Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/HDILnjmhtcEJk46AQcpCMkCLoA8.roa
File:                     HDILnjmhtcEJk46AQcpCMkCLoA8.roa (raw, json)
Hash identifier:          RKyE3trmJiGqNtjuvNCycAFA3dGIi6wfCWONyfSdxXk=
Subject key identifier:   1C:32:0B:9E:39:A1:B5:C1:09:93:8E:80:41:CA:42:32:40:8B:A0:0F
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       0194266A2ADE7E5CE116515FA3C3347975B6
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/HDILnjmhtcEJk46AQcpCMkCLoA8.roa
Signing time:             Thu 02 Jan 2025 09:47:59 +0000
ROA not before:           Thu 02 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52179
IP address blocks:        185.138.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:2a:de:7e:5c:e1:16:51:5f:a3:c3:34:79:75:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  2 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c320b9e39a1b5c109938e8041ca4232408ba00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8c:ed:42:08:e0:65:96:fa:f2:29:82:60:d0:
                    00:ec:dd:a7:66:7d:de:74:9d:af:81:52:23:b8:25:
                    4c:71:66:59:ef:97:3c:5e:df:b8:c9:d1:f6:48:5f:
                    8a:74:5b:0a:f6:a4:c9:20:f8:97:6c:ba:3f:81:6d:
                    81:f6:63:71:19:87:55:15:ad:26:e8:1e:39:66:8a:
                    c7:33:0c:26:bf:ed:10:19:bb:70:8b:7e:34:76:15:
                    e5:44:c2:53:9e:4c:0a:c2:20:38:d7:e0:96:b2:48:
                    6e:0b:87:3b:27:c7:0e:58:dd:b2:c2:17:b7:54:fe:
                    8b:da:b0:3d:2a:00:84:32:cd:8f:e4:e1:d0:d6:f5:
                    b8:df:14:1b:ca:d4:d6:b7:5f:ec:ba:f0:45:47:32:
                    e1:22:27:6e:5a:7e:5b:6f:8c:77:eb:f9:18:21:7b:
                    f2:e0:96:fa:fc:b6:ce:3c:50:74:da:e4:ab:5e:88:
                    ab:a1:38:15:c5:07:04:ee:9b:1d:11:e6:81:e7:f3:
                    91:28:30:b6:cd:96:da:6b:3a:e4:da:65:a3:8a:cd:
                    44:c2:6d:9f:95:df:dd:ee:c7:08:a6:ac:31:5e:2f:
                    17:ce:79:74:41:6d:3f:54:95:fc:cf:a0:0e:f5:8c:
                    33:4e:20:3a:a4:0c:11:49:58:0c:9c:7b:82:71:6e:
                    69:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:32:0B:9E:39:A1:B5:C1:09:93:8E:80:41:CA:42:32:40:8B:A0:0F
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/HDILnjmhtcEJk46AQcpCMkCLoA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ac:29:2b:ef:09:a0:1d:13:e5:e0:fb:da:c7:23:3d:1a:0e:
         da:da:ef:15:04:8f:e2:0d:56:80:74:7a:c3:1a:c6:a1:f6:47:
         98:b1:01:c2:7e:25:b2:12:7a:1c:ef:eb:29:b1:f2:0f:38:94:
         f2:46:a4:23:00:48:c6:f5:10:be:a7:85:f9:a5:fe:b2:8f:c3:
         5c:af:52:be:d1:fc:a5:f3:27:1f:a4:f5:d1:d7:5f:d5:3b:57:
         35:c6:0d:07:96:2f:64:ac:c8:67:64:04:db:2a:be:d3:ba:89:
         aa:76:ed:da:5a:e0:03:49:ed:8e:ae:28:37:78:47:05:93:09:
         5f:b4:8f:fa:3d:58:65:35:a8:fb:34:a4:53:5f:ef:20:3c:6d:
         08:c0:e4:f1:d4:d1:13:dc:f7:bc:1f:b5:74:da:62:59:cc:f0:
         87:ba:58:15:be:cd:94:80:1e:c7:b8:87:45:67:30:35:6c:e4:
         de:a2:67:af:e1:58:17:a0:4c:a0:b1:cf:6b:d0:10:ad:ea:f3:
         81:23:0b:34:b8:74:f8:70:9e:e6:7e:d8:7a:40:49:72:50:5f:
         26:75:9e:4f:1b:fd:73:82:e1:2a:28:b4:0a:8d:62:78:cc:c2:
         c8:53:24:a1:a1:ed:92:9c:34:19:39:57:e6:9b:55:d3:3b:a8:
         b0:cf:0f:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaireflzhFlFfo8M0eXW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjUwMTAyMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzMyMGI5ZTM5YTFiNWMxMDk5MzhlODA0MWNhNDIzMjQwOGJhMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IztQgjgZZb68imCYNAA7N2nZn3e
dJ2vgVIjuCVMcWZZ75c8Xt+4ydH2SF+KdFsK9qTJIPiXbLo/gW2B9mNxGYdVFa0m
6B45ZorHMwwmv+0QGbtwi340dhXlRMJTnkwKwiA41+CWskhuC4c7J8cOWN2ywhe3
VP6L2rA9KgCEMs2P5OHQ1vW43xQbytTWt1/suvBFRzLhIiduWn5bb4x36/kYIXvy
4Jb6/LbOPFB02uSrXoiroTgVxQcE7psdEeaB5/ORKDC2zZbaazrk2mWjis1Ewm2f
ld/d7scIpqwxXi8Xznl0QW0/VJX8z6AO9YwzTiA6pAwRSVgMnHuCcW5p1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwyC545obXBCZOOgEHKQjJAi6APMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvSERJTG5qbWh0Y0VKazQ2QVFjcENNa0NMb0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYrlMA0G
CSqGSIb3DQEBCwUAA4IBAQAbrCkr7wmgHRPl4PvaxyM9Gg7a2u8VBI/iDVaAdHrD
Gsah9keYsQHCfiWyEnoc7+spsfIPOJTyRqQjAEjG9RC+p4X5pf6yj8Ncr1K+0fyl
8ycfpPXR11/VO1c1xg0Hli9krMhnZATbKr7Tuomqdu3aWuADSe2Orig3eEcFkwlf
tI/6PVhlNaj7NKRTX+8gPG0IwOTx1NET3Pe8H7V02mJZzPCHulgVvs2UgB7HuIdF
ZzA1bOTeomev4VgXoEygsc9r0BCt6vOBIws0uHT4cJ7mfth6QElyUF8mdZ5PG/1z
guEqKLQKjWJ4zMLIUyShoe2SnDQZOVfmm1XTO6iwzw8N
-----END CERTIFICATE-----