Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/e1a37d-868e-46bb-a7c8-9d2d9f6eee93/1/Hidc4CL38vBjyIrUrIeo6TV_3i8.roa
File:                     Hidc4CL38vBjyIrUrIeo6TV_3i8.roa (raw, json)
Hash identifier:          aS2LWfTjP+5fFBNNb4Aqcih97Q8rpxyMYn2/pmlIvo0=
Subject key identifier:   1E:27:5C:E0:22:F7:F2:F0:63:C8:8A:D4:AC:87:A8:E9:35:7F:DE:2F
Certificate issuer:       /CN=01471c79e9642caef6a7437f1f74c5478ae52129
Certificate serial:       018CC26D4BA4DFF661B510B72E2E0FA84CE7
Authority key identifier: 01:47:1C:79:E9:64:2C:AE:F6:A7:43:7F:1F:74:C5:47:8A:E5:21:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUcceelkLK72p0N_H3TFR4rlISk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/e1a37d-868e-46bb-a7c8-9d2d9f6eee93/1/Hidc4CL38vBjyIrUrIeo6TV_3i8.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41938
IP address blocks:        185.66.218.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/e1a37d-868e-46bb-a7c8-9d2d9f6eee93/1/AUcceelkLK72p0N_H3TFR4rlISk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/e1a37d-868e-46bb-a7c8-9d2d9f6eee93/1/AUcceelkLK72p0N_H3TFR4rlISk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUcceelkLK72p0N_H3TFR4rlISk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4b:a4:df:f6:61:b5:10:b7:2e:2e:0f:a8:4c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01471c79e9642caef6a7437f1f74c5478ae52129
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e275ce022f7f2f063c88ad4ac87a8e9357fde2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:98:d9:5a:4e:f1:68:a9:d4:9f:4e:25:97:02:
                    be:45:0d:99:7c:0f:b9:6f:46:7f:df:e1:41:28:2d:
                    3b:b6:33:b8:c4:00:e1:21:ac:9b:a3:fe:74:f9:54:
                    0e:bd:36:6c:09:35:dc:6e:16:33:fd:30:40:89:46:
                    95:74:3c:8c:13:00:8e:03:81:8b:cb:a9:bd:96:2d:
                    5b:4f:c1:a2:f8:15:6b:ce:2b:cb:4b:1f:27:0a:9d:
                    2e:c8:93:92:f1:c4:bd:d3:db:85:9b:41:03:84:09:
                    16:63:f9:d1:f6:f3:bd:ac:e9:c8:61:4f:91:3b:15:
                    49:5d:a3:fd:e5:9e:5a:04:a1:f3:44:57:95:70:95:
                    99:22:d7:ea:63:f5:c5:e8:38:02:06:8c:70:d9:80:
                    f4:10:f6:d9:a7:fa:5e:90:0c:0a:e8:b4:60:76:c5:
                    cf:da:7e:42:9d:46:b1:70:57:b1:e0:0a:2f:80:ca:
                    f2:ba:73:33:84:ae:42:bf:68:b6:68:20:67:f4:58:
                    be:ae:af:fd:28:31:8a:f7:37:7b:a7:bd:b7:9a:f6:
                    4f:9f:41:77:10:19:58:0a:82:e1:b2:48:d2:7c:21:
                    52:ee:57:b4:9c:ce:1e:c8:80:db:4e:0d:b6:95:64:
                    80:23:7d:ba:74:ea:fe:18:ec:8c:11:d0:91:84:05:
                    71:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:27:5C:E0:22:F7:F2:F0:63:C8:8A:D4:AC:87:A8:E9:35:7F:DE:2F
            X509v3 Authority Key Identifier:
