Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/HKqkubg2bQVA1I2983F6IM5Zo6A.roa
File:                     HKqkubg2bQVA1I2983F6IM5Zo6A.roa (raw, json)
Hash identifier:          P4Qwe1efB2EoZJau5jyVZFTXp3n5pMn4Q98gXOBEofQ=
Subject key identifier:   1C:AA:A4:B9:B8:36:6D:05:40:D4:8D:BD:F3:71:7A:20:CE:59:A3:A0
Certificate issuer:       /CN=32e658515b1e6a72b99f332669e069e6154f70dd
Certificate serial:       018CC9BBF7E501A9CA9EA17D84F79FA7027E
Authority key identifier: 32:E6:58:51:5B:1E:6A:72:B9:9F:33:26:69:E0:69:E6:15:4F:70:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MuZYUVseanK5nzMmaeBp5hVPcN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/HKqkubg2bQVA1I2983F6IM5Zo6A.roa
Signing time:             Tue 02 Jan 2024 10:33:08 +0000
ROA not before:           Tue 02 Jan 2024 10:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9211
IP address blocks:        193.102.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/MuZYUVseanK5nzMmaeBp5hVPcN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/MuZYUVseanK5nzMmaeBp5hVPcN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MuZYUVseanK5nzMmaeBp5hVPcN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f7:e5:01:a9:ca:9e:a1:7d:84:f7:9f:a7:02:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32e658515b1e6a72b99f332669e069e6154f70dd
        Validity
            Not Before: Jan  2 10:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1caaa4b9b8366d0540d48dbdf3717a20ce59a3a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a4:9c:25:bb:9f:a8:52:3a:df:b4:84:29:03:
                    d2:05:a6:db:cc:4b:e3:3f:96:be:75:96:ee:1f:90:
                    a9:45:79:57:cf:6a:58:09:54:00:72:ec:c6:49:78:
                    40:17:15:bc:84:b1:16:e6:0f:dd:e3:e5:98:aa:ef:
                    7c:6e:d5:1b:f4:e4:07:9f:94:b4:ba:70:f7:ad:7a:
                    1b:e4:50:3a:d5:0e:92:79:41:7e:4c:5f:42:6c:3c:
                    14:49:55:1e:ab:01:27:a4:77:0f:ec:83:64:64:e6:
                    3d:9f:30:17:a3:2b:8a:65:08:8c:07:53:18:86:8e:
                    80:db:1a:71:d6:b4:ed:bf:40:83:c3:50:f8:35:8d:
                    48:1d:82:bd:cf:62:ec:c5:a4:97:a5:f5:38:7f:86:
                    4c:ec:a9:f5:7b:ff:c1:d4:80:26:6e:15:78:a4:32:
                    1a:1b:b4:b5:86:7f:57:df:e8:17:67:5d:52:88:9e:
                    82:f4:a0:48:01:5a:db:aa:4a:d2:02:be:8f:e9:1b:
                    8a:d5:d9:fb:45:62:c3:e4:70:04:95:84:d5:bb:cf:
                    8e:8b:40:19:a8:be:81:09:b2:7f:01:56:0a:98:f4:
                    f2:d0:e5:ae:00:6a:30:82:e3:5b:77:e2:43:76:27:
                    a5:10:43:f1:4c:fe:27:d0:6d:f6:6b:59:ae:4b:2b:
                    2b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AA:A4:B9:B8:36:6D:05:40:D4:8D:BD:F3:71:7A:20:CE:59:A3:A0
            X509v3 Authority Key Identifier:
                keyid:32:E6:58:51:5B:1E:6A:72:B9:9F:33:26:69:E0:69:E6:15:4F:70:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MuZYUVseanK5nzMmaeBp5hVPcN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/HKqkubg2bQVA1I2983F6IM5Zo6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/MuZYUVseanK5nzMmaeBp5hVPcN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.102.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:fe:90:d2:dc:b8:b1:82:b6:a0:4b:5b:91:ff:13:bd:b8:82:
         21:d4:72:de:d6:99:b7:45:42:9d:0e:d2:3d:fa:f0:37:41:b6:
         05:16:2a:12:1d:81:e7:5c:d4:57:0a:be:00:ef:12:e1:1e:a7:
         9c:a7:1c:52:ba:80:e4:04:c4:e8:ad:40:7c:eb:b1:d7:ab:b9:
         5b:f0:58:a1:c2:b4:b8:e5:31:55:9b:c5:4d:9b:bc:ea:1c:68:
         ba:c8:68:2e:a6:10:26:57:75:d7:92:23:c5:35:cb:c0:16:81:
         1d:b1:58:37:f3:a3:94:2f:66:36:57:48:f2:e4:40:a4:1f:ea:
         b0:6f:17:c3:25:43:cd:a6:98:6b:cf:d1:3c:77:6e:3b:07:d1:
         69:56:4d:17:c9:5c:a7:ba:33:06:10:b1:b3:7e:ca:d7:10:1a:
         9c:27:e8:76:df:17:26:9d:ac:61:94:f9:01:94:c9:ae:c7:7d:
         26:ec:07:4d:f2:bc:07:99:ab:30:21:15:c1:91:65:ae:46:d7:
         b9:c5:b7:28:ed:75:44:54:e7:eb:7b:e1:a7:c4:65:7a:98:24:
         8f:f0:87:c2:2b:7f:2a:c5:da:38:6a:2d:44:1f:ed:99:0f:4b:
         fa:28:34:ad:6c:a6:8a:76:20:eb:42:27:84:2e:05:89:98:85:
         a4:ea:16:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/flAanKnqF9hPefpwJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZTY1ODUxNWIxZTZhNzJiOTlmMzMyNjY5ZTA2OWU2MTU0
ZjcwZGQwHhcNMjQwMTAyMTAzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2FhYTRiOWI4MzY2ZDA1NDBkNDhkYmRmMzcxN2EyMGNlNTlhM2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqScJbufqFI637SEKQPSBabbzEvj
P5a+dZbuH5CpRXlXz2pYCVQAcuzGSXhAFxW8hLEW5g/d4+WYqu98btUb9OQHn5S0
unD3rXob5FA61Q6SeUF+TF9CbDwUSVUeqwEnpHcP7INkZOY9nzAXoyuKZQiMB1MY
ho6A2xpx1rTtv0CDw1D4NY1IHYK9z2LsxaSXpfU4f4ZM7Kn1e//B1IAmbhV4pDIa
G7S1hn9X3+gXZ11SiJ6C9KBIAVrbqkrSAr6P6RuK1dn7RWLD5HAElYTVu8+Oi0AZ
qL6BCbJ/AVYKmPTy0OWuAGowguNbd+JDdielEEPxTP4n0G32a1muSysrNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByqpLm4Nm0FQNSNvfNxeiDOWaOgMB8GA1UdIwQY
MBaAFDLmWFFbHmpyuZ8zJmngaeYVT3DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXVaWVVWc2Vhbks1bnpNbWFlQnA1aFZQY04wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9mNjljNDItNmY5ZC00OTBlLWIxMzIt
NjdmOGU3ZDExMzdjLzEvSEtxa3ViZzJiUVZBMUkyOTgzRjZJTTVabzZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9mNjljNDItNmY5ZC00OTBlLWIxMzItNjdmOGU3ZDExMzdj
LzEvTXVaWVVWc2Vhbks1bnpNbWFlQnA1aFZQY04wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWbwMA0G
CSqGSIb3DQEBCwUAA4IBAQAo/pDS3LixgragS1uR/xO9uIIh1HLe1pm3RUKdDtI9
+vA3QbYFFioSHYHnXNRXCr4A7xLhHqecpxxSuoDkBMTorUB867HXq7lb8FihwrS4
5TFVm8VNm7zqHGi6yGguphAmV3XXkiPFNcvAFoEdsVg386OUL2Y2V0jy5ECkH+qw
bxfDJUPNpphrz9E8d247B9FpVk0XyVynujMGELGzfsrXEBqcJ+h23xcmnaxhlPkB
lMmux30m7AdN8rwHmaswIRXBkWWuRte5xbco7XVEVOfre+GnxGV6mCSP8IfCK38q
xdo4ai1EH+2ZD0v6KDStbKaKdiDrQieELgWJmIWk6hY7
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:12:13 2024 by rpki-client on console-ams.rpki-client.org