Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/hwl_pJftKoYgWaDLkyi1NUP4Iqo.roa
File:                     hwl_pJftKoYgWaDLkyi1NUP4Iqo.roa (raw, json)
Hash identifier:          zD6uA78lx0+tAtyuIqfvTt4SALf3UDD47V0kgwtFI/s=
Subject key identifier:   87:09:7F:A4:97:ED:2A:86:20:59:A0:CB:93:28:B5:35:43:F8:22:AA
Certificate issuer:       /CN=1bc3c1bef15f4bccc4e748c08957ecc229a0f1ef
Certificate serial:       01942747B8B792761244D03678B6E782FFE8
Authority key identifier: 1B:C3:C1:BE:F1:5F:4B:CC:C4:E7:48:C0:89:57:EC:C2:29:A0:F1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G8PBvvFfS8zE50jAiVfswimg8e8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/hwl_pJftKoYgWaDLkyi1NUP4Iqo.roa
Signing time:             Thu 02 Jan 2025 13:49:59 +0000
ROA not before:           Thu 02 Jan 2025 13:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35370
IP address blocks:        160.20.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/G8PBvvFfS8zE50jAiVfswimg8e8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/G8PBvvFfS8zE50jAiVfswimg8e8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G8PBvvFfS8zE50jAiVfswimg8e8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b8:b7:92:76:12:44:d0:36:78:b6:e7:82:ff:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bc3c1bef15f4bccc4e748c08957ecc229a0f1ef
        Validity
            Not Before: Jan  2 13:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87097fa497ed2a862059a0cb9328b53543f822aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:58:4a:94:53:3f:e3:ac:0d:16:88:0e:78:c7:
                    61:cd:6a:2f:4e:e8:ef:28:b8:bc:e0:b4:24:13:bc:
                    2a:a8:9d:ed:f4:b3:90:0c:ec:28:3f:b0:43:9b:0e:
                    0b:9c:cc:85:2e:5e:7b:2c:06:13:a4:c4:be:33:02:
                    4a:78:c6:64:27:88:c9:1e:5d:2d:0f:a1:de:45:d7:
                    94:42:20:cb:28:63:e6:82:42:18:47:62:17:95:06:
                    d2:68:d6:fe:2b:0e:6d:fe:8d:93:58:e5:be:a7:c5:
                    a7:bf:e6:92:64:1c:d9:86:fc:5e:45:b7:b7:39:ee:
                    d1:a1:fc:a5:db:6d:1c:61:cd:89:b4:88:98:60:b7:
                    bd:1b:90:c7:ff:11:98:75:c4:33:bb:1c:9f:95:ca:
                    4b:64:6e:13:bd:8a:99:10:64:2b:ec:79:fd:4f:1d:
                    c5:d6:a6:03:f5:4a:7a:3d:94:e8:07:f4:f8:3b:eb:
                    c7:d6:9a:7d:90:33:00:52:05:2e:23:9a:e7:d2:12:
                    5c:9b:95:68:8e:14:55:fe:c2:33:fb:9a:f8:98:30:
                    87:c0:08:cc:6c:88:14:e0:46:ed:0d:02:90:e2:48:
                    d5:89:f3:8e:5c:78:37:f4:88:04:a7:ab:cb:2c:3f:
                    37:d1:f8:66:64:40:72:c2:04:69:57:95:a7:88:70:
                    fb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:09:7F:A4:97:ED:2A:86:20:59:A0:CB:93:28:B5:35:43:F8:22:AA
            X509v3 Authority Key Identifier:
                keyid:1B:C3:C1:BE:F1:5F:4B:CC:C4:E7:48:C0:89:57:EC:C2:29:A0:F1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G8PBvvFfS8zE50jAiVfswimg8e8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/hwl_pJftKoYgWaDLkyi1NUP4Iqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/G8PBvvFfS8zE50jAiVfswimg8e8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:f1:88:af:46:23:8a:02:2c:21:89:17:3f:2b:cb:5e:8e:d3:
         12:f6:05:87:f0:8c:d5:35:d8:5a:b9:1b:5c:99:87:6c:d6:82:
         c3:7d:76:dd:aa:86:74:f0:e4:16:76:0a:77:e6:ee:aa:e6:a4:
         db:bc:74:cc:55:89:ad:72:35:29:85:df:3d:87:22:76:36:64:
         0f:84:31:0f:ca:ec:f5:6a:12:7d:0d:fc:9c:d8:60:5d:33:72:
         93:2b:6c:58:8d:86:ae:0f:b6:a7:ad:30:32:16:00:14:d1:76:
         41:6c:30:75:f8:c1:e9:d9:90:5c:ae:1d:25:5e:b2:ef:a9:19:
         8c:10:63:74:3c:d3:1a:bf:fb:14:b9:a5:68:1c:1e:d7:21:d9:
         ee:de:2b:4a:f4:e1:93:44:51:d0:c4:1f:b2:5f:74:67:4e:d4:
         e4:0d:2b:eb:79:20:27:13:d6:f9:7d:f2:c9:3a:8f:ff:92:22:
         5f:40:6c:4d:03:da:ac:f4:e5:a4:7d:be:e7:86:e7:52:b2:c6:
         6b:2f:47:54:74:e5:fd:ac:14:c8:5c:3e:89:94:df:22:a5:93:
         47:86:5c:a8:62:33:30:b2:37:30:5e:93:8d:d9:bf:10:ba:6d:
         68:2f:44:94:77:0f:33:29:92:a1:80:1c:c3:17:87:3c:85:08:
         5d:ee:d1:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR7i3knYSRNA2eLbngv/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYzNjMWJlZjE1ZjRiY2NjNGU3NDhjMDg5NTdlY2MyMjlh
MGYxZWYwHhcNMjUwMTAyMTM0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzA5N2ZhNDk3ZWQyYTg2MjA1OWEwY2I5MzI4YjUzNTQzZjgyMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9lhKlFM/46wNFogOeMdhzWovTujv
KLi84LQkE7wqqJ3t9LOQDOwoP7BDmw4LnMyFLl57LAYTpMS+MwJKeMZkJ4jJHl0t
D6HeRdeUQiDLKGPmgkIYR2IXlQbSaNb+Kw5t/o2TWOW+p8Wnv+aSZBzZhvxeRbe3
Oe7Rofyl220cYc2JtIiYYLe9G5DH/xGYdcQzuxyflcpLZG4TvYqZEGQr7Hn9Tx3F
1qYD9Up6PZToB/T4O+vH1pp9kDMAUgUuI5rn0hJcm5VojhRV/sIz+5r4mDCHwAjM
bIgU4EbtDQKQ4kjVifOOXHg39IgEp6vLLD830fhmZEBywgRpV5WniHD7qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcJf6SX7SqGIFmgy5MotTVD+CKqMB8GA1UdIwQY
MBaAFBvDwb7xX0vMxOdIwIlX7MIpoPHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzhQQnZ2RmZTOHpFNTBqQWlWZnN3aW1nOGU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9iYzk0ZGYtNzI1OS00MmQxLTgyMmEt
M2Q5ODEwMDk4NzAzLzEvaHdsX3BKZnRLb1lnV2FETGt5aTFOVVA0SXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9iYzk0ZGYtNzI1OS00MmQxLTgyMmEtM2Q5ODEwMDk4NzAz
LzEvRzhQQnZ2RmZTOHpFNTBqQWlWZnN3aW1nOGU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoBRkMA0G
CSqGSIb3DQEBCwUAA4IBAQCS8YivRiOKAiwhiRc/K8tejtMS9gWH8IzVNdhauRtc
mYds1oLDfXbdqoZ08OQWdgp35u6q5qTbvHTMVYmtcjUphd89hyJ2NmQPhDEPyuz1
ahJ9Dfyc2GBdM3KTK2xYjYauD7anrTAyFgAU0XZBbDB1+MHp2ZBcrh0lXrLvqRmM
EGN0PNMav/sUuaVoHB7XIdnu3itK9OGTRFHQxB+yX3RnTtTkDSvreSAnE9b5ffLJ
Oo//kiJfQGxNA9qs9OWkfb7nhudSssZrL0dUdOX9rBTIXD6JlN8ipZNHhlyoYjMw
sjcwXpON2b8Qum1oL0SUdw8zKZKhgBzDF4c8hQhd7tEF
-----END CERTIFICATE-----