Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/f04f85-7b04-487c-a1e7-f71a22145d4e/1/HmXLm56mT5PHshTJEh9X_IwS9NY.roa
File:                     HmXLm56mT5PHshTJEh9X_IwS9NY.roa (raw, json)
Hash identifier:          U6g39Q1Y577LbjqklKtzTTDwQMQspUh4xdef8E2hc/0=
Subject key identifier:   1E:65:CB:9B:9E:A6:4F:93:C7:B2:14:C9:12:1F:57:FC:8C:12:F4:D6
Certificate issuer:       /CN=1dacbdc7dc874bd8be2336f5667cdf77bd980c77
Certificate serial:       018E3386F058A548FE7FA8CD5CC45C31F5DD
Authority key identifier: 1D:AC:BD:C7:DC:87:4B:D8:BE:23:36:F5:66:7C:DF:77:BD:98:0C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hay9x9yHS9i-Izb1Znzfd72YDHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/f04f85-7b04-487c-a1e7-f71a22145d4e/1/HmXLm56mT5PHshTJEh9X_IwS9NY.roa
Signing time:             Tue 12 Mar 2024 16:37:44 +0000
ROA not before:           Tue 12 Mar 2024 16:37:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199749
IP address blocks:        84.39.32.0/24 maxlen: 24
                          185.47.80.0/24 maxlen: 24
                          185.47.81.0/24 maxlen: 24
                          185.47.82.0/24 maxlen: 24
                          185.47.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/f04f85-7b04-487c-a1e7-f71a22145d4e/1/Hay9x9yHS9i-Izb1Znzfd72YDHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/f04f85-7b04-487c-a1e7-f71a22145d4e/1/Hay9x9yHS9i-Izb1Znzfd72YDHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hay9x9yHS9i-Izb1Znzfd72YDHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:33:86:f0:58:a5:48:fe:7f:a8:cd:5c:c4:5c:31:f5:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dacbdc7dc874bd8be2336f5667cdf77bd980c77
        Validity
            Not Before: Mar 12 16:37:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e65cb9b9ea64f93c7b214c9121f57fc8c12f4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e2:4f:10:b3:9f:b9:97:8a:57:72:97:1d:cc:
                    c9:f6:be:cb:33:86:24:4f:23:5d:f4:bb:73:c0:59:
                    aa:5b:6e:23:76:7b:1d:6b:1e:fb:0b:e0:8c:ef:1b:
                    5d:76:ee:39:8e:32:3a:d7:d4:bd:2e:6b:30:72:1b:
                    86:59:2f:49:83:8c:31:fe:48:94:c3:20:c9:f5:b8:
                    65:35:32:97:43:f3:cb:a4:49:ed:f3:e4:53:48:79:
                    f5:82:54:48:32:7d:7c:d1:ac:6f:87:0e:5a:fa:6e:
                    2d:df:61:0c:93:d0:6d:30:48:a8:70:f8:0a:cc:a6:
                    bc:c9:65:05:59:f4:c0:71:6d:da:3f:03:05:36:7c:
                    c0:cf:b8:db:de:d7:91:43:3e:ba:df:6a:23:3c:a7:
                    e5:ad:a1:67:d8:50:0d:85:55:97:c2:81:1c:a5:c0:
                    3b:99:cd:a8:83:0e:1e:73:70:d5:97:a4:2c:09:6a:
                    4b:da:cd:bc:d3:66:a3:21:ce:ab:c7:95:6f:dd:66:
                    01:8c:38:a8:2d:5b:47:c0:3d:fe:f9:b6:f9:e1:33:
                    86:4c:cf:f5:13:28:09:19:df:ab:de:66:8e:6c:ba:
                    c0:c7:f8:69:ea:d4:c1:31:4c:e3:fc:69:22:93:0e:
                    0d:84:98:28:01:4b:d3:bb:b8:16:7b:4b:46:24:7c:
                    15:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:65:CB:9B:9E:A6:4F:93:C7:B2:14:C9:12:1F:57:FC:8C:12:F4:D6
            X509v3 Authority Key Identifier:
