Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/HwLDpTIt6plI2sCVLbeUjnqOAJc.roa
File:                     HwLDpTIt6plI2sCVLbeUjnqOAJc.roa (raw, json)
Hash identifier:          yvIMoIjc3gOAvuIICfd6lLbgjDWXL7Ecab2rJN91n/I=
Subject key identifier:   1F:02:C3:A5:32:2D:EA:99:48:DA:C0:95:2D:B7:94:8E:7A:8E:00:97
Certificate issuer:       /CN=c0eb668b735a1839374e48f79cb2436dbf417caa
Certificate serial:       01941FFA117C3924808DBC1C28BB4CACA527
Authority key identifier: C0:EB:66:8B:73:5A:18:39:37:4E:48:F7:9C:B2:43:6D:BF:41:7C:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/HwLDpTIt6plI2sCVLbeUjnqOAJc.roa
Signing time:             Wed 01 Jan 2025 03:47:49 +0000
ROA not before:           Wed 01 Jan 2025 03:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200402
IP address blocks:        185.84.56.0/22 maxlen: 24
                          2a03:6ee0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:11:7c:39:24:80:8d:bc:1c:28:bb:4c:ac:a5:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0eb668b735a1839374e48f79cb2436dbf417caa
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f02c3a5322dea9948dac0952db7948e7a8e0097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0d:84:35:c6:d4:fa:ad:b8:77:df:7b:f5:08:
                    e9:fe:8e:0d:6d:dd:eb:7d:2c:0d:fe:be:51:55:9d:
                    13:e2:84:1f:0c:a3:e7:71:b9:b2:6d:1f:95:f3:b9:
                    b3:66:c3:54:0d:20:58:7c:b5:fd:56:61:fa:cc:1f:
                    04:85:68:df:62:f4:56:18:6f:4f:66:18:cb:de:dc:
                    f6:00:c5:6e:c1:78:2a:d6:71:b3:d5:9b:2e:6a:41:
                    a1:f0:5d:83:0c:86:8c:e5:e4:ff:c3:8b:66:80:a1:
                    89:8b:e4:60:0f:dc:5a:72:54:96:e9:49:9b:a5:f2:
                    f7:e3:6f:07:ca:f7:dd:dc:7e:31:4a:fc:23:0e:f2:
                    ea:03:82:4b:d7:41:e5:6c:da:68:df:2e:28:96:c3:
                    2a:2e:3a:88:cd:63:ed:99:03:97:b7:38:c6:8e:c8:
                    56:f8:e6:56:3c:77:e9:b7:e2:1f:b0:77:c9:e2:18:
                    20:75:92:0c:7e:18:65:65:7a:a4:5e:71:c0:3d:7d:
                    68:02:8e:e0:a4:4c:42:30:25:39:b9:5e:d0:a1:71:
                    02:ab:a0:31:a8:7e:0d:31:59:d2:95:4f:5d:6a:fa:
                    bb:ca:c1:0e:12:79:97:99:5a:e7:76:e6:f9:3c:b1:
                    8b:37:48:23:d9:fd:22:47:3f:02:e3:c5:97:53:d3:
                    e7:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:02:C3:A5:32:2D:EA:99:48:DA:C0:95:2D:B7:94:8E:7A:8E:00:97
            X509v3 Authority Key Identifier:
                keyid:C0:EB:66:8B:73:5A:18:39:37:4E:48:F7:9C:B2:43:6D:BF:41:7C:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/HwLDpTIt6plI2sCVLbeUjnqOAJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/68b521-c790-4957-9e52-2d26f1b56e20/1/wOtmi3NaGDk3Tkj3nLJDbb9BfKo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.56.0/22
