Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/cvN2HAeYqeK3Y1vsIURjrvbA3Tg.roa
File:                     cvN2HAeYqeK3Y1vsIURjrvbA3Tg.roa (raw, json)
Hash identifier:          4zS00FfNtIUx4G5C/WRgGcxzIPLnVDrMZ7Ant83DqQU=
Subject key identifier:   72:F3:76:1C:07:98:A9:E2:B7:63:5B:EC:21:44:63:AE:F6:C0:DD:38
Certificate issuer:       /CN=1d54be79c892b5356bf1b7bcd131397f2c23adc0
Certificate serial:       018CC64AEBFA7E8B927239BC0C51BEB4E517
Authority key identifier: 1D:54:BE:79:C8:92:B5:35:6B:F1:B7:BC:D1:31:39:7F:2C:23:AD:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/cvN2HAeYqeK3Y1vsIURjrvbA3Tg.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        185.248.164.0/23 maxlen: 23
                          185.248.167.0/24 maxlen: 24
                          2a0d:ed80:300::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:eb:fa:7e:8b:92:72:39:bc:0c:51:be:b4:e5:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d54be79c892b5356bf1b7bcd131397f2c23adc0
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72f3761c0798a9e2b7635bec214463aef6c0dd38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b8:52:3b:76:64:cf:f1:d2:cf:e4:55:08:38:
                    1f:f6:3c:df:1f:f5:08:42:28:b0:46:06:2c:3e:87:
                    00:26:2b:6b:a8:05:20:45:e0:81:9a:68:2b:fa:44:
                    b0:81:5d:29:f9:85:a9:25:40:72:8a:2d:5b:b2:dd:
                    cb:90:92:9b:8c:ad:6e:70:67:df:4b:76:ba:68:d5:
                    cb:1a:4b:16:fc:4c:af:df:6e:39:40:b1:60:eb:ba:
                    32:7f:f2:04:2b:05:69:6b:b2:6d:5a:83:25:dc:99:
                    e6:cd:bc:b3:7e:a7:56:d9:c5:62:6f:5e:a3:c8:02:
                    be:8f:b0:55:c9:ec:14:ac:a3:0f:95:d6:f5:d7:2c:
                    3a:ee:c5:14:52:77:b4:09:11:8a:d6:73:51:8d:62:
                    a7:c2:eb:cd:c2:10:47:0a:ce:18:7f:da:aa:13:a3:
                    69:02:a6:4f:35:ab:4b:fd:ff:12:37:5f:67:a5:82:
                    3f:84:55:71:24:00:cd:9f:c8:6f:f2:4f:52:8e:d1:
                    8b:06:d8:23:87:41:71:30:96:23:91:66:d2:cf:5b:
                    35:c3:68:5c:f4:c8:aa:39:ef:41:20:ef:79:4c:9d:
                    11:26:09:d7:7e:16:ea:45:35:0a:3e:60:9c:08:12:
                    8a:61:e3:f6:26:5e:55:3d:f9:0e:e8:e4:b3:4d:82:
                    87:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F3:76:1C:07:98:A9:E2:B7:63:5B:EC:21:44:63:AE:F6:C0:DD:38
            X509v3 Authority Key Identifier:
                keyid:1D:54:BE:79:C8:92:B5:35:6B:F1:B7:BC:D1:31:39:7F:2C:23:AD:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/cvN2HAeYqeK3Y1vsIURjrvbA3Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.164.0/23
                  185.248.167.0/24
                IPv6:
                  2a0d:ed80:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         7e:04:64:72:ee:c0:73:ad:1d:bf:e4:9f:a8:53:71:88:03:53:
         b6:00:8d:6d:fd:93:fa:cc:c2:0d:4f:72:b0:4d:8e:76:3f:f8:
         c6:f2:01:80:66:fd:62:77:96:cd:71:91:ab:32:c5:74:b6:5c:
         b7:8a:64:f2:4d:2b:b5:3c:fb:a8:4d:04:2d:9b:57:82:0e:3f:
         e5:55:55:26:c8:0d:09:43:5c:30:61:03:34:7f:5d:d6:fd:c1:
         82:dc:cf:30:5b:89:6b:54:61:b6:bd:3c:5a:be:12:b7:ab:39:
         8a:45:c1:c7:6b:58:3b:c9:d1:c9:d6:6d:16:2b:8f:7e:48:19:
         7c:1b:ef:da:b2:5f:ed:5e:a4:59:61:ef:5f:23:43:d1:64:cc:
         a9:b8:30:68:5a:c8:29:53:9a:e0:16:96:d7:41:7e:39:0e:ec:
         31:2c:cb:04:9f:16:24:49:73:2d:4f:fd:10:21:9d:c0:aa:87:
         f7:0b:35:07:18:4d:38:70:4e:29:e0:a2:ae:06:f9:62:a2:88:
         35:a6:d2:27:c0:c3:e0:5b:b8:5f:e4:ce:5e:b2:a7:b3:01:6f:
         f3:b7:f1:15:c7:31:4a:3b:f6:fb:9c:a1:20:b1:78:b0:62:9f:
         4d:f7:5d:f9:1c:ce:b0:7b:01:44:98:03:95:68:87:de:62:c7:
         51:01:ec:9b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzGSuv6fouScjm8DFG+tOUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNTRiZTc5Yzg5MmI1MzU2YmYxYjdiY2QxMzEzOTdmMmMy
M2FkYzAwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmYzNzYxYzA3OThhOWUyYjc2MzViZWMyMTQ0NjNhZWY2YzBkZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLhSO3Zkz/HSz+RVCDgf9jzfH/UI
QiiwRgYsPocAJitrqAUgReCBmmgr+kSwgV0p+YWpJUByii1bst3LkJKbjK1ucGff
S3a6aNXLGksW/Eyv3245QLFg67oyf/IEKwVpa7JtWoMl3JnmzbyzfqdW2cVib16j
yAK+j7BVyewUrKMPldb11yw67sUUUne0CRGK1nNRjWKnwuvNwhBHCs4Yf9qqE6Np
AqZPNatL/f8SN19npYI/hFVxJADNn8hv8k9SjtGLBtgjh0FxMJYjkWbSz1s1w2hc
9MiqOe9BIO95TJ0RJgnXfhbqRTUKPmCcCBKKYeP2Jl5VPfkO6OSzTYKHQwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHLzdhwHmKnit2Nb7CFEY672wN04MB8GA1UdIwQY
MBaAFB1UvnnIkrU1a/G3vNExOX8sI63AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFZTLWVjaVN0VFZyOGJlODBURTVmeXdqcmNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82Nzc2OWItODVhNS00YTBhLTg4OWIt
ODAyYjYzNzZmNzQzLzEvY3ZOMkhBZVlxZUszWTF2c0lVUmpydmJBM1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82Nzc2OWItODVhNS00YTBhLTg4OWItODAyYjYzNzZmNzQz
LzEvSFZTLWVjaVN0VFZyOGJlODBURTVmeXdqcmNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQBufikAwQA
ufinMA4EAgACMAgDBgAqDe2AAzANBgkqhkiG9w0BAQsFAAOCAQEAfgRkcu7Ac60d
v+SfqFNxiANTtgCNbf2T+szCDU9ysE2Odj/4xvIBgGb9YneWzXGRqzLFdLZct4pk
8k0rtTz7qE0ELZtXgg4/5VVVJsgNCUNcMGEDNH9d1v3BgtzPMFuJa1Rhtr08Wr4S
t6s5ikXBx2tYO8nRydZtFiuPfkgZfBvv2rJf7V6kWWHvXyND0WTMqbgwaFrIKVOa
4BaW10F+OQ7sMSzLBJ8WJElzLU/9ECGdwKqH9ws1BxhNOHBOKeCirgb5YqKINabS
J8DD4Fu4X+TOXrKnswFv87fxFccxSjv2+5yhILF4sGKfTfdd+RzOsHsBRJgDlWiH
3mLHUQHsmw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:38:50 2024 by rpki-client on console-fra.rpki-client.org