Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/HJa7UN5ky1qdZ6FO1DdWPphwGRI.roa
File:                     HJa7UN5ky1qdZ6FO1DdWPphwGRI.roa (raw, json)
Hash identifier:          DsbTF8bhilkIi3S8fxXYOw0wVNnZpM8Z3bQrAC4LBr8=
Subject key identifier:   1C:96:BB:50:DE:64:CB:5A:9D:67:A1:4E:D4:37:56:3E:98:70:19:12
Certificate issuer:       /CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
Certificate serial:       018CC8016B14ADD0F5F987181E841D39743F
Authority key identifier: F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/HJa7UN5ky1qdZ6FO1DdWPphwGRI.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206334
IP address blocks:        185.189.93.0/24 maxlen: 24
                          185.189.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:14:ad:d0:f5:f9:87:18:1e:84:1d:39:74:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c96bb50de64cb5a9d67a14ed437563e98701912
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d6:98:91:f5:ca:6d:5a:b4:4d:7b:cb:ca:71:
                    82:89:3c:93:5d:6c:01:5a:ad:64:4c:38:61:45:d4:
                    93:12:e3:c5:f2:31:7b:26:59:d7:de:32:36:39:21:
                    74:61:04:76:31:45:4d:1f:f3:c1:24:04:8e:6e:54:
                    e3:45:5d:0a:71:3b:13:b0:e6:a6:b0:7f:80:e8:d9:
                    91:63:9b:6c:cd:5b:54:57:5e:17:09:b2:34:88:fb:
                    60:8a:25:98:c0:c8:b0:75:0f:d4:77:10:c7:e1:00:
                    1a:de:e6:2a:e2:28:a2:b7:23:ec:91:5c:4b:c7:5e:
                    ac:12:f9:57:3c:bc:c4:66:51:01:6f:8c:d5:f3:01:
                    84:fc:60:4d:5d:34:2b:74:63:a5:a6:af:5d:c8:33:
                    1b:83:3f:51:98:fc:0c:c4:8a:c5:44:57:9f:11:93:
                    42:c9:3f:a7:08:6b:b2:a0:1c:20:5e:8b:a1:6d:3c:
                    58:9a:84:f2:01:6c:43:82:29:66:ad:cf:91:eb:9f:
                    14:ac:26:d9:fc:53:04:fa:e6:ad:94:40:01:7e:de:
                    4d:0f:2e:35:1b:ed:71:bc:02:db:44:76:78:10:a4:
                    21:64:1a:b6:d7:01:28:e3:6e:e5:89:e1:c1:5b:a3:
                    4b:71:15:35:cd:c6:1a:05:28:9f:d4:15:b0:93:4f:
                    d5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:96:BB:50:DE:64:CB:5A:9D:67:A1:4E:D4:37:56:3E:98:70:19:12
            X509v3 Authority Key Identifier:
                keyid:F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/HJa7UN5ky1qdZ6FO1DdWPphwGRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:77:24:08:47:ef:ad:c6:18:fb:5c:81:28:b0:32:29:90:83:
         d7:15:cb:1c:38:12:e4:fc:7b:3f:19:73:f1:51:08:22:b5:3b:
         ec:f4:a8:a6:85:85:1b:6a:d4:fe:d7:2f:91:bb:cd:c1:04:41:
         7c:e3:2a:70:c5:87:6a:06:40:4b:71:5f:61:e0:91:ab:dc:d5:
         43:65:4d:a3:05:a1:f0:48:78:53:5b:f5:97:61:23:4c:17:0e:
         4f:98:65:f8:9c:38:8f:55:e6:74:4a:67:1e:6e:02:06:b8:9e:
         55:37:55:b6:52:1f:f1:7e:56:b5:d1:33:0b:2b:2e:93:1b:1c:
         c7:b7:e6:6f:3e:9c:14:17:43:3b:c7:3f:29:82:0b:78:6a:cd:
         bb:55:53:a1:4e:0e:3a:a2:a2:26:51:52:86:de:74:d9:c3:5b:
         31:4c:c4:5a:f0:6c:78:49:b6:91:b5:47:1a:53:e7:e0:45:30:
         be:64:ce:24:85:23:1b:58:68:aa:0a:42:12:6c:1c:34:1e:7a:
         f3:6f:f5:76:09:db:74:89:f9:a8:17:8f:70:87:1c:99:2f:69:
         33:a9:2c:72:f4:8b:96:77:57:86:fa:b3:67:13:38:d6:6d:4b:
         5c:39:18:6a:19:9a:ca:07:79:21:c5:bc:81:86:35:a6:88:2c:
         5a:e5:b3:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAWsUrdD1+YcYHoQdOXQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZjczYzVjMGYzYTEwNmE4YmE3ZGZmM2UzNWM4MTZkMTA3
OGRjNzEwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzk2YmI1MGRlNjRjYjVhOWQ2N2ExNGVkNDM3NTYzZTk4NzAxOTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4daYkfXKbVq0TXvLynGCiTyTXWwB
Wq1kTDhhRdSTEuPF8jF7JlnX3jI2OSF0YQR2MUVNH/PBJASOblTjRV0KcTsTsOam
sH+A6NmRY5tszVtUV14XCbI0iPtgiiWYwMiwdQ/UdxDH4QAa3uYq4iiityPskVxL
x16sEvlXPLzEZlEBb4zV8wGE/GBNXTQrdGOlpq9dyDMbgz9RmPwMxIrFRFefEZNC
yT+nCGuyoBwgXouhbTxYmoTyAWxDgilmrc+R658UrCbZ/FME+uatlEABft5NDy41
G+1xvALbRHZ4EKQhZBq21wEo427lieHBW6NLcRU1zcYaBSif1BWwk0/VfwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFByWu1DeZMtanWehTtQ3Vj6YcBkSMB8GA1UdIwQY
MBaAFPj3PFwPOhBqi6ff8+NcgW0QeNxxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1QYzhYQTg2RUdxTHA5X3o0MXlCYlJCNDNIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhi
LTZkOGZkMzMwZTlhYS8xL0hKYTdVTjVreTFxZFo2Rk8xRGRXUHBod0dSSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhiLTZkOGZkMzMwZTlh
YS8xLzEtUGM4WEE4NkVHcUxwOV96NDF5QmJSQjQzSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG5vVww
DQYJKoZIhvcNAQELBQADggEBADR3JAhH763GGPtcgSiwMimQg9cVyxw4EuT8ez8Z
c/FRCCK1O+z0qKaFhRtq1P7XL5G7zcEEQXzjKnDFh2oGQEtxX2Hgkavc1UNlTaMF
ofBIeFNb9ZdhI0wXDk+YZficOI9V5nRKZx5uAga4nlU3VbZSH/F+VrXRMwsrLpMb
HMe35m8+nBQXQzvHPymCC3hqzbtVU6FODjqioiZRUobedNnDWzFMxFrwbHhJtpG1
RxpT5+BFML5kziSFIxtYaKoKQhJsHDQeevNv9XYJ23SJ+agXj3CHHJkvaTOpLHL0
i5Z3V4b6s2cTONZtS1w5GGoZmsoHeSHFvIGGNaaILFrlszo=
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:52:56 2024 by rpki-client on console-ams.rpki-client.org