:27:4a:67:a3:7d:c0:32:a7:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c835498f35199a1571964d855c3877751681ab9
        Validity
            Not Before: Jan  2 12:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c4f95606a09b8e14ab6d7eaf7c40a5e568abd92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:92:21:8e:4b:61:61:92:dc:74:61:57:e4:88:
                    62:57:cc:2b:8f:3a:46:19:95:c0:9f:85:05:9d:e3:
                    3b:3b:f4:35:01:f8:04:ad:5e:27:0b:3c:d4:34:99:
                    3b:4f:a3:b8:e6:51:16:25:95:d6:21:6f:6c:ad:87:
                    8b:e4:25:a0:49:c9:21:fe:a2:e4:cb:36:12:8b:d2:
                    1a:1a:52:cd:e4:52:b9:1f:ea:45:95:f6:06:9c:d2:
                    e7:b4:78:60:88:65:1e:a8:7f:67:49:a3:f6:d5:95:
                    2d:db:f9:24:f8:7a:99:c1:39:44:62:1b:1f:b7:ac:
                    d5:4c:25:eb:56:6c:d5:e7:d0:98:5a:f0:e1:a0:fb:
                    70:e4:2e:15:52:81:5c:1b:05:d6:d8:22:67:3b:fb:
                    cc:4c:09:57:61:ed:1c:66:e4:35:7b:98:77:6b:69:
                    0b:bb:3f:73:e7:89:b7:df:d9:07:e0:54:30:bd:59:
                    5f:8a:f5:34:34:0e:38:b4:a3:bd:f8:fd:e9:79:a3:
                    52:7a:50:28:34:4b:7e:f2:84:40:88:41:71:bf:1e:
                    08:f4:e4:64:ed:14:5a:ce:18:5c:fe:e8:25:30:93:
                    8f:21:e8:84:01:88:c5:53:66:0e:7c:75:6a:57:10:
                    49:dd:93:69:a7:19:86:e6:49:bb:78:e8:f2:97:52:
                    27:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:4F:95:60:6A:09:B8:E1:4A:B6:D7:EA:F7:C4:0A:5E:56:8A:BD:92
            X509v3 Authority Key Identifier:
                keyid:7C:83:54:98:F3:51:99:A1:57:19:64:D8:55:C3:87:77:51:68:1A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fINUmPNRmaFXGWTYVcOHd1FoGrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/HE-VYGoJuOFKttfq98QKXlaKvZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/fINUmPNRmaFXGWTYVcOHd1FoGrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.208.0/21
                  89.221.240.0/23
                  89.221.243.0/24
                  89.221.247.0-89.221.255.255
                  185.15.120.0/22
                  185.215.196.0/22
                  195.35.82.0/23
                IPv6:
                  2a02:fc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:47:57:b7:39:da:8d:61:d9:78:91:3b:9c:40:4d:e9:cc:c7:
         4d:de:cd:4f:21:5a:a4:04:6c:15:d1:cd:38:9a:87:9b:38:8c:
         94:76:f6:53:00:18:76:37:b6:a1:b5:d2:1d:7e:33:80:5b:fe:
         73:78:63:e9:b2:8d:3f:12:0a:4e:68:71:f7:d8:6c:da:56:51:
         be:72:e3:77:b7:59:a6:6f:f7:b8:a1:a0:a8:c7:23:69:c0:e9:
         3e:8c:cf:dc:70:ea:80:8f:ff:ae:ec:f0:62:c8:c4:67:2e:b2:
         d6:08:b2:7d:da:be:fa:f2:a1:da:f1:85:d3:6c:0c:52:b3:ed:
         fe:ac:2b:4f:92:76:96:83:f8:5c:2c:80:23:df:aa:bc:72:8a:
         06:11:17:a6:53:0a:8a:f3:f6:8c:8f:e4:58:e2:77:4a:8f:97:
         26:e0:3f:b1:50:c5:06:c8:fb:9c:4c:d8:33:a3:79:2d:ba:1c:
         96:56:8e:e6:11:ab:d5:96:d1:e2:6e:70:69:50:0a:d3:b8:db:
         fb:9b:ea:53:5b:5a:a0:d5:21:e1:b1:da:6a:26:f6:f0:59:f3:
         fe:8e:54:c0:f5:89:07:8d:40:15:9d:a7:b7:37:44:db:55:68:
         56:91:0f:31:32:c3:13:d3:7a:23:94:ce:c8:e8:79:af:61:94:
         44:b0:6d:2a
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzKK6e0Gnw3J0pno33AMqcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjODM1NDk4ZjM1MTk5YTE1NzE5NjRkODU1YzM4Nzc3NTE2
ODFhYjkwHhcNMjQwMTAyMTIzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzRmOTU2MDZhMDliOGUxNGFiNmQ3ZWFmN2M0MGE1ZTU2OGFiZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZIhjkthYZLcdGFX5IhiV8wrjzpG
GZXAn4UFneM7O/Q1AfgErV4nCzzUNJk7T6O45lEWJZXWIW9srYeL5CWgSckh/qLk
yzYSi9IaGlLN5FK5H+pFlfYGnNLntHhgiGUeqH9nSaP21ZUt2/kk+HqZwTlEYhsf
t6zVTCXrVmzV59CYWvDhoPtw5C4VUoFcGwXW2CJnO/vMTAlXYe0cZuQ1e5h3a2kL
uz9z54m339kH4FQwvVlfivU0NA44tKO9+P3peaNSelAoNEt+8oRAiEFxvx4I9ORk
7RRazhhc/uglMJOPIeiEAYjFU2YOfHVqVxBJ3ZNppxmG5km7eOjyl1In1QIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFBxPlWBqCbjhSrbX6vfECl5Wir2SMB8GA1UdIwQY
MBaAFHyDVJjzUZmhVxlk2FXDh3dRaBq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZklOVW1QTlJtYUZYR1dUWVZjT0hkMUZvR3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy85ZjhhZTItMGZiNS00YzA0LWFkOTMt
NGNlNDc3ZGJiNDA3LzEvSEUtVllHb0p1T0ZLdHRmcTk4UUtYbGFLdlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy85ZjhhZTItMGZiNS00YzA0LWFkOTMtNGNlNDc3ZGJiNDA3
LzEvZklOVW1QTlJtYUZYR1dUWVZjT0hkMUZvR3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA3BAIAATAxAwQDV+3QAwQB
Wd3wAwQAWd3zMAsDBABZ3fcDAwFZ3AMEArkPeAMEArnXxAMEAcMjUjANBAIAAjAH
AwUDKgL8ADANBgkqhkiG9w0BAQsFAAOCAQEAYEdXtznajWHZeJE7nEBN6czHTd7N
TyFapARsFdHNOJqHmziMlHb2UwAYdje2obXSHX4zgFv+c3hj6bKNPxIKTmhx99hs
2lZRvnLjd7dZpm/3uKGgqMcjacDpPozP3HDqgI//ruzwYsjEZy6y1giyfdq++vKh
2vGF02wMUrPt/qwrT5J2loP4XCyAI9+qvHKKBhEXplMKivP2jI/kWOJ3So+XJuA/
sVDFBsj7nEzYM6N5LbocllaO5hGr1ZbR4m5waVAK07jb+5vqU1taoNUh4bHaaib2
8Fnz/o5UwPWJB41AFZ2ntzdE21VoVpEPMTLDE9N6I5TOyOh5r2GURLBtKg==
-----END CERTIFICATE-----
Generated at Mon Jun 17 01:59:26 2024 by rpki-client on console-fra.rpki-client.org