Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/rHxtg2T9xiMBrInVtNCZcROEVVA.roa
File:                     rHxtg2T9xiMBrInVtNCZcROEVVA.roa (raw, json)
Hash identifier:          UAF9iP/lVsWcP4FjW5sDTH0p2cf2OWJauOgFEAp0UNg=
Subject key identifier:   AC:7C:6D:83:64:FD:C6:23:01:AC:89:D5:B4:D0:99:71:13:84:55:50
Certificate issuer:       /CN=295579f5b673dbe2ebba348cfb0f56124cde7048
Certificate serial:       018CC5DC1529582AD46B5B42F2499B9E9238
Authority key identifier: 29:55:79:F5:B6:73:DB:E2:EB:BA:34:8C:FB:0F:56:12:4C:DE:70:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/rHxtg2T9xiMBrInVtNCZcROEVVA.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56647
IP address blocks:        185.168.112.0/24 maxlen: 24
                          185.94.84.0/23 maxlen: 23
                          185.168.113.0/24 maxlen: 24
                          185.94.86.0/24 maxlen: 24
                          2a04:2d00::/48 maxlen: 48
                          2a0b:f600::/48 maxlen: 48
                          2a04:2d01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:15:29:58:2a:d4:6b:5b:42:f2:49:9b:9e:92:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=295579f5b673dbe2ebba348cfb0f56124cde7048
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac7c6d8364fdc62301ac89d5b4d0997113845550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:af:b3:f3:b0:58:9b:ed:71:7a:64:34:f1:fa:
                    b5:88:67:0d:39:72:53:cd:b7:83:c5:d7:52:4a:99:
                    fc:cb:6a:c8:5f:f3:ca:3a:0e:74:e7:00:07:3f:33:
                    dc:0e:e0:73:5d:15:61:de:1a:d7:8b:e7:2c:3a:38:
                    78:88:37:91:20:87:ae:33:fc:19:70:cb:e8:cb:22:
                    79:8d:be:19:16:51:a1:14:5e:c2:ec:5b:88:9e:86:
                    28:58:2a:03:94:08:04:b2:37:58:91:68:a1:55:c7:
                    94:2c:be:6b:50:48:86:e5:48:d8:fd:63:e2:d4:8e:
                    f6:ca:10:8c:c4:e4:5f:e8:7d:79:a7:2a:fc:64:29:
                    1b:01:d4:52:db:4b:09:0e:f7:52:ce:a8:64:fb:46:
                    70:e0:a5:b2:67:6f:80:92:d5:0b:10:fd:6a:94:c8:
                    85:4d:30:02:35:66:8a:61:86:e0:7b:d5:f3:f9:46:
                    bb:79:41:94:5d:26:b4:d3:37:81:17:1d:bd:53:cc:
                    42:a3:e2:91:18:0c:31:13:ce:90:e0:4b:bd:8c:5c:
                    35:25:24:22:eb:18:25:bc:29:ab:0d:aa:1b:9a:ae:
                    8a:71:48:a5:6a:4c:72:6b:03:6d:5f:f2:4a:e3:f2:
                    d8:db:c8:e6:5c:77:b7:0b:03:0e:e2:1c:8e:0b:13:
                    93:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:7C:6D:83:64:FD:C6:23:01:AC:89:D5:B4:D0:99:71:13:84:55:50
            X509v3 Authority Key Identifier:
                keyid:29:55:79:F5:B6:73:DB:E2:EB:BA:34:8C:FB:0F:56:12:4C:DE:70:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/rHxtg2T9xiMBrInVtNCZcROEVVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.84.0-185.94.86.255
                  185.168.112.0/23
