Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/5e177f-5f5f-4214-a811-fcf105fd204c/1/HAUk0L8nWB16tKZ41rvifWUUlnM.roa
File:                     HAUk0L8nWB16tKZ41rvifWUUlnM.roa (raw, json)
Hash identifier:          z7P8z3hdUqv0dJQpV8Dg51dK3XAE9P4Hf5LV3YuSIpA=
Subject key identifier:   1C:05:24:D0:BF:27:58:1D:7A:B4:A6:78:D6:BB:E2:7D:65:14:96:73
Certificate issuer:       /CN=39a4603b245b1d20849df88f16ee370cc0b4390d
Certificate serial:       019492ED341D1FF5DBE4DA3674C4AEA38B07
Authority key identifier: 39:A4:60:3B:24:5B:1D:20:84:9D:F8:8F:16:EE:37:0C:C0:B4:39:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OaRgOyRbHSCEnfiPFu43DMC0OQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/5e177f-5f5f-4214-a811-fcf105fd204c/1/HAUk0L8nWB16tKZ41rvifWUUlnM.roa
Signing time:             Thu 23 Jan 2025 11:30:06 +0000
ROA not before:           Thu 23 Jan 2025 11:30:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25504
IP address blocks:        46.175.56.0/21 maxlen: 24
                          91.233.26.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/5e177f-5f5f-4214-a811-fcf105fd204c/1/OaRgOyRbHSCEnfiPFu43DMC0OQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/5e177f-5f5f-4214-a811-fcf105fd204c/1/OaRgOyRbHSCEnfiPFu43DMC0OQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OaRgOyRbHSCEnfiPFu43DMC0OQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:92:ed:34:1d:1f:f5:db:e4:da:36:74:c4:ae:a3:8b:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39a4603b245b1d20849df88f16ee370cc0b4390d
        Validity
            Not Before: Jan 23 11:30:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c0524d0bf27581d7ab4a678d6bbe27d65149673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a3:6b:a7:01:54:c0:de:7b:a0:1e:a1:30:02:
                    ce:9c:81:40:df:dc:c8:bf:d1:fb:a9:cd:39:1c:81:
                    7f:40:3d:82:32:06:07:c4:38:af:60:30:65:f7:b8:
                    bc:8e:87:00:f4:1c:1c:5c:2b:40:f8:f3:1e:2e:64:
                    67:eb:f1:01:cc:04:5a:3f:c8:49:9c:74:d8:1e:26:
                    2d:02:cb:eb:9e:31:da:72:32:f8:93:e1:b8:5a:09:
                    96:62:da:6f:00:d2:f0:47:61:72:44:a2:76:a8:ea:
                    29:37:1c:8f:4a:c5:50:5b:a8:03:c0:22:53:90:43:
                    01:5c:97:ba:37:55:76:1a:15:b2:67:e3:20:85:33:
                    97:8e:2e:c2:db:7a:41:69:5b:36:54:fd:4e:87:82:
                    80:ea:1f:be:d9:53:74:1e:54:3b:b1:26:1a:64:c4:
                    1b:02:09:9b:7a:1a:4b:a3:e6:4d:20:38:fb:0b:ed:
                    d9:1f:15:38:fa:80:cc:c8:ff:09:ea:28:6c:af:02:
                    55:cb:3b:da:69:19:7d:be:f7:86:bf:7e:34:dc:77:
                    3f:dc:9a:45:df:8e:bc:6d:10:b5:a9:04:97:06:1e:
                    c9:6a:84:d4:41:e0:a6:17:23:0f:81:3e:43:70:c8:
                    2f:ed:b6:19:5c:50:72:07:07:1c:21:50:ff:58:f5:
                    66:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:05:24:D0:BF:27:58:1D:7A:B4:A6:78:D6:BB:E2:7D:65:14:96:73
            X509v3 Authority Key Identifier:
                keyid:39:A4:60:3B:24:5B:1D:20:84:9D:F8:8F:16:EE:37:0C:C0:B4:39:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OaRgOyRbHSCEnfiPFu43DMC0OQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/5e177f-5f5f-4214-a811-fcf105fd204c/1/HAUk0L8nWB16tKZ41rvifWUUlnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/5e177f-5f5f-4214-a811-fcf105fd204c/1/OaRgOyRbHSCEnfiPFu43DMC0OQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.56.0/21
                  91.233.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:b6:67:5a:78:11:b6:e2:f6:73:fc:ab:dc:10:81:3e:8a:a9:
         c9:e9:a8:6d:c9:7f:88:53:66:93:34:17:ff:16:fc:f9:21:6c:
         d4:fe:e4:ae:ea:5a:30:df:6d:f0:81:61:c4:8c:86:0f:7b:78:
         87:0e:51:11:12:c2:54:2a:99:97:32:78:0c:e8:54:51:3c:be:
         b9:a5:05:cd:43:5d:fa:b8:19:d7:15:85:36:3c:ab:bc:3b:9c:
         7c:54:7a:84:95:37:a7:2d:7f:f9:84:b5:df:70:00:25:62:66:
         2b:07:96:6e:d2:9c:4f:f9:df:ee:11:0a:bd:8a:4c:0c:ed:b3:
         1f:01:49:29:24:6e:66:51:7b:ab:e1:f8:0e:8b:bf:c6:8a:61:
         e8:61:bf:a4:a7:f8:90:fe:f3:4f:69:3d:9e:5d:a4:d1:ca:ff:
         7c:27:27:3d:96:ad:86:80:fe:92:33:d3:32:5f:8a:79:f7:d0:
         08:d0:a0:f8:42:d8:b9:39:ff:bd:6a:69:ff:cf:7c:ae:61:e6:
         60:b7:0b:be:70:40:5b:b3:61:8e:ac:98:04:20:b8:e1:b3:5b:
         43:e9:39:12:e6:9f:e4:2e:02:f9:f4:90:0d:8a:f8:78:86:55:
         57:8d:05:65:fc:79:ae:ee:aa:6a:9b:12:17:34:45:c5:29:07:
         6a:03:e3:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSS7TQdH/Xb5No2dMSuo4sHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YTQ2MDNiMjQ1YjFkMjA4NDlkZjg4ZjE2ZWUzNzBjYzBi
NDM5MGQwHhcNMjUwMTIzMTEzMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzA1MjRkMGJmMjc1ODFkN2FiNGE2NzhkNmJiZTI3ZDY1MTQ5NjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaNrpwFUwN57oB6hMALOnIFA39zI
v9H7qc05HIF/QD2CMgYHxDivYDBl97i8jocA9BwcXCtA+PMeLmRn6/EBzARaP8hJ
nHTYHiYtAsvrnjHacjL4k+G4WgmWYtpvANLwR2FyRKJ2qOopNxyPSsVQW6gDwCJT
kEMBXJe6N1V2GhWyZ+MghTOXji7C23pBaVs2VP1Oh4KA6h++2VN0HlQ7sSYaZMQb
AgmbehpLo+ZNIDj7C+3ZHxU4+oDMyP8J6ihsrwJVyzvaaRl9vveGv3403Hc/3JpF
3468bRC1qQSXBh7JaoTUQeCmFyMPgT5DcMgv7bYZXFByBwccIVD/WPVmVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBwFJNC/J1gderSmeNa74n1lFJZzMB8GA1UdIwQY
MBaAFDmkYDskWx0ghJ34jxbuNwzAtDkNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2FSZ095UmJIU0NFbmZpUEZ1NDNETUMwT1EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi81ZTE3N2YtNWY1Zi00MjE0LWE4MTEt
ZmNmMTA1ZmQyMDRjLzEvSEFVazBMOG5XQjE2dEtaNDFydmlmV1VVbG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi81ZTE3N2YtNWY1Zi00MjE0LWE4MTEtZmNmMTA1ZmQyMDRj
LzEvT2FSZ095UmJIU0NFbmZpUEZ1NDNETUMwT1EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLq84AwQB
W+kaMA0GCSqGSIb3DQEBCwUAA4IBAQARtmdaeBG24vZz/KvcEIE+iqnJ6ahtyX+I
U2aTNBf/Fvz5IWzU/uSu6low323wgWHEjIYPe3iHDlEREsJUKpmXMngM6FRRPL65
pQXNQ136uBnXFYU2PKu8O5x8VHqElTenLX/5hLXfcAAlYmYrB5Zu0pxP+d/uEQq9
ikwM7bMfAUkpJG5mUXur4fgOi7/GimHoYb+kp/iQ/vNPaT2eXaTRyv98Jyc9lq2G
gP6SM9MyX4p599AI0KD4Qti5Of+9amn/z3yuYeZgtwu+cEBbs2GOrJgEILjhs1tD
6TkS5p/kLgL59JANivh4hlVXjQVl/Hmu7qpqmxIXNEXFKQdqA+OW
-----END CERTIFICATE-----