Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/HZkW0YTlwjkOYFTVWWCnicGZx_A.roa
File:                     HZkW0YTlwjkOYFTVWWCnicGZx_A.roa (raw, json)
Hash identifier:          38TnJNqz8AvHXjlYo9sG5VRHHGeHpRB6AL7rk5N9l5M=
Subject key identifier:   1D:99:16:D1:84:E5:C2:39:0E:60:54:D5:59:60:A7:89:C1:99:C7:F0
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0192337F88C8D98A5FBBF29107FBE494542A
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/HZkW0YTlwjkOYFTVWWCnicGZx_A.roa
Signing time:             Fri 27 Sep 2024 12:40:49 +0000
ROA not before:           Fri 27 Sep 2024 12:40:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201575
IP address blocks:        89.36.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:33:7f:88:c8:d9:8a:5f:bb:f2:91:07:fb:e4:94:54:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Sep 27 12:40:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d9916d184e5c2390e6054d55960a789c199c7f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:94:c8:ee:9e:a9:08:0f:8c:99:6c:55:b2:ca:
                    3d:3e:d7:31:df:a8:7e:12:bf:45:d7:47:db:4e:32:
                    a2:a6:f6:9a:1a:f5:9a:75:f8:00:7b:77:fb:84:44:
                    68:9b:0b:ae:1d:8e:f7:bf:e8:3e:5a:e5:3f:ec:db:
                    52:c1:b5:e0:ef:d2:ed:bf:5c:31:2e:ca:3c:6b:56:
                    6b:6e:e4:a9:26:1d:e7:8a:ca:33:59:30:b5:3e:e5:
                    1b:7b:8b:22:03:91:3e:6d:c5:a2:43:58:33:ec:e1:
                    64:e6:1d:69:f3:df:2d:66:39:1a:50:e0:32:02:b8:
                    5b:52:3f:76:01:bb:1b:39:ab:63:03:5d:25:bb:34:
                    39:cf:88:69:e5:d9:aa:58:75:bd:67:ea:e8:9c:0a:
                    fd:32:11:2e:11:ed:5c:f7:f2:1f:64:22:d9:bb:8a:
                    05:4a:a5:6a:72:94:75:3f:08:fa:cd:34:bc:92:42:
                    49:81:85:df:e1:3a:0f:3e:4d:e6:9a:ef:30:1d:18:
                    8e:41:90:fb:8a:3e:dd:52:66:7e:1a:a8:9e:9a:45:
                    23:3d:18:b4:fc:ae:fe:d0:d6:71:29:de:ca:c4:18:
                    e4:55:ac:be:9a:dd:a4:50:e4:1a:2e:25:81:bd:91:
                    61:79:ae:ec:76:2e:2c:7b:47:67:af:e7:c7:27:db:
                    0d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:99:16:D1:84:E5:C2:39:0E:60:54:D5:59:60:A7:89:C1:99:C7:F0
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/HZkW0YTlwjkOYFTVWWCnicGZx_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:59:c2:29:2e:32:86:7e:9b:d7:9b:d0:20:b7:b8:26:18:01:
         94:a2:61:1c:16:c6:96:19:10:dd:b9:82:19:63:dd:02:cc:f7:
         ff:cc:2f:bd:c9:5b:f3:5b:b3:9e:d6:3d:9d:8b:9e:09:24:ad:
         8e:6d:c9:9f:48:0f:b7:fc:ee:7f:e6:6e:e5:3a:a6:bc:37:37:
         e1:4b:42:3d:47:cd:ef:e3:26:67:9c:79:6f:92:cf:8c:00:c0:
         2c:43:cb:6b:13:ce:19:46:ad:3a:d8:9b:12:e3:20:07:c7:96:
         c9:a6:00:5f:85:e3:d7:2c:45:58:f1:dd:d3:53:51:2c:23:82:
         2d:6b:c9:86:27:05:c7:db:87:35:33:ae:62:c5:24:db:b1:86:
         d0:91:15:fe:0b:3c:d1:1d:fd:75:58:77:0a:e1:33:c9:4b:79:
         46:fc:ce:0c:03:12:c8:b8:5f:da:35:fc:40:5e:b6:70:02:5a:
         65:5c:01:a7:73:88:11:ce:39:cd:80:ea:50:bf:b0:00:f0:88:
         85:08:5f:19:f6:ba:32:5f:15:44:87:66:55:ff:cd:6d:65:96:
         f5:50:dd:55:47:74:92:72:60:68:a7:98:60:8d:03:93:9b:08:
         e1:69:c8:d1:66:fa:0e:c0:67:ad:b4:44:3e:bb:26:c9:37:46:
         27:b7:7b:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIzf4jI2Ypfu/KRB/vklFQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwOTI3MTI0MDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk5MTZkMTg0ZTVjMjM5MGU2MDU0ZDU1OTYwYTc4OWMxOTljN2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpTI7p6pCA+MmWxVsso9Ptcx36h+
Er9F10fbTjKipvaaGvWadfgAe3f7hERomwuuHY73v+g+WuU/7NtSwbXg79Ltv1wx
Lso8a1ZrbuSpJh3nisozWTC1PuUbe4siA5E+bcWiQ1gz7OFk5h1p898tZjkaUOAy
ArhbUj92AbsbOatjA10luzQ5z4hp5dmqWHW9Z+ronAr9MhEuEe1c9/IfZCLZu4oF
SqVqcpR1Pwj6zTS8kkJJgYXf4ToPPk3mmu8wHRiOQZD7ij7dUmZ+GqiemkUjPRi0
/K7+0NZxKd7KxBjkVay+mt2kUOQaLiWBvZFhea7sdi4se0dnr+fHJ9sN9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2ZFtGE5cI5DmBU1Vlgp4nBmcfwMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSFprVzBZVGx3amtPWUZUVldXQ25pY0daeF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSSJMA0G
CSqGSIb3DQEBCwUAA4IBAQBlWcIpLjKGfpvXm9Agt7gmGAGUomEcFsaWGRDduYIZ
Y90CzPf/zC+9yVvzW7Oe1j2di54JJK2ObcmfSA+3/O5/5m7lOqa8NzfhS0I9R83v
4yZnnHlvks+MAMAsQ8trE84ZRq062JsS4yAHx5bJpgBfhePXLEVY8d3TU1EsI4It
a8mGJwXH24c1M65ixSTbsYbQkRX+CzzRHf11WHcK4TPJS3lG/M4MAxLIuF/aNfxA
XrZwAlplXAGnc4gRzjnNgOpQv7AA8IiFCF8Z9royXxVEh2ZV/81tZZb1UN1VR3SS
cmBop5hgjQOTmwjhacjRZvoOwGettEQ+uybJN0Ynt3uY
-----END CERTIFICATE-----