Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/HvijPALkoIMtuY13Jt_49-KP3XE.roa
File:                     HvijPALkoIMtuY13Jt_49-KP3XE.roa (raw, json)
Hash identifier:          2CjCxrPIZtk90VPDDCbU75gtEERT2qcD/8qiLdQdhz4=
Subject key identifier:   1E:F8:A3:3C:02:E4:A0:83:2D:B9:8D:77:26:DF:F8:F7:E2:8F:DD:71
Certificate issuer:       /CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Certificate serial:       018CC801AA0F798A9F8EA83AACB492F3A8E3
Authority key identifier: 59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/HvijPALkoIMtuY13Jt_49-KP3XE.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        194.104.190.0/24 maxlen: 24
                          194.104.191.0/24 maxlen: 24
                          194.104.189.0/24 maxlen: 24
                          194.104.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:aa:0f:79:8a:9f:8e:a8:3a:ac:b4:92:f3:a8:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ef8a33c02e4a0832db98d7726dff8f7e28fdd71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a7:bb:45:a0:0a:a7:4d:9e:7a:59:5c:f5:07:
                    62:4e:26:46:46:2c:8a:51:37:34:c8:d9:ac:ec:19:
                    54:f5:f0:24:32:d0:cb:93:8b:bc:1c:1a:b7:37:9a:
                    95:30:c7:9c:13:9a:49:5c:a5:1e:d6:26:e8:fb:0f:
                    09:bb:0b:17:c6:9f:6b:a9:cb:2b:f0:46:6c:b0:13:
                    33:d7:b0:d1:b0:bf:59:85:e9:52:40:3b:b8:35:e8:
                    cd:f7:71:16:73:9c:92:12:2b:8d:4b:13:df:68:b1:
                    e9:56:f4:36:8f:b4:64:8c:1f:da:48:a6:5a:2a:09:
                    8f:cc:25:60:59:ca:d6:ab:98:de:9d:c0:f2:31:42:
                    c9:a4:64:ec:fc:ef:a2:93:51:b6:b8:a9:f2:01:82:
                    36:a5:e7:22:7d:2a:e5:22:17:8f:76:77:95:18:38:
                    e1:71:b2:6f:3c:37:33:ce:52:54:99:ac:e0:05:dd:
                    ac:2f:a7:6c:8c:4d:f3:4f:f5:f2:69:22:6c:02:b3:
                    85:7b:66:39:a4:59:81:3b:7a:ea:12:1e:87:2b:a3:
                    e0:39:3b:67:90:18:f5:39:95:a2:40:d8:b0:8e:63:
                    d1:51:a5:f7:81:fd:84:5e:71:12:e7:c2:e4:f6:cb:
                    a8:8e:3d:9c:4d:a6:c5:0d:08:62:be:05:be:7e:30:
                    5d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:F8:A3:3C:02:E4:A0:83:2D:B9:8D:77:26:DF:F8:F7:E2:8F:DD:71
            X509v3 Authority Key Identifier:
                keyid:59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/HvijPALkoIMtuY13Jt_49-KP3XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:56:21:b3:05:9c:d6:7d:26:7a:34:5a:b2:14:96:90:33:85:
         d9:43:97:ae:70:8f:82:ad:1b:d8:b4:48:b3:2e:ba:e6:48:4d:
         4d:76:2c:8f:98:f4:a0:8f:bc:89:69:cd:bd:74:fc:fb:72:a4:
         e8:b0:88:0c:4b:06:d3:aa:e8:65:ec:0e:8a:3e:ad:ec:c7:ef:
         6c:c1:ac:8a:cf:81:b0:0b:f5:18:36:8b:2c:2c:64:4e:16:b4:
         fd:f0:68:d1:ca:73:fa:cf:81:e2:62:d8:dc:bd:2c:ca:47:f1:
         e7:5e:a1:29:7c:e8:56:16:c9:db:50:2e:ef:23:fe:c0:2d:ba:
         a9:88:02:8b:30:c7:88:4c:76:40:85:3b:dd:0e:7d:73:7c:21:
         06:b8:bb:be:53:44:61:95:f0:5e:a7:f4:7d:a6:a4:3d:7c:09:
         ab:93:41:0b:f3:00:9d:a7:35:a2:85:c4:51:ec:1e:34:55:ea:
         f3:bc:25:46:5f:de:67:88:80:8a:ff:2a:80:55:2b:5e:a8:77:
         07:0f:67:1f:b7:62:40:38:27:de:af:66:21:5b:e4:79:8d:e8:
         44:2b:5e:ed:48:d6:60:b4:3b:87:d7:58:fd:e3:bf:3b:99:a5:
         6a:c7:f2:f1:41:7e:8f:29:0a:c1:15:39:4e:bc:21:02:ab:82:
         fe:45:ff:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAaoPeYqfjqg6rLSS86jjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NDliMzFlYmI2ZTRjYmJkMGNjNzcwY2M2ZjRkNTBmNzhm
MGViN2IwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWY4YTMzYzAyZTRhMDgzMmRiOThkNzcyNmRmZjhmN2UyOGZkZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKe7RaAKp02eellc9QdiTiZGRiyK
UTc0yNms7BlU9fAkMtDLk4u8HBq3N5qVMMecE5pJXKUe1ibo+w8JuwsXxp9rqcsr
8EZssBMz17DRsL9ZhelSQDu4NejN93EWc5ySEiuNSxPfaLHpVvQ2j7RkjB/aSKZa
KgmPzCVgWcrWq5jencDyMULJpGTs/O+ik1G2uKnyAYI2pecifSrlIhePdneVGDjh
cbJvPDczzlJUmazgBd2sL6dsjE3zT/XyaSJsArOFe2Y5pFmBO3rqEh6HK6PgOTtn
kBj1OZWiQNiwjmPRUaX3gf2EXnES58Lk9suojj2cTabFDQhivgW+fjBdwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB74ozwC5KCDLbmNdybf+Pfij91xMB8GA1UdIwQY
MBaAFFlJsx67bky70Mx3DMb01Q948Ot7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTkt
MzE4MGFlNDI3NGYzLzEvSHZpalBBTGtvSU10dVkxM0p0XzQ5LUtQM1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTktMzE4MGFlNDI3NGYz
LzEvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwmi8MA0G
CSqGSIb3DQEBCwUAA4IBAQClViGzBZzWfSZ6NFqyFJaQM4XZQ5eucI+CrRvYtEiz
LrrmSE1NdiyPmPSgj7yJac29dPz7cqTosIgMSwbTquhl7A6KPq3sx+9swayKz4Gw
C/UYNossLGROFrT98GjRynP6z4HiYtjcvSzKR/HnXqEpfOhWFsnbUC7vI/7ALbqp
iAKLMMeITHZAhTvdDn1zfCEGuLu+U0RhlfBep/R9pqQ9fAmrk0EL8wCdpzWihcRR
7B40VerzvCVGX95niICK/yqAVSteqHcHD2cft2JAOCfer2YhW+R5jehEK17tSNZg
tDuH11j94787maVqx/LxQX6PKQrBFTlOvCECq4L+Rf8A
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:04:13 2024 by rpki-client on console-fra.rpki-client.org