Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/HQLei49XIEcnkHVLltCY1g1Upe0.roa
File:                     HQLei49XIEcnkHVLltCY1g1Upe0.roa (raw, json)
Hash identifier:          oeofXFKVHDYQSlgo5lqOeXbkPkOb+JFM+0mrjQptjwU=
Subject key identifier:   1D:02:DE:8B:8F:57:20:47:27:90:75:4B:96:D0:98:D6:0D:54:A5:ED
Certificate issuer:       /CN=60a540ce450456345ec8e098ef4f53634d74bf1f
Certificate serial:       01928D436C350BAA06956A76FA37CF9337FC
Authority key identifier: 60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/HQLei49XIEcnkHVLltCY1g1Upe0.roa
Signing time:             Mon 14 Oct 2024 23:00:59 +0000
ROA not before:           Mon 14 Oct 2024 23:00:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215081
IP address blocks:        94.154.8.0/24 maxlen: 24
                          178.211.157.0/24 maxlen: 24
                          185.234.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8d:43:6c:35:0b:aa:06:95:6a:76:fa:37:cf:93:37:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60a540ce450456345ec8e098ef4f53634d74bf1f
        Validity
            Not Before: Oct 14 23:00:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d02de8b8f5720472790754b96d098d60d54a5ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f5:29:f6:93:b5:9f:4a:a0:b5:36:d0:b9:9d:
                    be:66:d5:3e:9e:d3:6c:75:60:e7:bd:fd:98:86:ef:
                    77:75:07:d2:ce:22:b7:a8:7d:1e:69:fe:1a:9c:af:
                    e9:cb:53:89:89:30:0d:1e:c8:4f:00:bb:ba:72:4f:
                    1c:33:5a:b2:90:54:bf:43:fb:69:4c:8a:67:c1:b9:
                    13:e8:e7:b6:8a:e3:9e:af:3b:a8:b5:b4:0e:ab:b0:
                    43:0f:59:59:34:c8:eb:f7:e6:f8:2a:95:f6:6e:ed:
                    af:0c:1f:38:8c:ed:77:5a:3f:41:c1:5c:51:81:4c:
                    cf:e0:18:42:fe:dd:93:e5:4a:2a:d2:de:3c:1c:c2:
                    78:49:f8:43:b1:3b:a9:48:64:25:4e:3b:b7:7c:0b:
                    4c:aa:6e:8b:ae:5a:87:4f:8e:79:0a:a1:33:df:d3:
                    42:25:11:d7:80:16:18:75:10:39:73:eb:ea:de:ec:
                    51:19:3c:bc:00:53:5c:8e:e7:e6:7f:df:3a:c3:4e:
                    8d:d5:0c:66:b1:8e:ce:4c:0f:15:d0:83:65:df:56:
                    d3:88:fe:bd:d7:4d:d7:cf:c8:29:bb:52:29:d5:69:
                    ab:60:f3:a5:36:5f:87:6d:a4:52:c0:dd:16:25:91:
                    64:4a:71:49:dd:99:a3:17:cd:7f:e2:6f:2c:1b:60:
                    4f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:02:DE:8B:8F:57:20:47:27:90:75:4B:96:D0:98:D6:0D:54:A5:ED
            X509v3 Authority Key Identifier:
                keyid:60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/HQLei49XIEcnkHVLltCY1g1Upe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.8.0/24
                  178.211.157.0/24
                  185.234.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:eb:5b:37:d1:71:e4:0f:c3:84:8d:c7:8c:af:37:67:14:f8:
         5f:30:c6:74:44:67:a8:18:0a:be:97:b7:00:e6:68:c8:a5:7b:
         44:da:3e:7c:b2:0f:59:76:90:c5:10:1c:70:42:a2:24:85:ea:
         da:0b:0c:cb:7b:8c:ac:53:34:ce:bd:40:cb:c3:1d:fe:1d:54:
         27:4f:8e:5a:22:6f:b4:96:c5:0d:14:99:5f:9d:c3:20:af:b1:
         62:4e:25:cc:c3:83:20:88:3f:df:23:2e:61:78:59:3f:66:7b:
         eb:e6:61:27:6a:0b:94:4e:46:30:21:87:b1:ca:20:f0:e2:9a:
         91:49:a6:8a:c3:21:9b:3b:19:55:18:d2:25:78:35:05:08:c0:
         4a:85:46:79:d7:c2:fe:8b:2d:93:07:6e:c9:54:0b:3a:dd:d2:
         8d:2c:0e:c5:55:60:a6:be:b7:2f:fa:29:33:e6:38:c7:26:1f:
         3d:01:e7:25:35:57:13:fc:81:75:2e:21:35:72:66:5a:35:f8:
         12:43:6a:8a:30:62:2f:ab:f9:ce:1d:b8:a0:00:25:82:8c:42:
         e2:7c:47:ee:7c:b2:f9:12:e1:d5:68:a7:1b:c3:ff:e7:c4:71:
         6d:66:42:7d:4c:fb:fa:b6:19:6e:3d:2b:42:09:66:cd:20:a1:
         63:8c:7f:1d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZKNQ2w1C6oGlWp2+jfPkzf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYTU0MGNlNDUwNDU2MzQ1ZWM4ZTA5OGVmNGY1MzYzNGQ3
NGJmMWYwHhcNMjQxMDE0MjMwMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDAyZGU4YjhmNTcyMDQ3Mjc5MDc1NGI5NmQwOThkNjBkNTRhNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfUp9pO1n0qgtTbQuZ2+ZtU+ntNs
dWDnvf2Yhu93dQfSziK3qH0eaf4anK/py1OJiTANHshPALu6ck8cM1qykFS/Q/tp
TIpnwbkT6Oe2iuOerzuotbQOq7BDD1lZNMjr9+b4KpX2bu2vDB84jO13Wj9BwVxR
gUzP4BhC/t2T5Uoq0t48HMJ4SfhDsTupSGQlTju3fAtMqm6LrlqHT455CqEz39NC
JRHXgBYYdRA5c+vq3uxRGTy8AFNcjufmf986w06N1QxmsY7OTA8V0INl31bTiP69
103Xz8gpu1Ip1WmrYPOlNl+HbaRSwN0WJZFkSnFJ3ZmjF81/4m8sG2BPDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB0C3ouPVyBHJ5B1S5bQmNYNVKXtMB8GA1UdIwQY
MBaAFGClQM5FBFY0XsjgmO9PU2NNdL8fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEt
ZTQ3MzUzMWY2ZmU4LzEvSFFMZWk0OVhJRWNua0hWTGx0Q1kxZzFVcGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEtZTQ3MzUzMWY2ZmU4
LzEvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXpoIAwQA
stOdAwQAuepzMA0GCSqGSIb3DQEBCwUAA4IBAQAT61s30XHkD8OEjceMrzdnFPhf
MMZ0RGeoGAq+l7cA5mjIpXtE2j58sg9ZdpDFEBxwQqIkheraCwzLe4ysUzTOvUDL
wx3+HVQnT45aIm+0lsUNFJlfncMgr7FiTiXMw4MgiD/fIy5heFk/Znvr5mEnaguU
TkYwIYexyiDw4pqRSaaKwyGbOxlVGNIleDUFCMBKhUZ518L+iy2TB27JVAs63dKN
LA7FVWCmvrcv+ikz5jjHJh89AeclNVcT/IF1LiE1cmZaNfgSQ2qKMGIvq/nOHbig
ACWCjELifEfufLL5EuHVaKcbw//nxHFtZkJ9TPv6thluPStCCWbNIKFjjH8d
-----END CERTIFICATE-----