                keyid:01:47:1C:79:E9:64:2C:AE:F6:A7:43:7F:1F:74:C5:47:8A:E5:21:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUcceelkLK72p0N_H3TFR4rlISk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/e1a37d-868e-46bb-a7c8-9d2d9f6eee93/1/Hidc4CL38vBjyIrUrIeo6TV_3i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/e1a37d-868e-46bb-a7c8-9d2d9f6eee93/1/AUcceelkLK72p0N_H3TFR4rlISk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:ee:15:ae:8f:b7:e8:a4:21:ed:6f:7a:e6:5b:93:95:57:5c:
         b6:c9:41:8a:4b:72:2c:5d:36:49:3e:e4:d6:db:2c:38:40:ce:
         65:8b:52:11:61:75:75:ae:c8:c4:41:d3:67:72:6e:a8:60:13:
         1f:4d:be:c9:c9:d4:eb:cf:b3:67:40:8f:42:25:4a:f0:9d:3d:
         e8:4f:ed:dd:53:3c:e6:cd:4f:e1:a7:16:72:2b:b6:e5:41:d1:
         59:37:78:03:85:8f:b4:62:44:14:ce:dc:e0:bd:a1:e8:c8:7f:
         3d:06:26:ff:f4:83:c4:e6:56:0f:33:67:67:65:f9:a5:01:1a:
         ff:ae:05:b1:08:40:a8:0a:39:71:da:49:17:89:58:d7:6a:4d:
         6e:5f:bb:9f:a2:a5:25:35:6a:55:a2:11:f2:1d:8d:6d:17:f1:
         2a:5b:9c:0a:d5:af:a0:88:c7:14:9c:54:96:75:b3:db:70:26:
         e5:e6:3e:44:65:03:81:a2:93:71:f0:a0:8a:e7:9a:20:fd:11:
         6c:88:3a:6d:7a:92:dd:59:e0:01:5a:7b:f8:d9:08:7c:78:71:
         c8:87:91:f3:84:19:e7:f7:61:87:dc:73:8a:0d:bb:45:6f:a5:
         e6:29:1d:95:df:2d:11:f8:57:b1:19:80:92:38:08:bf:ac:9f:
         65:9c:9b:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUuk3/ZhtRC3Li4PqEznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDcxYzc5ZTk2NDJjYWVmNmE3NDM3ZjFmNzRjNTQ3OGFl
NTIxMjkwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTI3NWNlMDIyZjdmMmYwNjNjODhhZDRhYzg3YThlOTM1N2ZkZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZjZWk7xaKnUn04llwK+RQ2ZfA+5
b0Z/3+FBKC07tjO4xADhIaybo/50+VQOvTZsCTXcbhYz/TBAiUaVdDyMEwCOA4GL
y6m9li1bT8Gi+BVrzivLSx8nCp0uyJOS8cS909uFm0EDhAkWY/nR9vO9rOnIYU+R
OxVJXaP95Z5aBKHzRFeVcJWZItfqY/XF6DgCBoxw2YD0EPbZp/pekAwK6LRgdsXP
2n5CnUaxcFex4AovgMryunMzhK5Cv2i2aCBn9Fi+rq/9KDGK9zd7p723mvZPn0F3
EBlYCoLhskjSfCFS7le0nM4eyIDbTg22lWSAI326dOr+GOyMEdCRhAVxOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4nXOAi9/LwY8iK1KyHqOk1f94vMB8GA1UdIwQY
MBaAFAFHHHnpZCyu9qdDfx90xUeK5SEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVjY2VlbGtMSzcycDBOX0gzVEZSNHJsSVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9lMWEzN2QtODY4ZS00NmJiLWE3Yzgt
OWQyZDlmNmVlZTkzLzEvSGlkYzRDTDM4dkJqeUlyVXJJZW82VFZfM2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9lMWEzN2QtODY4ZS00NmJiLWE3YzgtOWQyZDlmNmVlZTkz
LzEvQVVjY2VlbGtMSzcycDBOX0gzVEZSNHJsSVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuULaMA0G
CSqGSIb3DQEBCwUAA4IBAQCU7hWuj7fopCHtb3rmW5OVV1y2yUGKS3IsXTZJPuTW
2yw4QM5li1IRYXV1rsjEQdNncm6oYBMfTb7JydTrz7NnQI9CJUrwnT3oT+3dUzzm
zU/hpxZyK7blQdFZN3gDhY+0YkQUztzgvaHoyH89Bib/9IPE5lYPM2dnZfmlARr/
rgWxCECoCjlx2kkXiVjXak1uX7ufoqUlNWpVohHyHY1tF/EqW5wK1a+giMcUnFSW
dbPbcCbl5j5EZQOBopNx8KCK55og/RFsiDptepLdWeABWnv42Qh8eHHIh5HzhBnn
92GH3HOKDbtFb6XmKR2V3y0R+FexGYCSOAi/rJ9lnJsC
-----END CERTIFICATE-----