Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/HR9-s-VGOApjR-AadUJwA-yk3sM.roa
File:                     HR9-s-VGOApjR-AadUJwA-yk3sM.roa (raw, json)
Hash identifier:          +Zjrqgl28OKDP5yPph8UosUs5wtus9PGKrl6mHwlylI=
Subject key identifier:   1D:1F:7E:B3:E5:46:38:0A:63:47:E0:1A:75:42:70:03:EC:A4:DE:C3
Certificate issuer:       /CN=8069d9ffe048a70003f16f06e24d9bf2db85eb52
Certificate serial:       018FF2072DA64E4FBB9193BD37E722C9A4C6
Authority key identifier: 80:69:D9:FF:E0:48:A7:00:03:F1:6F:06:E2:4D:9B:F2:DB:85:EB:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/HR9-s-VGOApjR-AadUJwA-yk3sM.roa
Signing time:             Fri 07 Jun 2024 09:28:27 +0000
ROA not before:           Fri 07 Jun 2024 09:28:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208012
IP address blocks:        45.129.120.0/24 maxlen: 24
                          45.129.121.0/24 maxlen: 24
                          45.129.123.0/24 maxlen: 24
                          185.77.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:07:2d:a6:4e:4f:bb:91:93:bd:37:e7:22:c9:a4:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8069d9ffe048a70003f16f06e24d9bf2db85eb52
        Validity
            Not Before: Jun  7 09:28:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d1f7eb3e546380a6347e01a75427003eca4dec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1d:d2:b3:9f:d2:c0:dd:07:e4:5e:9d:11:fb:
                    fa:34:9f:d2:95:21:72:31:11:44:a6:b4:c3:bd:04:
                    70:33:34:e6:29:22:1b:68:bf:ba:4c:11:4b:b6:e5:
                    03:de:74:7c:99:67:d8:63:68:12:bb:8b:99:ac:5f:
                    a6:d3:b9:98:70:df:2f:8e:73:9a:46:61:2e:d2:af:
                    ce:1b:f4:44:06:b6:78:a0:8b:b0:cd:14:3b:19:a5:
                    89:8b:50:3e:32:25:64:1b:b0:a5:bb:ab:4e:05:f1:
                    52:6e:11:73:b2:cb:ac:5c:c8:2d:2c:d2:c3:85:82:
                    a3:8b:13:a1:f0:44:88:99:50:94:12:b9:15:d6:ba:
                    87:03:f9:e0:a3:a5:2e:5e:19:59:8f:2d:c4:1b:01:
                    da:d7:40:58:11:f1:bb:f3:59:ef:66:58:03:32:5f:
                    d9:46:92:24:bd:ab:69:1c:8f:4f:aa:e1:05:5d:0a:
                    7f:6b:46:f3:19:12:67:2a:8b:85:2d:8f:70:01:fd:
                    72:f8:4f:db:64:fc:bb:3e:81:63:5e:10:96:d1:98:
                    fa:b7:0e:f4:5c:f8:3c:e9:ea:30:67:fb:be:32:68:
                    8e:7b:0b:ce:7f:51:4e:a9:8e:d2:e8:39:1c:43:db:
                    c3:d7:da:c7:b0:1a:24:36:e9:cd:68:a2:5d:ac:f4:
                    20:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:1F:7E:B3:E5:46:38:0A:63:47:E0:1A:75:42:70:03:EC:A4:DE:C3
            X509v3 Authority Key Identifier:
                keyid:80:69:D9:FF:E0:48:A7:00:03:F1:6F:06:E2:4D:9B:F2:DB:85:EB:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gGnZ_-BIpwAD8W8G4k2b8tuF61I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/HR9-s-VGOApjR-AadUJwA-yk3sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e64148-4c8c-4e84-925b-e022e3009a71/1/gGnZ_-BIpwAD8W8G4k2b8tuF61I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.120.0/23
