Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/HlHW7XBX8ZvIde3YcV5P6ReshMk.roa
File:                     HlHW7XBX8ZvIde3YcV5P6ReshMk.roa (raw, json)
Hash identifier:          6qh5uJT+VrASAo+GezCNr4MsU+LUfxw3LvGNNOPJtbA=
Subject key identifier:   1E:51:D6:ED:70:57:F1:9B:C8:75:ED:D8:71:5E:4F:E9:17:AC:84:C9
Certificate issuer:       /CN=6401adedbc9c8f1c6cf2389fc7f741edf4f19f2c
Certificate serial:       019734622BC64146765EE4D22D60AF3E124D
Authority key identifier: 64:01:AD:ED:BC:9C:8F:1C:6C:F2:38:9F:C7:F7:41:ED:F4:F1:9F:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZAGt7bycjxxs8jifx_dB7fTxnyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/HlHW7XBX8ZvIde3YcV5P6ReshMk.roa
Signing time:             Tue 03 Jun 2025 06:02:18 +0000
ROA not before:           Tue 03 Jun 2025 06:02:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208666
IP address blocks:        31.193.185.0/24 maxlen: 24
                          83.229.2.0/24 maxlen: 24
                          147.236.164.0/24 maxlen: 24
                          147.236.165.0/24 maxlen: 24
                          213.255.192.0/24 maxlen: 24
                          216.150.30.0/23 maxlen: 23
                          216.150.30.0/24 maxlen: 24
                          216.150.31.0/24 maxlen: 24
                          2a09:b300::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/ZAGt7bycjxxs8jifx_dB7fTxnyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/ZAGt7bycjxxs8jifx_dB7fTxnyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZAGt7bycjxxs8jifx_dB7fTxnyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:34:62:2b:c6:41:46:76:5e:e4:d2:2d:60:af:3e:12:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6401adedbc9c8f1c6cf2389fc7f741edf4f19f2c
        Validity
            Not Before: Jun  3 06:02:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e51d6ed7057f19bc875edd8715e4fe917ac84c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:38:f8:9a:db:c6:96:b7:67:54:16:9c:93:fa:
                    90:f2:9a:5d:27:c6:24:d7:4d:f1:2f:69:ac:24:0b:
                    81:cf:f4:55:16:27:20:f0:fc:ce:0d:1c:67:8f:06:
                    30:0f:e9:9c:32:4f:3a:34:46:9f:53:4f:6a:78:bb:
                    fd:c9:2c:a4:89:19:50:f1:2d:31:50:ab:8a:16:57:
                    de:8c:2d:48:ee:30:ef:ae:89:64:86:76:17:5e:a1:
                    a5:3d:45:60:1f:ae:e3:6a:00:a0:aa:4c:d6:07:40:
                    1b:b7:66:09:d5:d0:29:5a:34:4b:a4:73:7f:70:98:
                    78:13:b9:25:dd:2e:dd:0f:2c:2c:2c:5f:d9:e5:d4:
                    36:fc:68:95:f5:d8:45:de:9f:ca:d3:bf:45:b1:24:
                    e7:25:4a:2b:5c:ee:9e:91:54:19:4d:52:0f:9c:e4:
                    d3:6b:00:6a:e7:ea:a1:1d:f1:85:44:5b:61:48:9e:
                    9c:86:58:e6:95:1e:0d:24:81:d6:c0:2a:ff:13:1c:
                    50:5d:3c:0d:68:0b:04:7a:dc:6f:8b:33:e5:cb:c7:
                    cc:3c:03:df:7e:0e:e2:84:35:41:90:09:f0:80:fc:
                    90:4f:51:1e:33:fc:00:1a:8c:9d:0d:2e:48:c1:63:
                    c8:30:06:20:c5:97:f0:01:77:24:99:6d:df:2d:24:
                    d7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:51:D6:ED:70:57:F1:9B:C8:75:ED:D8:71:5E:4F:E9:17:AC:84:C9
            X509v3 Authority Key Identifier:
