Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/a14020-1bfb-4133-afce-d5e45f2ca879/1/HYIm1daCUpk7vhu5P57SMDIdm24.roa
File:                     HYIm1daCUpk7vhu5P57SMDIdm24.roa (raw, json)
Hash identifier:          20SsFTDAe3meatPDuag2i8G27/zvHBb7ZUqo/lzAWi0=
Subject key identifier:   1D:82:26:D5:D6:82:52:99:3B:BE:1B:B9:3F:9E:D2:30:32:1D:9B:6E
Certificate issuer:       /CN=e08e17a781b64119a3a6357000254f5b795b0da8
Certificate serial:       018CC5DC7329235345C6CD2596D9DFF7C765
Authority key identifier: E0:8E:17:A7:81:B6:41:19:A3:A6:35:70:00:25:4F:5B:79:5B:0D:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4I4Xp4G2QRmjpjVwACVPW3lbDag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/a14020-1bfb-4133-afce-d5e45f2ca879/1/HYIm1daCUpk7vhu5P57SMDIdm24.roa
Signing time:             Mon 01 Jan 2024 16:30:08 +0000
ROA not before:           Mon 01 Jan 2024 16:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61343
IP address blocks:        185.27.84.0/22 maxlen: 22
                          192.76.166.0/24 maxlen: 24
                          192.76.168.0/24 maxlen: 24
                          185.10.36.0/22 maxlen: 22
                          192.76.167.0/24 maxlen: 24
                          192.76.169.0/24 maxlen: 24
                          2a03:5540::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/a14020-1bfb-4133-afce-d5e45f2ca879/1/4I4Xp4G2QRmjpjVwACVPW3lbDag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/a14020-1bfb-4133-afce-d5e45f2ca879/1/4I4Xp4G2QRmjpjVwACVPW3lbDag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4I4Xp4G2QRmjpjVwACVPW3lbDag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:73:29:23:53:45:c6:cd:25:96:d9:df:f7:c7:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e08e17a781b64119a3a6357000254f5b795b0da8
        Validity
            Not Before: Jan  1 16:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d8226d5d68252993bbe1bb93f9ed230321d9b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7c:f7:30:22:e1:46:5d:e0:a6:e8:4f:ff:e1:
                    9b:ea:e4:4c:24:95:6b:1b:7e:63:fa:77:e2:89:56:
                    9a:6e:22:ee:ae:d4:c7:85:f4:c5:a4:1c:28:a5:39:
                    da:12:2d:17:ba:c6:ff:e1:bf:44:a3:fe:3e:6f:7f:
                    27:d8:c6:9a:4d:e0:9d:3e:6e:2d:bc:bb:31:95:64:
                    27:4d:2a:b6:40:77:14:5e:80:31:69:60:b1:01:85:
                    a3:53:3d:c8:a0:17:7b:c9:d1:52:5b:99:5a:a3:f6:
                    49:ab:b4:81:61:0a:f9:f6:2e:af:ed:b1:81:10:78:
                    35:e3:00:d3:ce:69:8b:7b:33:fc:0e:86:da:04:ac:
                    dd:6c:a1:17:fa:c1:d4:9b:e5:cc:c8:47:93:5a:3e:
                    3a:1c:24:d3:ac:4c:c0:89:a9:40:33:de:00:f2:f2:
                    53:27:65:d1:01:81:ad:07:4b:37:58:ca:56:c9:da:
                    c4:0c:1d:64:87:4e:bc:04:3f:dd:09:6d:94:e6:08:
                    dd:ce:6a:f6:2d:69:4b:af:5b:42:a0:4e:56:3b:59:
                    cd:d3:2b:97:85:a0:e2:2d:76:90:86:f3:9b:52:dd:
                    73:5d:cf:5a:2a:48:18:1f:cb:57:c8:aa:ad:84:36:
                    4b:93:45:81:2f:9f:a2:f9:84:4d:60:ad:cc:88:e9:
                    12:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:82:26:D5:D6:82:52:99:3B:BE:1B:B9:3F:9E:D2:30:32:1D:9B:6E
            X509v3 Authority Key Identifier:
                keyid:E0:8E:17:A7:81:B6:41:19:A3:A6:35:70:00:25:4F:5B:79:5B:0D:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4I4Xp4G2QRmjpjVwACVPW3lbDag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a14020-1bfb-4133-afce-d5e45f2ca879/1/HYIm1daCUpk7vhu5P57SMDIdm24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a14020-1bfb-4133-afce-d5e45f2ca879/1/4I4Xp4G2QRmjpjVwACVPW3lbDag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.36.0/22
                  185.27.84.0/22
                  192.76.166.0-192.76.169.255
                IPv6:
                  2a03:5540::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:46:1f:47:70:dc:ca:dc:7a:3d:49:c7:7b:16:b8:bc:be:29:
         25:05:6f:24:b3:9c:d6:0f:00:a8:7d:47:ea:fe:a3:9c:04:2a:
         cf:40:91:7e:e6:44:d0:94:d3:b5:62:5c:87:de:40:48:78:6f:
         cc:fd:95:03:16:96:c0:2f:7b:42:17:54:5b:2c:0b:ff:52:a5:
         ac:ed:6b:af:c0:f7:c3:3a:73:a9:84:43:80:92:51:06:10:ca:
         a1:ec:52:ae:60:c8:af:68:d9:8f:da:32:c7:32:24:0e:45:4b:
         5a:3f:26:dc:01:98:18:0e:cb:e6:01:a8:14:08:b3:59:54:35:
         d8:c2:2b:b3:0d:ed:1f:6d:92:2e:99:0e:8a:14:8d:97:94:1e:
         76:1c:03:c1:73:bf:64:c3:00:a1:f9:6e:2e:51:36:f5:e9:09:
         91:3b:d8:06:02:a0:84:44:b2:ec:2c:b4:e5:c7:a3:f5:f4:59:
         a6:09:b8:e1:6d:89:46:ae:18:0b:29:a1:ee:9a:9b:d9:ed:72:
         e1:57:89:8d:08:53:c1:a5:7a:0f:af:65:c3:d9:a4:3f:e1:21:
         b3:52:97:25:c0:e6:be:ce:96:46:31:a4:16:b2:23:54:c7:ee:
         72:6c:a1:57:d8:a3:14:3f:34:d0:85:b1:16:21:32:1c:2a:4e:
         03:ae:b9:9f
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzF3HMpI1NFxs0lltnf98dlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwOGUxN2E3ODFiNjQxMTlhM2E2MzU3MDAwMjU0ZjViNzk1
YjBkYTgwHhcNMjQwMTAxMTYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDgyMjZkNWQ2ODI1Mjk5M2JiZTFiYjkzZjllZDIzMDMyMWQ5YjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3z3MCLhRl3gpuhP/+Gb6uRMJJVr
G35j+nfiiVaabiLurtTHhfTFpBwopTnaEi0Xusb/4b9Eo/4+b38n2MaaTeCdPm4t
vLsxlWQnTSq2QHcUXoAxaWCxAYWjUz3IoBd7ydFSW5lao/ZJq7SBYQr59i6v7bGB
EHg14wDTzmmLezP8DobaBKzdbKEX+sHUm+XMyEeTWj46HCTTrEzAialAM94A8vJT
J2XRAYGtB0s3WMpWydrEDB1kh068BD/dCW2U5gjdzmr2LWlLr1tCoE5WO1nN0yuX
haDiLXaQhvObUt1zXc9aKkgYH8tXyKqthDZLk0WBL5+i+YRNYK3MiOkSVQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFB2CJtXWglKZO74buT+e0jAyHZtuMB8GA1UdIwQY
MBaAFOCOF6eBtkEZo6Y1cAAlT1t5Ww2oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEk0WHA0RzJRUm1qcGpWd0FDVlBXM2xiRGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9hMTQwMjAtMWJmYi00MTMzLWFmY2Ut
ZDVlNDVmMmNhODc5LzEvSFlJbTFkYUNVcGs3dmh1NVA1N1NNRElkbTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9hMTQwMjAtMWJmYi00MTMzLWFmY2UtZDVlNDVmMmNhODc5
LzEvNEk0WHA0RzJRUm1qcGpWd0FDVlBXM2xiRGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQCuQokAwQC
uRtUMAwDBAHATKYDBAHATKgwDQQCAAIwBwMFACoDVUAwDQYJKoZIhvcNAQELBQAD
ggEBAH1GH0dw3Mrcej1Jx3sWuLy+KSUFbySznNYPAKh9R+r+o5wEKs9AkX7mRNCU
07ViXIfeQEh4b8z9lQMWlsAve0IXVFssC/9Spazta6/A98M6c6mEQ4CSUQYQyqHs
Uq5gyK9o2Y/aMscyJA5FS1o/JtwBmBgOy+YBqBQIs1lUNdjCK7MN7R9tki6ZDooU
jZeUHnYcA8Fzv2TDAKH5bi5RNvXpCZE72AYCoIREsuwstOXHo/X0WaYJuOFtiUau
GAspoe6am9ntcuFXiY0IU8Gleg+vZcPZpD/hIbNSlyXA5r7OlkYxpBayI1TH7nJs
oVfYoxQ/NNCFsRYhMhwqTgOuuZ8=
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:49:27 2024 by rpki-client on console-fra.rpki-client.org