Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/HMsvAiDbh4kC8ggLmj0y0DoXO64.roa
File:                     HMsvAiDbh4kC8ggLmj0y0DoXO64.roa (raw, json)
Hash identifier:          uUoaPJoC7VBtn0vdccXfZO2Ub/4VCgEVJ/mOlyL3+eQ=
Subject key identifier:   1C:CB:2F:02:20:DB:87:89:02:F2:08:0B:9A:3D:32:D0:3A:17:3B:AE
Certificate issuer:       /CN=17526ccac4f9064e058549b30172c84439787fbc
Certificate serial:       018CC424E994952B85C0B22E5EBC8316C2BE
Authority key identifier: 17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/HMsvAiDbh4kC8ggLmj0y0DoXO64.roa
Signing time:             Mon 01 Jan 2024 08:30:02 +0000
ROA not before:           Mon 01 Jan 2024 08:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10010
IP address blocks:        45.90.85.0/24 maxlen: 24
                          45.90.86.0/24 maxlen: 24
                          45.90.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e9:94:95:2b:85:c0:b2:2e:5e:bc:83:16:c2:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17526ccac4f9064e058549b30172c84439787fbc
        Validity
            Not Before: Jan  1 08:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ccb2f0220db878902f2080b9a3d32d03a173bae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:72:5c:38:d0:e6:7b:fa:8d:da:8f:e7:25:19:
                    59:20:2e:c9:6a:08:cb:95:1a:13:7b:53:22:1d:bf:
                    51:89:a0:39:ec:cb:48:47:3c:72:66:bc:bd:65:fe:
                    2f:84:92:17:90:41:e3:b9:7b:8e:b7:c2:ff:c4:4c:
                    9f:c7:f4:01:db:3a:b5:ce:53:fb:a4:4f:bf:6a:98:
                    36:52:35:be:0c:29:08:2c:95:96:88:be:aa:40:ad:
                    2a:e1:2e:d5:a3:a5:07:c0:0c:78:9b:11:58:d1:2f:
                    f6:ea:3c:77:7c:d6:29:8f:9c:cf:2e:bf:34:e2:e4:
                    3e:4c:63:f0:a0:19:3c:d0:d2:6f:e9:81:b3:d1:a6:
                    d7:19:cf:7e:f7:36:2b:a4:04:bb:3f:14:28:fa:6c:
                    d1:87:b8:af:1f:12:b6:b7:a7:3d:8f:99:b0:98:e2:
                    18:94:8f:18:a9:2c:54:43:2f:2f:8a:b9:96:aa:2d:
                    64:f6:3c:8f:75:9b:93:94:32:a1:ca:a8:9c:98:56:
                    ca:29:c9:2f:d6:18:8a:35:b1:a8:a0:09:32:62:c9:
                    18:f8:c4:67:7d:f4:0f:28:ac:06:6e:ea:3d:e8:fd:
                    bd:9f:57:7d:f2:d4:1e:d4:be:5f:d7:e0:1f:75:6d:
                    c4:b6:6b:68:07:77:fa:b2:ea:60:2f:a2:a0:2d:69:
                    86:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:CB:2F:02:20:DB:87:89:02:F2:08:0B:9A:3D:32:D0:3A:17:3B:AE
            X509v3 Authority Key Identifier:
                keyid:17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/HMsvAiDbh4kC8ggLmj0y0DoXO64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.85.0-45.90.87.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:4c:ff:f6:c1:77:11:27:38:72:11:ca:20:e9:6e:86:27:c1:
         ba:b6:57:bc:19:ad:68:7b:a0:d7:70:ed:29:23:10:f6:09:ec:
         5a:22:48:67:1c:71:c4:61:ef:9f:1b:60:13:8f:e3:d8:2c:f8:
         a5:02:a5:7f:52:0f:81:14:05:05:76:e4:0e:9d:39:ea:4a:bf:
         bc:06:bf:21:d5:d4:92:4e:ba:cf:d6:61:17:45:20:a5:0a:1e:
         f2:8a:3d:f7:ee:82:4b:07:64:69:8e:ae:cd:9b:e1:ea:53:ee:
         1f:7b:01:f5:b5:d5:9e:99:f6:f8:b6:a1:92:33:68:23:1e:c9:
         71:47:71:35:35:4b:54:36:94:ee:0b:d8:17:15:44:74:89:eb:
         ec:0d:a6:28:ce:c1:b2:e7:3f:56:be:34:7b:d5:44:2e:e6:8c:
         d9:f6:bf:65:7c:7c:4f:2d:bb:42:03:2a:9c:f5:84:6a:97:a8:
         3c:6a:fb:2c:a8:65:4b:f3:ce:0c:25:97:02:74:b9:8b:e5:a1:
         92:c4:d8:d6:a8:28:a7:b5:46:ae:ae:98:81:9a:0e:f0:17:d5:
         51:b2:d1:01:bd:60:01:97:dc:3b:cb:82:1f:44:cb:2e:2c:bf:
         7e:99:1d:d2:6a:b6:55:eb:1f:32:9c:7e:b7:06:cc:37:33:ff:
         ad:1d:b9:32
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJOmUlSuFwLIuXryDFsK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NTI2Y2NhYzRmOTA2NGUwNTg1NDliMzAxNzJjODQ0Mzk3
ODdmYmMwHhcNMjQwMTAxMDgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2NiMmYwMjIwZGI4Nzg5MDJmMjA4MGI5YTNkMzJkMDNhMTczYmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3JcONDme/qN2o/nJRlZIC7JagjL
lRoTe1MiHb9RiaA57MtIRzxyZry9Zf4vhJIXkEHjuXuOt8L/xEyfx/QB2zq1zlP7
pE+/apg2UjW+DCkILJWWiL6qQK0q4S7Vo6UHwAx4mxFY0S/26jx3fNYpj5zPLr80
4uQ+TGPwoBk80NJv6YGz0abXGc9+9zYrpAS7PxQo+mzRh7ivHxK2t6c9j5mwmOIY
lI8YqSxUQy8virmWqi1k9jyPdZuTlDKhyqicmFbKKckv1hiKNbGooAkyYskY+MRn
ffQPKKwGbuo96P29n1d98tQe1L5f1+AfdW3EtmtoB3f6supgL6KgLWmGkQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBzLLwIg24eJAvIIC5o9MtA6FzuuMB8GA1UdIwQY
MBaAFBdSbMrE+QZOBYVJswFyyEQ5eH+8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFKc3lzVDVCazRGaFVtekFYTElSRGw0Zjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jOWFhODEtNWJmZC00NTM1LTk2MDYt
OTQxY2M2YTdiYWQ5LzEvSE1zdkFpRGJoNGtDOGdnTG1qMHkwRG9YTzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9jOWFhODEtNWJmZC00NTM1LTk2MDYtOTQxY2M2YTdiYWQ5
LzEvRjFKc3lzVDVCazRGaFVtekFYTElSRGw0Zjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtWlUD
BAMtWlAwDQYJKoZIhvcNAQELBQADggEBAIxM//bBdxEnOHIRyiDpboYnwbq2V7wZ
rWh7oNdw7SkjEPYJ7FoiSGccccRh758bYBOP49gs+KUCpX9SD4EUBQV25A6dOepK
v7wGvyHV1JJOus/WYRdFIKUKHvKKPffugksHZGmOrs2b4epT7h97AfW11Z6Z9vi2
oZIzaCMeyXFHcTU1S1Q2lO4L2BcVRHSJ6+wNpijOwbLnP1a+NHvVRC7mjNn2v2V8
fE8tu0IDKpz1hGqXqDxq+yyoZUvzzgwllwJ0uYvloZLE2NaoKKe1Rq6umIGaDvAX
1VGy0QG9YAGX3DvLgh9Eyy4sv36ZHdJqtlXrHzKcfrcGzDcz/60duTI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:22:14 2024 by rpki-client on console-ams.rpki-client.org