                keyid:64:01:AD:ED:BC:9C:8F:1C:6C:F2:38:9F:C7:F7:41:ED:F4:F1:9F:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZAGt7bycjxxs8jifx_dB7fTxnyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/HlHW7XBX8ZvIde3YcV5P6ReshMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/ZAGt7bycjxxs8jifx_dB7fTxnyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.185.0/24
                  83.229.2.0/24
                  147.236.164.0/23
                  213.255.192.0/24
                  216.150.30.0/23
                IPv6:
                  2a09:b300::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:9d:23:55:d5:7d:63:74:5c:c2:49:50:7a:eb:f9:d8:d4:ca:
         bc:56:cf:21:98:f8:8e:b3:4c:7a:61:bf:e1:80:b0:92:83:4f:
         4b:90:11:11:46:6b:37:9c:6e:6e:72:ad:a2:b4:15:f5:59:dc:
         76:ec:be:01:23:9d:43:77:7f:03:28:00:36:44:93:e3:fc:43:
         68:fa:9c:34:35:b9:cc:a2:f5:27:c7:0e:33:3a:a8:be:a9:39:
         cd:81:fa:14:4d:e9:cf:c1:26:4c:1e:f5:62:a6:71:d0:03:b9:
         4d:1a:9b:97:e4:cc:b9:85:63:da:47:1d:c3:77:bb:31:7f:96:
         7f:a2:bf:54:e1:49:58:df:a3:70:73:53:0b:4a:96:fb:da:0c:
         e3:dc:9e:a4:cd:71:c5:2e:88:eb:9d:51:17:af:ae:cb:b6:0c:
         bc:91:27:b6:aa:96:f6:d2:1e:c8:c6:a7:1c:d4:8e:ec:59:56:
         1b:22:fc:b1:8f:14:f0:65:44:5a:60:0e:1c:1a:70:17:fe:75:
         5b:23:66:8f:db:47:e5:6d:27:9b:be:8a:c4:39:83:28:b1:34:
         b5:3b:a4:cf:dc:8f:8f:b6:24:bd:36:19:c5:f9:e9:da:a0:e0:
         8e:58:cc:3b:62:99:b5:cf:31:cb:72:0c:a4:9c:46:48:35:20:
         47:69:3e:44
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZc0YivGQUZ2XuTSLWCvPhJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MDFhZGVkYmM5YzhmMWM2Y2YyMzg5ZmM3Zjc0MWVkZjRm
MTlmMmMwHhcNMjUwNjAzMDYwMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTUxZDZlZDcwNTdmMTliYzg3NWVkZDg3MTVlNGZlOTE3YWM4NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTj4mtvGlrdnVBack/qQ8ppdJ8Yk
103xL2msJAuBz/RVFicg8PzODRxnjwYwD+mcMk86NEafU09qeLv9ySykiRlQ8S0x
UKuKFlfejC1I7jDvrolkhnYXXqGlPUVgH67jagCgqkzWB0Abt2YJ1dApWjRLpHN/
cJh4E7kl3S7dDywsLF/Z5dQ2/GiV9dhF3p/K079FsSTnJUorXO6ekVQZTVIPnOTT
awBq5+qhHfGFRFthSJ6chljmlR4NJIHWwCr/ExxQXTwNaAsEetxvizPly8fMPAPf
fg7ihDVBkAnwgPyQT1EeM/wAGoydDS5IwWPIMAYgxZfwAXckmW3fLSTXBQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFB5R1u1wV/GbyHXt2HFeT+kXrITJMB8GA1UdIwQY
MBaAFGQBre28nI8cbPI4n8f3Qe308Z8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkFHdDdieWNqeHhzOGppZnhfZEI3ZlR4bnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS85OGM4NjAtNTI5OC00ODQ2LWJlYWEt
MzU2YzA5NmJjNmY5LzEvSGxIVzdYQlg4WnZJZGUzWWNWNVA2UmVzaE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS85OGM4NjAtNTI5OC00ODQ2LWJlYWEtMzU2YzA5NmJjNmY5
LzEvWkFHdDdieWNqeHhzOGppZnhfZEI3ZlR4bnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAH8G5AwQA
U+UCAwQBk+ykAwQA1f/AAwQB2JYeMA0EAgACMAcDBQMqCbMAMA0GCSqGSIb3DQEB
CwUAA4IBAQA4nSNV1X1jdFzCSVB66/nY1Mq8Vs8hmPiOs0x6Yb/hgLCSg09LkBER
Rms3nG5ucq2itBX1Wdx27L4BI51Dd38DKAA2RJPj/ENo+pw0NbnMovUnxw4zOqi+
qTnNgfoUTenPwSZMHvVipnHQA7lNGpuX5My5hWPaRx3Dd7sxf5Z/or9U4UlY36Nw
c1MLSpb72gzj3J6kzXHFLojrnVEXr67Ltgy8kSe2qpb20h7Ixqcc1I7sWVYbIvyx
jxTwZURaYA4cGnAX/nVbI2aP20flbSebvorEOYMosTS1O6TP3I+PtiS9NhnF+ena
oOCOWMw7Ypm1zzHLcgyknEZINSBHaT5E
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:33:51 2025 by rpki-client