Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a9399b-f867-4802-8c67-dbf2b3769445/1/Hkh_qGKppZoXWfA5hvoelEJmXmg.roa
File:                     Hkh_qGKppZoXWfA5hvoelEJmXmg.roa (raw, json)
Hash identifier:          wBt51B9KN5u8/Ub60El17ljTF9Uvdh07C9BukufdT2E=
Subject key identifier:   1E:48:7F:A8:62:A9:A5:9A:17:59:F0:39:86:FA:1E:94:42:66:5E:68
Certificate issuer:       /CN=0a97c0c818868373c4014715053adaf61af1da1d
Certificate serial:       018CC794836F87FAD0FB920AC138CFFD3CBF
Authority key identifier: 0A:97:C0:C8:18:86:83:73:C4:01:47:15:05:3A:DA:F6:1A:F1:DA:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CpfAyBiGg3PEAUcVBTra9hrx2h0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a9399b-f867-4802-8c67-dbf2b3769445/1/Hkh_qGKppZoXWfA5hvoelEJmXmg.roa
Signing time:             Tue 02 Jan 2024 00:30:48 +0000
ROA not before:           Tue 02 Jan 2024 00:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        185.180.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a9399b-f867-4802-8c67-dbf2b3769445/1/CpfAyBiGg3PEAUcVBTra9hrx2h0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a9399b-f867-4802-8c67-dbf2b3769445/1/CpfAyBiGg3PEAUcVBTra9hrx2h0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CpfAyBiGg3PEAUcVBTra9hrx2h0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:83:6f:87:fa:d0:fb:92:0a:c1:38:cf:fd:3c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a97c0c818868373c4014715053adaf61af1da1d
        Validity
            Not Before: Jan  2 00:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e487fa862a9a59a1759f03986fa1e9442665e68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9d:e0:92:76:65:98:4d:16:4a:ba:90:6d:5a:
                    63:5f:8a:ac:a7:e6:fe:bd:3b:ef:6c:61:ff:d9:96:
                    6c:40:3d:30:7a:2e:97:94:cf:c1:f1:ce:a7:3d:2b:
                    dc:9d:2e:50:0b:62:d1:1b:16:cb:42:7b:b0:01:d5:
                    2f:42:6e:2c:a2:d2:29:3b:47:79:c4:74:a1:a7:0b:
                    ac:28:c2:c8:a9:e0:42:c2:38:ba:80:1b:f3:90:aa:
                    55:d7:c3:cb:96:7c:86:78:da:1d:43:60:3e:31:d3:
                    c4:d9:12:78:d9:f1:b1:11:5e:4d:5e:6c:68:5b:f7:
                    27:c2:27:87:fa:0d:b8:0e:e2:c0:e1:1b:e1:e1:d5:
                    8a:f8:e2:f6:ae:8f:1e:d3:09:c7:5b:07:cd:7c:9a:
                    21:35:20:36:54:88:ee:75:34:86:22:b8:95:52:11:
                    9c:5c:e4:a3:46:ed:15:4b:49:59:62:85:51:f5:33:
                    09:be:6d:73:bc:e6:95:e1:da:b6:8b:37:c0:ca:67:
                    08:cd:b8:e0:ad:91:e5:ae:46:ca:ce:66:3d:8b:b2:
                    a8:e0:ae:9b:af:f3:aa:1a:42:79:23:81:32:d2:9e:
                    1b:ef:28:95:21:68:49:2a:65:cf:8d:41:08:c4:d9:
                    6b:f1:10:23:84:8c:1b:42:14:fd:79:d7:53:14:b5:
                    52:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:48:7F:A8:62:A9:A5:9A:17:59:F0:39:86:FA:1E:94:42:66:5E:68
            X509v3 Authority Key Identifier:
                keyid:0A:97:C0:C8:18:86:83:73:C4:01:47:15:05:3A:DA:F6:1A:F1:DA:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CpfAyBiGg3PEAUcVBTra9hrx2h0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a9399b-f867-4802-8c67-dbf2b3769445/1/Hkh_qGKppZoXWfA5hvoelEJmXmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a9399b-f867-4802-8c67-dbf2b3769445/1/CpfAyBiGg3PEAUcVBTra9hrx2h0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:b8:86:47:fb:39:5a:a0:ae:14:1b:bc:09:06:d5:1e:e7:98:
         49:b2:a0:6b:34:73:ad:67:4b:2c:2c:30:e1:4d:b7:57:e7:b1:
         00:32:71:a6:91:62:4a:d3:81:d4:95:fd:f5:47:43:07:9b:da:
         fa:82:92:88:aa:e0:30:fc:b5:ea:3b:07:1c:0c:a1:26:30:f9:
         a7:3b:6a:d8:16:cc:0b:83:70:cb:33:c4:4b:11:b0:b0:08:ec:
         91:93:ec:d4:d1:aa:52:0c:31:00:7b:1d:37:eb:d0:2f:0d:23:
         07:9d:55:b3:bc:00:bf:2c:ed:26:1b:49:9e:c1:92:fc:00:e9:
         b9:16:e3:b2:6d:ee:5a:10:59:79:da:0e:36:22:09:c7:02:0b:
         a2:1a:3f:17:45:fd:10:79:07:b7:95:2c:a7:40:39:95:70:32:
         81:57:eb:e1:44:79:1a:a5:58:06:8c:35:a1:6d:ae:8c:c7:e1:
         74:9f:b0:33:31:26:5e:55:d9:0a:bd:65:23:ff:c7:b9:56:05:
         58:87:da:0f:5f:66:38:bc:f0:f4:b3:82:23:3a:f6:a6:8d:5d:
         d3:da:57:91:9d:60:db:3a:56:e7:40:21:19:24:65:3d:9a:bd:
         a6:cc:10:6d:0a:a3:47:89:91:31:aa:9d:c2:86:39:60:89:d2:
         b2:b6:35:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlINvh/rQ+5IKwTjP/Ty/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhOTdjMGM4MTg4NjgzNzNjNDAxNDcxNTA1M2FkYWY2MWFm
MWRhMWQwHhcNMjQwMTAyMDAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQ4N2ZhODYyYTlhNTlhMTc1OWYwMzk4NmZhMWU5NDQyNjY1ZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ3gknZlmE0WSrqQbVpjX4qsp+b+
vTvvbGH/2ZZsQD0wei6XlM/B8c6nPSvcnS5QC2LRGxbLQnuwAdUvQm4sotIpO0d5
xHShpwusKMLIqeBCwji6gBvzkKpV18PLlnyGeNodQ2A+MdPE2RJ42fGxEV5NXmxo
W/cnwieH+g24DuLA4Rvh4dWK+OL2ro8e0wnHWwfNfJohNSA2VIjudTSGIriVUhGc
XOSjRu0VS0lZYoVR9TMJvm1zvOaV4dq2izfAymcIzbjgrZHlrkbKzmY9i7Ko4K6b
r/OqGkJ5I4Ey0p4b7yiVIWhJKmXPjUEIxNlr8RAjhIwbQhT9eddTFLVScQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5If6hiqaWaF1nwOYb6HpRCZl5oMB8GA1UdIwQY
MBaAFAqXwMgYhoNzxAFHFQU62vYa8dodMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3BmQXlCaUdnM1BFQVVjVkJUcmE5aHJ4MmgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hOTM5OWItZjg2Ny00ODAyLThjNjct
ZGJmMmIzNzY5NDQ1LzEvSGtoX3FHS3BwWm9YV2ZBNWh2b2VsRUptWG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hOTM5OWItZjg2Ny00ODAyLThjNjctZGJmMmIzNzY5NDQ1
LzEvQ3BmQXlCaUdnM1BFQVVjVkJUcmE5aHJ4MmgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubQOMA0G
CSqGSIb3DQEBCwUAA4IBAQCYuIZH+zlaoK4UG7wJBtUe55hJsqBrNHOtZ0ssLDDh
TbdX57EAMnGmkWJK04HUlf31R0MHm9r6gpKIquAw/LXqOwccDKEmMPmnO2rYFswL
g3DLM8RLEbCwCOyRk+zU0apSDDEAex0369AvDSMHnVWzvAC/LO0mG0mewZL8AOm5
FuOybe5aEFl52g42IgnHAguiGj8XRf0QeQe3lSynQDmVcDKBV+vhRHkapVgGjDWh
ba6Mx+F0n7AzMSZeVdkKvWUj/8e5VgVYh9oPX2Y4vPD0s4IjOvamjV3T2leRnWDb
OlbnQCEZJGU9mr2mzBBtCqNHiZExqp3ChjlgidKytjWe
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:34:42 2024 by rpki-client on console-fra.rpki-client.org