Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/HIOBd326bH0ki5scekIECYzvVmQ.roa
File:                     HIOBd326bH0ki5scekIECYzvVmQ.roa (raw, json)
Hash identifier:          QR55rgnCxofQAX4FJyRUZVpUkReS3R3bKmGCfXvCBvE=
Subject key identifier:   1C:83:81:77:7D:BA:6C:7D:24:8B:9B:1C:7A:42:04:09:8C:EF:56:64
Certificate issuer:       /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial:       0190922D82E0D62821D746F5CED9AF143812
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/HIOBd326bH0ki5scekIECYzvVmQ.roa
Signing time:             Mon 08 Jul 2024 11:49:34 +0000
ROA not before:           Mon 08 Jul 2024 11:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42651
IP address blocks:        45.88.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:2d:82:e0:d6:28:21:d7:46:f5:ce:d9:af:14:38:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
        Validity
            Not Before: Jul  8 11:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c8381777dba6c7d248b9b1c7a4204098cef5664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:de:35:16:e5:30:1a:08:83:f8:81:91:64:95:
                    ae:b4:6a:d9:75:a1:e0:d7:47:a4:0d:31:d5:65:f8:
                    d2:ef:52:6f:7a:5a:6d:5a:f1:94:16:c8:bf:06:c0:
                    b7:18:c1:e9:1b:44:97:b8:3a:70:4c:11:3c:63:f3:
                    00:09:ff:75:22:94:1a:34:d4:ee:b1:23:c0:19:c9:
                    27:40:a1:56:5c:fa:60:1b:af:75:b2:8d:48:71:5a:
                    09:38:ef:db:27:4c:fc:9d:8a:75:cc:51:bf:1a:80:
                    a6:a2:5c:55:47:c8:ff:8f:2f:58:42:fc:cf:7b:a1:
                    49:6f:93:75:23:c5:5c:60:1a:c5:b1:a6:7c:02:0f:
                    2d:79:57:25:5c:c9:27:05:a9:44:cf:d8:33:4d:a3:
                    9f:03:a3:c2:06:dd:2d:f5:4c:60:b9:9f:41:b8:45:
                    b9:31:4b:c4:ac:1c:42:9f:91:d7:58:1f:b3:61:63:
                    da:b8:3c:9d:80:06:e4:fb:72:fc:e8:e3:e0:ae:78:
                    18:83:13:f9:f6:b2:00:2a:60:10:7b:cd:13:fc:f7:
                    84:2d:f9:fc:e9:64:ea:99:de:13:7e:b9:a9:2b:13:
                    75:0a:d4:44:1c:ef:21:b9:22:a7:64:92:6d:cd:d4:
                    6c:79:6b:8a:60:55:1d:e0:3c:e1:d7:11:23:72:de:
                    ac:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:83:81:77:7D:BA:6C:7D:24:8B:9B:1C:7A:42:04:09:8C:EF:56:64
            X509v3 Authority Key Identifier:
                keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/HIOBd326bH0ki5scekIECYzvVmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:06:44:6b:ba:b3:18:bf:54:3f:67:9b:f1:31:10:54:29:16:
         e7:3b:bb:10:e4:a9:3e:18:97:be:26:e9:ce:b5:4c:05:39:a6:
         32:5b:c7:ed:41:81:a9:ee:68:ea:5a:f0:3d:78:dc:a1:09:3a:
         a8:7a:21:6b:e3:45:09:5e:9d:01:8c:06:40:dd:92:0c:97:e3:
         1d:aa:e1:fa:8a:14:63:04:65:cd:91:be:f7:40:51:81:15:82:
         87:19:40:f6:ed:a4:92:5b:da:ff:fb:6a:10:9f:8c:35:f0:9d:
         1c:a1:42:69:db:b7:3e:0b:c7:3c:fc:d4:01:a9:f7:c8:2e:d6:
         ba:11:91:2b:3e:bb:97:dd:9f:60:c3:3f:d9:f9:29:b1:75:b1:
         7a:7a:95:28:3a:13:5b:42:e9:fc:8c:cd:a0:02:ad:92:fc:36:
         eb:de:17:cb:d9:fb:d1:ae:e6:d0:73:7a:de:3a:91:7d:3c:7f:
         ab:09:29:b9:8b:fe:7a:21:f4:96:ba:73:74:d0:a9:38:99:37:
         04:8d:c1:e4:8d:52:71:f1:73:fa:90:69:6a:ab:46:e1:aa:02:
         1a:09:45:de:cb:c3:ba:24:92:b5:e6:cd:75:77:fc:d0:ab:af:
         b2:da:81:b8:a7:1a:c2:05:35:b7:12:9f:4c:70:b5:41:3b:3c:
         85:6e:b9:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCSLYLg1igh10b1ztmvFDgSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjQwNzA4MTE0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzgzODE3NzdkYmE2YzdkMjQ4YjliMWM3YTQyMDQwOThjZWY1NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN41FuUwGgiD+IGRZJWutGrZdaHg
10ekDTHVZfjS71JvelptWvGUFsi/BsC3GMHpG0SXuDpwTBE8Y/MACf91IpQaNNTu
sSPAGcknQKFWXPpgG691so1IcVoJOO/bJ0z8nYp1zFG/GoCmolxVR8j/jy9YQvzP
e6FJb5N1I8VcYBrFsaZ8Ag8teVclXMknBalEz9gzTaOfA6PCBt0t9UxguZ9BuEW5
MUvErBxCn5HXWB+zYWPauDydgAbk+3L86OPgrngYgxP59rIAKmAQe80T/PeELfn8
6WTqmd4TfrmpKxN1CtREHO8huSKnZJJtzdRseWuKYFUd4Dzh1xEjct6sUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByDgXd9umx9JIubHHpCBAmM71ZkMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvSElPQmQzMjZiSDBraTVzY2VrSUVDWXp2Vm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVjLMA0G
CSqGSIb3DQEBCwUAA4IBAQBbBkRrurMYv1Q/Z5vxMRBUKRbnO7sQ5Kk+GJe+JunO
tUwFOaYyW8ftQYGp7mjqWvA9eNyhCTqoeiFr40UJXp0BjAZA3ZIMl+MdquH6ihRj
BGXNkb73QFGBFYKHGUD27aSSW9r/+2oQn4w18J0coUJp27c+C8c8/NQBqffILta6
EZErPruX3Z9gwz/Z+SmxdbF6epUoOhNbQun8jM2gAq2S/Dbr3hfL2fvRrubQc3re
OpF9PH+rCSm5i/56IfSWunN00Kk4mTcEjcHkjVJx8XP6kGlqq0bhqgIaCUXey8O6
JJK15s11d/zQq6+y2oG4pxrCBTW3Ep9McLVBOzyFbrk8
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:38:14 2024 by rpki-client on console-ams.rpki-client.org