                keyid:1D:AC:BD:C7:DC:87:4B:D8:BE:23:36:F5:66:7C:DF:77:BD:98:0C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hay9x9yHS9i-Izb1Znzfd72YDHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/f04f85-7b04-487c-a1e7-f71a22145d4e/1/HmXLm56mT5PHshTJEh9X_IwS9NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/f04f85-7b04-487c-a1e7-f71a22145d4e/1/Hay9x9yHS9i-Izb1Znzfd72YDHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.32.0/24
                  185.47.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:ca:7c:b9:ad:e0:0c:7b:fc:2b:b8:94:73:16:5c:ea:68:00:
         1e:a6:57:fe:b1:21:b9:c6:90:cb:48:0c:f1:7a:0c:c9:75:af:
         b6:90:34:16:51:de:c2:65:66:e5:fd:77:c4:84:e9:ee:be:e3:
         12:bc:73:64:f6:ea:09:06:97:f7:29:7e:1e:b2:0c:4b:6d:0d:
         85:28:28:5e:09:43:62:af:68:10:2a:be:df:ac:d8:98:5b:8d:
         e3:ae:26:e5:a7:a6:e8:54:50:47:23:7e:84:71:3c:25:dd:d7:
         5a:6b:0e:05:01:8d:44:0c:0a:7a:da:e2:49:9c:55:af:77:71:
         28:30:a1:73:61:cf:45:87:44:95:60:a1:e3:7c:1c:2f:32:35:
         f0:c7:06:13:c1:2d:b8:0b:31:97:cf:7a:59:32:a7:20:d9:51:
         1a:5a:83:80:f7:66:68:8a:15:21:51:3e:ab:0a:e2:e9:6e:5d:
         11:ac:fb:f1:9b:f4:a4:a2:fd:ac:0a:cb:10:fe:a9:5d:1c:b3:
         2c:6c:59:b9:39:81:dc:e3:a7:87:24:df:e7:11:f5:de:e6:85:
         6c:23:de:dc:23:a4:dc:d4:8a:84:c3:95:4d:f1:b1:b8:8f:25:
         60:3b:9a:9b:7a:5c:53:31:7e:3a:60:70:5a:3a:6a:72:c7:e7:
         cc:31:fc:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4zhvBYpUj+f6jNXMRcMfXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWNiZGM3ZGM4NzRiZDhiZTIzMzZmNTY2N2NkZjc3YmQ5
ODBjNzcwHhcNMjQwMzEyMTYzNzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTY1Y2I5YjllYTY0ZjkzYzdiMjE0YzkxMjFmNTdmYzhjMTJmNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+JPELOfuZeKV3KXHczJ9r7LM4Yk
TyNd9LtzwFmqW24jdnsdax77C+CM7xtddu45jjI619S9LmswchuGWS9Jg4wx/kiU
wyDJ9bhlNTKXQ/PLpEnt8+RTSHn1glRIMn180axvhw5a+m4t32EMk9BtMEiocPgK
zKa8yWUFWfTAcW3aPwMFNnzAz7jb3teRQz6632ojPKflraFn2FANhVWXwoEcpcA7
mc2ogw4ec3DVl6QsCWpL2s2802ajIc6rx5Vv3WYBjDioLVtHwD3++bb54TOGTM/1
EygJGd+r3maObLrAx/hp6tTBMUzj/Gkikw4NhJgoAUvTu7gWe0tGJHwVdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB5ly5uepk+Tx7IUyRIfV/yMEvTWMB8GA1UdIwQY
MBaAFB2svcfch0vYviM29WZ833e9mAx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGF5OXg5eUhTOWktSXpiMVpuemZkNzJZREhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9mMDRmODUtN2IwNC00ODdjLWExZTct
ZjcxYTIyMTQ1ZDRlLzEvSG1YTG01Nm1UNVBIc2hUSkVoOVhfSXdTOU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9mMDRmODUtN2IwNC00ODdjLWExZTctZjcxYTIyMTQ1ZDRl
LzEvSGF5OXg5eUhTOWktSXpiMVpuemZkNzJZREhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCcgAwQC
uS9QMA0GCSqGSIb3DQEBCwUAA4IBAQAWyny5reAMe/wruJRzFlzqaAAeplf+sSG5
xpDLSAzxegzJda+2kDQWUd7CZWbl/XfEhOnuvuMSvHNk9uoJBpf3KX4esgxLbQ2F
KCheCUNir2gQKr7frNiYW43jriblp6boVFBHI36EcTwl3ddaaw4FAY1EDAp62uJJ
nFWvd3EoMKFzYc9Fh0SVYKHjfBwvMjXwxwYTwS24CzGXz3pZMqcg2VEaWoOA92Zo
ihUhUT6rCuLpbl0RrPvxm/Skov2sCssQ/qldHLMsbFm5OYHc46eHJN/nEfXe5oVs
I97cI6Tc1IqEw5VN8bG4jyVgO5qbelxTMX46YHBaOmpyx+fMMfyO
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:37:44 2024 by rpki-client on console-fra.rpki-client.org