Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/HCNijNy2Z3fDo7ouqXDGdErsk7c.roa
File:                     HCNijNy2Z3fDo7ouqXDGdErsk7c.roa (raw, json)
Hash identifier:          C2ix89fyLp6LQKneBx+eW3c1y7IU4eWnuF3xz36z65c=
Subject key identifier:   1C:23:62:8C:DC:B6:67:77:C3:A3:BA:2E:A9:70:C6:74:4A:EC:93:B7
Certificate issuer:       /CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
Certificate serial:       018CCA2B2CEA966B6C3DAEB6123614E92803
Authority key identifier: A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/HCNijNy2Z3fDo7ouqXDGdErsk7c.roa
Signing time:             Tue 02 Jan 2024 12:34:36 +0000
ROA not before:           Tue 02 Jan 2024 12:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57091
IP address blocks:        185.185.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:2c:ea:96:6b:6c:3d:ae:b6:12:36:14:e9:28:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
        Validity
            Not Before: Jan  2 12:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c23628cdcb66777c3a3ba2ea970c6744aec93b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7d:97:67:b6:db:50:11:d1:32:da:33:46:66:
                    34:94:4f:1b:49:02:f7:35:f8:41:69:2c:b3:10:65:
                    60:bf:20:74:df:31:07:41:7b:15:34:6c:49:11:b0:
                    e4:7d:76:dd:83:44:03:c1:ca:c2:c1:d1:20:a6:30:
                    d2:9b:8c:37:cb:b1:4d:2e:9a:6f:bb:f0:9a:48:23:
                    aa:b9:f4:c9:1b:56:9e:1f:a6:59:ee:f2:1d:e7:98:
                    2b:27:f3:13:69:20:72:47:d9:fb:c7:40:f5:09:71:
                    ad:21:dc:e7:c5:e7:2d:a4:30:99:1e:a2:16:a5:3c:
                    b3:ec:75:7b:e8:cd:b8:53:ed:95:c0:90:20:bf:c5:
                    f6:c7:e7:7d:05:30:ad:bd:47:1a:17:c0:e6:8f:b1:
                    8f:1a:84:12:5e:af:9c:91:9b:ca:c7:71:ae:7c:38:
                    f2:91:e4:5a:90:bc:03:7a:8b:bb:4a:de:1c:ca:a2:
                    26:6d:0a:a8:e5:3a:63:7c:6f:64:7b:5d:06:1b:00:
                    dc:07:50:51:4e:6d:bf:50:76:97:37:bc:dd:06:60:
                    db:e6:fe:1b:23:a8:c3:01:f1:a7:7f:8a:1d:b8:8c:
                    c3:9a:c5:5c:f2:36:44:04:ad:4a:84:17:2f:fb:e0:
                    08:26:e3:83:b1:48:b2:79:25:4b:65:c4:07:bd:34:
                    bb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:23:62:8C:DC:B6:67:77:C3:A3:BA:2E:A9:70:C6:74:4A:EC:93:B7
            X509v3 Authority Key Identifier:
                keyid:A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/HCNijNy2Z3fDo7ouqXDGdErsk7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:be:21:a0:d5:e1:30:c5:37:d5:8e:3b:c8:04:3f:a4:3c:25:
         6d:f2:5e:0d:b9:f3:05:22:82:89:f0:17:3d:84:69:33:0e:39:
         12:14:6e:74:e7:25:45:99:f5:8b:de:5e:de:39:9f:f7:9d:2a:
         46:79:1a:14:41:ac:e5:ac:34:1d:13:71:23:fe:7a:e3:55:5e:
         15:ed:64:93:a7:6c:aa:a1:c9:8f:dd:c3:cf:1a:eb:cc:b0:95:
         0e:b0:08:e3:dd:6e:b2:f0:bb:dd:4a:f4:70:33:e9:fa:d8:41:
         cd:a2:26:36:6f:e8:16:d8:b4:7c:93:aa:aa:e7:85:5d:37:61:
         8b:18:a8:d9:98:6c:78:00:80:52:09:e7:93:ce:60:7d:76:9e:
         3f:da:5a:eb:8a:24:fa:7f:52:fb:cf:14:0d:b9:24:7a:76:59:
         c9:b5:f9:78:18:50:3f:98:40:b7:42:1d:d3:f8:86:55:23:90:
         da:7a:f7:0a:84:81:d5:12:9e:71:c1:00:16:01:f6:a6:27:40:
         55:9a:ee:22:05:b1:7b:5f:a9:d2:2f:9b:96:62:c1:0b:f8:e4:
         85:7f:fd:f2:2a:72:87:b0:84:7d:10:93:04:ee:0a:44:d9:24:
         97:c2:83:f9:d5:c5:ee:2a:6e:20:37:43:49:20:ff:a3:ab:74:
         17:57:34:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKyzqlmtsPa62EjYU6SgDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZDUyY2M4NzA2MDZhM2YzZjMyYzBmZmY5N2NmNjkzMWZh
NjVjYTMwHhcNMjQwMTAyMTIzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIzNjI4Y2RjYjY2Nzc3YzNhM2JhMmVhOTcwYzY3NDRhZWM5M2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjH2XZ7bbUBHRMtozRmY0lE8bSQL3
NfhBaSyzEGVgvyB03zEHQXsVNGxJEbDkfXbdg0QDwcrCwdEgpjDSm4w3y7FNLppv
u/CaSCOqufTJG1aeH6ZZ7vId55grJ/MTaSByR9n7x0D1CXGtIdznxectpDCZHqIW
pTyz7HV76M24U+2VwJAgv8X2x+d9BTCtvUcaF8Dmj7GPGoQSXq+ckZvKx3GufDjy
keRakLwDeou7St4cyqImbQqo5TpjfG9ke10GGwDcB1BRTm2/UHaXN7zdBmDb5v4b
I6jDAfGnf4oduIzDmsVc8jZEBK1KhBcv++AIJuODsUiyeSVLZcQHvTS7CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwjYozctmd3w6O6LqlwxnRK7JO3MB8GA1UdIwQY
MBaAFKjVLMhwYGo/PzLA//l89pMfplyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgt
ZjU1YmM4YWYxNTA2LzEvSENOaWpOeTJaM2ZEbzdvdXFYREdkRXJzazdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgtZjU1YmM4YWYxNTA2
LzEvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubl4MA0G
CSqGSIb3DQEBCwUAA4IBAQCJviGg1eEwxTfVjjvIBD+kPCVt8l4NufMFIoKJ8Bc9
hGkzDjkSFG505yVFmfWL3l7eOZ/3nSpGeRoUQazlrDQdE3Ej/nrjVV4V7WSTp2yq
ocmP3cPPGuvMsJUOsAjj3W6y8LvdSvRwM+n62EHNoiY2b+gW2LR8k6qq54VdN2GL
GKjZmGx4AIBSCeeTzmB9dp4/2lrriiT6f1L7zxQNuSR6dlnJtfl4GFA/mEC3Qh3T
+IZVI5DaevcKhIHVEp5xwQAWAfamJ0BVmu4iBbF7X6nSL5uWYsEL+OSFf/3yKnKH
sIR9EJME7gpE2SSXwoP51cXuKm4gN0NJIP+jq3QXVzRK
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:16:15 2024 by rpki-client on console-ams.rpki-client.org