Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/1-HL-OdOeoc0m0SATYXxQK6IgqQc.roa
File:                     1-HL-OdOeoc0m0SATYXxQK6IgqQc.roa (raw, json)
Hash identifier:          7YFOgkqgjrMbvbKd11ARpbaiU+siCmXEjyRumeoxFjg=
Subject key identifier:   F8:72:FE:39:D3:9E:A1:CD:26:D1:20:13:61:7C:50:2B:A2:20:A9:07
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC80166F4F680C2807DFEF1BC6D8A9642
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/1-HL-OdOeoc0m0SATYXxQK6IgqQc.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207200
IP address blocks:        2a0e:1cc0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:66:f4:f6:80:c2:80:7d:fe:f1:bc:6d:8a:96:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f872fe39d39ea1cd26d12013617c502ba220a907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b1:6f:c6:52:d8:87:dc:05:a7:e3:df:ee:15:
                    0d:15:6e:6c:04:a6:1c:57:26:ba:b1:0a:b8:14:0b:
                    6b:d8:42:cf:31:99:98:d6:5f:bb:41:11:21:de:2f:
                    73:f5:78:01:60:22:ea:b4:b4:a3:a6:ab:a1:49:80:
                    ae:f9:61:51:38:7a:38:54:36:a2:8e:45:f8:b9:3b:
                    d8:dc:d9:93:4f:e6:81:57:ca:9a:73:f1:85:ec:08:
                    9e:b8:20:d6:d0:eb:ee:2f:40:77:f0:28:ae:d9:80:
                    b7:7f:15:c3:f1:5c:3d:95:b8:21:5e:f2:15:5b:03:
                    17:61:35:89:db:8b:08:7d:a1:79:5f:6b:83:8e:94:
                    97:45:1d:e2:08:e1:46:92:c2:fa:27:20:c4:bc:5c:
                    64:9d:14:f6:9e:16:51:11:31:8c:cc:ee:d2:0d:eb:
                    26:13:ef:5b:e7:b2:55:66:74:f1:70:14:c3:ce:ed:
                    51:76:9d:5f:16:48:b4:e5:d5:4a:2f:a8:ac:a1:86:
                    cf:50:59:ef:c6:51:20:f7:7c:a6:ca:41:58:b5:d1:
                    4b:31:69:f8:ee:17:5a:4e:51:45:a0:f7:17:c9:46:
                    f8:9a:a2:40:ae:ab:6f:17:21:c1:44:5a:b0:23:48:
                    25:84:51:28:66:d5:a2:ca:3c:21:80:ba:4d:d8:a1:
                    40:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:72:FE:39:D3:9E:A1:CD:26:D1:20:13:61:7C:50:2B:A2:20:A9:07
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/1-HL-OdOeoc0m0SATYXxQK6IgqQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:53:0d:3a:87:d3:af:5f:b7:32:83:cf:88:23:82:ea:e9:6a:
         ba:af:99:30:1a:d2:86:e6:58:80:36:8a:93:3d:0c:c0:15:c3:
         1c:15:ff:b8:43:80:6c:a0:3e:f5:cc:fe:d3:1b:77:07:8c:86:
         6b:88:69:1d:9d:a7:49:9c:af:8d:a0:fc:be:41:66:df:fb:68:
         11:9a:b5:a0:0b:86:c6:00:2a:db:8d:c6:7e:97:14:96:57:bc:
         57:9f:3f:db:f6:5f:89:49:ee:1a:2c:e5:b5:aa:05:f3:92:30:
         3e:47:8f:29:78:05:14:0e:b6:f7:87:bb:5b:3c:94:9a:2e:39:
         2d:79:57:55:d8:17:73:9e:eb:69:ea:5a:c9:df:97:7b:c3:6c:
         8e:a5:59:9b:fc:e2:37:3d:41:89:38:ab:7a:93:78:9f:bd:c9:
         2d:dd:55:e2:12:6c:ca:fa:7d:4e:ab:6f:9f:5e:16:09:07:26:
         31:06:7b:93:9a:e0:76:d4:f9:a0:b4:a1:50:49:96:b5:cf:ba:
         e7:b2:5b:ca:07:89:4f:e6:a2:e8:1b:c5:7b:66:31:bc:cd:f8:
         ec:b8:96:39:d2:2d:e9:0d:91:2b:ba:fe:c3:22:af:9f:10:98:
         58:73:49:c7:a5:ee:46:fe:7f:64:58:ee:12:b7:c1:b3:e4:9a:
         52:5f:4f:e0
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzIAWb09oDCgH3+8bxtipZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODcyZmUzOWQzOWVhMWNkMjZkMTIwMTM2MTdjNTAyYmEyMjBhOTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLFvxlLYh9wFp+Pf7hUNFW5sBKYc
Vya6sQq4FAtr2ELPMZmY1l+7QREh3i9z9XgBYCLqtLSjpquhSYCu+WFROHo4VDai
jkX4uTvY3NmTT+aBV8qac/GF7AieuCDW0OvuL0B38Ciu2YC3fxXD8Vw9lbghXvIV
WwMXYTWJ24sIfaF5X2uDjpSXRR3iCOFGksL6JyDEvFxknRT2nhZRETGMzO7SDesm
E+9b57JVZnTxcBTDzu1Rdp1fFki05dVKL6isoYbPUFnvxlEg93ymykFYtdFLMWn4
7hdaTlFFoPcXyUb4mqJArqtvFyHBRFqwI0glhFEoZtWiyjwhgLpN2KFAZwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPhy/jnTnqHNJtEgE2F8UCuiIKkHMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvMS1ITC1PZE9lb2MwbTBTQVRZWHhRSzZJZ3FRYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODEvMWJiNGRkLWU5YzQtNGQzZC05YTNiLTExNTlkYmZiZWQ1
NC8xLzdqRTJmZmJSaGhCeHlTdXVjbVVqTW05RnVpby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOHMAA
CDANBgkqhkiG9w0BAQsFAAOCAQEADVMNOofTr1+3MoPPiCOC6ulquq+ZMBrShuZY
gDaKkz0MwBXDHBX/uEOAbKA+9cz+0xt3B4yGa4hpHZ2nSZyvjaD8vkFm3/toEZq1
oAuGxgAq243GfpcUlle8V58/2/ZfiUnuGizltaoF85IwPkePKXgFFA6294e7WzyU
mi45LXlXVdgXc57raepayd+Xe8NsjqVZm/ziNz1BiTirepN4n73JLd1V4hJsyvp9
Tqtvn14WCQcmMQZ7k5rgdtT5oLShUEmWtc+657JbygeJT+ai6BvFe2YxvM347LiW
OdIt6Q2RK7r+wyKvnxCYWHNJx6XuRv5/ZFjuErfBs+SaUl9P4A==
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:17:42 2024 by rpki-client on console-fra.rpki-client.org