Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/15541d-a7ba-4710-a5cf-965cc208ee40/1/Hwcr17k6nFVkLFrViUaD6qHvDSw.roa
File:                     Hwcr17k6nFVkLFrViUaD6qHvDSw.roa (raw, json)
Hash identifier:          udyFCtEWWV2LQCaVFnaT+HTl6eBdyElBciT60nybhjI=
Subject key identifier:   1F:07:2B:D7:B9:3A:9C:55:64:2C:5A:D5:89:46:83:EA:A1:EF:0D:2C
Certificate issuer:       /CN=46d6ebea6e6ea9e6006a81344d1163fbec4fa848
Certificate serial:       018FB413B9B0D01A5C9667E54D126EEBEEC4
Authority key identifier: 46:D6:EB:EA:6E:6E:A9:E6:00:6A:81:34:4D:11:63:FB:EC:4F:A8:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rtbr6m5uqeYAaoE0TRFj--xPqEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/15541d-a7ba-4710-a5cf-965cc208ee40/1/Hwcr17k6nFVkLFrViUaD6qHvDSw.roa
Signing time:             Sun 26 May 2024 08:45:42 +0000
ROA not before:           Sun 26 May 2024 08:45:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214905
IP address blocks:        185.222.40.0/24 maxlen: 24
                          2a14:4ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/15541d-a7ba-4710-a5cf-965cc208ee40/1/Rtbr6m5uqeYAaoE0TRFj--xPqEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/15541d-a7ba-4710-a5cf-965cc208ee40/1/Rtbr6m5uqeYAaoE0TRFj--xPqEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rtbr6m5uqeYAaoE0TRFj--xPqEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b4:13:b9:b0:d0:1a:5c:96:67:e5:4d:12:6e:eb:ee:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d6ebea6e6ea9e6006a81344d1163fbec4fa848
        Validity
            Not Before: May 26 08:45:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f072bd7b93a9c55642c5ad5894683eaa1ef0d2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c4:ab:2e:c8:a9:0d:68:a0:99:f3:6e:00:d8:
                    16:c2:de:f3:6d:ab:56:93:91:b3:25:5f:6c:ac:05:
                    db:ea:44:b3:e7:ef:f6:35:db:12:f3:3a:e7:47:a1:
                    5c:fb:af:3e:39:a0:0c:44:1b:e9:4d:0e:af:07:9f:
                    f0:04:9a:6a:61:47:f5:09:eb:13:f2:6b:b2:69:62:
                    7f:75:77:8d:18:78:a5:9c:b4:fe:c5:d0:18:7c:93:
                    fb:da:a2:14:92:e6:54:bb:b1:3b:99:79:31:f6:c5:
                    7a:0f:26:8d:bd:4e:2f:81:41:c8:c3:c1:87:d0:6f:
                    d2:21:82:ae:7c:54:2a:18:8e:97:41:29:41:2e:c1:
                    a5:44:bf:10:05:76:c4:46:65:e4:70:74:c4:c2:5d:
                    27:7d:c3:23:4e:f6:ca:da:5d:67:be:17:f5:4f:93:
                    09:e7:20:bc:3c:83:a5:5a:92:88:5d:61:e5:36:ac:
                    55:6b:38:c8:78:ce:00:e1:2b:06:92:b2:d6:06:2d:
                    01:74:6e:f4:12:a8:95:0f:0c:be:25:1c:f8:c5:c8:
                    ab:f6:b1:41:9c:10:21:de:8c:59:26:8f:47:65:91:
                    1b:80:3e:49:8f:fb:55:94:6d:aa:78:bf:ab:be:0a:
                    24:88:b8:2e:e9:ae:e6:77:2e:e3:47:1a:d3:83:68:
                    c1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:07:2B:D7:B9:3A:9C:55:64:2C:5A:D5:89:46:83:EA:A1:EF:0D:2C
            X509v3 Authority Key Identifier:
                keyid:46:D6:EB:EA:6E:6E:A9:E6:00:6A:81:34:4D:11:63:FB:EC:4F:A8:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rtbr6m5uqeYAaoE0TRFj--xPqEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/15541d-a7ba-4710-a5cf-965cc208ee40/1/Hwcr17k6nFVkLFrViUaD6qHvDSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/15541d-a7ba-4710-a5cf-965cc208ee40/1/Rtbr6m5uqeYAaoE0TRFj--xPqEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.40.0/24
                IPv6:
                  2a14:4ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:9a:34:9c:f4:09:98:f0:be:1a:b7:1e:2a:12:d0:a1:b2:e4:
         a0:c6:56:e6:09:cb:ac:d3:d2:02:4f:8e:10:48:e4:1d:aa:54:
         43:be:75:dc:03:d1:44:9d:3b:31:7c:5a:de:3c:15:50:ee:7b:
         c4:8d:24:4d:ef:e6:87:13:93:8d:b6:67:02:5a:31:83:c8:d5:
         24:69:df:56:bc:b1:71:b2:fa:50:37:3f:fd:b3:48:df:99:90:
         59:8e:6e:26:bb:b8:55:ea:f2:89:c7:45:39:e9:56:75:15:04:
         d0:2b:b3:67:58:78:1f:42:76:39:74:07:35:bf:ee:46:d2:b5:
         27:ac:e4:fa:9d:85:2d:9c:34:a6:50:60:a9:ff:a0:75:48:8f:
         0c:10:64:20:1b:50:b9:b3:bf:4d:e0:d7:c4:be:d9:12:41:17:
         23:8b:3e:f7:88:95:f4:1c:64:56:da:75:3e:f1:ac:23:b6:07:
         2d:85:29:98:8d:4e:a4:8f:df:7e:41:2d:1d:4f:27:51:0c:a2:
         0d:fb:12:c4:22:c9:d9:3d:4b:86:69:59:2b:f5:6b:1a:d2:a1:
         44:f5:b6:19:ec:9b:67:8d:8f:be:9b:55:f4:53:86:03:78:f8:
         ea:92:32:c5:7f:93:81:ae:78:4f:45:48:8b:7b:48:ec:4f:26:
         a0:f2:e2:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+0E7mw0BpclmflTRJu6+7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDZlYmVhNmU2ZWE5ZTYwMDZhODEzNDRkMTE2M2ZiZWM0
ZmE4NDgwHhcNMjQwNTI2MDg0NTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjA3MmJkN2I5M2E5YzU1NjQyYzVhZDU4OTQ2ODNlYWExZWYwZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusSrLsipDWigmfNuANgWwt7zbatW
k5GzJV9srAXb6kSz5+/2NdsS8zrnR6Fc+68+OaAMRBvpTQ6vB5/wBJpqYUf1CesT
8muyaWJ/dXeNGHilnLT+xdAYfJP72qIUkuZUu7E7mXkx9sV6DyaNvU4vgUHIw8GH
0G/SIYKufFQqGI6XQSlBLsGlRL8QBXbERmXkcHTEwl0nfcMjTvbK2l1nvhf1T5MJ
5yC8PIOlWpKIXWHlNqxVazjIeM4A4SsGkrLWBi0BdG70EqiVDwy+JRz4xcir9rFB
nBAh3oxZJo9HZZEbgD5Jj/tVlG2qeL+rvgokiLgu6a7mdy7jRxrTg2jBKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB8HK9e5OpxVZCxa1YlGg+qh7w0sMB8GA1UdIwQY
MBaAFEbW6+pubqnmAGqBNE0RY/vsT6hIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRicjZtNXVxZVlBYW9FMFRSRmotLXhQcUVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8xNTU0MWQtYTdiYS00NzEwLWE1Y2Yt
OTY1Y2MyMDhlZTQwLzEvSHdjcjE3azZuRlZrTEZyVmlVYUQ2cUh2RFN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8xNTU0MWQtYTdiYS00NzEwLWE1Y2YtOTY1Y2MyMDhlZTQw
LzEvUnRicjZtNXVxZVlBYW9FMFRSRmotLXhQcUVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAud4oMA0E
AgACMAcDBQMqFErAMA0GCSqGSIb3DQEBCwUAA4IBAQA2mjSc9AmY8L4atx4qEtCh
suSgxlbmCcus09ICT44QSOQdqlRDvnXcA9FEnTsxfFrePBVQ7nvEjSRN7+aHE5ON
tmcCWjGDyNUkad9WvLFxsvpQNz/9s0jfmZBZjm4mu7hV6vKJx0U56VZ1FQTQK7Nn
WHgfQnY5dAc1v+5G0rUnrOT6nYUtnDSmUGCp/6B1SI8MEGQgG1C5s79N4NfEvtkS
QRcjiz73iJX0HGRW2nU+8awjtgcthSmYjU6kj99+QS0dTydRDKIN+xLEIsnZPUuG
aVkr9Wsa0qFE9bYZ7JtnjY++m1X0U4YDePjqkjLFf5OBrnhPRUiLe0jsTyag8uKg
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:02:21 2024 by rpki-client on console-fra.rpki-client.org