Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/31cbc8-3c23-4bdf-83a4-bcd3302810e3/1/HtaLZmDxk1WGveejRAoZU0QIGd4.roa
File:                     HtaLZmDxk1WGveejRAoZU0QIGd4.roa (raw, json)
Hash identifier:          UjZO03M0qlsVGTgmyrS94D4YFxu11EWolCt3fYO0ww0=
Subject key identifier:   1E:D6:8B:66:60:F1:93:55:86:BD:E7:A3:44:0A:19:53:44:08:19:DE
Certificate issuer:       /CN=5a4acd21123f9e75a92a0e6d4b26f9e9c963675f
Certificate serial:       018CC9BCAF521F06AC83DC8D645C78586B61
Authority key identifier: 5A:4A:CD:21:12:3F:9E:75:A9:2A:0E:6D:4B:26:F9:E9:C9:63:67:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkrNIRI_nnWpKg5tSyb56cljZ18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/31cbc8-3c23-4bdf-83a4-bcd3302810e3/1/HtaLZmDxk1WGveejRAoZU0QIGd4.roa
Signing time:             Tue 02 Jan 2024 10:33:55 +0000
ROA not before:           Tue 02 Jan 2024 10:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209959
IP address blocks:        185.215.92.0/22 maxlen: 22
                          2a02:fc40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/31cbc8-3c23-4bdf-83a4-bcd3302810e3/1/WkrNIRI_nnWpKg5tSyb56cljZ18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/31cbc8-3c23-4bdf-83a4-bcd3302810e3/1/WkrNIRI_nnWpKg5tSyb56cljZ18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkrNIRI_nnWpKg5tSyb56cljZ18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:af:52:1f:06:ac:83:dc:8d:64:5c:78:58:6b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4acd21123f9e75a92a0e6d4b26f9e9c963675f
        Validity
            Not Before: Jan  2 10:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ed68b6660f1935586bde7a3440a1953440819de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1f:6b:cb:c3:22:38:3b:2d:91:ca:b4:93:19:
                    4d:80:2c:84:14:75:33:3d:98:3d:a0:2e:09:9c:18:
                    ea:16:32:b7:76:38:36:bb:cc:48:c8:28:f9:7f:1f:
                    02:1b:aa:45:45:95:b3:53:ad:3b:4d:8d:58:d1:c0:
                    80:65:9a:98:0f:e8:8c:8a:c5:f4:19:ea:e9:7e:e8:
                    6d:be:2a:a3:74:a0:2e:33:27:1c:9e:b3:18:c7:e1:
                    5e:6a:67:b0:81:16:e6:33:02:ce:b0:3d:6d:c5:3a:
                    64:e1:2c:3b:e0:17:8d:38:d1:69:56:cd:1b:a2:c5:
                    aa:b1:dc:9a:63:d4:a9:22:eb:e2:fc:a6:1f:2e:fc:
                    ed:45:b4:ce:a4:e8:7c:94:d9:c2:78:63:d5:a6:6a:
                    d7:71:c5:05:eb:26:46:2e:8d:f4:49:32:e6:82:58:
                    94:d5:41:30:34:79:3b:99:dd:6d:5d:92:d0:f3:ba:
                    61:57:1f:67:01:2b:0e:c4:42:0f:e8:d0:9b:42:27:
                    94:ad:9b:85:22:4f:94:18:f5:ba:a4:d3:9f:79:71:
                    fc:fa:74:cd:06:cb:dc:0f:78:b6:c0:95:07:90:65:
                    80:af:28:ae:69:cf:bb:8d:91:87:0e:71:b4:b8:d9:
                    27:84:35:1f:af:d0:91:c0:85:69:1c:20:14:a3:55:
                    7c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D6:8B:66:60:F1:93:55:86:BD:E7:A3:44:0A:19:53:44:08:19:DE
            X509v3 Authority Key Identifier:
                keyid:5A:4A:CD:21:12:3F:9E:75:A9:2A:0E:6D:4B:26:F9:E9:C9:63:67:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkrNIRI_nnWpKg5tSyb56cljZ18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/31cbc8-3c23-4bdf-83a4-bcd3302810e3/1/HtaLZmDxk1WGveejRAoZU0QIGd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/31cbc8-3c23-4bdf-83a4-bcd3302810e3/1/WkrNIRI_nnWpKg5tSyb56cljZ18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.92.0/22
                IPv6:
                  2a02:fc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         c2:04:ae:cd:be:fa:fd:40:af:8b:3a:26:84:f8:84:88:ab:00:
         7b:94:80:c4:8d:ca:61:ec:4f:82:23:ca:32:8b:ed:a2:07:1b:
         70:06:ca:30:7d:59:28:f4:af:ee:a7:46:b9:22:59:22:7b:48:
         b1:b0:35:20:90:ea:67:2f:57:58:e7:29:c8:51:7d:1e:b2:d4:
         5a:d0:d7:68:c2:f1:f7:55:5b:b5:c3:3d:91:52:d0:c3:c9:40:
         ee:82:d7:b1:ae:84:1b:4d:2d:ce:40:41:8b:fc:45:b2:de:88:
         58:fd:7b:ed:73:c8:0b:90:44:df:3a:0e:cc:3f:fb:aa:62:9d:
         89:f7:c7:18:b0:57:b5:4f:7a:c8:ac:ad:d3:73:38:67:1a:b7:
         4d:1a:91:70:d1:7b:fb:45:4c:31:3a:41:d2:9c:b3:13:e1:43:
         67:79:9b:b5:fe:55:80:a5:4f:a7:0e:4a:dc:05:b4:2d:04:85:
         41:47:ba:55:bc:99:a3:58:c9:56:10:0e:5a:3f:82:12:d8:f6:
         7f:bd:86:f3:fb:74:3e:f4:79:9b:9f:e4:6f:1a:c1:97:79:34:
         b5:4b:b6:a2:b3:69:d0:78:68:09:2f:a2:45:f1:f9:a4:4a:e2:
         30:45:88:a7:1b:09:97:d4:c1:6b:46:60:d3:87:c6:51:7f:c7:
         3f:a5:57:4a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvK9SHwasg9yNZFx4WGthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGFjZDIxMTIzZjllNzVhOTJhMGU2ZDRiMjZmOWU5Yzk2
MzY3NWYwHhcNMjQwMTAyMTAzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ2OGI2NjYwZjE5MzU1ODZiZGU3YTM0NDBhMTk1MzQ0MDgxOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlR9ry8MiODstkcq0kxlNgCyEFHUz
PZg9oC4JnBjqFjK3djg2u8xIyCj5fx8CG6pFRZWzU607TY1Y0cCAZZqYD+iMisX0
GerpfuhtviqjdKAuMyccnrMYx+FeamewgRbmMwLOsD1txTpk4Sw74BeNONFpVs0b
osWqsdyaY9SpIuvi/KYfLvztRbTOpOh8lNnCeGPVpmrXccUF6yZGLo30STLmgliU
1UEwNHk7md1tXZLQ87phVx9nASsOxEIP6NCbQieUrZuFIk+UGPW6pNOfeXH8+nTN
BsvcD3i2wJUHkGWAryiuac+7jZGHDnG0uNknhDUfr9CRwIVpHCAUo1V8BwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB7Wi2Zg8ZNVhr3no0QKGVNECBneMB8GA1UdIwQY
MBaAFFpKzSESP551qSoObUsm+enJY2dfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2tyTklSSV9ubldwS2c1dFN5YjU2Y2xqWjE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8zMWNiYzgtM2MyMy00YmRmLTgzYTQt
YmNkMzMwMjgxMGUzLzEvSHRhTFptRHhrMVdHdmVlalJBb1pVMFFJR2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8zMWNiYzgtM2MyMy00YmRmLTgzYTQtYmNkMzMwMjgxMGUz
LzEvV2tyTklSSV9ubldwS2c1dFN5YjU2Y2xqWjE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuddcMA0E
AgACMAcDBQMqAvxAMA0GCSqGSIb3DQEBCwUAA4IBAQDCBK7Nvvr9QK+LOiaE+ISI
qwB7lIDEjcph7E+CI8oyi+2iBxtwBsowfVko9K/up0a5Ilkie0ixsDUgkOpnL1dY
5ynIUX0estRa0NdowvH3VVu1wz2RUtDDyUDugtexroQbTS3OQEGL/EWy3ohY/Xvt
c8gLkETfOg7MP/uqYp2J98cYsFe1T3rIrK3TczhnGrdNGpFw0Xv7RUwxOkHSnLMT
4UNneZu1/lWApU+nDkrcBbQtBIVBR7pVvJmjWMlWEA5aP4IS2PZ/vYbz+3Q+9Hmb
n+RvGsGXeTS1S7ais2nQeGgJL6JF8fmkSuIwRYinGwmX1MFrRmDTh8ZRf8c/pVdK
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:59:02 2024 by rpki-client on console-fra.rpki-client.org