Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/HLaLnUoZDsAxT0J0mMSNf6xCwS4.roa
File:                     HLaLnUoZDsAxT0J0mMSNf6xCwS4.roa (raw, json)
Hash identifier:          TThjJU9AhEkDmXqPhkv0wm16qiM4exiODsKLEGlw9A8=
Subject key identifier:   1C:B6:8B:9D:4A:19:0E:C0:31:4F:42:74:98:C4:8D:7F:AC:42:C1:2E
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B4F900D7830F1DEB22210EF2F14D2
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/HLaLnUoZDsAxT0J0mMSNf6xCwS4.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44400
IP address blocks:        46.143.0.0/22 maxlen: 32
                          79.127.118.0/24 maxlen: 32
                          79.127.44.0/23 maxlen: 32
                          79.127.60.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4f:90:0d:78:30:f1:de:b2:22:10:ef:2f:14:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cb68b9d4a190ec0314f427498c48d7fac42c12e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cd:37:78:5a:3c:60:d5:0f:81:a4:72:82:91:
                    16:22:28:df:a6:1d:22:eb:f1:8f:45:d7:77:03:10:
                    1b:87:ec:bd:80:4c:88:a0:cf:3b:b9:b9:45:0f:db:
                    d3:16:bf:95:1b:99:6d:a0:e7:4f:ac:4b:99:15:6d:
                    1f:36:83:02:08:ca:37:4b:b9:9d:ea:3f:19:96:b6:
                    ab:71:f6:23:95:6b:9d:d1:fd:49:d0:c0:04:05:93:
                    fd:e0:ba:de:74:10:ab:ae:6a:3d:04:7f:1d:d9:ab:
                    62:55:f7:7c:95:60:77:db:e3:19:ef:e4:90:e5:11:
                    3d:9c:ae:df:2b:4d:35:dc:2d:8b:92:be:6e:70:9f:
                    ff:9f:be:b0:b5:3a:45:f5:e0:3b:b9:fd:6b:5c:ec:
                    c6:08:46:cd:aa:7a:d9:de:17:8d:aa:7f:ed:a8:c5:
                    08:cd:bf:d5:78:89:d0:60:80:88:c9:49:24:c8:23:
                    ac:54:f6:cd:31:07:f2:71:97:f5:f5:63:8d:7e:0c:
                    66:2b:48:f1:98:a1:53:44:08:e4:a5:15:82:99:66:
                    c8:5c:7c:b9:fa:bf:be:0a:3f:5d:50:df:81:4f:0c:
                    2a:13:69:c3:0a:05:8f:81:1c:b4:7e:6c:ca:30:1b:
                    e1:9b:7d:c9:6f:e7:dc:55:6a:99:2f:f9:65:a8:06:
                    df:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B6:8B:9D:4A:19:0E:C0:31:4F:42:74:98:C4:8D:7F:AC:42:C1:2E
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/HLaLnUoZDsAxT0J0mMSNf6xCwS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.0.0/22
                  79.127.44.0/23
                  79.127.60.0/23
                  79.127.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e4:65:8c:cb:a9:4e:12:c4:1f:28:5e:07:f2:e9:90:8f:08:41:
         de:46:52:ed:c0:bc:a4:62:f0:7f:37:9d:77:b7:32:53:5a:a3:
         1a:78:36:f2:ad:82:df:c6:88:b5:cd:57:83:52:4a:c3:b9:93:
         9d:0a:81:7c:e7:a5:23:5e:36:0f:b6:25:1d:45:73:33:37:9a:
         65:e3:72:e6:b1:5b:3f:fd:32:8a:90:f8:88:55:36:c6:10:9b:
         fd:ac:87:e1:20:ee:75:eb:7e:58:e6:5b:66:79:05:20:c6:11:
         00:da:91:aa:5c:b6:2f:f3:2d:2c:81:bc:6d:f1:4f:ae:06:35:
         02:49:fd:b6:d9:06:09:09:8b:23:c9:8a:5a:79:f6:55:f8:8a:
         41:c6:b7:e7:72:89:ac:f2:03:01:54:c9:86:8f:4e:18:99:db:
         09:d1:de:d8:2c:3d:7b:ff:e8:d1:02:00:16:51:74:63:b0:79:
         51:8d:ca:92:cd:c1:0f:c3:0f:e9:7f:31:4a:65:af:43:25:74:
         ea:82:82:59:24:66:f9:19:d3:25:57:a0:24:e1:a7:74:4b:ca:
         4a:13:d5:fb:6a:0b:c9:60:b3:e4:3a:9a:63:ff:85:5b:c3:77:
         25:b6:02:57:57:a9:c2:db:2e:4f:03:c3:e0:15:99:f5:71:1e:
         26:c5:04:e2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKK0+QDXgw8d6yIhDvLxTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I2OGI5ZDRhMTkwZWMwMzE0ZjQyNzQ5OGM0OGQ3ZmFjNDJjMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM03eFo8YNUPgaRygpEWIijfph0i
6/GPRdd3AxAbh+y9gEyIoM87ublFD9vTFr+VG5ltoOdPrEuZFW0fNoMCCMo3S7md
6j8ZlrarcfYjlWud0f1J0MAEBZP94LredBCrrmo9BH8d2atiVfd8lWB32+MZ7+SQ
5RE9nK7fK0013C2Lkr5ucJ//n76wtTpF9eA7uf1rXOzGCEbNqnrZ3heNqn/tqMUI
zb/VeInQYICIyUkkyCOsVPbNMQfycZf19WONfgxmK0jxmKFTRAjkpRWCmWbIXHy5
+r++Cj9dUN+BTwwqE2nDCgWPgRy0fmzKMBvhm33Jb+fcVWqZL/llqAbfPQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBy2i51KGQ7AMU9CdJjEjX+sQsEuMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvSExhTG5Vb1pEc0F4VDBKMG1NU05mNnhDd1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLo8AAwQB
T38sAwQBT388AwQAT392MA0GCSqGSIb3DQEBCwUAA4IBAQDkZYzLqU4SxB8oXgfy
6ZCPCEHeRlLtwLykYvB/N513tzJTWqMaeDbyrYLfxoi1zVeDUkrDuZOdCoF856Uj
XjYPtiUdRXMzN5pl43LmsVs//TKKkPiIVTbGEJv9rIfhIO51635Y5ltmeQUgxhEA
2pGqXLYv8y0sgbxt8U+uBjUCSf222QYJCYsjyYpaefZV+IpBxrfncoms8gMBVMmG
j04YmdsJ0d7YLD17/+jRAgAWUXRjsHlRjcqSzcEPww/pfzFKZa9DJXTqgoJZJGb5
GdMlV6Ak4ad0S8pKE9X7agvJYLPkOppj/4Vbw3cltgJXV6nC2y5PA8PgFZn1cR4m
xQTi
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:15:41 2024 by rpki-client on console-fra.rpki-client.org