Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/c44389-81b5-455c-85ac-4cd80308171a/1/H_d5zUijX12zruBnSSfEtztFAQw.roa
File:                     H_d5zUijX12zruBnSSfEtztFAQw.roa (raw, json)
Hash identifier:          tCatDWd4/y8gnNa754kzTSXCsMs5Vk0bL7IyHX58Toc=
Subject key identifier:   1F:F7:79:CD:48:A3:5F:5D:B3:AE:E0:67:49:27:C4:B7:3B:45:01:0C
Certificate issuer:       /CN=2e838bf5d3deffc02dfa184e4f0e8511535e517d
Certificate serial:       018D882BE8EB2E246ABC95C9386ABFE5CB3E
Authority key identifier: 2E:83:8B:F5:D3:DE:FF:C0:2D:FA:18:4E:4F:0E:85:11:53:5E:51:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoOL9dPe_8At-hhOTw6FEVNeUX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/c44389-81b5-455c-85ac-4cd80308171a/1/H_d5zUijX12zruBnSSfEtztFAQw.roa
Signing time:             Thu 08 Feb 2024 10:03:15 +0000
ROA not before:           Thu 08 Feb 2024 10:03:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12479
IP address blocks:        88.87.192.0/19 maxlen: 24
                          94.229.192.0/20 maxlen: 24
                          193.254.8.0/22 maxlen: 24
                          212.31.32.0/19 maxlen: 24
                          213.151.96.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/c44389-81b5-455c-85ac-4cd80308171a/1/LoOL9dPe_8At-hhOTw6FEVNeUX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/c44389-81b5-455c-85ac-4cd80308171a/1/LoOL9dPe_8At-hhOTw6FEVNeUX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoOL9dPe_8At-hhOTw6FEVNeUX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:2b:e8:eb:2e:24:6a:bc:95:c9:38:6a:bf:e5:cb:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e838bf5d3deffc02dfa184e4f0e8511535e517d
        Validity
            Not Before: Feb  8 10:03:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ff779cd48a35f5db3aee0674927c4b73b45010c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:94:f1:89:d3:93:77:ad:7b:35:73:c7:f3:04:
                    27:5f:0e:7c:40:ba:92:97:58:0e:37:00:40:05:54:
                    3c:09:f1:22:c8:38:10:ce:db:cf:68:d8:7c:84:70:
                    f6:b5:cc:c6:f6:a3:2b:17:c0:5c:42:c6:f3:66:cb:
                    10:86:a1:d2:5d:9d:31:e6:a5:2b:a0:2b:6d:b2:21:
                    7a:b3:21:3a:de:1d:89:f6:36:bc:3a:90:fc:94:25:
                    63:ad:5a:0b:e1:86:37:b6:e3:5e:ac:d0:aa:ac:8a:
                    03:c0:e2:b7:f3:ab:e3:a8:17:20:df:97:dd:d1:68:
                    35:15:b2:fd:f6:15:56:25:b3:ab:9e:54:c6:6d:b7:
                    87:de:df:f7:11:ed:3f:de:1c:46:61:01:17:26:9b:
                    ab:ad:16:61:86:2e:73:e7:d4:72:b7:78:30:90:6a:
                    02:53:dc:74:17:42:a1:39:12:44:de:98:2f:8c:2d:
                    40:4a:4d:40:95:7a:d2:35:03:8a:74:04:a6:62:e6:
                    94:ad:0f:39:05:73:49:dd:38:89:92:93:a3:ec:d0:
                    c9:d7:05:cc:29:0d:cd:e0:48:18:12:72:a1:26:13:
                    ab:4b:d5:ba:9c:77:70:0a:a5:b5:f2:0a:ea:c6:97:
                    bd:04:5c:c1:53:06:d3:e3:dd:bf:3b:4e:02:df:d9:
                    9b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:F7:79:CD:48:A3:5F:5D:B3:AE:E0:67:49:27:C4:B7:3B:45:01:0C
            X509v3 Authority Key Identifier:
                keyid:2E:83:8B:F5:D3:DE:FF:C0:2D:FA:18:4E:4F:0E:85:11:53:5E:51:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoOL9dPe_8At-hhOTw6FEVNeUX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c44389-81b5-455c-85ac-4cd80308171a/1/H_d5zUijX12zruBnSSfEtztFAQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c44389-81b5-455c-85ac-4cd80308171a/1/LoOL9dPe_8At-hhOTw6FEVNeUX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.87.192.0/19
                  94.229.192.0/20
                  193.254.8.0/22
                  212.31.32.0/19
                  213.151.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         39:ad:17:cc:c6:e5:9f:ad:e8:6e:df:29:8c:b3:ca:9f:d9:d2:
         24:7c:ff:a1:c4:22:5c:6c:f1:19:05:7a:08:54:4c:64:8e:0c:
         ba:ba:ee:90:57:bb:d9:f2:90:f1:40:22:8a:5a:9a:6e:aa:e6:
         25:e4:3a:ef:48:81:72:5d:3b:8c:9a:92:01:25:60:d9:cb:57:
         02:30:71:7d:09:a6:1f:44:7a:25:a8:ee:17:8b:57:4d:e7:fc:
         b5:fd:0b:f1:a7:d9:3e:9c:90:31:9e:e8:af:d9:0b:f7:89:28:
         62:93:52:0e:73:04:b1:ad:d7:34:41:90:d1:28:54:97:8d:bc:
         67:eb:71:52:da:4d:6f:73:43:1a:fa:d7:24:06:df:e1:14:4d:
         4e:df:43:e0:6b:00:98:91:ff:7e:06:a2:46:c8:84:ac:87:8a:
         72:90:f3:8e:2e:79:94:7d:b8:92:c2:8e:6b:44:ac:16:aa:20:
         8d:49:d3:3c:a7:66:44:a2:0e:08:df:47:4d:57:f2:a0:d2:6b:
         73:fa:ef:a0:f8:37:3d:74:84:de:1f:bc:45:f0:52:19:03:88:
         9f:4a:e1:b7:25:b9:c0:f8:81:3d:a0:3a:83:d1:68:29:33:15:
         fb:dc:6f:fd:9a:13:22:a1:a9:45:b7:51:ee:fb:9f:84:6d:67:
         1f:69:b1:e5
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY2IK+jrLiRqvJXJOGq/5cs+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODM4YmY1ZDNkZWZmYzAyZGZhMTg0ZTRmMGU4NTExNTM1
ZTUxN2QwHhcNMjQwMjA4MTAwMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmY3NzljZDQ4YTM1ZjVkYjNhZWUwNjc0OTI3YzRiNzNiNDUwMTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5TxidOTd617NXPH8wQnXw58QLqS
l1gONwBABVQ8CfEiyDgQztvPaNh8hHD2tczG9qMrF8BcQsbzZssQhqHSXZ0x5qUr
oCttsiF6syE63h2J9ja8OpD8lCVjrVoL4YY3tuNerNCqrIoDwOK386vjqBcg35fd
0Wg1FbL99hVWJbOrnlTGbbeH3t/3Ee0/3hxGYQEXJpurrRZhhi5z59Ryt3gwkGoC
U9x0F0KhORJE3pgvjC1ASk1AlXrSNQOKdASmYuaUrQ85BXNJ3TiJkpOj7NDJ1wXM
KQ3N4EgYEnKhJhOrS9W6nHdwCqW18grqxpe9BFzBUwbT492/O04C39mbfwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFB/3ec1Io19ds67gZ0knxLc7RQEMMB8GA1UdIwQY
MBaAFC6Di/XT3v/ALfoYTk8OhRFTXlF9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9PTDlkUGVfOEF0LWhoT1R3NkZFVk5lVVgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9jNDQzODktODFiNS00NTVjLTg1YWMt
NGNkODAzMDgxNzFhLzEvSF9kNXpVaWpYMTJ6cnVCblNTZkV0enRGQVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9jNDQzODktODFiNS00NTVjLTg1YWMtNGNkODAzMDgxNzFh
LzEvTG9PTDlkUGVfOEF0LWhoT1R3NkZFVk5lVVgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQFWFfAAwQE
XuXAAwQCwf4IAwQF1B8gAwQF1ZdgMA0GCSqGSIb3DQEBCwUAA4IBAQA5rRfMxuWf
rehu3ymMs8qf2dIkfP+hxCJcbPEZBXoIVExkjgy6uu6QV7vZ8pDxQCKKWppuquYl
5DrvSIFyXTuMmpIBJWDZy1cCMHF9CaYfRHolqO4Xi1dN5/y1/Qvxp9k+nJAxnuiv
2Qv3iShik1IOcwSxrdc0QZDRKFSXjbxn63FS2k1vc0Ma+tckBt/hFE1O30PgawCY
kf9+BqJGyISsh4pykPOOLnmUfbiSwo5rRKwWqiCNSdM8p2ZEog4I30dNV/Kg0mtz
+u+g+Dc9dITeH7xF8FIZA4ifSuG3JbnA+IE9oDqD0WgpMxX73G/9mhMioalFt1Hu
+5+EbWcfabHl
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:53:14 2024 by rpki-client on console-fra.rpki-client.org