                IPv6:
                  2a03:6ee0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:76:ce:6f:e4:36:37:c3:69:ba:e2:a5:fc:32:8b:f8:5e:8b:
         cd:68:a2:e2:6b:0c:c8:30:3c:77:5b:35:c2:b5:76:25:80:16:
         6a:d8:b2:a8:93:ce:f2:05:05:95:fe:63:fd:53:af:59:61:82:
         68:52:53:53:4a:23:3b:ef:c3:3a:d1:e1:2a:cb:d6:99:e5:8e:
         20:f9:7e:19:23:05:05:23:c5:5a:56:97:67:57:e5:ab:fa:e1:
         7b:35:b1:c8:b8:03:71:5f:2c:62:c7:3e:4b:f8:7d:25:83:e0:
         68:11:db:37:60:20:e0:00:dd:8c:da:35:f3:66:d1:3a:3f:6c:
         65:ad:a1:74:0f:44:d2:36:bf:37:86:58:23:0d:b8:6f:c4:79:
         27:67:7a:9a:6f:d4:b0:77:20:d4:d5:d3:60:43:f2:64:60:2e:
         e4:3b:24:2c:0e:66:58:a8:5d:55:56:8e:52:e7:4f:f5:ef:ed:
         19:eb:5f:f4:6c:b8:0e:ac:4a:fd:f0:56:61:c9:55:86:c5:49:
         9c:c3:6d:07:de:b1:1a:9e:de:6b:9c:17:85:be:e1:fd:94:60:
         da:93:2f:f8:de:eb:df:3c:40:e2:a1:09:38:c5:54:2c:ae:1e:
         07:40:6a:d0:6f:6e:0f:8c:4b:ec:b0:e3:74:93:d5:fd:f7:e9:
         bc:a0:26:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+hF8OSSAjbwcKLtMrKUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZWI2NjhiNzM1YTE4MzkzNzRlNDhmNzljYjI0MzZkYmY0
MTdjYWEwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjAyYzNhNTMyMmRlYTk5NDhkYWMwOTUyZGI3OTQ4ZTdhOGUwMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ2ENcbU+q24d9979Qjp/o4Nbd3r
fSwN/r5RVZ0T4oQfDKPncbmybR+V87mzZsNUDSBYfLX9VmH6zB8EhWjfYvRWGG9P
ZhjL3tz2AMVuwXgq1nGz1ZsuakGh8F2DDIaM5eT/w4tmgKGJi+RgD9xaclSW6Umb
pfL3428Hyvfd3H4xSvwjDvLqA4JL10HlbNpo3y4olsMqLjqIzWPtmQOXtzjGjshW
+OZWPHfpt+IfsHfJ4hggdZIMfhhlZXqkXnHAPX1oAo7gpExCMCU5uV7QoXECq6Ax
qH4NMVnSlU9davq7ysEOEnmXmVrndub5PLGLN0gj2f0iRz8C48WXU9PnYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB8Cw6UyLeqZSNrAlS23lI56jgCXMB8GA1UdIwQY
MBaAFMDrZotzWhg5N05I95yyQ22/QXyqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd090bWkzTmFHRGszVGtqM25MSkRiYjlCZktvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC82OGI1MjEtYzc5MC00OTU3LTllNTIt
MmQyNmYxYjU2ZTIwLzEvSHdMRHBUSXQ2cGxJMnNDVkxiZVVqbnFPQUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC82OGI1MjEtYzc5MC00OTU3LTllNTItMmQyNmYxYjU2ZTIw
LzEvd090bWkzTmFHRGszVGtqM25MSkRiYjlCZktvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVQ4MA0E
AgACMAcDBQAqA27gMA0GCSqGSIb3DQEBCwUAA4IBAQBOds5v5DY3w2m64qX8Mov4
XovNaKLiawzIMDx3WzXCtXYlgBZq2LKok87yBQWV/mP9U69ZYYJoUlNTSiM778M6
0eEqy9aZ5Y4g+X4ZIwUFI8VaVpdnV+Wr+uF7NbHIuANxXyxixz5L+H0lg+BoEds3
YCDgAN2M2jXzZtE6P2xlraF0D0TSNr83hlgjDbhvxHknZ3qab9SwdyDU1dNgQ/Jk
YC7kOyQsDmZYqF1VVo5S50/17+0Z61/0bLgOrEr98FZhyVWGxUmcw20H3rEant5r
nBeFvuH9lGDaky/43uvfPEDioQk4xVQsrh4HQGrQb24PjEvssON0k9X99+m8oCa+
-----END CERTIFICATE-----