                IPv6:
                  2a04:2d00::/48
                  2a04:2d01::/48
                  2a0b:f600::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:44:de:8a:67:91:47:98:52:28:e9:84:79:d4:8a:22:da:8b:
         4c:bf:4f:29:37:e0:8d:2d:e7:10:0d:33:57:09:ad:e0:ce:cd:
         0d:2b:74:b3:28:9c:47:57:ab:af:96:9b:65:75:5d:0f:68:6c:
         74:7f:d7:ba:bf:44:be:48:78:c2:94:8d:11:fd:6d:6e:dc:8f:
         3f:6e:4d:81:59:f9:c6:1a:7a:46:d8:69:03:cd:16:bf:24:63:
         af:3c:c2:32:28:4b:8a:94:cc:ee:5f:49:c7:36:12:65:b3:69:
         d5:0d:d7:ca:d2:b4:97:1b:3a:06:77:57:36:25:65:a4:58:9a:
         a9:8c:26:54:3d:04:05:45:9b:d4:92:54:3d:79:5c:bf:1b:f1:
         7e:71:eb:b4:45:7d:09:3a:9b:2f:4e:fd:85:d3:45:3a:50:37:
         aa:e7:4b:ba:86:e2:f8:16:68:f1:6a:d6:e4:89:42:65:e8:56:
         8b:06:45:f0:24:b7:e1:b9:2f:f2:57:65:0b:1f:3b:63:71:00:
         a6:f3:3d:92:fd:a5:93:2e:8a:d2:41:46:eb:a4:6f:a0:c1:3d:
         7c:d0:27:0a:9b:78:f1:9a:51:f1:d4:34:2c:c3:11:d7:08:f8:
         ec:ee:33:c8:4a:a4:52:37:c9:b4:c0:68:a7:44:1c:f2:e0:f1:
         70:0d:53:e7
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYzF3BUpWCrUa1tC8kmbnpI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTU3OWY1YjY3M2RiZTJlYmJhMzQ4Y2ZiMGY1NjEyNGNk
ZTcwNDgwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzdjNmQ4MzY0ZmRjNjIzMDFhYzg5ZDViNGQwOTk3MTEzODQ1NTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnK+z87BYm+1xemQ08fq1iGcNOXJT
zbeDxddSSpn8y2rIX/PKOg505wAHPzPcDuBzXRVh3hrXi+csOjh4iDeRIIeuM/wZ
cMvoyyJ5jb4ZFlGhFF7C7FuInoYoWCoDlAgEsjdYkWihVceULL5rUEiG5UjY/WPi
1I72yhCMxORf6H15pyr8ZCkbAdRS20sJDvdSzqhk+0Zw4KWyZ2+AktULEP1qlMiF
TTACNWaKYYbge9Xz+Ua7eUGUXSa00zeBFx29U8xCo+KRGAwxE86Q4Eu9jFw1JSQi
6xglvCmrDaobmq6KcUilakxyawNtX/JK4/LY28jmXHe3CwMO4hyOCxOTKQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFKx8bYNk/cYjAayJ1bTQmXEThFVQMB8GA1UdIwQY
MBaAFClVefW2c9vi67o0jPsPVhJM3nBIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZWNTliWnoyLUxydWpTTS13OVdFa3plY0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8xNTc0YzktMDFkNS00OGZkLTk4MGYt
MzQzYzRkMjRjMjNiLzEvckh4dGcyVDl4aU1CckluVnROQ1pjUk9FVlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8xNTc0YzktMDFkNS00OGZkLTk4MGYtMzQzYzRkMjRjMjNi
LzEvS1ZWNTliWnoyLUxydWpTTS13OVdFa3plY0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAaBAIAATAUMAwDBAK5XlQD
BAC5XlYDBAG5qHAwIQQCAAIwGwMHACoELQAAAAMHACoELQEAAAMHACoL9gAAADAN
BgkqhkiG9w0BAQsFAAOCAQEAnUTeimeRR5hSKOmEedSKItqLTL9PKTfgjS3nEA0z
Vwmt4M7NDSt0syicR1err5abZXVdD2hsdH/Xur9Evkh4wpSNEf1tbtyPP25NgVn5
xhp6RthpA80WvyRjrzzCMihLipTM7l9JxzYSZbNp1Q3XytK0lxs6BndXNiVlpFia
qYwmVD0EBUWb1JJUPXlcvxvxfnHrtEV9CTqbL079hdNFOlA3qudLuobi+BZo8WrW
5IlCZehWiwZF8CS34bkv8ldlCx87Y3EApvM9kv2lky6K0kFG66RvoME9fNAnCpt4
8ZpR8dQ0LMMR1wj47O4zyEqkUjfJtMBop0Qc8uDxcA1T5w==
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:46:53 2024 by rpki-client on console-ams.rpki-client.org