                  45.129.123.0/24
                  185.77.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:b7:17:a1:8a:cf:1c:1b:8f:04:31:93:95:d1:27:86:64:75:
         a9:42:df:74:42:1e:a9:8d:9d:b3:b6:ab:e5:35:25:5f:2c:62:
         9f:47:c1:f2:0b:75:44:b6:64:cc:54:08:ef:1a:f5:d0:63:b1:
         24:0b:9f:69:a7:ad:70:9e:e9:1e:60:3f:05:f2:1d:5a:c7:ea:
         34:a2:5a:34:e5:78:cc:a2:e8:d1:9c:c0:24:55:a1:69:19:ed:
         06:d6:0a:0a:83:d9:97:3f:95:54:4a:de:f5:e1:7a:5c:3c:7a:
         4c:b0:e3:3f:c5:3b:8d:2b:14:67:82:36:11:a8:c4:54:7e:8c:
         30:13:52:91:24:87:f7:82:d6:26:56:b6:cd:78:3e:19:77:c4:
         35:87:17:31:e9:21:6b:f7:65:f4:2a:18:6f:c0:df:31:15:49:
         ac:2c:8f:64:ba:87:b7:50:32:47:76:33:af:5a:97:79:7b:fd:
         90:98:45:26:24:56:d1:fc:61:76:77:b8:2f:05:d9:76:75:fa:
         1a:94:d8:f5:0f:68:d8:8c:18:07:15:bd:a9:6f:dd:4c:e5:7e:
         a0:f2:46:5d:7a:c2:f9:46:ff:8e:26:2f:74:f9:4d:11:4c:52:
         42:4d:4b:d2:20:52:9d:0f:85:3d:68:09:9d:dc:49:30:01:b7:
         ba:3b:d8:0c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/yBy2mTk+7kZO9N+ciyaTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNjlkOWZmZTA0OGE3MDAwM2YxNmYwNmUyNGQ5YmYyZGI4
NWViNTIwHhcNMjQwNjA3MDkyODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDFmN2ViM2U1NDYzODBhNjM0N2UwMWE3NTQyNzAwM2VjYTRkZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx3Ss5/SwN0H5F6dEfv6NJ/SlSFy
MRFEprTDvQRwMzTmKSIbaL+6TBFLtuUD3nR8mWfYY2gSu4uZrF+m07mYcN8vjnOa
RmEu0q/OG/REBrZ4oIuwzRQ7GaWJi1A+MiVkG7Clu6tOBfFSbhFzssusXMgtLNLD
hYKjixOh8ESImVCUErkV1rqHA/ngo6UuXhlZjy3EGwHa10BYEfG781nvZlgDMl/Z
RpIkvatpHI9PquEFXQp/a0bzGRJnKouFLY9wAf1y+E/bZPy7PoFjXhCW0Zj6tw70
XPg86eowZ/u+MmiOewvOf1FOqY7S6DkcQ9vD19rHsBokNunNaKJdrPQgvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB0ffrPlRjgKY0fgGnVCcAPspN7DMB8GA1UdIwQY
MBaAFIBp2f/gSKcAA/FvBuJNm/LbhetSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0duWl8tQklwd0FEOFc4RzRrMmI4dHVGNjFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9lNjQxNDgtNGM4Yy00ZTg0LTkyNWIt
ZTAyMmUzMDA5YTcxLzEvSFI5LXMtVkdPQXBqUi1BYWRVSndBLXlrM3NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9lNjQxNDgtNGM4Yy00ZTg0LTkyNWItZTAyMmUzMDA5YTcx
LzEvZ0duWl8tQklwd0FEOFc4RzRrMmI4dHVGNjFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLYF4AwQA
LYF7AwQAuU1aMA0GCSqGSIb3DQEBCwUAA4IBAQDjtxehis8cG48EMZOV0SeGZHWp
Qt90Qh6pjZ2ztqvlNSVfLGKfR8HyC3VEtmTMVAjvGvXQY7EkC59pp61wnukeYD8F
8h1ax+o0olo05XjMoujRnMAkVaFpGe0G1goKg9mXP5VUSt714XpcPHpMsOM/xTuN
KxRngjYRqMRUfowwE1KRJIf3gtYmVrbNeD4Zd8Q1hxcx6SFr92X0KhhvwN8xFUms
LI9kuoe3UDJHdjOvWpd5e/2QmEUmJFbR/GF2d7gvBdl2dfoalNj1D2jYjBgHFb2p
b91M5X6g8kZdesL5Rv+OJi90+U0RTFJCTUvSIFKdD4U9aAmd3EkwAbe6O9gM
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:32:00 2024 by rpki-client on console-fra.rpki-client.org